Data protection information according to Art. 13, 14 and 21 of the EU General Data Protection Regulation (EU GDPR)
With these data protection notices, we inform you, our customers, in accordance with the EU General Data Protection Regulation (EU GDPR) applicable from 25 May 2018 on the processing of your personal data by us as well as the rights to which you are entitled. These notes will be updated as necessary and posted on www.popplock.com. There you will also find further privacy notices for the visitors of our website.
1. Who is responsible for data processing and to whom can you contact?
We are responsible for the data processing - popplock, Uhlandstrasse 47, 86157 Augsburg +49 821 5871001 Mail: Info@popplock.com
2. What data and sources do we use?
We process data that we receive in the course of processing our business relationship with you. The data is obtained directly from you, e.g. by selling an article.
Specifically, we process for the performance of our services:
• Master data to carry out a sale. (For example name and address, e-mail address, telephone number)
• Data in connection with the processing of payments and, if necessary, as security for the deposit of (e.g. bank details, credit card data, PayPal account
• Correspondence (e.g., correspondence or e-mail traffic with you)
• Data from past or previous purchases
• Advertising and sales data (e.g., about new potentially interesting offers)
3. On which legal basis is your data used (purpose of the data processing)?
The following information provides information on what and for what purpose we process your data.
3.1 For the fulfillment of contractual obligations (Article 6 (1) (b) EU GDPR)
We process your data to carry out our contracts with you, especially for carrying out and processing your purchases. The purposes of the data processing are based in detail on the contract documents. (e.g. shipping)
3.2 In the context of balance of interests (Article 6 (1) (f) EU GDPR)
To protect legitimate interests, your information may be used by us or by third parties. This is done for the following purposes:
• Further development of our products
• Advertising, market and opinion research
• Asserting legal claims and defense in legal disputes
• Prevention and investigation of crime
• Ensuring IT security and availability of IT operations
Our interest in the respective processing results from the respective purposes and is otherwise of an economic nature (efficient performance of tasks, distribution, and avoidance of legal risks). As far as the specific purpose allows, we process your data pseudonymized or anonymized.
3.3 On the basis of your consent (Article 6 (1) (a) EU GDPR)
If you have given us consent to the processing of your personal data, this respective consent is the legal basis for the processing mentioned therein. In addition, you may have the promotional address by e-mail, phone or messenger service approved. You can revoke your consent at any time with effect for the future. This also applies to declarations of consent that you have given us before the validity of the EU GDPR, ie before 25 May 2018. The revocation works only for future processing, not for already done. Please contact our contact address.
3.4 Due to legal requirements (Article 6 (1) (c) EU GDPR)
We are subject to various legal obligations and legal requirements (eg Civil Code (BGB), Commercial Code (HGB), GoB, Tax Laws of the Federal Republic of Germany). The purposes of the processing include identity and age checks, fraud prevention, the fulfillment of tax control and reporting obligations as well as the assessment and management of risks.
4. Who gets my data?
A transfer of your data takes place only in compliance with the EU GDPR and only as far as a legal basis allows. Within our sales organization, only those entities receive the data they need to fulfill our contractual and legal obligations or to perform their respective duties (for example, sales, customer service).
In addition, the following locations can receive your data:
• Commissioned processors (Art. 28 EU-GDPR), especially in the area of booking systems and IT services, logistics, who process your data according to our instructions
• Public bodies and institutions (tax authorities) in the presence of a legal or regulatory obligation, as well as
• other bodies for which you have given us your consent to the transfer of data.
5. How long will my personal information be stored?
If necessary, we process your personal data for the duration of our business relationship, which includes the initiation and execution of a contract for the settlement of a sale. In addition, we are subject to various storage and documentation obligations, which result, among others, from the Civil Code (BGB), the Commercial Code (HGB), the Tax Code (AO). The deadlines for storage and documentation specified there are two to a maximum of ten years. Finally, the storage period is also judged by the statutory limitation periods, which, for example, according to §§ 195 ff. Of the Civil Code (BGB) usually three years. The storage of your personal data based on your consent takes place until further notice.
6. Will my data be transmitted to a third country?
We only transfer your data to countries outside the European Union if this is necessary for the execution and execution of the purchase contract or if it is required by law or if you have given us your consent.
7. Do I have specific rights in handling my data?
Under the respective legal requirements they have the right to information (Art. 15 EU-DSGVO, § 34 Federal Data Protection Act (BDSG) in its version valid from 25 May 2018), to rectification (Art. 16 EU-DSGVO), to cancellation (Art. 17 EU-DSGVO or § 35 BDSG), to limitation of processing (Art. 18 EU-DSGVO) and to data portability (Art. 20 EU-GDPR). You also have a right of appeal to a data protection supervisory authority (Art. 77 EU-DSGVO or § 19 BDSG).
8. Is there a duty for me to provide my data?
As part of our business relationship, you only need to provide the personal information that is required to establish, conduct and terminate a business relationship or that we are required to collect by law. Without this data, we will generally have to refuse to conclude the contract or to execute the order or to be unable to complete an existing contract and to terminate it if necessary.
9. Is there automated decision-making in individual cases?
In principle, we do not use automated decision-making pursuant to Art. 22 EU GDPR to establish and conduct the business relationship. If we use these procedures in individual cases, you will be informed separately, provided that this is prescribed by law.
10. Will my data be used in any way for profiling?
As a responsible company we refrain from automatic decision-making or profiling.
The internet pages partly use so-called cookies. Cookies do not harm your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and stored by your browser.
Most of the cookies we use are so-called "session cookies". They are automatically deleted after your visit. Other cookies remain stored on your device until you delete them. These cookies allow us to recognize your browser the next time you visit.
You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, the acceptance of cookies for certain cases or generally exclude and enable the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.
12. Which rights as a customer do I have?
You have the right at any time, for reasons arising out of your particular situation, to prevent the processing of personal data relating to you which, pursuant to Article 6 (1) lit. f EU-DSGVO (data processing based on a balance of interests) takes place, objecting. If you object, we will no longer process your personal data. In addition, according to Art. 15 EU-GDPR you have a permanent right of withdrawal to your consent to data processing for further purposes, should you have given us consent to this form. The objection can be made in each case form-free to the contact address known to you.
Each data subject has the right to complain to the supervisory authority if it considers that the processing of the data concerning them violates data protection provisions. The right to complain may in particular be made with the supervisory authority of your state or be asserted at the place of the material breach. An up-to-date list of the relevant supervisory authorities can be found at
(retrieved on 15.03.2018)