Table of contents
I. Name and contact details of the data controller and the data protection officer
The below-mentioned company is responsible for processing your personal data when you use these websites:
You may contact our data protection officer Mr. Tino Hauser by writing to the above-mentioned address (Attn. Data Protection Officer) or by sending an e-mail to firstname.lastname@example.org.
II. Purpose of data processing, legal basis and legitimate interests of the data controller as well as duration of storage
1. General notes regarding data processing
In most cases, you may use our websites without having to enter any personal details. We only collect your personal data as far as required for providing our web offer and our services. If you enter personal details (e.g. name, address, e-mail address or phone number) on our websites, this is generally done voluntarily. No such data will be disclosed to any third party, unless you have expressly agreed otherwise.
Without your consent, we will only process your data insofar as it is impossible to obtain your previous consent for actual reasons and processing of your data is explicitly allowed by law.
The legal bases for processing your personal data are:
Article 6 paragraph 1 point (a) GDPR if you have explicitly given consent to the processing of your personal data for a specific purpose;
Article 6 paragraph 1 point (b) GDPR if processing of your personal data is necessary for the performance of a contract to which you are party or in order to take steps prior to entering into a contract;
Article 6 paragraph 1 point (c) GDPR if processing your data is necessary for compliance with a legal obligation;
Article 6 paragraph 1 point (f) GDPR if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.
Personal data is only erased or no longer processed where the personal details are no longer necessary in relation to the purposes for which they are collected or otherwise processed unless storage of the data is required due to legal, contractual or statutory provisions.
Your personal data is processed in the following cases:
2. Visiting our websites | Log files
When you visit our websites, system-related information is collected and stored in server log files ("log files"), which your browser automatically transmits to us. This includes:
IP address of the retrieving end device
Date and time of your access
Name and URL of the retrieved file
Referrer URL (website from which the access was made) and clicked links
Information about browser type, version used and maybe the operating system you are using as well as the name of your access provider
This data cannot be assigned by us to a certain individual; therefore, we cannot identify you by means of this data. The data in the log files is always stored separately from other personal data; it is not combined with other data sources.
This data is processed by us according to article 6 paragraph 1 point (f) GDPR in order to supply the contents of our web presence as well as to guarantee proper function of our IT systems, to optimise our websites and to evaluate system security and stability.
The data is stored for 2 weeks and then automatically erased.
3. Data processing to conclude, execute and terminate a contract
a) Registration | User account
We offer you to register as customer of our B2B online shop on our websites. Information about data being processed for your registration can be found here.
b) Conclusion of a contract | Execution of a contract
In case of orders by phone, written orders or orders in our online shop, we collect data we need to conclude, execute and terminate the purchase agreement with you. This includes:
Last name, first name
Invoice address; delivery address, if different
Invoice and payment data
VAT ID number
Phone number, if required
Further information is voluntary. This order data is assigned to your user account and only used for the execution of your order, in particular to deliver the ordered goods - unless this data is used for advertising purposes (see point 4). The legal basis for this is article 6 paragraph 1 point (b) GDPR. Furthermore, we process your e-mail address according to article 6 paragraph 1 point (c) GDPR because we are obligated to send you an electronic order confirmation.
The data needed for executing the contract is stored until all legal and/or any contractual warranty and guarantee rights end. After this retention period, your data will be erased by us unless we are obligated due to trade and/or tax law to retain your data for the legally prescribed period (accounting-relevant data must usually be retained for ten years from conclusion of the contract). In this case, your data will only be processed for legally prescribed purposes (e.g. audits by fiscal authorities) before erasure.
We use external logistics providers to execute the contracts. We disclose them your contact details insofar the information is necessary to deliver the ordered goods. The legal bases for this are article 6 paragraph 1 point b) and point (f) GDPR. Our service providers will process this data exclusively for a prompt and correct delivery of the goods to you and will erase them afterwards.
c) Credit check and transmission to credit agencies
If you select a payment option that requires us to perform a service in advance, e.g. in case of purchase on account, we reserve the right based on article 6 paragraph 1 point (f) GDPR to preserve our legitimate interests, in particular to prevent the risk of non-payment and the misuse of our online shop, to request your identity and credit information from specialised service providers (credit agencies). We will only request identity and credit information about companies. In case of freelancers, the required personal data (last name, first name, company name, address) will be transmitted. We work together with
Creditreform Konstanz Müller & Schott
GmbH & Co. KG
More information on data processing by Creditreform and calculation of probability values (scores) by Creditreform, which may be the content of a credit report, can be obtained from
We will only process this credit information to make a carefully considered decision about conclusion, execution or termination of the contractual relationship with you and to offer you different payment options on this basis. You may object to the processing of your data for the purpose of a credit check according to article 21 GDPR. Please understand that we cannot offer you all payment options in this case, in particular none of the options that would require us to render advance services.
Data processing for advertising purposes
Direct marketing by post
Personal data you have given to us to register and process your order will be stored in your user profile. We reserve the right to process this data - last name, first name, postal address and maybe additional information that you have given voluntarily, e.g. date of birth - to send you information about our new offers, products and services by letter post. The legal basis for this is article 6 paragraph 1 point (f) GDPR.
You may object to the processing of your data for this purpose anytime without cost and with future effect by sending a message to the contact given under point I.
Your data will no longer be used for advertising purposes and will be erased - subject to processing for other purposes - if more than six years have passed since you have last ordered goods or services in our online shop.
b) Direct marketing by e-mail or phone
aa) With explicit consent
We only use your e-mail address and/or your phone number for advertising purposes if you have explicitly agreed to this. The legal basis for this is article 6 paragraph 1 point (a) GDPR.
You may withdraw your consent to the receipt of e-mails or phone calls for advertising purposes anytime without cost and with future effect by sending a message to the contact given under point I or by clicking the link provided in the advertising mail.
Your e-mail address and phone number will no longer be used for advertising purposes after you have withdrawn your consent and will be erased - subject to admissible processing for other purposes.
bb) Without explicit consent
If we have received your e-mail address for the sale of products or services, we also reserve the right to regularly send you e-mails with product offers from our range that are similar to the product you purchased. The legal basis for this is article 6 paragraph 1 point (f) GDPR in combination with article § 7 paragraph 3 of the German Unfair Competition legislation (UWG).
You may object to processing your e-mail address for advertising purposes anytime without cost and with future effect by sending a message to the contact given under point I or by clicking the link provided in the advertising mail.
Your e-mail address will no longer be used for advertising purposes and will be erased - subject to admissible processing for other purposes - if the data record relating to you has not been modified for three years or if no new documents (e.g. contact reports, e-mails, correspondence) have been stored in our CRM system for three years.
You may subscribe to our newsletter on our websites. In order for you to receive our newsletter, we need your e-mail-address. You can give your name voluntarily; it is only used in order to address you personally in the newsletter. We use the so-called double opt-in procedure: only after you have clicked the confirmation link sent to the e-mail address you provided will this e-mail address be added to our mailing list.
The data provided by you on the basis of your consent (article 6 paragraph 1 point (a) GDPR) will only be used for sending the newsletter. In addition, we collect information on IP address, date and time of your registration based on article 6 paragraph 1 point (f) GDPR to traceably record your registration process.
You may withdraw your consent to receiving our newsletter anytime with future effect. Just send us a short notice to the contact address mentioned under point I or click the "Unsubscribe" link provided at the end of each newsletter. After you have unsubscribed, your data will no longer be processed for sending the newsletter and will be erased - subject to admissible processing for other purposes.
5. Website analysis and online presentation
a) General information about cookies
Most browsers accept cookies automatically. You can configure your browser so that you will be informed when cookies are about to be placed and will be able to allow cookies to be placed only on a case-by-case basis, to disable cookies in certain cases or in general, and to delete cookies automatically upon closing of the browser. If you disable cookies, the functionality of our websites may be limited.
b) Web analysis
The following web analysis services are used on our websites:
aa) Google Analytics
You can prevent cookies from being stored by changing your browser software settings accordingly; however, please be advised that in such a case you might not be able to use all functions of this website to their full extent. Moreover, you can prevent the transmission of data generated by the cookies and relating to your use of our websites (including your IP address) to Google and the processing of the same by Google by downloading and installing the browser plug-in available on the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
As an alternative to the browser add-on, you can refuse the use of Google Analytics by clicking the following link. An opt-out cookie, which prevents the future collection of your data when visiting this website, will be stored on your end device. Please note that the opt-out cookie will only be stored in this browser and is only valid for our websites; you will need to set the cookie again if you delete the cookies in your browser.
For further information to conditions of use and data privacy in relation to Google Analytics, please refer to the website of Google.
ab) Hotjar web analysis
Our websites use Hotjar, a web analysis service of Hotjar Ltd., Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta, Europe ("Hotjar"). The legal basis is article 6 paragraph 1 point (f) GDPR: data is only processed for the purpose of improving our websites and for their needs-oriented design.
If you do not want this data to be logged, you can disable this on all websites that use Hotjar by setting the DoNotTrack header in your browser. For more information, visit https://www.hotjar.com/opt-out
For further information about Hotjar and data processing by Hotjar, please visit the following manufacturer’s web link: https://www.hotjar.com/privacy
We use the remarketing technology of Google Inc., 600 Amphitheatre Parkway Mountain View, Ca 94043, USA ("Google") on our websites. Processing your data for remarketing purposes is based on article 6 paragraph 1 point (f) GDPR ("legitimate interests"). By using remarketing measures, we want to make sure that you are presented with advertising based on your interests in order to make our web offer even more interesting to you and to avoid annoyance due to uninteresting advertising when visiting other websites.
The Google remarketing function is used to present visitors of our websites with advertisements related to their interests (within the Google advertising network). This is done by means of the cookies stored in your browser. They are used by Google to analyse your usage behaviour when visiting different websites. Google can notice your previous visit to our websites and then present you advertisements of our products and services on other websites that also use the Google remarketing function. According to a statement by Google, data collected for the purpose of remarketing will not be merged with any personal details that may be stored by Google. In particular, only pseudonymised data is used for remarketing according to Google.
You may disable the use of targeting and remarketing technologies – as a whole or individually – by selecting them in the preference manager under the following link:
d) Your Cookie-settings
6. Contact form | "Do you have any questions"
If you send us requests via the contact form on our websites, by e-mail or by clicking the "Do you have any questions" button, your information including your contact details (name, e-mail address, phone number and company as well as post code to determine the contact person in charge) will be stored for processing your request and for any follow-up questions. The legal basis for this is article 6 paragraph 1 point b) and point (f) GDPR; legitimate interests are processing and follow-up of user requests as well as future addressing of the user for the purpose of consulting and analysis. Data will be erased 3 months after last contacting you, unless we are required by law to store the data for a longer period. Further information on data processing when using contact forms can be found here.
7. Image database
Information about personal data being processed when using our image database can be found here.
Disclosure of your data to third parties
In general, your data will not be passed on to third parties – unless explicitly stated under point II. In particular, we do not pass on your data to recipients outside the European Union or the European Economic Area, with exception of the cases mentioned under point II. If data is transmitted to servers of the US tracking or targeting technology providers we have contracted for processing according to point II, this data transmission is based on the principles of the "Privacy Shield".
Sometimes, we contract external service providers within the scope of order processing according to article 28 GDPR (e.g. for IT services) to process personal data. They have been carefully selected and contracted by us, are bound to our instructions and are regularly controlled.
Your data is only forwarded to supervisory authorities and law enforcement authorities, for example, as far as legally permitted, if it is required to discover fraud and other criminal offences or to guarantee the security of our data processing systems. The legal basis for this is article 6 paragraph 1 point c) [fulfilling legal requirements] and point (f) GDPR ["pursuing legitimate interests"].
IV. Rights of data subjects
If we process your personal data, you, as a data subject according to article 4 paragraph 1 GDPR, have the following rights according to chapter 3 GDPR:
1. Right to object
You may object to processing your personal data when this processing is supported by article 6 paragraph 1 point (f) GDPR ("legitimate interests") (article 21 GDPR). However, we are only obligated to accept your objection according to article 21 paragraph 1 sentence 1 GDPR if you give us reasons of higher priority resulting from your special situation. Your personal data is no longer processed, unless there are compelling legitimate grounds for processing, which prevail your interests, rights and freedoms, or processing is necessary to claim, execute and defend legal rights.
You may object to processing your personal data for advertising/marketing purposes anytime without giving reasons. In this case, your data will no longer be processed for advertising/marketing purposes.
2. Right to withdraw consent regarding data privacy
You are entitled to withdraw your consent to data processing anytime without giving reasons by sending a message to the person mentioned under point I without any costs other than transmission costs according to basic tariffs. Withdrawal of the consent does not affect the legality of processing done until you declared your withdrawal.
3. Other rights of data subjects
Right of access to your personal data stored in our company, in particular, information about purpose of processing, data categories and origin of data if data was not directly collected from you, categories of recipients of your data, planned storage period as well as rights of data subjects (article 15 GDPR).
Right of rectification of incorrect or incomplete personal data (article 16 GDPR).
Right to erasure of your personal data, in particular, if data is no longer required for the purposes for which they were collected and if we are not required due to legal, statutory or contractual provisions to store the data (article 17 GDPR).
- Right to restrict processing of your personal data (article 18 GDPR).
Right to data portability with regard to the personal data provided by you in a common, machine-readable format (article 20 GDPR).
4. Right to lodge a complaint with a supervisory authority
Notwithstanding other administrative or judicial remedies, you have the right according to article 77 GDPR to lodge a complaint with a supervisory authority if you believe that processing of your data by us violates the provisions of the GDPR.
The competent supervisory authority for Herbert Waldmann GmbH & Co. KG regarding data privacy is:
Der Landesbeauftragte für den Datenschutz und die
V. Data security
We take suitable technical safety measures to protect the data you provided to us against loss, destruction, disclosure and access by unauthorised parties and always update them in line with technical progress. Our safety measures are continuously optimised in accordance with technological progress.
For reasons of security and for protecting the transmission of confidential contents, such as requests that you send to us as the website operator, these websites use SSL encryption. You can identify an encrypted connection by the change in the address bar on the browser, from “http://” to “https://”, and by the padlock symbol in the browser address line. Once SSL encryption has been enabled, the data you send us cannot be read by third parties.
However, we point out that, with data transmission over the Internet (e.g. with communication by e-mail), security loopholes can arise. It is not possible to completely protect data from access by third parties.
VI. Links to websites of third parties
We place links to external websites offered by providers (third parties) not affiliated with us, e.g. to our profiles on social media, such as LinkedIn, Twitter, YouTube, Instagram and Facebook. We point out that we do not have any control about which data is processed by these providers after you click the links. Since data processing by third parties is not under our control, we cannot assume any liability for this. More information about how these third parties process your data can be found in the privacy policies of the relevant provider.