Data protection policy

The following data protection policy applies for the use of our www.primo-gmbh.com online offer (hereinafter referred to as the “website”). Data protection is of great importance to us. The collection and processing of your personal data takes place subject to the current data protection directives, in particular the General Data Protection Regulation (GDPR). We collect and process your personal data to be able to offer you the above-mentioned portal. This policy describes how and why your data is collected and used and what your options are in relation to your personal data.

By the use of this website, you agree to the collection, use and disclosure of your data pursuant to this data protection policy.

This data protection information applies to data processing by: Data controller: Primo GmbH, Wernher-von-Braun-Straße 2, 84544 Aschau, email: info@primo-gmbh.com, telephone: 49 (0) 8638 / 88559 – 200. Our Data Protection Officer can be reached via the above address, c/o Stefanie Wintersteiger, or by sending an email to s.wintersteiger@primo-gmbh.com. If you wish to object to the collection, processing or use of your data by us in accordance with these data protection provisions, either in whole or for individual measures, you can address your objection to the data controller. You can save and print out this data protection policy at any time.

The hosting services used by us serve to make the following services available: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating the website.

In doing so, we or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta data and communication data of customers, interested parties and visitors of this online offer on the basis of our legitimate interests in the efficient and secure provision of this online offer in accordance with Art. 6 (1) S. 1 f) of the General Data Protection Regulation (GDPR) in conjunction with Art. 28 GDPR.

We collect information about you when you use this website. We automatically collect information about your usage patterns and interaction with us and we record data about your computer or mobile device. We collect, store and use data each time you access our online offer (so-called server log files). Access data includes:

• Name and URL of the called-up file
• Date and time of the call-up
• Transferred data volume
• Message about successful call-up (HTTP response code)
• Browser type and browser version
• Operating system
• Referrer URL (i.e. page visited previously)
• Websites called up by the user’s system via our website
• The user’s internet service provider
• IP address and the requesting provider

We use this log data, without assigning it to you personally or otherwise profiling it, for statistical evaluations of the operation, security and optimisation of our online offer, but also for the anonymous recording of the number of visitors to our website (traffic) as well as the scope and type of use of our website and services, as well as for accounting purposes to measure the number of clicks received from cooperation partners. This information allows us to provide personalised and location-based content, to analyse traffic, to troubleshoot and to improve our services.

This is our legitimate interest in accordance with Art 6 (1) S. 1 f) GDPR.

We reserve the right to check the log data retrospectively if there is a justified suspicion of unlawful use on the basis of concrete indications. We store IP addresses in the log files for a limited period if this is necessary for security purposes or for the provision of a service or the billing of a service, e.g., if you use one of our offers. We delete the IP address after cancellation of the order or after receipt of payment, if it is no longer required for security purposes. We also store IP addresses if we have a concrete suspicion of a criminal offence in connection with the use of our website. We also store the date of your last visit as part of your account (e.g., when you register, log in, click on links etc.).

We use Cookies on our site. These are small files that are automatically created by your browser and stored on your terminal device (laptop, tablet, smartphone or similar) when you visit our site. Cookies do not harm your terminal device and do not contain viruses, Trojans or other malware.

The cookie stores information that is generated each time in connection with the specific terminal device. However, this does not mean that we obtain direct knowledge of your identity.

The use of cookies serves, mainly, to make the use of our offer more appealing for you. We use so-called session cookies to recognise that you have visited individual pages of our website before. These are automatically deleted after you leave our site.

We also use temporary cookies to optimise the user-friendliness of our site. These are stored on your terminal device for a fixed period. If you visit our site again to use our services, it is automatically recognised that you have visited before and your previous entries and settings are restored so that you do not have to enter them again.

Furthermore, we use cookies to record and evaluate statistics on the use of our website and for the purpose of optimising our offer for you (see section 5). These cookies automatically recognise that you have visited our site before when you return. These cookies are deleted automatically after a defined period.

The data processed by cookies is necessary for the aforementioned purposes to protect our legitimate interests and those of third parties in accordance with Art. 6 (1) S. 1 lit. f GDPR.

Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are saved on your computer or to issue an alert before a new cookie is created. Note that complete deactivation of cookies may mean that you cannot use all the functions of our website.

If you contact us by email, we will store your details for the purpose of processing the enquiry and in the event that follow-up questions arise. Data processing for the purpose of getting in contact with us takes place pursuant to Art. 6 (1) S. 1 lit. a GDPR based on your voluntary consent. We only store and use other personal data if you consent to this or if this is legally permissible without separate consent.

For questions of any kind, you can contact us via a form on the website. It is necessary in this case to provide a valid email address so that we know from whom the request originates and so that we can answer it. Further information can be provided voluntarily. Data processing for the purpose of getting in contact with us takes place pursuant to Art. 6 (1) S. 1 lit. a GDPR based on your voluntary consent. The personal data collected by us for the use of the contact form will be automatically deleted after completion of your request.

We use the Contact Form 7 plugin on our site. Contact Form 7 is a contact form-generation service. The Contact Form plugin is used only to forward the data entered by users to our company’s email address. No data is not otherwise stored, e.g., in the WordPress database. Further information and the applicable data protection conditions of Contact Form are available at https://de.wordpress.org/plugins/contact-shape-7/ and https://rocklobster.in/. Contact Form is Open-Source software. Communication between the browser and server is exclusively via HTTPS (SSL/TLS) encryption.

If you send us an application, we save your documents including personal data (name, address, date of birth, marital status). Education / further training / professional qualifications for a period of 2 months.

We use Google Analytics, a web analytics service provided by Google, Inc. (https://about.google) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; referred to in the following as “Google”). Google has submitted to the Privacy Shield agreement concluded between the European Union and the USA and has certified itself. By doing so, Google commits to complying with the standards and regulations of European data protection law. For further information, please see the following linked entry: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. Google Analytics uses so-called “cookies”, which are text files stored on your computer. The information generated by the cookie about the use of this website by site visitors (browser type/version, operating system used, referrer URL (the previously visited page), host name of the accessing computer (IP address), time of server request) is usually transmitted to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services associated with website and internet use for the purposes of market research and demand-oriented design of these Internet pages. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. This is our legitimate interest in accordance with Art 6 (1) S. 1 f) GDPR. However, in the event that IP anonymisation is activated on this website, your IP address will be abbreviated beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and abbreviated there. IP-anonymising is active on this website. Google will use this information on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity and providing us with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can prevent cookies from being stored by configuring your browser software accordingly. However, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent. You can also prevent the transmission of the data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

We use social plug-ins from the social networks Facebook, Twitter and Instagram on our website on the basis of Art. 6 (1) S. 1 lit. f GDPR to make our company better known through them. The underlying promotional purpose is to be regarded as a legitimate interest within the meaning GDPR. The responsibility for data protection-compliant operation shall be guaranteed by the respective supplier. We integrate these plug-ins using the so-called two-click method to protect visitors to our website in the best possible way.

Our online offer uses social plugins (“plugins”) of the social network facebook.com, which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The plugins are recognisable by one of the Facebook logos (white “f” on a blue tile, the terms “Like”, “Like” or a “thumbs up” sign) or are marked with the addition “Facebook Social Plugin”. The list and appearance of the Facebook Social Plugins can be seen here: https://developers.facebook.com/docs/plugins/. When you access a page of our website that contains such a plugin, your browser establishes a direct connection with the Facebook servers. The contents of the plugin are transmitted by Facebook directly to your browser and from there to the website. By integrating the plugins, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook account or are not currently logged in to Facebook. This information (including your IP address) is transmitted by your browser directly to a Facebook server in the USA and stored there. If you are logged in to Facebook, Facebook can assign your visit to our website directly to your Facebook account. If you interact with the plugins, for example by clicking the “LIKE” or “SHARE” button, the corresponding information is also transmitted directly to a Facebook server and stored there. The information is also published on Facebook and shared with your Facebook friends. Facebook can use this information for the purpose of marketing, market research and demand-orientated design of the Facebook-pages. For this purpose, Facebook creates usage, interest and relationship profiles, e.g., to evaluate your use of our website with regard to the advertisements displayed to you on Facebook, to inform other Facebook users about your activities on our website and to provide other services associated with the use of Facebook. If you do not want Facebook to assign the data collected via our website to your Facebook account, you must log out of Facebook before visiting our website. For the purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your rights in this regard and setting options for protecting your privacy, please refer to Facebook’s privacy policy (https://www.facebook.com/about/privacy/).

Our website also uses so-called social plugins (“Plugins”) from Instagram, which is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). The plugins are marked with an Instagram logo, for example in the form of an “Instagram camera”. When you access a page of our website that contains such a plugin, your browser establishes a direct connection with the Instagram servers. The contents of the plugin are transmitted by Instagram directly to your browser and from there to the site. This connection notifies Instagram that your browser has accessed the corresponding page of our website, even if you do not have an Instagram account or are not currently logged into Instagram. This information (including your IP address) is transmitted by your browser directly to an Instagram server in the USA and stored there. If you are logged into Instagram, Instagram can directly assign your visit to our website to your Instagram account. If you interact with the plugins, for example by clicking the “Instagram” button, the corresponding information is also transmitted directly to an Instagram server and stored there. The information is also published on your Instagram account and shared with your contacts. If you do not want Instagram to assign the data collected via our website to your Instagram account, you must log out of Instagram before visiting our website. For more information, please see Instagram’s privacy policy (https://help.instagram.com/155833707900388).

Primo GmbH uses Facebook Ads and Instagram Ads, services provided by Meta Platforms Inc., in order to run targeted advertising campaigns and to advertise our offers on these platforms. As part of these advertising activities, we also use the Meta Pixel, an analytics tool that helps us measure the effectiveness of our advertising for statistical purposes, market research and retargeting by collecting information about users’ actions on our website. The pixel enables Facebook to identify visitors to our website as a target group for advertisements. The data collected by the Facebook pixel is anonymous to us, but can be used by Facebook to personalise advertising. In addition, we use the Facebook Conversion API. This server-side interface allows us to securely transmit data about your behaviour on our website (such as page views, interactions) to Facebook. This information helps us to analyse the effectiveness of our advertising and to present you with relevant advertisements on Facebook and Instagram. The Conversion API ensures a higher level of data protection, as it enables data to be sent directly from the server to Facebook without it going through the user’s browser. In addition, we use Facebook’s retargeting functions to show targeted advertising to visitors to our website. This technology allows us to reach users again, who have already shown interest in our website and products on Facebook, with personalised advertisements. The use of the Facebook pixel and the Conversion API will only take place with your explicit consent in accordance with Art. 6 (1) lit. a GDPR. You can revoke your consent at any time by adjusting your cookie settings on our website. If you visit our website via one of our advertisements on Facebook or Instagram and fill in a contact form there, we collect the contact details entered therein, such as your name, email address, phone number and other relevant information. We also collect this data via the contact forms on Facebook and Instagram. The data is collected for the sole purpose of responding to your enquiry and contacting you. It also allows us to inform you about our products and services. This includes the sending of newsletters by email as well as targeted addressing via Meta Ads on Facebook and Instagram. The data collected by Facebook may be transferred to the USA and processed there. We have implemented security-related measures to ensure the protection of your data and we adhere to the standard contractual clauses approved by the EU Commission. The data collected via the contact forms on our website is stored and processed internally. We also collect and store the data from the contact forms, which are displayed directly on Facebook and Instagram. We use this information to respond to enquiries, improve our services and inform you about relevant offers and news. This data will be treated strictly confidentially and will not be passed on to third parties unless this is required by law or is necessary to process your request. We respect your privacy and the right to control your personal information. You can at any time request information about the data stored by us, request a correction or deletion of your data or object to the use of your data for advertising purposes. For this purpose, please contact us at info@primo-gmbh.com. For more information on data protection, please visit: https://www.facebook.com/privacy/policy.

Our website uses plugins from the YouTube website. The operator of the site is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. We use YouTube in Advanced Data Protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the disclosure of data to YouTube partners is not necessarily excluded by the Advanced Data Protec mode. Thus, regardless of whether you watch a video, YouTube establishes a connection to the Google DoubleClick network. A connection to the YouTube servers is established as soon as you start a YouTube video on our website. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to associate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account. YouTube can also store various cookies on your terminal device after a video is started. With the help of these cookies, YouTube can obtain information about visitors to our website. This information is used, among other things, to collect video statistics, improve the user experience and prevent fraud attempts. The cookies remain on your terminal device until you delete them. In some cases, further data processing operations may be triggered after the start of a YouTube video, over which we have no influence. YouTube is used in the interest of improving the user experience of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. For more information about privacy at YouTube, please see their privacy policy at: https://policies.google.com/privacy?hl=de https://policies.google.com/privacy?hl=de

We use the marketing and remarketing services (in brief “Google-Marketing-Services”) of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”). Google’s marketing services allow us to display advertisements for and on our website in a more targeted manner, so that users only see ads that potentially match their interests. When, for example, users are shown ads for products in which they have shown interest on other websites, this is referred to as “remarketing”. In these cases, when our website and other websites on which Google marketing services are active are accessed, a code is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also known as “web beacons”) are integrated into the website. With the help of these web beacons, an individual cookie, i.e., a small file, is stored on the user’s device (comparable technologies may also be used instead of cookies). The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. The cookie-files record the web pages which users have visited, what content they are interested in and which offers they have clicked on, as well as technical information on the browser and operating system, referring web pages, time of visit and other information about the use of the online offer. The IP address of the user is also recorded, whereby we inform you within the scope of Google Analytics that the IP address is abbreviated within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and only in exceptional cases is it transmitted in full to a Google server in the USA and abbreviated there. IP addresses are not linked to users’ data within other Google offers. The above information may also be combined by Google with information from other sources. When users subsequently visit other websites, they may be shown ads tailored to their interests. User data is processed pseudonymously as part of Google Marketing Services, i.e., Google does not store or process the name or email address of users, for example, but processes the relevant cookie data within pseudonymous user profiles. I.e., from Google’s point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who that cookie holder is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymisation. The information collected about users by Google Marketing Services is transmitted to Google and stored on Google’s servers in the USA. Google marketing services we use include the online advertising programme “Google AdWords”. Every AdWords customer receives a different “Conversion-Cookie”. Cookies cannot be tracked via the websites of AdWords customers. The information obtained with the help of the cookie is used to create conversion statistics for AdWords customers who have opted into conversion tracking. AdWords customers learn the total number of users who have clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information with which users can be personally identified. We may integrate third-party advertisements based on the Google marketing service “DoubleClick”. DoubleClick uses cookies to enable Google and its partner websites to show ads based on users’ visits to this website or other websites on the Internet. We may integrate third-party advertisements based on the Google marketing service “AdSense”. AdSense uses cookies to enable Google and its partner websites to show ads based on users’ visits to this website or other websites on the Internet. We can also use “Google Tag Manager” to integrate and manage Google analysis and marketing services on our website. For more information on Google’s use of data for marketing purposes, please see our Overview page. Google’s privacy policy is available at https://www.google.com/policies/privacy. If you wish to object to interest-based advertising by Google marketing services, you can use the settings and opt-out options provided by Google: http://www.google.com/ads/preferences.

This site uses so-called Web Fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required Web Fonts into your browser cache to display texts and fonts correctly. For this purpose, the browser you are using must connect to Google’s servers. This allows Google to know that your IP address has been used to access our website. Google Web Fonts are used in the interest of a uniform and appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. If your browser does not support Web Fonts, a standard font is used by your computer. You can find more information about Google Web Fonts at https://developers.google.com/fonts/faq and in Google’s data privacy policy: https://www.google.com/policies/privacy/.

This page uses the Google Maps map service via an API. The supplier is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. To use the functions of Google Maps it is necessary to save your IP address. This information is usually transferred to a Google server in the USA and stored there. The supplier of this page has no influence on this data transmission. Google Maps is used in the interest of an attractive presentation of our online offers and to make it easy to find the places we indicate on the website. This constitutes a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. You can find more information on the handling of user data in Google’s privacy policy: https://policies.google.com/technologies/ads.

Unless specifically stated, we only store personal data for as long as is necessary to fulfil the intended purposes.

We also process the inventory data described below.

If you have expressly consented in accordance with Art. 6 (1) S. 1 lit. a GDPR, we will use your email address to send you our newsletter on a regular basis. The following information explains the contents of our newsletter as well as the subscription, mailing and statistical evaluation procedures and your rights of appeal. By subscribing to our newsletter, you agree to receive it and to the procedures described. In accordance with the requirements of the General Data Protection Regulation (GDPR) applicable as of 25 May 2018, we inform you that you consent to the sending of email addresses based on Art. 6 (1) lit. a, 7 GDPR and § 7 (2) no. 3, and/or (3) Act Against Unfair Competition (UWG). The use of the mailing service provider Mailchimp, the performance of statistical surveys and analyses as well as the logging of the subscription process are based on our legitimate interests pursuant to Art. 6 (1) lit. f GDPR. Our interest is in using a user-friendly and secure newsletter system that serves our business interests and meets the expectations of our users.

We send newsletters, emails and other electronic notifications with promotional information (hereinafter referred to as the “Newsletter”) only with the consent of the recipient or with legal permission. Insofar as the contents of the newsletter are specifically described in the course of subscribing, they equate to the consent of the user. Our newsletters also contain information about offers, innovations and product information.

A subscription to our newsletter is made via a double opt-in process. I.e., After subscribing you receive an email which asks you to confirm your subscription. This confirmation is necessary so that no one can subscribe with someone else’s email address.

The subscription to the newsletter is logged so that the subscription process can be evidenced in accordance with legal requirements. This includes storage of the times of subscription and confirmation as well as the IP address. Any changes to your data stored with Mailchimp are also logged.

The newsletter is mailed by Mailchimp, The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

The email addresses of our newsletter recipients and any other data described here, are stored on the servers of Mailchimp. Mailchimp uses this information to mail and analyse the newsletter on our behalf. Furthermore, Mailchimp may use this data in accordance with its own information to optimise or improve its own services, e.g., to technically optimise the mailing and presentation of the newsletters or for commercial purposes to determine which countries the recipients come from. However, Mailchimp does not use the data of our newsletter recipients to correspond with them itself, nor does it pass the data on to third parties.

We trust the reliability and the IT and data privacy of Mailchimp.

To subscribe to the newsletter, it is sufficient to provide your email address.

Optionally, we ask you to provide your first and last name. This data is used only to personalise the newsletter. We only use other information to adapt the contents of the newsletter to the interests of our readers.

The newsletters contain a so-called “web beacon”, i.e. a pixel-sized file that is retrieved from the Mailchimp server when the newsletter is opened. In the course of this call-up, technical information, such as information about your browser and your system, as well as your IP address and the time of the call-up are collected initially. This information is used to technically improve our services based on the technical data or the target groups and their reading behaviour based on the call-up locations (which are determined with the aid of the IP address) or the access times.

The statistical surveys also determine whether the newsletters are opened, when they are opened and which links are clicked on. For technical reasons this information can be assigned to the individual newsletter recipients. It is however not our aim, nor is it that of Mailchimp, to observe individual users. The evaluations serve us rather to recognise the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

There are cases in which we direct the newsletter recipients to the webpages of Mailchimp. For Instance, if our newsletters contain a link, with which the newsletter recipients can access the newsletter online (e.g., in the event of display problems within the email programme). Further, newsletter recipients can correct their data, e.g., email address, retrospectively. Also, the data protection policy of Mailchimp can only be called up on its webpage.

In this context, we would like to point out that cookies are used on the webpages of Mailchimp and that personal data is thus processed by Mailchimp, its partners and the service providers it uses (e.g. Google Analytics). We have no influence on this data collection. You can find more information in Mailchimp’s data protection policy. We advise you additionally of your options to opt out of data collection for advertising purposes on the websites https://www.aboutads.info/choices/ and https://www.youronlinechoices.com/ (for the European area).

You can cancel, i.e., revoke your consent for, the receipt of our newsletter at any time. In doing so you will simultaneously revoke your consent to its mailing via Mailchimp and to statistical analyses. Separate revocation of your consent to the mailing via Mailchimp or to statistical analysis is unfortunately not possible.

You can find a link to cancel the newsletter at the end of any newsletter.

Separately from the newsletter, we send you regular product recommendations by email. In this way we enable you to get information about products from our offer which might interest you on the basis of your recent purchases. Thereby, we adhere strictly to the legal requirements. You can object to this at any time without incurring any costs other than the transmission costs according to the prime rates. A notice to this effect in text form to the contact details stated under item 1 (e.g. e-mail, fax, letter) shall suffice. Of course, you will also find an unsubscribe link in every email. The same conditions apply as stated in section 3.3.

Legal grounds for data processing according to the above paragraphs is Art. 6 (1) S. 1 a), b) and/or f) GDPR. Our particular interests in data processing are in the initiation, conclusion and fulfilment of contracts as well as direct marketing and product information.

Unless specifically stated, we only store personal data for as long as is necessary to fulfil the intended purposes and/or as is legally prescribed.

Pursuant to the applicable laws you have various rights with regard to your personal data. Should you wish to assert these rights, please direct your request by email or post giving unambiguous personal identification to the address given in section 1.

Please find an overview of your rights below.

In accordance with Art. 15 GDPR, you have the right to obtain confirmation from us at any time as to whether personal data relating to you is being processed. If this is the case, you have the right to request information from us free of charge about the personal data stored about you, together with a copy of this data. Furthermore, you have a right to the following information:

1. the purposes of processing;
2. the categories of personal data which are being processed;
3. the recipients or categories of recipients, to which the personal data has been disclosed or will be disclosed, in particular in the case of recipients in third countries or in the case of international organisations;
4. as far as possible, the planned duration for which the personal data will be stored, or, if this is not possible, the criteria for determining this duration;
5. the existence of a right to rectification or deletion of the personal data related to you or to limitation of the processing by the data controller or a right to object to this processing;
6. the existence of the right of appeal to a supervisory authority;
7. if the personal data was not collected from you, all available information about the source of the data;
8. the existence of automated decision-making, including profiling, pursuant to Art. 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for you.

If personal data is transmitted to a third country or to an international organisation, you have the right to be informed about the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transmission.

Pursuant to Art. 16 GDPR, you have the right to demand that we correct any inaccurate personal data relating to you without undue delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary declaration.

Pursuant to Art 17(1) GDPR you have the right to request that we delete personal data concerning you without undue delay and we are obliged to delete personal data without undue delay where one of the following grounds applies:

1. The personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
2. You revoke your consent on which the processing was based pursuant to Art. 6 (1) S 1 a) GDPR or Art. 9 (2) a) GDPR and there is no other legal basis for the processing.
3. You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
4. The personal data has been unlawfully processed.
5. The deletion of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which we are subject.
6. The personal data was collected in relation to information society services, offered pursuant to Art. 8 (1) GDPR.

If we have made the personal data public and we are obliged to delete it pursuant to Art. 17 (1) GDPR, we shall take reasonable measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers who are responsible for processing personal data which you have requested be deleted, that they delete all links to or copies or replications of said personal data.

In accordance with Art. 18 GDPR, you have the right to demand that we limit processing if one of the following preconditions is met:

1. the accuracy of the personal data is contested by you for a period that enables us to verify the accuracy of the personal data,
2. the processing is unlawful and you refused the deletion of the personal data and instead requested the limitation of the use of the personal data;
3. we no longer need the personal data for the purposes of processing, but you need the data to assert, exercise or defend legal claims, or
4. you have objected to the processing pursuant to Art. 21 (1) GDPR, until it has been determined whether the legitimate reasons of our company outweigh yours.

Pursuant to Art. 20 GDPR, you have the right to receive the personal data related to you, that you have provided to us, in a structured, commonly used and machine-readable format, and you have the right to transmit this data to another data controller without hindrance from us, provided that

1. the processing is based on consent pursuant to Art. 6 (1) S. 1 a) GDPR or Art. 9 (2) a) GDPR or on a contract pursuant to Art. 6 (1) S. 1 b) GDPR and
2. the processing is carried out with the help of automated procedures.

When exercising your right to data portability in accordance with paragraph 1, you have the right to require that the personal data be transferred directly from us to another data controller, as far as this is technically feasible.

In accordance with Art. 21 GDPR, you have the right to object at any time on grounds relating to your particular situation to the processing of personal data relating to you which is carried out on the basis of Art. 6 (1) S.1 e) or f) GDPR; this also applies to profiling based on these provisions. We no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or if the processing serves the purpose of asserting, exercising or defending legal claims.

If personal data is processed by us for the purpose of direct marketing, you have the right to object at any time to the processing of personal data related to you for the purposes of such marketing; the same applies for profiling, unless it relates directly to such direct marketing.

You have the right to object, on grounds resulting from your particular situation, to the processing of personal data related to you which is carried out for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR, unless the processing is necessary for the performance of a task carried out in the public interest.

In accordance with Art. 22 GDPR, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects related to you or which similarly significantly affects you.

There is no automated decision-making based on the personal data collected.

In accordance with Art. 7 III GDPR, you have the right to revoke your consent to the processing of personal data at any time.

You have the right to lodge an appeal with a supervisory authority, in particular in the Member State of your residence, at your place of work or at the place of the alleged infringement, in accordance with Art. 77 GDPR, if you are of the opinion that the processing of personal data related to you is unlawful.

We take the utmost care to ensure the security of your data within the framework of the applicable data protection laws and technical possibilities.

When transmitted by us, your personal data is encrypted. This applies for your orders and for customer login. We use the SSL (Secure Socket Layer) encoding system. However, we advise you that security loopholes can occur in the case of data transfer on the internet (e.g., in the case of communication by email). Complete protection of the data against access by third parties is not possible.

In accordance with Art. 32 GDPR we take technical and organisational security measures to secure your data, which we continually adapt to the state of the art.

We also do not guarantee that our offer will be available at certain times; disruptions, interruptions or failures cannot be ruled out. The servers we use are regularly carefully secured.

In principle, we only use your personal data within our company.

We only disclose your personal data to third parties if:

you have given your express consent in accordance with Art. 6 (1) S.1 lit. a GDPR,

the disclosure is necessary in accordance with Art. 6 (1) S.1 lit. f GDPR for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,

the disclosure is necessary in accordance with Art. 6 (I) S.1 lit. f GDPR to perform the tasks you have requested and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,

in the event that there is a legal obligation for the disclosure in accordance with Art. 6 (1) S. 1 lit. c GDPR, and

this is legally permissible and necessary in accordance with Art. 6 (1) S. 1 lit. b GDPR for the processing of contractual relationships with you.

If and to the extent that we involve third parties in the fulfilment of contracts (such as logistics service providers), they will only receive personal data to the extent that the disclosure is necessary for the corresponding service.

In the event that we outsource certain parts of data processing (“commissioned processing”), we contractually oblige commissioned processors to use personal data only in accordance with the requirements of data protection laws and to ensure the protection of the rights of the data subject.

There is no data transfer to offices or persons outside the EU other than the cases mentioned in this policy in section 2, nor is this planned.

This data protection policy is currently valid and has the status April 2022.

Due to the further development of our website and its offers or due to changed legal or official requirements, it may become necessary to change this data protection policy. You can access and print out our current data protection policy at any time from the website at www.primo-gmbh.com.

It is possible that third party content, such as YouTube, maps from Google Maps, RSS feeds or graphics from other websites are integrated within this online offer. This always requires that the providers of this content (hereinafter referred to as “third-party providers”) are party to the IP address of the users. This is because without the IP address, they cannot transmit their content to the respective user’s browser. The IP address is thus essential for the sharing of said content. We endeavour to use such content whose respective suppliers use the IP address only to deliver the content. However, we have no influence on whether the third parties store the IP address e.g., for statistical purposes. Where we know this happens, we notify users about it.

Primo GmbH
April 2022