0 Products (0,00 €)

Data Privacy Statement in accordance with the GDPR

 

1. Name and address of the responsible provider

In accordance with the General Data Protection Regulation and other national data protection laws of the Member States as well as any other legal data protection regulations the responsible provider is:

Sera Benia Verlag GmbH (hereinafter referred to as “Sera Benia“)

Grillparzerstr. 4a
22085 Hamburg

Germany

Tel.: 0049 - (0)40-46643010

E-Mail: info@sera-benia.com

Website: www.sera-benia.com

 

Contact person: Antonia Tripp, Managing director

 

 

General Information about data processing

2.1 Scope of personal data processing

We only collect and use personal data of our users if this is necessary for the provision of a well-functioning website as well as our contents and services. The regular collection and use of personal data of our users only takes place after the user's prior consent.

An exception may be made in such cases in which obtaining a prior consent is not possible for practical reasons and in which processing the data is permitted by legal regulations.

2.2  Legal grounds for the processing of personal data

Should we obtain consent of a data subject regarding the data processing of personal data, point (a) of  Article 6(1) European Data Protection Regulation (GDPR) serves as legal basis for the processing of any personal data.

In case of processing personal data which is necessary for the performance of a contract to which the data subject is a party the legal basis is provided by point (b) of Article 6(1) GDPR. This also applies for all processing operations necessary to carry out pre-contractual measures. 

If the processing of personal data is required to fulfill a legal obligation to which our company is subject,  point (c) of Article 6(1) GDPR serves as legal basis.

In the event that vital interests of the person concerned or any other natural person necessitates the processing of personal data, point (d) of Article 6(1) GDPR serves as legal basis.

If the processing is necessary to preserve a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the person concerned do not outweigh the first-mentioned interest, then  point (f) of Article 6(1) GDPR serves as legal basis for the processing.

2.3 Deletion of data and storage period

The data subject's data will be deleted or blocked as soon as the purpose of its storage ceases to apply. Further storage is possible if this is indicated by the European or national legislator in Union law regulations, laws or other legal  requirements to which the controller is subject. Blocking or deletion of the data also follows when a storage period prescribed by the aforementioned regulations expires, unless further storage of the data is necessary for the conclusion or performance of a contract. 


3. Use of cookies

The website of Sera Benia uses cookies. Cookies are data which are saved by the internet browser on the computer system of the user. Cookies can be transmitted to a website while it is being accessed and thus enable an allocation of the user. Cookies help to simplify the use of websites for the users. When accessing our website the user is informed about the use of cookies for analytic purposes and we obtain his consent for the processing of personal data used in that respect. In this context a note on this privacy statement appears as well. The legal basis for the processing of personal data by the use of cookies is  point (f) of Article 6(1) GDPR or if a consent of the user regarding this exists point (a) of Article 6(1) GDPR

We need cookies for the following applications:

(1)    shopping cart

(2)    Changes to the language settings

(3)    Storing of search terms

It is always possible to object to the use of cookies with the help of the respective changes of settings in the internet browser. Existing cookies can be deleted. It is pointed out that possibly not all of the functions of our website may be used fully if cookies are disabled.



4. Creating of log files

Whenever the website is accessed Sera Benia collects data and information through an automated system. This data and information are stored in the log files of the server.

The following data can be collected as a result:

(1)    information about the type of browser and the version being used

(2)    the operating system of the user

(3)    the internet service provider of the user

(4)    the IP address of the user

(5)    date and time of access

(6)    websites via which the system of the user gets to our website

(7)    websites which are accessed by the system of the user via our website

The processing of this data serves the delivery of the content of our website, the operationality of our information technology systems and the optimization our website.  The data of the log files are permanently stored separately from any other personal data of the users. The legal basis for the temporary storage of the data and log files is point (f) of Article 6(1) GDPR. The data are deleted as soon as they are no longer necessary to fulfill the purpose of its collection. In the case of the collection of data to provide the website this is the case when the respective session has ended.  The collection of data to provide the website and the storage of this data in log files is only urgently necessary during the operation of the website. In consequence, the user does not have the possibility to object to this.


5. Registration on our website

If the person concerned uses the option to register on the website of the controller stating personal data, the data of the respective input mask are transmitted to controller responsible for processing. The data are stored by the controller responsible for processing for the sole purpose of internal use.    

During registration the IP address of the user as well as date and time of the registration is stored. The purpose of this is to prevent misuse of the services. The data are not passed on to third parties. An exception to this occurs when a legal obligation of disclosure exists. 

The registration of data is necessary for the provision of contents or services. Registered persons have the opportunity to delete or have this data modified at any time.  The data subject can receive information about the stored personal data regarding him or her at any time.


6. Newsletter

The possibility of subscribing for a free newsletter exists on our website. During the subscription to the newsletter the data from the input mask is transmitted to us.

During the subscription to the newsletter the IP address of the user as well as date and time of registration is stored. The purpose of this is to prevent any misuse of the services or the e-mail address of the data subject. In case of a subscription to the newsletter your e-mail address will be used for our own advertising purposes until the user unsubscribes from the newsletter. To dispatch our newsletter we use the third party provider Campaign Motor which is run by Campaign Monitor, Level 38, 201 Elizabeth Street, Sydney NSW 2000, Australia. Campaign Monitor offers extensive analytic possibilities about how the newsletters are being opened and used. These analyses are group-related  and Sera Benia does not use them for an individual evaluation of the newsletter recipients. Further information on Campaign Monitor and the privacy of the provider Campaign Monitor can be found at http://www.campaignmonitor.com/privacy.

In order to process the data we obtain your consent during the sign-up process and refer to this privacy statement.  

Should you purchase products or services on our website and in the course of this enter your e-mail address, this e-mail address can be used by us in turn to send you a newsletter. In such a case only direct marketing for our own similar products or services will be sent via the newsletter.

Legal basis for the processing of the data after the subscription for a newsletter by the user if the content of the user exists is  point (a) of Article 6(1) GDPR.

Legal basis for sending the newsletter following the sale of products or services is  § 7(3) Act Against Unfair Competition (UWG).

The unsubscription of the newsletter is possible at any time and can be done either via a message to the contact information given below or through a link provided for this in the newsletter. The data is not transmitted to any other third parties. An exception to this occurs when a legal obligation of disclosure exists. 

The data is only used to dispatch the newsletter. The subscription to the newsletter can be canceled by the data subject at any time. Likewise, the consent to the storage of personal data can be revoked at any time. An according link can be found in each newsletter for this purpose.

7. Contact methods

On the website of Sera Benia there is a contact form which can be used to make contact electronically. As an alternative it is possible to get in touch via the provided e-mail address. Should the data subject get in touch with Sera Benia via one of these channels, then the transmitted personal data of the data subject is stored automatically. The storage has the sole purpose of processing or getting in touch with the person concerned. A transfer of this data to any third party does not take place.


8. Routine deletion and blocking of personal data

Those responsible for the processing of personal data only process and store the data subject's data as long as this is necessary in order to achieve the purpose of the data's storage. Further storing is possible if this has been prescribed by the European or national legislator as a part of Union law regulations, laws or any other regulations to which the controller is subject.

As soon as the purpose of the data's storage ceases to exist or the storage period prescribed by the aforementioned  regulations expires, the personal data is routinely blocked or deleted.


9. Rights of the data subject

If any of your personal data is processed, you are a data subject according to the GDPR and you have the following rights with regards for those responsible:


9.1 Right of access

You can demand a confirmation of the controller about whether personal data which refers to you is being processed by us.

If such processing takes place, you can ask to be informed about the following:

a.            the purposes of processing the personal data;

b.            the categories of personal data being processed;

c.            the recipients or the categories of recipients towards whom the personal data concerning you have been disclosed to or will be disclosed to;

d.            the planned duration of storage regarding the data concerning you, or, should it not be possible to supply specific information about this, criteria for the determination of the storage period;

e.            the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller or a right to object to this processing;

f.             the existence of a right to appeal to a regulatory authority;

g.            all available information about the source of the data in case the personal data are not collected from the person concerned;

h.            the existence of an automated decision making including profiling with regards to Art. 22(1) and (4) GDPR and – at least in these cases – meaningful information about the involved logic as well as the consequences and the pursued objective of such processing for the person concerned.

You have the right to demand information about whether the personal data concerning you are transmitted into a third country or to an international organization. In this context you can demand to be informed about the appropriate safeguards pursuant to Art. 46 GDPR regarding the transmission.


9.2          Right to rectification

You have a right to rectification and/or completion towards the controller as long as the processed personal data concerning you are incorrect or incomplete. The controller has to see to the rectifications immediately.


9.3          Right to restriction of processing

Where one of the following applies you have the right to obtain a restriction of processing from the controller regarding the personal data that concerns you:

a.            you contest the accuracy of the personal data concerning you, for a period enabling the controller to verify the accuracy of the personal data;

b.            the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;

c.            the controller no longer needs the personal data for the purposes of processing, but they are required by you for the establishment, exercise or defence of legal claims; or

d.            you have objected to processing pursuant to Art. 21(1) GDPR pending the verification whether the legitimate grounds of the controller override yours.

Where processing of the personal data concerning you has been restricted, such personal data shall – with the exception of storage – only be processed with your consent of for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a member of state.

If you have obtained restriction of processing pursuant to the aforementioned conditions, you will be informed by the controller before the restriction of processing is lifted.


9.4          Right to erasure

9.4.1.     You have the right to obtain from the controller the immediate erasure of personal data concerning you and the controller is obligated to erase personal data without undue delay where one of the following grounds applies:

a.            The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.

b.            You withdraw consent on which the processing is based pursuant to point (a) of Article 6 (1) GDPR or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing.

c.            You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 22 (2) GDPR.

d.            The personal data concerning you have been unlawfully processed.

e.            The personal data concerning you have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.

f.             The personal data concerning you have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

9.4.2.     Where the controller has made the personal data concerning you public and is obliged pursuant to Article 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

9.4.3.     The right to erasure does not apply to the extent that processing is necessary

a.            for exercising the right of freedom of expression and information;

b.            for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

c.            for reasons of public interest in the area of public health in accordance with  points (h) and (I) of Article 9 (2) as well as Article 9 (3) GDPR;

d.            for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

e.            for the establishment, exercise or defence of legal claims.


9.5          Notification obligation

If you have exercised your right to rectification, erasure of personal data or restriction of processing, the controller shall communicate any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.

The controller shall inform you about those recipients if you request it.

 

9.6          Right to data portability

You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. Furthermore you have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where

a.            the processing is based on consent pursuant to point (a) Article 6(1) GDPR or point (a) Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR and

b.            the processing is carried out by automated means.

In exercising this right you furthermore have the right to have personal data transmitted directly from one controller to another, where technically feasible. Freedoms and rights of other people  shall not be adversely affected by this.

The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.


9.7          Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1); this also applies to profiling based on those provisions.

The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Where the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing; this also applies to profiling to the extent that this is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.

In the context of the use of information society services – notwithstanding Directive 2002/58/EC – you may exercise your right to object by automated means using technical specifications.


9.8          Right to withdraw consent

You have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. 


9.9          Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:

a.            is necessary for entering into, or performance of, a contract between you and the data controller;

b.            is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or

c.            is based on your explicit consent.

Decisions referred to in paragraph 2 shall not be based on special categories of personal data referred to in Article 9(2)1), unless point (a) or (g) of Article 9(2) applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

In the cases referred to in points (a) and (c) of paragraph 2, the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.


9.10       Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of alleged infringement if you consider that the processing of personal data relating to you infringes this GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to  Article 78 GDPR.

 

10. Disclosure of data to a third party

10.1 Transfers of personal data to third parties for the purpose of order processing

The personal data collected by us are transferred to the carrier in charge of delivery if this is necessary to deliver the product(s). We pass on your payment information to the commissioned credit institution in the context of the  transaction.

In the case of payment(s) via PayPal your payment information is passed on to PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, in the context of the transaction.  Further information on privacy of PayPal (Europe) S.à.r.l. et Cie, S.C.A. can be found at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE

 

10.2 Google Plus 1 buttons ("+1" button)

Our Website uses the "+1" button of the social network Google, which is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. The button is marked with a "+1" symbol. If any of our webpages contain the "+1" button, your browser will download this button from the servers of Google Inc. and display it. The servers of Google Inc. are then automatically informed of the webpage you visited on our Website. For this reason, we have no influence on the extent of the data that Google Inc. collects by means of the "+1" button and therefore inform you according to our knowledge.

According to Google Inc., no personal data are collected without clicking on the "+1" button. Clicking on the "+1" button serves as a recommendation to third parties in the search results of Google Inc. That way you can inform the public that you like our Website and that you would like to recommend it to others. If you have registered for the Google+ service and logged into this service, the "+1" button will turn blue when you click on it. Only personal data (such as recommended URL, your IP address and other browser-related information) of members who have logged on are collected and processed by Google Inc. in order to be able to save your "+1" recommendation and make it available to the public.

If any user who has registered with and logged on to Google Inc. does not want Google Inc. to collect data about you through our Website and to connect them with your membership data stored by Google Inc., you must log off your account with Google Inc. before visiting our Website.

You can find further information on data protection in connection with use of the "+1" button in the data privacy notice of Google Inc. at http://www.google.com/intl/de/+/policy/+1button.html.

 

10.3 Google Analytics

This Website uses Google Analytics, a web analysis service of Google Inc. ("Google"). Google Analytics uses cookies, i.e. text files that are stored on your computer and enable an analysis of your use of the Website.

The information about your use of this Website created by the cookie is usually transmitted to and stored by a Google server in the United States. However, if the IP anonymization on this Website is activated, your IP address will be truncated by Google in Member States of the European Union or in other countries that are contracting parties to the Agreement on the European Economic Area before transmission. Only in exceptional cases will the full IP address be transmitted to and truncated by a Google server in the United States. On behalf of the operator of this Website, Google will use this information to analyze your use of the Website, to draw up reports on website activities and to provide further services associated with the use of the Website and the Internet to the operator of the Website. The IP address transmitted by your browser in connection with Google Analytics will not be merged with other Google data. You can prevent the storage of cookies by adjusting the settings of your browser software accordingly; however, we wish to point out that in such a case you may not be able to use all the functions of this Website fully. In addition, you can prevent collection of the data created by the cookie which relate to your use of the Website (incl. your IP address) as well as processing of such data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de. You will find further information in this regard at http://www.google.com/intl/de/analytics/learn/privacy.html (general information about Google Analytics and data privacy). We wish to point out that the IP anonymization on this Website is activated to ensure anonymized collection of IP addresses (so-called IP masking).

You can prevent Google Analytics from collecting by clicking on the link below. An opt-out cookie will be set that prevents the future collection of your data when visiting this Website:
<a href=“javascript:gaOptout()“>Google Analytics deaktivieren</a>

 

10.4 Facebook Social Plugins

Our Website uses so-called social plugins ("Plugins") of the social network facebook.com. Facebook.com in Germany is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland („Facebook“). You can find detailed information on the functions of the various Plugins and their visual appearance on the following website: http://developers.facebook.com/docs/plugins/

The legal basis for processing personl data is our legitimate interest to optimize our online services pursuant to point (f) of Art. 6 (1) GDPR.

When you call up one of our webpages with an integrated Plugin, your Internet browser will set up a direct connection with the servers of Facebook Inc. The content of the Plugin is then transmitted directly to your browser by Facebook Inc. and integrated visually into the website that is visited.

Consequently, we have no influence on the extent of the data thus integrated that are collected with the help of the Plugin. You can go to http://www.facebook.com/help/?faq=186325668085084 to check what kind of information Facebook Inc. receives about you when you visit a website with a Plugin of Facebook Inc.

To our knowledge, Facebook Inc. receives the information that a user has called up a certain webpage of our Website as a result of the Plugin integration. If you are also logged into Facebook Inc. at the same time, Facebook Inc. can relate your visit to our Website to your personal Facebook account. As soon as, in addition, you interact with the help of the Plugin, for example by clicking on the "like" button, your browser will also transmit this information directly to the server of Facebook Inc., where it is stored. However, one cannot rule out the possibility that Facebook Inc. stores your IP address if you have no Facebook account. According to the data privacy policy of Facebook Inc., however, only anonymized IP addresses are stored in Germany.

Through certification in accordance with the EU-US Privacy Shield https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active , Facebook guarantees that the requirements for data protection of the EU are also upheld during the processing of data in the USA.

You can find further information on the background concerning collection, processing and use of data by Facebook Inc. and on possible settings to protect your privacy in the data use policy of Facebook Inc. at http://www.facebook.com/policy.php.

To prevent Facebook Inc. from collecting the above-mentioned data through your visit to our Website, log off Facebook before you visit our Website. To prevent general access by Facebook Inc. to your data on our Website and on other websites, you can block Facebook Plugins by means of an add-on for your browser (e.g. "Facebook blocker", http://webgraph.com/resources/facebookblocker).

 

10.5 Lexware online accounting software

Sera Benia uses the Lexware accounting software to create bills. The software is operated by Haufe-Lexware GmbH & Co. KG, Munzinger Straße 9, 79111 Freiburg, Germany. In order to use this software the collection, processing and usage of (personal) data is necessary. The data collected, processed and used while using this software are only used to operate the functionalities of the software. The (personal) data entered in order to use the software are processed and stored in data centers of the providers of Haufe-Lexware GmbH  Co. KG. The providers solely use the data for the provision of services.  It cannot be ruled out that the involved employees of the provider or its subsidiaries or subcontractors gain knowledge of your (personal) data in the context of this work.

Further information on privacy can be found at:  https://www.haufegroup.com/de/datenschutz

10.6. YouTube

On our website we embed videos from the company YouTube, LLC 901 Cherry Avenue, San Bruno, CA, 94066 USA, a company of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

When you visit a website which contains an embedded video, a connection to the server of YouTube is established and during this the content of the website is displayed through a message to your browser. Without the IP address YouTube can not send the contents to the browser of the respective user. Therefore the IP address is necessary to display such contents.

According to statements of YouTube while using the " - enhanced data protection mode -", which we use, data are only transmitted to the YouTube server, especially which of our websites you were visiting, should you watch the video. If you are signed into YouTube as a member at the same time, YouTube assigns this information to your personal user account. You can prevent this by signing out from your YouTube user account prior to visiting our website. Further information on the data processing and notes on privacy  through YouTube are provided by Google on the following link:

https://www.google.de/intl/de/policies/privacy/

 

10.7. Google Fonts

This website uses the external fonts Google Fonts. Google Fonts is a service of Google Inc. The incorporation of these Google Fonts takes place through a server call, usually a server of Google in the US. When accessing a website with Google Fonts the browser asks Google's server whether any changes have been made to the fonts or the CSS-file. Due to this, Google recognizes from which one of our websites a request is sent and also a large portion of the personal browser history. Furthermore, the IP address of the browser of the visitor's terminal device is registered by Google.  This data are usually transmitted to and stored on one of Google's servers in the US. Google Fonts is used to optically improve the display of various information and therefore in the interest of a consistent and appealing presentation of our websites. A consistent and appealing presentation of our websites constitutes a justified interest in pursuant of point (f) of Article 6 GDPR.

Further information can be found in the privacy statement by Google which you can access here:

www.google.com/fonts#AboutPlace:about

www.google.com/policies/privacy/


11. Data security

For the user's own protection the personal data of the user transmitted during the ordering process are transmitted via a secure online transmission method, the so-called "Secure Socket Layer" (SSL)-transmission, via the internet. This method of transmission is supported by most browsers. All of the information transmitted with this secure method is encrypted before it is send.  Your personal data are processed solely on data centers and computers which are protected by security technologies and up to the industrial standards (e.g. firewalls, password protection, access control etc.). Access to your customer account is only possible after having entered your personal password. You should always keep your login details confidential and close the window of the browser after finishing the communication with us, especially if you share the computer with other users.