I. General information on data privacy
The responsible party for this website and within the meaning of Art. 4 (7) Art. 4 Nr. 7 General Data Protection Regulation (GDPR) is Valiryo GmbH, Dietrich-Bonhoeffer-Ring 2, 64653 Lorsch, (Germany), tel: +49 6251 98888-50, E-Mail: info@valiryo.de (referred to hereinafter as “we”, “us”, or “VALIRYO”).
Our data protection officer is:
Mr. Martin Kroupa, email: data-protection@valiryo.de (only English & German)
We respect your privacy and abide by the rules of the applicable data protection laws. This data privacy statement explains to you how we handle personal data, how we collect it, what types of personal data we collect, and how we use it. Personal data is information that can be attributed to you as a person or information that can be used to identify you (e.g. your name, telephone number or email address). This does not include information that cannot be directly linked to your actual identity, or data attributable to legal entities.
1.Right to information, revocation, rectification
In terms of personal data relating to you, you have the following rights vis-à-vis us:
- Right to information, Art. 15 of GDPR,
- Right to the rectification of incorrect data or to the completion of correct data, Art. 16 of GDPR,
- Right to the deletion of personal data stored by us, Art. 17 of GDPR,
- Right to restrict processing, Art. 18 of GDPR,
- Right to data portability, Art. 20 of GDPR,
- Right to object to processing, Art. 21 of GDPR.
Information and communication on your rights shall be provided to you at no charge.
Furthermore, you are entitled to file a complaint with the relevant data protection supervisory authorities about our processing of your personal data (see Art. 77 of GDPR).
For any requests for information, general queries or objections to data processing, please send an email to Valiryo GmbH at data-protection@valiryo.de or send a letter to Valiryo GmbH, Dietrich-Bonhoeffer-ring 2, 64653 Lorsch (Germany).
You are free to revoke consent given to the use of data at any time. If you revoke your declaration of consent, we shall delete all personal data stored by you that we collected or used as part of your consent, unless we are required by law to retain such data. Please note that you may no longer be able to use our services, which are reserved for registered users, once your data has been deleted.
2. Data security
We would like to point out that the transmission of data via the Internet is generally unsecured. The possibility of transmitted data falling into the hands of unauthorized parties and even being falsified cannot be ruled out. For secure communication with us, we usually offer encrypted communication via the SSL protocol (“Secure Sockets Layer”). We always use encrypted communication for forms provided on our web pages, through which you can communicate personal data to us (e.g. contact form, online service portal). The “https://” protocol (instead of “http://”) displayed in the address line of your browser indicates that an area of a website is encrypted or that encrypted transmission takes place. In some browsers, you might also see a lock symbol with the address line of the browser shown in green.
3. Storage length, data deletion and data blocking
We store personal data only for as long as it is necessary in order to perform the services you requested or to which you have given your consent, unless otherwise provided by law. Retention obligations, which require that we retain data, are laid down, for example, in accounting regulations (§ 257 of the German Commercial Code (HGB)) and provisions of tax law (§ 147 of the Fiscal Code (AO), § 14b of the Value Added Tax Act (UStG)).. According to these regulations, business communication, contracts concluded and booking documents must be kept for up to 10 years. If we no longer need this data to perform our services, the data will be blocked. This means that the data may then only be used by us for accounting and tax purposes.
II. Collecting personal data transmitted by your browser
You can visit our website without actively providing information about yourself.
However, whenever you access our website, we automatically collect a range of technical data, which includes personal data (see above).
1. Log files
- Information about the browser type and the version used
- The user’s operating system
- The user’s Internet service provider
- The IP address of the user
- Date and time of access
- Websites from which the user's system accesses our website
- Websites accessed by the user's system through our website
This data is not combined with other personal data that you actively specify when using the website (see section III).
The legal basis for the temporary storage of data is Art. 6 (1) (f) of GDPR. Data is stored to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. For these purposes, we have a legitimate interest in the processing of data in accordance with Art. 6 (1) (f) of GDPR.
The data shall be deleted as soon as it is no longer required for the purpose of its collection. With regard to the collection of data for the provision of the website, this applies once the respective session has been closed. In terms of data storage, this is the case after seven days at the latest. We reserve the right to store server log files for longer where the pertinent facts suggest a case of unauthorized access has taken place (for example, a hacking attempt or a so-called DDoS attack).
In the case of an extended storage period, the IP addresses of the users shall be deleted or alienated, thus preventing an allocation of the calling client.
2. Cookies
2.1. General information
We use so-called cookies in our online offering to make our website more user-friendly and to enable the use of certain functions, in particular to provide visitors with a convenient shop system with a shopping cart feature.
Cookies are small text files that are stored by us on your computer through your browser. These files only contain data that we send to your computer. Private data cannot be read using these. The cookies enable us to customize our online shop and facilitate your use of it.
Cookies pose no threat to your computer. They cannot read hard drive data, transmit viruses, send emails or be read by other web servers.
2.2. Types of cookies
We use so-called session cookies and persistent cookies. Session cookies are only temporary and are used to provide certain functions. When you close the browser, session cookies are deleted again. So-called persistent cookies, on the other hand, remain even after you close the browser and can have a lifespan ranging from a few days to several months.
We use session cookies whenever you log in to our site with your online user account. These cookies are required for the technical implementation of certain functions in our shop and only exist for the duration of your online session, i.e. until you close your browser.
We work with a few partner companies who support us in collecting and analyzing anonymized data (see II.3.). Therefore, when you visit our web pages, cookies from these partner companies are also stored on your computer. These third-party cookies are usually persistent cookies. At no time, however, are these cookies linked to your personal data, which you may have entered in another section of our website.
2.3. Legal basis
The legal basis for processing personal data with the use of cookies is Art. 6 (1) (f) of GDPR.
The purpose of using cookies is to make navigating websites more user-friendly because some functions of our Internet presence cannot be provided without the use of cookies. For some functions, for example, it is required that the browser recognize you again when you navigate to a new page. For these purposes, we have a legitimate interest in data processing in accordance with Art. 6 (1) (f) of GDPR. The user data collected by the cookies shall not be used to create user profiles.
2.4. Disabling cookies
Most browsers are set to accept cookies automatically. If you do not wish to take advantage of the benefits of cookies, you can adjust the security or privacy settings in your browser to change the way cookies are handled. You can disable cookies, including third-party cookies, or adjust your browser so that it notifies you whenever cookies are sent. In addition, browsers allow you to delete individual cookies or all cookies even after you have accepted them. You can use the help function in most browsers to find out how to adjust the above settings.
Please note that if you disable cookies, you will not be able to use all of the functions of our website or those of other websites that you typically visit. If you block the storage of all cookies, you will no longer be able to access some of the features of our shop. Such features include the shopping cart and the complete order cycle.
We therefore recommend that you keep cookies enabled for our website.
3. Web tracking and advertising
We use the web tracking tool Google Analytics for analysis and marketing purposes and to improve our website and increase its appeal. We also use DoubleClick and Facebook Impressions for the targeted placement of adverts.
3.1. Google Analytics
We use the web tracking tool Google Analytics, provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”).
Google uses cookies which are stored on your computer. This enables use of the website to be analyzed. Information about your use of this website is collected by the cookie (including your IP address) and is transmitted to a Google server in the USA where it is saved. We have concluded a corresponding order processing agreement with Google.
We use the anonymization function of Google Analytics, which shortens the IP address to the last octet for IPv4 and to the last 80 bits for IPv6. A unique assignment of the IP address to a person cannot be made thanks to this anonymization.
Google uses information collected by Google Analytics to evaluate use of the website. Reports on website activity are compiled for us, enabling other services relating to website activity and Internet usage to be provided. Google may forward this information to third parties if required by law or if said parties process this data on Google’s behalf. For cases in which personal data is transmitted to the USA, Google has submitted to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US. The legal basis for the use of Google Analytics is Art. 6 (1) (1) (f) of GDPR. Because we have a legitimate interest in analyzing user behavior in order to optimize our web presence and our advertising, and thus provide you with a satisfactory offering.
You can disable the use and storage of cookies by Google by configuring your browser software accordingly or by clicking this link: https://tools.google.com/dlpage/gaoptout?hl=en and downloading the plug-in for deactivating Google Analytics. In addition, you can also prevent the collection of data by Google Analytics on our website by clicking the following link. An opt-out-cookie is set, preventing the future collection of your data when visiting this website: Click here to disable Google Analytics.
For more information on Google Analytics’ terms of service and data privacy, please visit https://www.google.com/analytics/terms/gb.html or https://policies.google.com/?hl=en.
If you object to the use of cookies, please note that you may not be able to use the full scope of the functions on this website.
3.2. DoubleClick
We also use DoubleClick, another service provided by Google Inc. DoubleClick uses cookies to display advertisements relevant to you. Here, your browser is assigned a pseudonymous identification number to check which adverts have been shown in your browser and which adverts have been called up. The cookies do not contain any personal information. The use of DoubleClick cookies enables Google and its partner websites to place adverts only on the basis of previous visits to our or other websites on the Internet. The information generated by the cookies is transferred by Google to a server in the USA for evaluation and stored there. Google shall only transfer data to third parties if legally required to do so or as part of commissioned data processing. Under no circumstances will Google combine your data with other data collected by them.
By using our website, you agree to the processing of the data collected about you by Google and to the aforementioned nature and purpose of such data processing. The legal basis for processing your data is Art. 6 (1) (1) (f) of GDPR. By using DoubleClick, we want to ensure that only advertising that reflects your actual or supposed interests is displayed. We endeavor to avoid burdening you with adverts that are of no interest to you for the benefit of all parties.
You can prevent the storage of cookies by making the relevant settings in your browser software (see section 2.4 above for more information).
You can also prevent Google from collecting and processing the data generated by the cookie relating to your use of the website by downloading and installing the browser plug-in available at https://support.google.com/ads/answer/7395996?hl=en.
3.3. Facebook Impressions
We use the function “Facebook Impressions”, provided by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA.
This function enables information about the frequency with which a contribution from our page is displayed on Facebook to be collected through the use of cookies. The information generated by these cookies, for example, time, place and frequency of your website visit, including your IP address, is transferred to Facebook’s servers in the USA and stored there. You can prevent cookies from being stored by making appropriate settings in your browser (see section 2.4 for more information). The link to Facebook's privacy statement is available here: Facebook's data privacy policy. Facebook has submitted to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.
The legal basis for processing your data is Art. 6 (1) (1) (f) of GDPR. The legitimate interest follows from our interest in being able to measure the effectiveness and range of adverts placed by us and being able to display relevant adverts to you.
4. Social media plug-ins
Our Internet presence uses so-called social plug-ins (“plug-ins”) from various social networks. You can use these plug-ins, for example, to share content or recommend products to others.
The legal basis for using the plug-ins is Art. 6 (1) (1) (f) of GDPR. We provide plug-ins to improve our web presence and to make the online experience more interesting for you the user. This purpose also constitutes the legitimate interest required for Art. 6 (1) (f) of GDPR.
Here, we use the so-called two-click method. This means that the plug-ins are disabled by default on our web pages and no personal data is transferred to the respective provider. The plug-in only becomes active if you click the respective button.
If these plug-ins are activated, your browser will establish a direct connection to the servers of the respective social network as soon as you access a web page of our Internet site. The content of the plug-in – usually a button used to share content from our web pages on social networks – is transmitted from the social network to your browser, where it is incorporated into the website.
By embedding the plug-ins, the social network receives notification that you have accessed the corresponding page of our website. If you are logged in to the social network, such visits can be assigned to your account. If you interact with the plug-ins, for example, by clicking the “Like” button, the corresponding information is transmitted by your browser directly to the social network and saved there.
For more information about the purpose and scope of data collection, the further processing and use of information by social networks, the rights you have in this regard and the privacy options available to you, please refer to the privacy information of the respective networks or websites. The relevant links can be found below. We have no influence over collected data or data processing procedures; similarly, we do not know exactly what volume of data is collected, the purposes of the processing or for how long the data is stored. Likewise, we do not have any information about the deletion of collected data by the plug-in provider.
Even if you are not logged in to your social network account, websites with active social plug-ins can still transmit data to the networks. Active plug-ins set a cookie with an identifier every time the website is accessed. Since your browser sends this cookie without being requested to do so each time there is a connection to a network server, the network could in theory create a profile based on the websites called up by the assigned user. And it would then be perfectly possible to assign this identifier back to a person, for instance, when he/she logs in to the social network later on.
We use the following plug-ins on our web pages:
4.1. Facebook
We use plug-ins of the social network facebook.com, operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). The link to Facebook's privacy statement is available here: Facebook's data privacy policy. Facebook has submitted to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.
4.2. Google+
We use plug-ins of the social network Google+, operated by Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA (“Google”). The link to the privacy statement of Google+ is available here: Data privacy policy of Google+. Google has submitted to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.
4.3. Twitter
We use plug-ins of the social network Twitter, operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA (“Twitter”). The link to Twitter's privacy statement is available here: Twitter’s data privacy policy.
Twitter has submitted to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.
4.4. Digg
We use plug-ins of the social network Digg, operated by Digg, Mississippi St. 135, 3rd floor San Francisco, CA 94107, USA (“Digg”). The link to Digg's privacy statement is available here: Digg's data privacy policy
4.5. Delicious
We use plug-ins of the social network Delicious.com, operated by Yahoo! Inc., 701 First Avenue, Sunnyvale, CA 94089, USA (“Delicious”). The link to the privacy statement of Delicious is available here: Data privacy policy of Delicious
4.6. StumbleUpon
This service is provided by StumbleUpon, Inc. (“StumbleUpon”), Delaware, United States, postal address: 301 Brannan Street, San Francisco, CA 94107. The link to the privacy statement of StumbleUpon is available here: Data privacy policy of StumbleUpon
III. Handling personal data when using the website in special cases
Personal data shall also be collected if you communicate such information to us on our website, in particular when placing orders, when opening an online user account, or when requesting or changing master data.
We primarily use personal data to process orders. This also includes the transmission of data, in the scope required for delivery, to the shipping company assigned by us to perform this task and the forwarding of payment details to our financial service providers assigned to process payments. In addition, we use personal data to provide information about orders, services and offers.
1. Registration
In order to purchase certain products available in our online shop, you need to have a user account with us. You can create such an account at any time by registering on our website. As part of the registration process, you give your consent to the collection, processing and use of your personal data.
Declaration of consent under data protection law
By submitting your declaration of consent when registering on www.valiryo.de, you voluntarily agree – subject to revocation at any time – that VALIRYO
may collect, process and use your personal data such as company name, title, first name, last name, date of birth, address, country, telephone number, email address, ID given by us, time of registration and your encrypted password for creating and providing your user account.
You are entitled to revoke the above declaration of consent for collecting, processing and using your data by simply sending a letter or email to Valiryo GmbH, Dietrich-Bonhoeffer-Ring 2, 64653 Lorsch, (Germany), tel: +49 6251 98888-50, email: data-protection@valiryo.de). The personal data collected about you when you register and not required for the execution of the contractual relationship with us or for legal reasons will then be deleted in full. Please note that you may no longer be able to use our services, which are reserved for registered users, once your data has been deleted.
The legal basis for data processing is Art. 6 (1) (a) of GDPR. If you create your user account when placing an order, the legal basis here is Art. 6 (1) (b) of GDPR because registration is mandatory to complete a purchase via our website.
2. User account
Once you have registered with us (see section 1 above), you can manage your personal data, delivery and billing address, plus your orders and watch lists, in your user account.
We process the personal data that you voluntarily communicate to us exclusively for the purposes of enabling you to log in to your user account, to complete and fulfil/execute a contract with you, and for the purpose of managing your user account. In particular, we shall not use your data for promotional purposes.
The legal basis for this processing is Art. 6 (1) (b) of GDPR or Art. 6 (1) (a) of GDPR if you do not create your user account when placing an order.
3. Order processing
When you place an order with us, we collect, process and use the personal data that we require to process your order. Such data includes, in particular, your delivery/billing address and your payment details, i.e. bank or credit card details. Furthermore, we may request information about your creditworthiness in individual cases. We shall store your data and use it only for the purpose of processing your order.
In order to process your order, we also forward your data to companies assigned with the task of processing payments and delivering goods. These companies may only use your data for the purpose of fulfilling the contract concluded between you and us. Any use beyond this, in particular for promotional purposes, is not permitted. The legal basis for data processing is Art. 6 (1) (b) of GDPR or Art. 6 (1) (f) of GDPR provided that we receive credit information relating to your previous payment history. We have a legitimate interest in your previous payment history in order to evaluate whether we can offer a purchase on account option.
We offer payment via PayPal, among others, on our website. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (referred to hereinafter as “PayPal”).
If you select payment via PayPal, the payment data entered by you shall be transmitted to PayPal. The link to the privacy statement of PayPal is available here: PayPal’s data privacy policy.
We also offer payment via “Sofortüberweisung” (immediately transfer) on our website. The provider of this payment service is Klarna GmbH, Theresienhöhe 12, 80339 Munich (referred to hereinafter as “Klarna GmbH”). The link to the privacy statement of Klarna GmbH is available here: Data privacy policy of Klarna GmbH.
The transmission of your data to PayPal and Klarna GmbH takes place on the basis of Art. 6 (1) (a) of GDPR and Art. 6 (1) (b) of GDPR. You can revoke your consent to data processing at any time. This does not affect the processing of data previously collected.
4. Contact forms
You can get in contact with us using the online form found on our website. The message entered in the contact form can only be sent if you have actively agreed beforehand to the collection and use of personal data specified by you for the purpose of processing your matter.
Declaration of consent under data protection law:
By submitting your declaration of consent when using the contact form, you voluntarily agree – subject to revocation at any time – that VALIRYO may collect, process and use your personal data such as first name, last name, telephone number, email address, including data that you entered in the message field plus the time the message was sent.
You are entitled to revoke the above declaration of consent for collecting, processing and using your data by simply sending a letter or email to Valiryo GmbH, Dietrich-Bonhoeffer-Ring 2, 64653 Lorsch, (Germany), tel: +49 6251 98888-50, email: data-protection@valiryo.de). The personal data that you communicated to us via the contact form and not required for the execution of the contractual relationship with us or for legal reasons will then be deleted in full.
The legal basis for data processing is Art. 6 (1) (a) of GDPR.
We use the personal data transmitted in this context (e.g. name, address, email address) solely in relation to initiating contact with you. The data will be deleted as soon as it is no longer required for the purpose of its collection or for other purposes involved in its processing. For the data entered in the contact form, this is the case if the respective correspondence with you has concluded or it can be inferred from the circumstances that the matter is question has been resolved.
IV. Data transmission to third countries
Data may only be transmitted to countries outside the EU or EEA (so-called third countries) if necessary or required by law (fiscal reporting requirements) for the fulfilment of your purchase orders or service orders, if you have provided us with the appropriate consent or as part of commissioned data processing. If service providers in a third country are used, then they must adhere to the level of data protection in Europe in addition to the written directives under the agreement of the EU standard contractual clauses. When transmitting data to the USA, we work almost exclusively with companies that are obligated to respect and observe the principles of the privacy shield (i.e. recognition of minimum standards when handling personal data). Furthermore, to ensure an appropriate level of protection for data recipients, we use the latest version of the European Union’s model contracts for the transmission of data to non-EU countries.
Lorsch, April 2019