Information
Privacy Policy
We are pleased that you visit our website. The protection and security of your personal information when using our website is very important to us. We would therefore like to inform you at this point which of your personal data we collect when you visit our website and for what purposes it is used. This data protection declaration applies to the HEY-SIGN GmbH website, which can be reached under the domain hey-sign-shop.de and the various subdomains ("our website").
Who is responsible and how do I contact you?
The controller in terms of the general data protection regulation and other national data protection laws of the
member states and other data protection regulations is the:
HEY-SIGN GmbH
Insterburger Straße 18
40670 Meerbusch
Tel.: +49-2159-9284800
Tel.:
+49-2159-9284828
E-Mail: service@hey-sign.de
Website: https://www.hey-sign.de
The data protection officer of the controller
is:
Johannes Schwiegk
datenzeit GmbH
Friedrich-Engels-Allee 200
42285 Wuppertal
E-Mail: datenschutz@datenzeit.de
Website: https://www.datenzeit.de/
The scope of processing of personal data
This data protection declaration fulfills the legal requirements for transparency in the processing of personal data.
This is all information that relates to an identified or identifiable natural person. This includes, for example,
information such as your name, your age, your address, your telephone number, your date of birth, your e-mail
address, your IP address or user behavior when visiting a website.
Information in which we cannot (or only with
a disproportionate effort) relate to you personally, e.g. through anonymization, is not personal data. The
processing of personal data (e.g. the collection, retrieval, use, storage or transmission) always requires a legal
basis and a defined purpose.
Stored personal data will be deleted as soon as the purpose of the processing has
been achieved and there are no legitimate reasons for further storage of the data. We will inform you about the
specific storage periods and criteria for storage in the individual processing operations. Regardless of this, we
save your personal data in individual cases to assert, exercise or defend legal claims and if there are statutory
retention requirements.
Who will get my data?
We only pass on your personal data, which we process on our website, to third parties if this is necessary for the
fulfillment of the purposes and in individual cases is covered by the legal basis (e.g. consent or protection of
legitimate interests). In addition, we pass on personal data to third parties in individual cases if this serves to
assert, exercise or defend legal claims. Possible recipients can then be, for example, law enforcement authorities,
lawyers, auditors, courts, etc.
Insofar as we use service providers for the operation of our website who process personal data on our behalf in the context of order processing in accordance with Art. 28 GDPR, these can be recipients of your personal data. You can find more information on the use of processors and web services in the overview of the individual processing operations.
Do you use cookies?
Cookies are small text files that are sent by us to the browser of your end device and stored there when you visit
our website. As an alternative to the use of cookies, information can also be stored in the local storage of your
browser. Some functions of our website cannot be offered without the use of cookies or local storage (technically
necessary cookies). Other cookies, on the other hand, enable us to carry out various analyzes so that, for example,
we are able to recognize the browser you are using when you visit our website again and to transmit various
information to us (non-necessary cookies).
With the help of cookies we can, among other things, make our
website more user-friendly and effective for you by, for example, tracking your use of our website and determining
your preferred settings (e.g. country and language settings). If third parties process information via cookies, they
collect the information directly via your browser. Cookies do not cause any damage to your device. They cannot run
programs or contain viruses.
We provide information about the respective services for which we use cookies in the individual processing
operations.
You can find detailed information on the cookies used in the cookie settings or in the Consent
Manager cookie settings
or in the Consent Manager on this website.
Cookie | Type | Description | Duration |
__csrf_token-1 | Necessary | This cookie is used to prevent Cross-Site Request Forgery (CSRF) attacks. So it is an important cookie to protect the website and the safety of visitors. | Browser-Session |
session-1 | Other | Using the session cookie, Shopware recognizes whether the respective user has an active shopping cart and whether the user is logged in. It therefore serves as an identification between the browser and the server. No further information is saved except for the session ID of the browser. The handling of sessions is controlled on the server side via PHP and can be seen independently of Shopware. | Browser-Session |
x-cache-context-hash | Other | This cookie is used to control the information about the user's and customer group's tax group, so that the correct prices are always displayed. | Browser-Session |
nocache | Other | This cookie tells the browser that no cache should be created on the affected page. | Browser-Session |
Rights of the Data subject
Under the conditions of the statutory provisions of the General Data Protection Regulation (GDPR), you as the person
concerned have the following rights:
- Information in accordance with Art. 15 GDPR about the data stored about you in the form of meaningful information on the details of the processing as well as a copy of your data;
- Correction in accordance with Art. 16 GDPR of incorrect or incomplete data that are stored by us;
- Deletion of the data stored by us in accordance with Art. 17 GDPR, insofar as the processing is not necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
- Restriction of processing in accordance with Art. 18 GDPR, insofar as the accuracy of the data is disputed, the processing is unlawful, we no longer need the data and you refuse to delete it because you need it to assert, exercise or defend legal claims or you Have raised an objection to the processing in accordance with Art. 21 GDPR.
- Data portability in accordance with Art. 20 GDPR, insofar as you have provided us with personal data within the scope of a consent in accordance with Art. 6 Paragraph 1 lit. a GDPR or on the basis of a contract in accordance with Art. 6 Paragraph 1 lit. b GDPR and these have been processed by us using automated procedures. You will receive your data in a structured, common and machine-readable format or we will transmit the data directly to another person responsible, as far as this is technically feasible.
- Objection in accordance with Art. 21 GDPR to the processing of your personal data, insofar as this is based on Art. 6 Para. 1 lit. e, f GDPR and there are reasons for this that arise from your particular situation or the objection against Direct mail is aimed. The right to object does not exist if overriding, compelling reasons worthy of protection are proven for the processing or the processing is carried out to assert, exercise or defend legal claims. If the right to object to individual processing operations does not exist, this is indicated there.
- Revocation of your given consent in accordance with Article 7 Paragraph 3 GDPR with effect for the future.
- Complaint in accordance with Art. 77 GDPR to a supervisory authority if you are of the opinion that the processing of your personal data violates the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence, your place of work or our company headquarters. In North Rhine-Westphalia the responsible supervisory authority is: The State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia, Postfach 20 04 44, 40102 Düsseldorf, Tel .: 0211 / 38424-0, Fax: 0211 / 38424-999, E-Mail:poststelle@ldi.nrw.de.
How will my data be processed in detail?
In the following, we will inform you about the individual processing operations, the scope and purpose of the data
processing, the legal basis, the obligation to provide your data and the respective storage period. An automated
decision in individual cases, including profiling, does not take place.
Provision of the website
Type and scope of processing
When you visit and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called log file:
- IP address of the requesting computer
- Date and time of access
- Name and URL of the file accessed
- Website from which access is made (referrer URL)
- Browser used and, if applicable, the operating system of your computer, as well as the name of your access provider
Our website is not hosted by us, but by a service provider who processes the aforementioned data on our behalf in accordance with Art. 28 GDPR.
Purpose and legal basis
The processing is carried out to safeguard our predominantly legitimate interest in displaying our website and
ensuring security and stability on the basis of Art. 6 (f) GDPR. The collection of the data and the storage in log
files is absolutely necessary for the operation of the website. There is no right of objection to the processing due
to the exception according to Art. 21 Para. 1 GDPR. Insofar as the further storage of the log files is required by
law, the processing takes place on the basis of Art. 6 Para. 1 lit. c GDPR. There is no legal or contractual
obligation to provide the data, but it is technically not possible to call up our website without providing the
data.
Storage period
The aforementioned data is stored for the duration of the display of the website and, for technical reasons, for a
period of 30 days.
Inquiry form
Type and scope of processing
On our website we offer you to contact us using a form provided in order to ask questions about the individual products. The information that is collected via mandatory fields is required to process the request. In addition, you can voluntarily provide additional information that you believe is necessary for processing the product request. When using the inquiry form, your personal data will not be passed on to third parties.
Purpose and legal basis
The processing of your data by using our request form takes place for the purpose of communication and processing of
your request on the basis of our legitimate interest in accordance with Art. 6 Paragraph 1 lit. There is no legal or
contractual obligation to provide your data, but it is not possible to process your request without providing the
information in the mandatory fields. If you do not want to provide this data, please contact us by other means.
Storage period
We store the data collected for each request for a period of 2 years, starting with the processing of your request or
until you withdraw your consent.
Newsletter - Newsletter data
If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as
information that allows us to verify that you are the owner of the e-mail address provided and that you agree to
receive the newsletter. Further data is not collected or only on a voluntary basis. For the handling of the
newsletter, we use newsletter service providers, which are described below.
Sendinblue
This website uses Sendinblue for the sending of newsletters. The provider is the Sendinblue GmbH, Köpenicker Straße
126, 10179 Berlin, Germany.
Sendinblue services can, among other things, be used to organize and analyze the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter are archived on Sendinblue’s servers in Germany.
Data analysis by Sendinblue
Sendinblue enables us to analyze our newsletter campaigns. For instance, it allows us to see whether a newsletter
message has been opened. If you do not want to permit an analysis by Sendinblue, you must unsubscribe from the newsletter. We provide a link
for you to do this in every newsletter message. Moreover, you can also unsubscribe from the newsletter right on the
website. For detailed information on the functions of Sendinblue please follow this link: https://www.sendinblue.com/newsletter-software
Legal basis
The data is processed based on your consent (Art. 6(1)(a) GDPR). You may revoke any consent you have given at any
time by unsubscribing from the newsletter. This shall be without prejudice to the lawfulness of any data processing
transactions that have taken place prior to your revocation.
Storage period
The data deposited with us for the purpose of subscribing to the newsletter will be stored by us until you
unsubscribe from the newsletter or the newsletter service provider and deleted from the newsletter distribution list
after you unsubscribe from the newsletter. Data stored for other purposes with us remain unaffected.
After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist, if such action is necessary to prevent future mailings. The data from the blacklist is used only for this purpose and not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6(1)(f) GDPR). The storage in the blacklist is indefinite.
You may object to the storage if your interests outweigh our legitimate interest.
For more details, please consult the Data Protection Regulations of Sendinblue at: https://de.sendinblue.com/datenschutz-uebersicht
Data processing
We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract mandated by
data privacy laws that guarantees that they process personal data of our website visitors only based on our
instructions and in compliance with the GDPR.
Registration of a customer account
Type and scope of processing
As part of the order processing, we collect your personal data to register a customer account. You can choose whether
you want to order as a guest or register a permanent user account. The information that is collected via the
mandatory fields during registration is identical in both cases and is required for processing the order in the
online shop. When registering a permanent user account, we also collect a password that you set yourself. In
addition, you can voluntarily provide additional information that you believe is necessary to process the order.
Your personal data will only be passed on to third parties (e.g. shipping service providers / forwarding agents) and
processors in accordance with Art. 28 GDPR if this is necessary for processing the order.
Purpose and legal basis
We process your personal data for the purpose of registering a customer account to fulfill a contract with you in
accordance with Art. 6 Paragraph 1 lit. There is a contractual obligation to provide your data as far as it relates
to the mandatory fields, as this information is required to identify your person and to fulfill the contract on our
part. There is no legal obligation to provide the data. Without the provision of this information, it is not
possible to place an order in our online shop and thus to conclude a contract. There is no obligation to provide the
additional information provided voluntarily. The order in our online shop is also possible without disclosing the
voluntary information.
The additional processing of your password for the registration of the permanent user account takes place for the purpose of providing a customer account and for the presentation of your previous purchases as well as for the storage of your purchase-related data (e.g. storage of billing address, different delivery addresses) on the basis of your consent in accordance with Art. 6 Para. 1 lit. a GDPR. By deleting your customer account, you can declare your revocation at any time with effect for the future in accordance with Art. 7 Para. 3 GDPR.
Storage period
If you order as a guest, your personal data will be saved until your order has been fully processed (contract end).
When registering a permanent customer account, we save the purchase-related data beyond the end of the contract
until you withdraw your consent (deletion of the customer account). In both cases, your data will only be stored if
there are statutory retention requirements (e.g. tax and commercial law).
Presence on social media platforms
We maintain so-called fan pages or accounts or channels on the networks mentioned below in order to provide you with
information and offers within social networks and to offer you other ways to contact us and to find out about our
offers. In the following, we will inform you which data we or the respective social network of you process in
connection with the access and use of our fan pages / accounts.
Data that we process from you
If you would like to contact us via messenger or direct message via the respective social network, we usually process
your user name, which you use to contact us and, if necessary, save other data you have provided to the extent
necessary to process / answer your request is.
The legal basis is Article 6, Paragraph 1, Clause 1 f) GDPR
(processing is necessary to safeguard the legitimate interests of the person responsible).
(Static) usage data that we receive from social networks
We receive automatically provided statistics regarding our accounts via Insights functionalities. The statistics
contain, among other things, the total number of page views, likes, information on page activities and post
interactions, reach, video views / views and information on the proportion of men / women among our fans /
followers. The statistics only contain aggregated data that cannot be related to individual persons. We cannot
identify you in this way.
Which data the social networks process from you
In order to be able to view the contents of our fan pages or accounts, you do not have to be a member of the
respective social network and, in this respect, no user account is required for the respective social
network. Please note, however, that when the respective social network is called up, the social networks also
collect and save data from website visitors without a user account (e.g. technical data in order to be able to
display the website to you) and use cookies and similar technologies, over which we have no influence to have. You
can find details on this in the data protection provisions of the respective social network. If you want to
interact with the content on our fan pages / accounts, e.g. comment, share or like our postings / contributions and
/ or contact us via messenger functions, prior registration with the respective social network and the It is
necessary to provide personal data.
We have no influence on the data processing by the social networks in the context of your use. To the best of our
knowledge, your data is stored and processed in particular in connection with the provision of the services of the
respective social network, and also to analyze usage behavior (using cookies, pixels / web beacons and similar
technologies) on the basis of your Interest-based advertising is played out both inside and outside the respective
social network. It cannot be ruled out that your data will also be saved by the social networks outside the EU / EEA
and passed on to third parties.
Information on the exact scope and purposes of the processing of your personal
data, the storage period / deletion as well as guidelines for the use of cookies and similar technologies in the
context of registration and use of social networks can be found in the data protection provisions / cookie
guidelines of the social networks. There you will also find information about your rights and options to object.
Facebook page
When you visit our Facebook page, Facebook records, among other things, your IP address and other information that is
available on your PC in the form of cookies. This information is used to provide us, as the operator of the Facebook
pages, with statistical information about the use of the Facebook page. Facebook provides more information on this
under the following link: https://facebook.com/help/pages/insights
It is not possible for us to draw conclusions about individual users using the statistical information transmitted. We only use them in order to be able to respond to the interests of our users and to continuously improve our online presence and to ensure the quality of this.
We only collect your data via our fan page in order to implement a possible provision for communication and
interaction with us. This survey usually includes your name, news content, comment content as well as the profile
information provided by you "publicly".
The processing of your personal data for our above-mentioned purposes
takes place on the basis of our legitimate business and communicative interest in the offer of an information and
communication channel in accordance with Art. 6 Para. 1 f) GDPR. If you as a user have given the respective provider
of the social network your consent to the data processing, the legal basis for processing extends to Art. 6 Para. 1
a), Art. 7 GDPR.
Due to the fact that the actual data processing is carried out by the provider of the social network, our access
options to your data are limited. Only the provider of the social network is authorized to have full access to your
data. Because of this, only the provider can directly take and implement appropriate measures to fulfill your user
rights (request for information, request for deletion, objection, etc.). The assertion of corresponding rights is
therefore most effective directly against the respective provider.
Together with Facebook, we are responsible
for the personal content of the fan page. Data subjects' rights can be asserted on Facebook Ireland as well as on
us.
According to the GDPR, the primary responsibility for the processing of Insights data lies with Facebook and Facebook fulfills all obligations under the GDPR with regard to the processing of Insights data, Facebook Ireland provides the essentials of the page Insights supplement to the data subjects.
We do not make any decisions regarding the processing of Insights data and all other information resulting from Art.
13 GDPR, including the legal basis, identity of the person responsible and storage duration of cookies on user
devices.
Further information can be found directly on Facebook (supplementary agreement with Facebook): https://www.facebook.com/legal/terms/page_controller_addendum
Instagram page
When you visit our Instagram page, Instagram records, among other things, your IP address and other information that
is stored on your PC in the form of cookies. This information is used to provide us, as the operator of the
Instagram pages, with statistical information about the use of the Instagram page. Instagram provides more
information on this under the following link: https://www.facebook.com/help/instagram/788388387972460?helpref=related
It is not possible for us to draw conclusions about individual users using the statistical information transmitted. We only use them in order to be able to respond to the interests of our users and to continuously improve our online presence and to ensure the quality of this.
We only collect your data via our fan page in order to implement a possible provision for communication and interaction with us. This survey usually includes your name, news content, comment content as well as the profile information provided by you "publicly". The processing of your personal data for our above-mentioned purposes takes place on the basis of our legitimate business and communicative interest in the offer of an information and communication channel in accordance with Art. 6 Para. 1 f) GDPR. If you as a user have given the respective provider of the social network your consent to the data processing, the legal basis for processing extends to Art. 6 Para. 1 a), Art. 7 GDPR.
Due to the fact that the actual data processing is carried out by the provider of the social network, our access
options to your data are limited. Only the provider of the social network is authorized to have full access to your
data. Because of this, only the provider can directly take and implement appropriate measures to fulfill your user
rights (request for information, request for deletion, objection, etc.). The assertion of corresponding rights is
therefore most effective directly against the respective provider.
Together with Instagram, we are responsible
for the personal content of the fan page. Data subjects' rights can be asserted on Facebook Ireland as well as on
us.
According to the GDPR, the primary responsibility for the processing of Insights data lies with Instagram and Instagram fulfills all obligations under the GDPR with regard to the processing of Insights data, Facebook Ireland provides the essentials of the page Insights supplement to the data subjects.
We do not make any decisions regarding the processing of Insights data and all other information resulting from Art.
13 GDPR, including the legal basis, identity of the person responsible and storage duration of cookies on user
devices.
Further information can be found directly on Instagram: https://help.instagram.com/519522125107875
Pinterest page
Pinterest is a visual bookmarking tool for storing and discovering creative ideas. The website and app allow users to
save and post images on different boards, which are categorized and curated according to the user's individual
tastes. Users can also follow boards created by other users and post (or "pin") articles on their own boards. The
provider is Pinterest Inc., 651 Brannan Street, San Francisco, CA 94103 United States or Pinterest Europe Ltd.,
Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.
You can find more information about Pinterest
at: https://about.pinterest.com/
Further information on data protection at
Pinterest can be found at: https://policy.pinterest.com/de/privacy-policy
Further questions about data
protection are answered here: https://help.pinterest.com/de/topics/privacy-safety-and-legal
Google Fonts
Type and scope of processing
We use Google Fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as a service to
provide fonts for our online offer. To obtain these fonts, connect to the servers of Google Ireland Limited and your
IP address will be transmitted.
Purpose and legal basis
The use of Google Fonts takes place on the basis of our legitimate interests, i.e. interest in a uniform provision as
well as the optimization of our online offer in accordance with Art. 6 Para. 1 lit.f GDPR.
Storage period
The specific storage duration of the processed data cannot be influenced by us, but is determined by Google Ireland
Limited. Further information can be found in the data protection declaration for Google Fonts: https://policies.google.com/privacy.
Web analysis by Google Analytics
1.Scope of processing of personal data
We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics can use cookies on the user's computer (for cookies, see above) and allows us to analyze your use of our website. For example, we take into account which content you have called up within one or various usage processes, which search terms you have used and how you have interacted with our online offering overall. The time of use and duration are also stored, as well as technical aspects of your end devices and browsers used.
For this purpose, pseudonymous user profiles are created with information from the use of various devices. Through the use of Google Analytics, data on the geographical location is determined and provided. For this purpose, the following metadata is collected based on the IP search: City (and the derived latitude and longitude of the city), Continent, Country, Region, Subcontinent (and the ID-based equivalents). To ensure the protection of personal data of European users in the EU, Google receives and processes all data via domains and servers within the EU. The IP address of the users is not logged and is shortened by the last two digits by default, whereby the shortening with regard to European users takes place on European servers.
The information obtained through the use of Google Analytics is used by Google on our behalf to evaluate your use of our website, to compile reports on website activity for us and to provide other services relating to the use of our website and the internet. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Full or unabbreviated IP addresses are not transferred to Google servers in the USA, so that it should be excluded that personal data is transferred to the USA. The USA is considered by the European Court of Justice to be a country with an insufficient level of data protection according to European standards. In particular, there is a risk that your data may be processed by US authorities for control and monitoring purposes. Furthermore, risks may arise for you because it may be more difficult to enforce your rights in the USA. For cases in which personal data is transferred to the USA, Google invokes the standard contractual clauses of the European Union after the discontinuation of the EU-US Privacy Shield, cf. https://business.safety.google/adsprocessorterms/, as well as additional measures that can be accessed at the following link:https://services.google.com/fh/files/misc/safeguards_for_international_data_transfers.pdf
2. Legal basis for the processing of personal data
The legal basis for the use of Google Analytics is Art. 6 para. 1 p. 1 lit. a DSGVO, i.e. your consent, which you have given via our cookie banner or consent management tool for the described data processing.
3. Purpose of data processing
The processing of users' personal data enables us to analyze the surfing behavior of our users. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness. By anonymizing the IP addresses, the interest of the users in their protection of personal data is sufficiently taken into account.
4. Duration of Storage
The data is deleted as soon as it is no longer required for our recording purposes. Furthermore, we would like to point out that we, as the provider of the pages, have no further knowledge of the content of the transmitted data or its use by Google. You can find more information on this in Google's privacy policy at https://policies.google.com/privacy
5. Possibility of objection and removal
You can revoke your consent at any time with effect for the future by changing the settings in our cookie banner or consent management tool.
In addition, you can prevent cookies from being stored on your computer by setting your browser software accordingly. In this case, you may not be able to use all the functions of our website to their full extent. To prevent the collection of data generated by the cookies and related to your use of our website (including your IP address) by Google as well as the processing of this data by Google, a browser plug-in is available for download and subsequent installation at the following link: https://tools.google.com/dlpage/gaoptout?hl=en
You can also object to the use of cookies for reach measurement and advertising purposes via the deactivation page of the network advertising initiative (https://optout.networkadvertising.org/) and additionally the US website (https://www.aboutads.info/choices) or the European website https://www.youronlinechoices.com/uk/your-ad-choices/).