Privacy Policy

Privacy Policy

I.        Notice concerning the party responsible for this website / Controller

The party responsible for processing data for the purposes of Regulation (EU) 2016/679 (General Data Protection Regulation; in the following: GDPR)  as well as all other national data protection acts and regulations is:

Burkhard Müller Schmuck GmbH

Mauritiusstrasse 40-46

76761 Rülzheim

Germany

Phone +49 72 72 / 92 98-0

Fax +49 72 72 / 92 98 - 88

E-Mail webshop@diamonfire.de

CEO: Burkhard Müller, Anna-Maria Müller-Bartl

Data protection officer:

Anna-Maria Müller-Bartl

Burkhard Müller Schmuck GmbH

Mauritiusstrasse 40-46
D -76761 Rülzheim
Phone +49 72 72 / 92 98 - 0
E-Mail ammb@burkhard-schmuck.de

II.       Overview of data protection

1.      Processing of personal data

We process personal data of our users basically only to ensure the proper functioning of our website and/or with their consent. Exceptions are possible in case a prior consent is impossible for practical reasons and the processing is permitted by law.

2.      Legal basis for the processing of personal data

In cases in which you have given consent to the processing of your personal data for one or more specific purposes, legal basis for the processing of such data is Article 6 No. 1lit. a GDPR.

The processing of personal data which are necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract is lawful according to Article 6 No. 1 lit. b GDPR.

The processing of personal data which is necessary for compliance with a legal obligation to which we are subject is lawful according to Article 6 No. 1 lit. c GDPR.

In case the processing of personal data is necessary for the purposes of legitimate interests pursued by us or by a third party and such interests are not overridden by the interests or fundamental rights and freedoms of you and require protection of personal data, the legal basis is Article 6 No. 1 lit. f GDPR.

3.      Storage period and erasure of personal data

Your personal data will be erased in case their storage is no longer necessary for the purposes for which they are processed. They may be stored for longer periods insofar as this is obligatory according to EU or national law. An erasure of data is also possible when a storage period which is required by EU or national law expires except a further storage should be necessary for the conclusion or performance of a contract.

III.      Data collection on our website and log files

Some data are collected automatically by our IT systems when you visit our website.

These are: information on your browser including the used version, your operating system, your internet service provider, IP address, date and time of access, websites from which your local system was able to access our website and websites accessed from your system via our website.

These data are kept in the log files of our system. They are not kept together with any other of your personal data. Legal basis for the temporary storage of these data and log files is Article 6 No. 1 lit. f GDPR.

The temporary storage of your IP address by our IT system is necessary to ensure a proper access to our website. For this purpose your IP address must be stored as long as you visit our website. The storage of data in log files is further necessary to ensure the proper functioning of our website. These data are necessary to optimize our website and to ensure the safety of our IT systems. An evaluation of your data for marketing purposes is excluded.

Your data are erased as soon as they are not necessary any more to attain the objective pursuit. In case of the capture of data for providing access to our website they are erased as soon as the session is terminated. In case of data storage in log files they are deleted after seven days at the latest. A storage after this period is possible. Your IP address will then be deleted or modified in order to make a correlation to you impossible.

The collection of your data is necessary for providing access to our website; the data storage in log files is also necessary to ensure the proper functioning of our website. It follows that there is no right to object to the data collection and storage.

IV.     Cookies

Our website uses cookies. Cookies are small text files that are stored on your computer and saved by your browser. We use cookies to make our website more user-friendly, efficient and secure. Whenever you access a website, a cookie may be stored in your operating system. This cookie contains a character string which makes it possible to recognize your browser when you next visit the site.

Most of the cookies used by us are automatically deleted when you close your browser. Some elements of our website require the identification of your browser also after moving to another page. The data stored in these cookies are: language setting, device type, settings, articles in a shopping cart, log-in information.

We also use cookies to analyze the surfing behaviour of our customers. The following data can be stored and transmitted in such cookies: search terms, frequency of site calls, use of specific functions of the site.

These data are collected in strictly pseudonymous form. They cannot be allocated to a certain user. They are not kept together with any other of your personal data.

Upon accessing our website, users are informed about the installation of cookies for such analytical purposes and asked to consent to the processing of their personal data.

Legal basis for the processing of personal data by the use of cookies is Art. 6 No. 1 lit. f GDPR. Legal basis for the processing of personal data by the use of cookies for analytical purposes is Art. 6 No. 1 lit. a GDPR.

Cookies are stored on your computer and transmitted to our website. You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of our website. The transmission of Flash cookies can be prevented by changing the settings of the Flash player.

V.      Registration

You have the possibility to set up an account and sign up for our webshop on our website. For this purpose, you have to fill in personal data in our registration form which are then transmitted to us and stored. Your data will not be passed on to third parties. In particular, you have to fill in the following data: name, address, gender, e-mail address, date of birth.

At the term of registration, the following data are automatically collected: IP address, date and time of registration, device type settings, origin of user, language settings.

In the course of registration, we will require your consent to the processing of these data, Article 6 No. 1 lit. a GDPR. Your data are necessary for the conclusion and performance of a contract for the purchase of goods in our webshop, Article 6 No. 1 lit. b GDPR, in particular to allow the shipment of your orders to the correct address.

Your data are erased as soon as they are not necessary any more to attain the purpose of their collection. In particular, they are erased as soon as you cancel or amend the registration on our website or your data are not necessary any more to fulfil the contract. Even after termination of the contract, the storage of data may be obligatory for contractual or legal requirements (e.g. for tax reasons).

You have the possibility to cancel your registration at any time as well as to amend the personal data collected by us. You can cancel your account by sending us an e-mail to webshop@diamonfire.com. You can amend your personal data by logging into your account. As far as your data are necessary for the conclusion or performance of a contract, an deletion of your data is possible unless prohibited by contractual or legal obligations.

VI.     Newsletter

You can subscribe to our free newsletter on our website. This requires that you provide us with your e-mail address. Additionally, the following data are collected: IP address, date and time of access. We collect your personal data exclusively for the purpose of sending the newsletter and preventing a misuse of our service as well as of your e-mail address. The legal basis is your consent according to Article 6 No. 1 lit. a GDPR.

When you submit your e-mail address to us in the course of purchasing articles in our webshop, we may use your e-mail address for sending our newsletter to you. In this case, we will use our newsletter exclusively for advertising our own similar goods. Legal basis for sending the newsletter in these cases is § 7 No. 3 UWG (German law against unfair competition).

Your data will not be passed on to third parties. They will be used exclusively for the purpose of sending the newsletter.

Your data are erased as soon as they are not necessary any more for the purpose of sending you the newsletter. Your e-mail address is stored as long as your subscription is active.

You may unsubscribe to the newsletter by means of the link found at the bottom of the newsletter at any time. You can also unsubscribe from the newsletter directly on our website or by sending us an e-mail to webshop@diamonfire.com.

VII.    Contact form and e-mail contact

You may contact us by using our electronic contact form on our website. In this case, we collect the following data from you: name, gender, e-mail address, phone number (optional).

The following data are automatically collected: IP address, date and time of registration, device type settings, origin of user, language settings.

Alternatively, you can contact us via our e-mail address on our website webshop@diamonfire.de. In this case, the personal data transmitted by you in your e-mail are stored.

We do not pass any of your personal data on to third parties in this context. Your data are exclusively processed for the purpose of communicating with you.

Legal basis is your consent according to Article 6 No. 1 lit. a GDPR. Legal basis for the processing of data which are transmitted by you by an e-mail is Article 6 No. 1 lit. f GDPR. When you contact us for the purpose of concluding a contract, legal basis is also Article 6 No. 1 lit. b GDPR.

The processing of your personal data is exclusively necessary for the purposes of communicating with you, of preventing a misuse of the contact form and to ensure the safety of our IT systems.

Your data will be deleted as soon as the communication with you is terminated. This is the case when the specific issue has been resolved. The data that have been automatically collected will be deleted after seven days at the latest.

You have the right to object to your consent to the processing of your data at any time by sending us an e-mail to webshop@diamonfire.de. In this case, all personal data stored in the process of the communication will be erased. The communication cannot be continued in this case.

VIII. Google Analytics

Our website uses the services of Google Analytics to analyze the surfing behavior of our users. Google Analytics is provided by Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. It can assign data, sessions and interactions for several devices to a pseudonymous user ID and can analyze the user´s activities across operating systems and devices. Google Analytics places a cookie on your computer (please see our information to Cookies above). When accessing our website, the following data are stored: two bytes of the user´s IP address, the visited website, websites from which your local system was able to access our website (referrer), the subpages called up by you, how long you visited our website, frequency of access to our website.

The information generated by the cookie are regularly transmitted to a server of Google in the U.S. and stored there. In case of activating the IP anonymization, your IP address will not be fully submitted. Only in exceptional cases the IP address will be completely submitted to a Google server in the U.S. and shortened there. Your IP address will not be combined with other data stored by Google.

Google will use the data for the purpose of evaluating the use of our website, creating reports about website activities and other services in connection with the use of our website and the internet. This creates our legitimate interest in the processing of your data, according to § 15 No. 3 Telemediengesetz (TMG) and Article 6 No. 1 lit. f GDPR.

The data linked with cookies, User IDs or promotion IDs will be automatically deleted after 14 months. Other data are deleted once a month on a regular basis when their storage period has been reached. Please obtain more information from the Privacy Policy of Google, http://www.google.com/analytics/terms/de.html.

Cookies are stored on your computer and transmitted to our website. You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of our website.

When accessing our website, you are informed by an info banner about our use of cookies for analyzing purposes, and asked for your consent to the processing of your data for these purposes.

IX.     Web analysis and newsletter tracking by Shopware

This website uses the services of Shopware to analyze the surfing behavior of our users. It can assign data, sessions and interactions for several devices to a pseudonymous user ID and can analyze the user´s activities across operating systems and devices. The following data are stored and transmitted by the use of cookies: traffic source, analysis of shopping cart / orders, break-off analysis, age, IP address, date and time of registration, device type settings, user´s origin, language settings, method of payment, search terms analysis, customer group, articles in shopping cart.

The software of Shopware exclusively runs on the servers of our website. Personal data are exclusively stored on our servers and are not transmitted to third parties.

Legal basis for the data processing is Article 6 No.1 lit. f GDPR. The data collected from you are used exclusively to analyze the surfing behavior of our users and to collect information about the use of the components of our website. This helps us to continually improve our website and make it more user-friendly. This creates our legitimate interest in the use of your data. The personal data of our users are protected by the pseudonymization of their IP addresses.

The collected data will immediately be deleted as soon as they are not needed any more for recording purposes.  

Cookies are stored on your computer and transmitted to our website. You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of our website. When accessing our website, you are informed by an info banner about our use of cookies for analyzing purposes, and asked for your consent to the processing of your data for these purposes.

Please obtain more information on the protection of your data in the Privacy Policy of Shopware, https://de.shopware.com/datenschutz/.

X.      Payment Services

Our website accepts payments via PayPal. The provider of these services is PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. If you select payment via PayPal on our website, the payment data provided by you will be supplied to PayPal. Legal basis for the transmission of your data to PayPal is Article 6 Abs. 1 lit. b GDPR. Your data are transmitted to PayPal exclusively for purposes of executing the payment of your purchased articles.

Your payment data are not stored by us. We do not have any influence on the handling and storage of your personal data by PayPal. Please find further information in the Privacy Policy of PayPal under https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE.

As long as we have not yet transmitted your personal data to PayPal, you may object to the transmission at any time by sending us an e-mail to webshop@diamonfire.de. In this case, a payment via PayPal will not be possible. You may then choose another payment method (prepayment).

XI.     Facebook

Our website includes a link to Facebook. The social network Facebook is provided by Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA.  As soon as you click on the Facebook link on our website, a direct connection between your browser and the Facebook server is established. This enables Facebook to receive information that you have visited our site from your IP address. The following data are transmitted automatically to Facebook: IP address, date and time of access.

If you click on the Facebook link while you are logged on to Facebook, Facebook can allocate the visit of our website to your Facebook account.

Legal basis for the processing of your data is Art. 6 No. 1 lit. a GDPR.

We have no influence on the handling and storage of your data by Facebook. Please obtain more information from the Privacy Policy of Facebook: https://de-de-facebook.com/policy.php.

If you do not want Facebook to allocate the visit of our website with your Facebook account, please log out from your Facebook account.

XII.    Instagram

We have embedded functions of Instagram in our website. This service is provided by Instagram Inc., 1601 Willow Road, Manlo Park, CA 94025, USA. When you visit our website, a direct connection between your browser and the Instagram server is established. This enables Instagram to receive information that you have visited our site from your IP address. The following data are transmitted automatically to Facebook: IP address, date and time of access.

If you click on the Instagram button while you are logged on to your Instagram account, Instagram can allocate the visit of our website to your Instagram account.

Legal basis for the processing of your data is Art. 6 No. 1 lit. a GDPR.

We have no influence on the handling and storage of your data by Instagram. Please obtain more information from the Privacy Policy of Instagram: https://instagram.com/about/legal/privacy/.

If you do not want Instagram to allocate the visit of our website with your Instagram account, please log out from your Instagram account.

XIII. Marketing services

We place third-party advertisements on our website. These advertisements are provided by Google AdSense / Google AdWords, a service of Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA. These marketing services enable us to present our users advertisements according to their interests.

When you enter our website, a code will be run by Google and embedded in our website (so-called web beacons). This allows us to store a cookie on your computer with information on the websites you have visited, which contents you are interested in and which offers you have clicked on.  Additionally, technical information is collected, namely, information on your browser and operating system, referring website, time of retrieval as well as information on the use of our online services.

Your IP address will be processed, but only after being shortened. Only in exceptional cases the IP address will be completely submitted to a Google server in the U.S. and shortened there. Your IP address will not be combined with other data stored by Google.

Your data can be used by Google also together with information from other sources. When you access other websites in the following time, individual advertisements according to your interests may be displayed to you.

Legal basis for the data processing is Article 6 No.1 lit. f GDPR. The data collected from you are used exclusively to analyze and optimize our online services. This helps us to continually improve our website and make it more user-friendly. This creates a legitimate interest in the use of your data.

The collected data are pseudonymized by the Google Marketing Services. This means that they are not processed in connection with a certain identified person, but within pseudonymous user profiles. Names and e-mail addresses of users are not processed or stored. The information collected by the Google Marketing Services are transmitted to Google and stored on servers of Google in the U.S. Please obtain more information on the use of the data on the following sites of Google: https://www.google.com/policies/technologies/ads, https://www.google.com/policies/privacy.

In order to object to the Google advertising, you can use the forms provided by Google on http://www.google.com/ads/preferences.

XIV. LightWidget

We use the Java Script Code LightWidget to present preview images of our Instagram account on our website.

When you visit our website showing images presented by LightWidget, a direct connection between your browser and the Instagram server is established. This enables Instagram and LightWidget to receive information that you have visited our site from your IP address. The following data are transmitted automatically to Instagram and LightWidget: IP address, date and time of access.

If you click on the Instagram button while you are logged on to your Instagram account, Instagram can allocate the visit of our website to your Instagram account.

Legal basis for the processing of your data is Art. 6 No. 1 lit. a GDPR.

We have no influence on the handling and storage of your data by Instagram. Please obtain more information from the Privacy Policy of Instagram: https://instagram.com/about/legal/privacy/ and LightWidget under https://lightwidget.com/privacy.

If you do not want Instagram to allocate the visit of our website with your Instagram account, please log out from your Instagram account.

When accessing our website, cookies may be stored on your computer. These cookies are used to identify individual clients behind a shared IP address and apply security settings on a per-client basis. No personal data are stored.

Please obtain more information from the Privacy Policy of LightWidget: https://lightwidget.com/cookies and https://lightwidget.com/privacy.

XV.   Rights of the data subject

1.      Right of access

You have the right to obtain from the responsible party / controller confirmation as to whether or not personal data concerning you are being processed by us. Where is the case, you have the right to access to the personal data and following information:

The purposes of the processing; the categories of personal data concerned; the recipients or categories of recipient to whom the personal data have been or will be disclosed; where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; the existence of the right to request from us rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing; the right to lodge a complaint with a supervisory or authority.

You further have the right to be informed whether your personal data are transferred to a third country or to an international organization as well as of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.

2.      Right to rectification

You have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

3.      Right to restriction of processing

You have the right to obtain from the controller restriction of processing in the following cases:

- the accuracy of the personal data is contested by you for a period enabling the controller to verify the accuracy of your personal data

- the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead

- the controller no longer needs your personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims

- you have objected to processing pursuant to Article 21 No 1 GDPR pending the verification whether the legitimate grounds of the controller override those of you.

Where processing has been restricted according to one of these grounds, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a member state.

You will be informed by the controller before the restriction of processing is lifted.

4.      Right to erasure

You have the right to obtain from the controller the erasure of your personal data without undue delay and the controller has the obligation to erase your personal data without undue delay where one of the following grounds applies:

- the personal data are no longer necessary in relation to the purpose for which they were collected or otherwise processed

- you withdraw consent on which the processing is based according to Article 6 No. 1 a) GDPR, and where there is no other legal ground for the processing

- you object to the processing pursuant to Article 21 No. 1 and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21 No. 2 GDPR.

- your personal data have been unlawfully processed

- your personal data have to be erased for compliance with a legal obligation in the European Union or member state law to which the controller is subject

- your personal data have been collected in relation to the offer of information society services referred to in Article 8 No. 1.

The right to erasure shall not apply to the extent that processing is necessary:

- for exercising the right of freedom of expression and information

- for compliance with a legal obligation with requires processing by Union or member state law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

-  for reasons of public interest in the area of public health in accordance with Art. 9 No. 2 h) and i) as well as Art. 9 No. 3 GDPR

- for the establishment, exercise or defence of legal claims.

5.      Right to information

The controller shall communicate any rectification or erasure of your personal data or restriction of processing carried out in accordance with Article 16, Article 17 No. 1 and Article 18 to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform you about those recipients if you request it.

6.      Right to data portability

You have the right to receive your personal data which you have provided to the controller in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us, where:

- the processing is based on your consent pursuant to Article 6 No. 1 a) or on a contract pursuant to Article 6 No. 1 b); and

- the processing is carried out by automated means.

In these cases, you have the right to have your personal data transmitted directly from one controller to another, were technically feasible.

The exercise of these rights is without prejudice to Article 17. These rights shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. These rights shall not adversely affect the rights and freedoms of others.

7.      Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Article 6 No. 1 e) or f), including profiling based on those provisions. We will no longer process the personal data in this case unless we demonstrate compelling legitimate grounds for the processing with override your interest, rights and freedoms or for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where you objected to processing for direct marketing purposes, your personal data shall no longer be processed for such purposes.

8.      Right to revoke your consent

You have the right to revoke your declaration of consent under data protection law at any time. This will not affect the legality of the processing of your data until the time of revocation.

9.      Right to file complaints with regulatory authorities

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.

Status: 30th of May 2018

 

Viewed