Data Protection Declaration
We welcome your interest in our company. The protection of your personal data is important to us. We collect and use your personal data exclusively in accordance with and within the framework of the applicable data protection law of the Federal Republic of Germany, in particular the European Union General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) as well as all other applicable data protection regulations.
We explain below about the type, scope and purpose of our collection and use of your personal data when using our website. You can access this explanation at any time on our website.
“Personal data” is any data that can be used to directly or indirectly identify a natural person (data subject), for example: your name, address, email address, and user conduct.
If you have any questions or suggestions about data protection, please feel free to contact our data protection officer directly.
I. Name and contact details of the controller and the data protection officer
1. Controller within the meaning of the data protection laws (Art. 4(7) GDPR) is:
Delta-Sport Handelskontor GmbH
Wragekamp 6
22397 Hamburg
Germany
Tel.: +49 40 5 27 310 0
E-Mail: info@delta-sport.com
Website: www.delta-sport.com
2. Our data protection officer is available at:
E-Mail: dsb@delta-sport.com
or at
Delta-Sport Handelskontor GmbH
– The data protection officer –
Wragekamp 6
22397 Hamburg
Germany
Tel.: +49 40 5 27 310 0
If you have any questions or suggestions about data protection, please feel free to contact our data protection officer directly.
II. General principles
We describe the respective legal basis of the processing in connection with the information about the individual data processing operations in this Privacy Policy or when providing your personal data.
- Transfer / Recipients of data
Within our company, only those offices will have access to your data which need access to your data to protect our legitimate interests or to fulfil our contractual or statutory obligations, or to respond to your inquiries.
We sometimes use external service providers to process your data {“processors”) who process data for our central IT services or the hosting of our website. Service providers who act as processors for us may only use the data in accordance with our instructions. In this case, we are legally responsible for ensuring that the companies we commission take appropriate data protection measures. These companies have been carefully selected by us and commissioned in writing in accordance with statutory requirements; they are bound by our instructions and regularly inspected.
If personal data is to be transferred to a third country (outside the EU/EEA), this will only take place if the EU Commission has issued an adequacy decision for the country in question or if suitable safeguards exist, such as EU standard contractual clauses.
- Duration of storage and deletion of data
We only store your personal data for as long as is necessary for the relevant purpose or as required by statutory retention obligations.
We describe the respective legal basis of the processing in connection with the information about the individual data processing operations in this Privacy Policy or when referring to your personal data.
- Data integrity
We use SSL or TLS encryption within the website visit and to protect the transmission of content. You can recognize this by the closed image of a key or lock symbol in the lower status bar of your browser, which your browser displays when you have an SSL connection.
We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, or partial or complete loss, destruction or unauthorised access by a third party. Our security measures are continuously improved in line with technological developments.
III. Purpose of processing and legal basis
a. Visiting our website (including Google)
i. Purpose
When you access our website, the browser used on your device automatically sends information to the server of our website. The following data will be processed:
- IP address of the requesting computer
- date and time of the retrieved file
- website from which access is made (referrer URL)
- browser used and, if applicable, the operating system of your computer as well as the name of your access provider
This information is temporarily stored in a so-called “log file”, which does not include your IP address or any other data that would allow the data to be assigned to you. This data will not be stored together with your other personal data.
The data listed above is processed by us for the following purposes:
- displaying the website
- ensuring a smooth connection to the website
- ensuring the comfortable use of our website
- evaluating system security and stability
- other administrative purposes
Temporary storage of the IP address by the system is necessary in order to enable the transmission of the website data to your computer, which enables the website to be displayed. The data is stored in log files to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems.
In order to be able to provide you with our website and the services provided via it, we use a service provider (web host) who processes your data on our behalf and exclusively in accordance with our instructions (see recipients).
WPSpace
Broll IT & Media GmbH
Universitätsstrasse 3
56070 Koblenz
ii. Legal basis
The legal basis for our data processing is Article 6(1)(f) GDPR. Our legitimate interest is derived from the data collection listed above. Under no circumstances do we use the collected data for the purpose of drawing conclusions about you.
Please note that in the case of data processing on the basis of Article 6(1)(f) GDPR, you have the right to object to processing in accordance with Article 21 GDPR. You can find more information on this under Section 5 of this privacy policy.
iii. Storage period
The log files are stored for a maximum of 7 days and are then deleted.
iv. Origin of the data
From the browser used on your device
v. Recipients (including the transmission of personal data to non-EU countries)
WPSpace
Broll IT & Media GmbH
Universitätsstraße 3
56070 Koblenz
b. Use of an externally hosted tool to obtain and manage consent
i. Purpose
We use a variety of tools and technologies on our website, including “cookies” set in your device, for which we require your consent. We use a so-called consent manager to obtain and manage your consent, which is the product BorlabsCookie. This consent manager stores information on your device in order to store your consents. In this consent manager, you can provide us with all the information regarding the tools and technologies we use and revoke your consent at any time. The consent manager is automatically displayed when you first visit our website. Furthermore, you can reopen BorlabsCookie at any time by clicking on the icon in the footer, located at the bottom left of the website. All the details regarding the cookies used or tools and technologies requiring consent that you may need can be found in the consent manager BorlabsCookie.
ii. Legal basis
The legal basis for the use of the consent manager is our obligation to obtain your consent for certain processing operations and to be able to prove our legal obligation to be able to prove which consents you have given us (Article 6(1)(c) GDPR in conjunction with Article 7 GDPR and Article 5(2) GDPR). The decision to use an external provider is based on our legitimate interest under Article 6(1)(f) GDPR in using a modern, secure and at the same time cost-effective solution.
iii. Storage period
The storage period of this data is 90 days and can be found in the information in the consent manager.
iv. Origin of the data
From you directly.
v. Recipients (including the transmission of personal data to non-EU countries)
Borlabs GmbH, Hamburger Str. 11, 22083 Hamburg, (https://de.borlabs.io/datenschutz/)
c. Data processing for communication (including job applications)
i. Purpose
We process your personal data to the extent necessary for communicating with you by email, phone or video conference, and for fulfilling the purposes specified in the context of this communication, as well as for all other purposes that are incumbent on us in this respect by law or contract. We process data in our email server, our phone system, by means of other IT, and in customer files for this purpose. For example, the data processing may serve to:
- identify you as our business contact
- help us advise you appropriately
- have other communications with you,
- communicate with you in the context of employment applications (see also “Data processing for job applications (supplementary)”)
- fulfil our contractual obligations with you, our suppliers and clients
- store your contact details in our contact management system
- provide you with information about our company and our products and services
- assert, exercise or defend civil law claims
If you contact us by email, the data you provide will be stored by us and will only be used to process your request and to contact you in relation to processing your request.
ii. Legal basis
If the communication serves to conclude or implement a contract with us and you are our business partner as a self-employed person or sole trader, the legal basis for the processing is Article 6(1)(b) GDPR. If you are an employee of a company, the legal basis is Article 6(1)(f) GDPR. In this case, our legitimate interest is to advance the conclusion of a contract or to meet our contractual obligations to your employer. If you are a job applicant, the legal basis is section 26 BDSG in conjunction with Article 6(1)(b) GDPR and Article 88 GDPR, as well as the German General Equal Treatment Act (AGG) in conjunction with Article 6(1)(c) GDPR.
iii. Origin of the data
We will delete the data when storage is no longer necessary, in particular when the processing of your application has been completed. This does not affect the further use of data that has been stored by us for other purposes and which we are entitled to process on another legal basis (for example, in relation to data required for the performance of a contract). If there are legal retention obligations, we limit processing to the extent necessary to fulfill these obligations. Nevertheless, you are entitled to your rights as a data subject. For more information, please refer to our information on the rights of a data subject under Section 5 of this Privacy Policy.
iv. Herkunft der Daten
We process data that we receive in the course of our communication with you. Insofar as we do not receive data directly from you, such data usually consists of your title, first name, last name, email address, name of your company, function and/or position in the company, address, phone number, contractual data on orders placed or received, bank details, as well as other personal data that we need to initiate, perform or terminate the contract with you or your employer or to fulfil legal obligations.
In the context of a job application, we only process data that we receive directly from you or that you provide to us via, for example, a career network such as LinkedIn, or a job platform such as Indeed.
In addition, we process data that is necessary for the assertion, exercise or defence of civil law claims. Other data sources may include public directories, lawyers, courts, supervisory authorities, police, public prosecutors’ offices, credit agencies or debt collection agencies.
Article 6(1)(b) GDPR is the legal basis if your contact with us serves to initiate a contract or to carry out an existing contractual relationship.
v. Recipients (including the transmission of personal data to non-EU countries)
Within our company, only those offices will have access to your data which need access to your data to protect our legitimate interests or to fulfil our contractual or statutory obligations, or to respond to your inquiries.
We sometimes use external service providers to process your data {“processors”) who process data for our central IT services or the hosting of our website). Service providers who act as processors for us may only use the data in accordance with our instructions. In this case, we are legally responsible for ensuring that the companies we commission take appropriate data protection measures. These companies have been carefully selected by us and commissioned in writing in accordance with statutory requirements; they are bound by our instructions and regularly inspected.
If personal data is to be transferred to a third country (outside the EU/EEA), this will only take place if the EU Commission has issued an adequacy decision for the country in question or if suitable safeguards exist, such as EU standard contractual clauses.
d. Datenverarbeitung bei Bewerbungen (ergänzend)
i. Für den Schutz Ihrer persönlichen Daten, wenn Sie sich bei uns bewerben, gelten ergänzende gesonderte Datenschutzbestimmungen, die Sie hier https://delta-sport-handelskontor-gmbh.jobs.personio.de/privacy-policy?language=de einsehen können. Diese gelten auch für die Einbettung des Online-Bewerbungsportals in diese Website.
e. Data processing relating to job applications (supplementary)
i. Purpose
Processing your personal data is performed for the purpose of handling your complaint and related correspondence and for sending products and information to you; it serves to fulfill our contractual obligations with our clients.
ii. Legal basis
The legal basis for the above-mentioned purpose is Article 6(1)(b) GDPR. If the processing is based on our legitimate interests in order to assert and defend our legal claims, the legal basis is Article 6(1)(c) GDPR. Insofar as we act to comply with a statutory obligation, such as for accounting and tax purposes or compliance with retention periods, the legal basis is Article 6(1)(c) GDPR
iii. Storage period
We delete your personal data after the purpose of processing has ceased to exist and then after the expiry of the statutory retention obligation. This statutory retention obligation is 6 years for email correspondence relevant to a contract and 10 years for invoices.
Unless there is a legal obligation to retain data, we will delete the personal data when and to the extent that we no longer need it within the scope of the legitimate interests described under “Purposes and legal bases”, after the expiry of the regular statute of limitations pursuant to section 195 of the German Civil Code (Article 6(1)(f) GDPR).
If your data is also required to assert, exercise or defend our legal claims or those of a third party, it will be deleted as soon as the further storage of the data for these purposes is no longer necessary. In this case, too, such storage is based on Article 6(1)(f) GDPR. In this case, the purpose is our legitimate interest is the abovementioned processing.
iv. Origin of the data
We process data that we receive in the course of our communications with you. If we do not receive data directly from you, it usually consists of title, first name, last name, email address, address, landline number, mobile phone number, contractual data on purchases (date of purchase, purchase price, address of the branch where the item was purchased).
v. Recipients (including the transmission of personal data to non-EU countries)
Your personal data will be transmitted to:
M.A. Neumann Werbung GmbH & Co.KG
TeleMarCom European Services GmbH
To service partners, such as bicycle repair shops
Other data recipients may include lawyers, courts, supervisory authorities, police, public prosecutors’ offices, credit agencies and debt collection agencies. We transmit data to these recipients when we have a legitimate interest in this transmission which outweighs your interest in not transmitting it. In such a case, we will inform you in advance about the case and other circumstances, in particular your options for intervention.
In addition, we may be obliged to transmit your data to external bodies, such as public authorities. In such cases, insofar as allowed by law, we will inform you in advance about the transmission and other circumstances, in particular your options for intervention.
IV. Obligation to provide data
You are not legally or contractually obliged to provide us with personal data in the course of using our website. However, our pages cannot be accessed without your IP address. Your contact details are also needed to process a request or communicate with you.
V. Automated decision-making
We do not perform any automated decision-making.
VI. Rights of data subjects
As a data subject, you have the following rights:
6.1. Right to withdraw consent
If you have given your consent to the processing of your data, you have the right to revoke your consent to us at any time in accordance with Article 7(3) GDPR. Consequently, we then are no longer allowed to continue data processing, insofar as we were permitted to do so on the basis of your consent. The lawfulness of the processing performed prior to the revocation remains unaffected, which means that the processing performed on the basis of your prior consent remains lawful.
6.2. Right to confirmation and information
In accordance with Article 15 GDPR, you have the right to request confirmation from us as to whether the personal data concerning you is being processed. Furthermore, you have the right to obtain information about your personal data processed by us. In particular, you can obtain information about:
- the purposes of the processing
- the categories of personal data
- the recipients or categories of recipients to whom your data has been or will be disclosed include:
- the envisaged storage period
- the existence of a right to rectification, erasure, restriction of processing or a right to object
- the existence of the right to lodge an appeal
- all available information about the source of your data, insofar it was not collected by us
- the existence of automated decision-making, including profiling and, if necessary, meaningful information on its details
6.3. Right to rectification
In accordance with Article 16 GDPR, you have the right to request the correction of incorrect or to complete the personal data stored by us without undue delay.
6.4. Right to deletion
You have the right to request the deletion of your personal data stored by us in accordance with Article 17 GDPR if one of the following reasons applies:
– The personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
– You withdraw your consent on which the processing was based and there is no other legal basis for the processing.
– You object to the processing performed on the basis of Article 6(1)(b) or (f) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing of data for the purpose of direct marketing.
– The personal data has been processed unlawfully.
– The deletion of the personal data is necessary for compliance with a legal obligation under European Union law or the laws of the member states to which we are subject.
– The personal data was collected in relation to the information society services offered in accordance with Article 8(1) GDPR.
This does not apply when the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.
6.5. Right to restriction of processing
You have the right to request the restriction of the processing of your personal data in accordance with Article 18 GDPR if:
– you contest the accuracy of the data for a period of time that allows us to verify the accuracy of your data,
– the processing is unlawful, but you oppose its deletion and request the restriction of processing instead,
– we no longer need the data, but you need it to assert, exercise or defend legal claims, or
– you have objected to the processing in accordance with Article 21 GDPR, as long as it is not clear whether our legitimate reasons outweigh yours.
In this case, apart from storage, your data may only be processed with your consent or for specific purposes established by law, in particular for the purposes of legal enforcement and the protection of the rights of other persons. We will notify you before the restriction is lifted.
6.6 Right to data portability
According to Article 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transmitted to another controller.
Note on exercising these rights under Section 6.1. 6.6.
If you would like to assert your abovementioned rights, you can contact us at any time. For example, send an email to the data protection officer via dsb@delta-sport.com or reach out the contact addresses given in Section 1.
6.7 Right to lodge a complaint with a supervisory authority
Furthermore, in accordance with Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority. For example, you can contact the supervisory authority of your usual place of residence, place of work or our registered office. A list of supervisory authorities can be found here:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
6.8. Separate information about your right to object in accordance with Article 21 GDPR
Here, we would like to draw your attention to your right to object in accordance with Article 21 GDPR:
Right to object
a) Individual right of objection pursuant to Article 21(1) GDPR
The prerequisite for this right to object is that data processing is performed on the basis of the provisions of Article 6(1)(e) or (f) GDPR.
Article 6(1)(e) GDPR regulates the case where the processing is necessary for the performance of a task carried out in the public interest or is performed in the exercise of official authority vested in the controller. This is primarily aimed at people who represent a governmental authority, such as the German Federal Government, the federal states and their authorities, or private individuals.
Article 6(1)(f) GDPR permits processing if it is necessary to safeguard the legitimate interests of the controller or a third party, provided that the interests or fundamental rights and freedoms of the data subject do not prevail.
If the data processing is performed on one such a basis, you have the right to object at any time to the processing of personal data concerning you on grounds relating to your particular situation. This also applies to profiling based on these provisions.
Consequence of the contradiction: After an objection has been raised, we will no longer process the data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
b) Right to object to the processing of data for direct marketing purposes
The prerequisite for this right to object is that your data is processed for the purpose of direct marketing.
In this case, you have the right to object at any time to the processing of data for the purpose of such marketing. This also applies to profiling if it is related to direct marketing.
The consequence of the objection is that the data will no longer be processed for this purpose.
c) Exercise of the right to object
You can contact us at any time if you would like to assert the right to object pursuant to a) or b). For example, simply send an email to the data protection officer via dsb@delta-sport.com or contact the contact addresses given in Section 2.
VII. Reservation for change
In order to ensure that our data protection information always complies with the current statutory requirements, we reserve the right to make changes at any time. This also applies in the event that the data protection information needs to be adjusted due to new or revised offers or services.