In this privacy policy we shall inform you on what type of personal data we collect in the context of your use of www.sigmasport-shop.com and how and for what purpose the data is used by us and what are your rights in this respect. You can call up this information at any time at https://www.sigmasport-shop.com/privacy-policy.

Legal basis for the processing of personal data

Insofar as we obtain the consent of the concerned person for the processing of personal data, Art. 6 para. 1 lit. (a) EU General Data Protection Regulation (GDPR) will serve as legal basis.

In the processing of personal data necessary for the fulfillment of a contract to which the concerned person is a party, Art. 6 para. 1 lit. (b) GDPR will serve as legal basis. This also applies to processing operations required to carry out pre-contractual actions.

Insofar as processing of personal data is required to fulfil a legal obligation that is subject to our company, Art. 6 para. 1 lit. (c) GDPR will serve as legal basis.

In the event that vital interests of the concerned person/s or another natural person require the processing of personal data, Art. 6 para. 1 lit. (d) GDPR will serve as legal basis.

If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the concerned party do not outweigh the interest mentioned first, Art. 6 para. 1 lit. (f) GDPR will serve as legal basis for processing.

The object of data protection

The object of data protection is personal data. According to Art. 4 No. 1 GDPR, these are all information relating to an identified or identifiable natural person; this includes, for example, names or identification numbers.

Collection of web server log files

Description and purpose

When accessing our website, our system automatically saves various data and information from the computer system of the calling computer. The storage of the following data together with other personal data of the user does not take place.

These are the following data:

- Internet browser: type, version and functionality (e.g. cookies, Java, Flash, PDF, etc.)

- Operating system, used terminal device and screen resolution

- IP address of the user

- Date and time of the visit to the website

- Website referrer (when linking through another website)

- Outbound links of our website

- Statistical data of the website visit (frequency, duration, URLs, country of origin of the visitor)

The purpose of the data collection is:

- To enable the delivery of the website to the computer of the website visitor

- Ensuring and optimising the functionality of the website

- Ensuring the safety of the IT infrastructure


Legal basis

This collection of data is carried out on the basis of our legitimate interest in a safe and error-free operation of our IT infrastructure, the fight against abuse, the prosecution of criminal offences and the securing, assertion and enforcement of claims, Art. 6 para. 1 lit. (f) GDPR.


Duration

The stored data will be irretrievably deleted after 14 days. An exceptionally extended storage occurs only if any personal assignment such as IP addresses have been alienated, shortened, or otherwise anonymised. An assignment is thereby no longer possible.

Cookies

Description and purpose

Our website uses cookies. These are small text files that are stored by the browser on your device. If you do not want to use cookies, you can deactivate the automatic saving in the appropriate settings of your browser.

The following technical cookies are used:

- Cookie notice: To display the cookie notice until confirmed by the user of the website.

- We use a front end cookie

- The validity period is 6 months

FrontEnd: PrestaShop-*

o Time at which the cookie was created

o ID of the selected display language

o ID of the selected currency

o ID of the last visited product categories

o Shopping cart folded or unfolded

o ID of the last viewed products

o ID of the displayed products on the wish list

o Saving the status whether the GTCs were confirmed

o Guest ID

o Session ID of the guest

o User ID

o Last name and first name of the user

o Status whether the user is logged in

o Hash value of the set cookie key in combination with the password of the user who is logged in

o E-mail address of the user

o ID of the shopping cart

o Selection of articles per page on the article overview

o Checksum, which is used to determine if the cookie has been compromised

§ If this checksum is incorrect, the whole cookie will be displayed as invalid and will be deleted

In addition, a cookie of the company Matomo is installed for the statistical registration of the website use, see paragraph below "Statistics and analysis via Matomo"


Legal basis

The use of cookies is justified on the basis of our legitimate interest in a needs-based design and the statistical analysis of our website and on the fact that your legitimate interests are not outweighed, Art. 6 para. 1 lit. (f) GDPR.

Duration and deletion

Stored cookies can be deleted at any time on the device. This can, for example, be done automatically using various software solutions. The standardised storage time of cookies is 14 days.

Obligation to provide personal data

Basically, the granting of consent or the provision of personal data when using our web pages, including our web shop, is voluntary. If you don't give consent or provide personal information, it will not generally have any adverse effect on you. However, there are situations where we cannot act without certain personal information, such as personal information that is needed to process your request or orders. In such cases we are unfortunately unable to provide you with the desired information without the relevant personal data. This means that, in the scope of our business relationship, you must provide the personal information that is required to make contact and conduct the business relationship, and fulfill the related contractual obligations, or that we are required to collect by law. Without this information we will generally not be able to conclude or execute the contract with you.

Non-existence of an automated decision-making including profiling

In order to establish and conduct the business relationship, we do not use automated decision-making including profiling according to Art. 22 GDPR.

Contact form

Description and purpose

In the contact form on our website you have the option to contact us directly via e-mail, in particular to have offers and further information sent to you and to make requests or give suggestions

Our contact forms are used for the purpose of making contact electronically. The data entered in the input mask are transmitted to us encrypted and stored. These are the following data: first name, last name, if necessary company, street, post code and place of residence, country, e-mail address, telephone and fax number and message. A contact is alternatively possible via our contact address info@sigmasport.com. In such a case, the data specified in the e-mail as well as the submitted personal data of the user are stored. There is no disclosure to third parties in both contexts. We use the data exclusively for processing the request.

Legal basis

The processing of the data entered in the contact form or transmitted by e-mail is for the purpose of fulfilling the contract or carrying out pre-contractual measures that are carried out at the request of the concerned party (Article 6, para 1, lit. (b) GDPR), provided that the contact has relevant content. Otherwise, the processing is carried out to safeguard our legitimate interests (Article 6, para 1, lit. (f) GDPR).

Duration and deletion

The personal data in the input mask of the contact form and those alternatively provided via e-mail will be irretrievably deleted as soon as the conversation is over. A conversation is deemed to have ended when it can be deduced from the circumstances that the facts have been finally clarified.

Order form

Description and purpose

Our order form serves the purpose of electronic order processing. The data entered in the input mask are transmitted to us encrypted and stored. These are the following data: first name, last name, street, post code and place of residence, country, e-mail address, telephone number (optional), shipping method and payment method (see PayPal)
A contact can alternatively be made using our contact address info@sigmasport-shop.com. In such a case, the data specified in the e-mail as well as the submitted personal data of the user are stored. We use this data exclusively for processing the request. This may include performing the necessary pre-contract steps, answering your related questions, sending shipping, product and billing information and processing or providing customer feedback and support. In addition, we communicate by post, by e-mail and by telephone with customers who purchase our products and services, particularly for the purpose of processing and settling customer concerns.

Legal basis

The processing of the data entered in the contact form or order form or transmitted by e-mail is for the purpose of fulfilling the contract or carrying out pre-contractual measures that are carried out at the request of the concerned party (Article 6, para 1, lit. (b) GDPR), provided that the contact has relevant content. Otherwise, the processing is carried out to safeguard our legitimate interests (Article 6, para 1, lit. (f) GDPR).

Duration and deletion

The personal data in the input mask of the contact form or the order form and those alternatively provided via e-mail will be stored for two years due to potential claims arising from warranty or complaint. After the two years, the data will be blocked and stored only for tax and commercial purposes. A conversation is deemed to have ended when it can be deduced from the circumstances that the facts have been finally clarified.

Payment data/Integration of PayPal

With the PayPal payment method, the customer is automatically forwarded to an external page of the provider PayPal for payment processing. The data entered on this external page, necessary to carry out the payment, will be processed by PayPal (Europe) S.à r.l. & Cie, S.C.A., Société en Commandite par Actions, registered office: 22-24 Boulevard Royal, L-2449 Luxembourg, RCS Luxembourg B 118 349. For more information on how Paypal deals with your personal data, please refer to the privacy policy of Paypal at https://www.paypal.com/de/webapps/mpp/ua/privacy-full. After the successful completion of the payment, the customer will be redirected back to www.sigmasport-shop.com.

Statistics and analysis via Matomo (formerly PIWIK)

Description and purpose

Matomo is an open-source software for the statistical evaluation of visitors to a website. Matomo uses cookies that are stored on your device and that allow us to analyse the website (for more information, see the paragraph "Cookies" given above). Specifically, the following data is stored:

- Shortened and thus anonymised IP address (last two bytes are deleted)

- Internet browser: type, version and functionality (e.g. cookies, Java, Flash, PDF, etc.)

- Operating system, used terminal device and screen resolution

- Date and time of the visit to the website

- Website referrer (when linking through another website)

- Outbound links of our website

- Statistical data of the website visit (frequency, duration, URLs)

- Geolocation (language and country)

- Downloads

The following cookies are used for this purpose:

- _pk_ref*: Identification of the country of origin of the visitor. Storage period: 6 months

- _pk_cvar*: Preparation of internal statistics. Storage period: 30 minutes

- _pk_id*: Identification of clear visits. Storage period: 13 months

- _pk_ses*: Session cookie for tracking active sessions. Storage period: 30 minutes


Legal basis

The legal basis of the processing in these cases is Art. 6, para 1, lit. (f) GDPR

Duration and deletion

The stored data will be irrevocably deleted as soon as it is no longer needed for the recording purposes. Here, this is after 2 years.

Disclosure of data

We treat your data confidentially and therefore do not pass it on to third parties except in the cases described in this privacy policy.

Disclosure, however, except in the cases specifically described in this Privacy Policy, takes place if it is necessary to investigate the unlawful use of our services or for the prosecution of a claim, in particular the enforcement of contractual agreements made with you. If there are specific indications of unlawful or abusive behaviour, personal data will be forwarded to the law enforcement authorities and, if necessary, to the law firm representing us. The disclosure of such information in these cases is based on our legitimate interest in the enforcement of our contractual claims, in the fight against abuse and in the prosecution of criminal offences, if we have come to the conclusion in the balance of interests to be conducted that your rights and interests in the protection of your personal data are not outweighed (Article 6, para 1, lit. (f) GDPR).
We are also required by law to provide information to certain public authorities (for example, law enforcement agencies and tax authorities) upon request. In such cases, the disclosure of these data will be used to fulfil statutory obligations to which we are subject (Article 6, para 1, lit. (c) GDPR).

In addition, any logistics service providers and subcontractors we employ will receive the personal data necessary to execute your order to fulfil the contract of which you are a party or to perform pre-contractual actions that you request (Art. 6 , para 1, lit. (b) GDPR and Art. 6, para. 1, lit. (f) GDPR).

Newsletter

Description and purpose

We offer a free newsletter for retailers and end consumers, by which you can learn about products and actions of SIGMA-ELEKTRO GmbH. The newsletter contains no third-party advertisements and is voluntary. You can register for the newsletter by entering your contact details in the registration form. These data will not be transmitted to third parties. The e-mail address will be used by our processor Episerver Campaign for the purpose of sending the e-mail.
After registration you will receive an e-mail. This contains the link for confirming your registration. You will receive the newsletter only when you have confirmed this.

Legal basis

In this case, the collection and processing of your personal data takes place in order to be able to offer you the newsletter ordered by you, Art. 6 para. 1 lit. (b) GDPR. The forwarding of your e-mail address to our partner Episerver Campaign is also to enable our partner Episerver Campaign to send you the newsletter (Art. 6, para 1, lit. (b) GDPR)

Duration and deletion

The data will be deleted as soon as it is no longer necessary for the achievement of the purpose. The user's e-mail address will be stored by us as long as the subscription to the respective newsletter is active.

Objection

You can unsubscribe from the newsletter at any time. Each newsletter contains information on how you can unsubscribe from the newsletter with effect for the future.

Your rights as the affected party

Right to information

You have the right to request from us any time information about the personal data processed by us in the scope of Art. 15 GDPR by post or e-mail to datenschutz@sigmasport-shop.com. We will then provide you with a copy of the personal data that is the subject of the processing in accordance with Article 15, para 5 GDPR. For this you can submit an application by post or by e-mail to the address given above.

Right to rectify/complete incorrect data

You have the right to request immediate correction or completion of personal data concerning you if it is incorrect. Please contact the above-mentioned addresses.

Right to delete

You have the right to demand the deletion of your personal data under the conditions described in Art. 17 GDPR. In particular, these requirements provide for a right to delete if the personal data are no longer necessary for the purposes for which they were collected or otherwise processed, and in cases of unlawful processing, the right to object or obligation to delete under Union law or the law of the Member State to which we are subject. To assert your right, please contact the below-mentioned addresses.

Right to restriction of processing

You have the right to demand from us that we restrict processing in accordance with Art. 18 GDPR. This right exists in particular if the accuracy of the personal data is disputed between you and us, for the period of time required to verify correctness, and in the case you ask for limited processing instead of deletion in the case of an existing right of deletion; and furthermore in the event that the data is no longer required for the purposes we are pursuing, but which you or us require in order to assert, exercise or defend legal claims, and if the successful exercise of an objection between you and us is still disputed. To assert your right, please contact the below-mentioned addresses.

Right to data portability

You have the right to receive from us the personal data relating to you which you have provided to us in a structured, standard, machine-readable format in accordance with Art. 20 GDPR. To assert your right, please contact the below-mentioned addresses.

Right to object

You have the right at any time, for reasons arising out of your particular situation, to object in accordance with Art. 21 GDPR against the processing of personal data relating to you on the basis of Art. 6 para. 1 lit. (e) or (f) GDPR. We will then stop the processing of your personal information, unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of asserting, exercising or defending legal claims.

Right to lodge complaints to a data protection supervisory authority

You have the right to lodge a complaint with our Data Protection Officer (contact details below, at the end of this Privacy Policy) or with a data protection supervisory authority. The contact details of the responsible data protection supervisory authority are as follows:

The State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate
Prof. Dr. Dieter Kugelmann
Hintere Bleiche 34
55116 Mainz, Germany

Change in purpose

Processing of your personal data for purposes other than those described will only take place if a legal provision allows this or if you have consented to the revised purpose of the data processing. In the event of further processing for purposes other than those for which the data was originally collected, we will inform you of these other purposes before further processing and provide you with all other relevant information.

Deletion of your data

As soon as the storage of your personal data for the purposes for which we have collected it is no longer necessary, we will delete or anonymise your personal data. If we have collected your personal data only in the context of a request for prices and offers, we will delete them after six months from the date of sending the information on the prices or the submission of an offer. If we have collected and stored your personal information in connection with a contract for the delivery of our products, we will delete the data after a period of three months from the expiry date of the warranty period, which is usually two years for purchase contracts, unless otherwise required for criminal prosecution or to secure, assert or enforce legal claims. Insofar as we are subject to statutory retention periods, for example under commercial law or tax law, the data necessary for the fulfillment of these obligations is blocked instead of being deleted ("Restriction of processing").

Responsible for data processing

SIGMA-ELEKTRO GmbH
Dr.-Julius-Leber-Str. 15
67433 Neustadt a. d. Weinstraße, Germany

Contact details of the Data Protection Officer

You can reach our data protection officer by post at the above address with the addition "Data Protection Officer" or by e-mail at datenschutz@sigmasport-shop.com