Privacy Policy anaptis shop

We appreciate your interest in our website. Privacy is important to us!

When processing personal data, anaptis GmbH ensures compliance with data protection regulations (in particular GDPR).

Since the definition of the terms is recommended from different sides, but we actually presuppose these as generally known, we have put them to the very end. Should any questions arise, please contact us.

 

I. Name and address of the person responsible

These data correspond to those of the imprint (https://shop.anaptis.com/impressum).

 

II. Name and address of the data protection officer.

Please take these data from the imprint (https://shop.anaptis.com/impressum).

 

III. General

In principle, we process personal data of our users only insofar as this is necessary to provide a functioning website and our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies to cases in which prior consent cannot be obtained for reasons of fact and the processing of the data is permitted by law.

Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as legal basis.

In the processing of personal data necessary for the performance of a contract of which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as legal basis. This also applies to processing operations required to carry out pre-contractual actions.

Insofar as processing of personal data is required to fulfill a legal obligation that is subject to our company, Art. 6 para. 1 lit. c GDPR serves as legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as legal basis.

If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest, Art. 6 para. 1 lit. f GDPR serves as legal basis for processing.

The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage is deleted. It may also be stored if provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for conclusion of a contract or fulfillment of the contract.

 

IV. Visit the website (third party)

Our website (and thus our hosting service provider) collects with each call a series of general data and information stored in the logfiles of the server. The (1) information about the browser type and version used, (2) your operating system used, (3) your Internet service provider (4) an Internet Protocol address (IP address – anonymised),, (5) the date and time of access to our website, (6) the website from which you came to our website (so-called referrers), (7) sub-websites that are accessed via our website.

When using this general data and information, we draw no conclusions about you. Rather, this information is required to (1) correctly deliver the contents of our website, (2) to optimize the content of our website and to advertise it, (3) to ensure the continued functioning of our information technology systems and the technology of our website, and (4) to provide law enforcement authorities with the information necessary for law enforcement in the event of a cyberattack.

This anonymously collected data and information is therefore statistically and further evaluated with the aim of increasing the privacy and data security of our company in order to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all other personal data.

All this serves in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR the preservation of our legitimate interests, which predominate in the context of a weighing up of interests, in a correct presentation of our offer. All access data will be deleted no later than seven days after the end of your page visit.

Our hosting service provider stores and processes this data within a country of the European Union or the European Economic Area.

The collection of data for the provision of the website and the storage of data in log files is imperative for the operation of the website. There is consequently no contradiction on the part of the user.

 

V. Cookies

Our website uses cookies. Cookies are small text files stored in the Internet browser or on the Internet browser on your computer system. When you visit our website, a cookie may be stored on your operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is reopened.

When visiting the online shop, we not only use cookies to make our website more user-friendly. Some elements require that the called browser is identifiable even after a page change (technically necessary cookies). Therefore, some features of our website cannot be offered without the use of cookies.

The following data is stored and transmitted in the cookies:

Transfer of language settings
Article in a shopping cart
Log-in information
Remember keywords
and possibly further data.
When you visit our website, you have been informed by an information banner about the use of cookies for analysis purposes and your consent to the processing of the personal data used in this context. In this context, there was also a reference to this privacy policy.

The user data collected through technically necessary cookies will not be used to create user profiles.

The use of analysis cookies is for the purpose of improving the quality of our website and its contents. Through the analysis cookies, we learn how the website is used and so we can constantly optimize our offer.

The legal basis for the processing of personal data using technically necessary cookies is Article 6 (1) lit. f GDPR. For the processing of personal data using cookies for analysis purposes, if the user has consented thereto, Art. 6 (1) lit. a GDPR.

Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all the features and elements of the website to the full.

 

VI. Customer account

On our website, we offer users the opportunity to create a customer account. This requires the provision of personal data. The data is entered into an input mask and transmitted to us and stored. A transfer of the data to third parties (apart from the host of the website) does not take place.

For the opening of the customer account the following data are collected:

E-mail address
In addition, the following data is saved when the customer account is created:

Your IP address
Date and time of registration
As part of the registration process, the consent of the user to process this data is obtained.

You are then free to further customize your customer account.

Legal basis for the processing of the data is in the presence of your consent Art. 6 para. 1 lit. a GDPR. Insofar as the investment of the customer account leads to the conclusion of a contract, the additional legal basis for processing the data is Art. 6 para. 1 lit. b GDPR.

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. Even after the conclusion of a contract, there may be a need to store your personal data in order to comply with contractual or legal obligations.

You have the option to cancel the registration at any time. You can change the data stored about you in the customer account at any time. Please note that if the data is required to fulfill a contract, premature deletion of the data is only possible, as far as non-contractual or legal obligations preclude deletion.

 

VII. Contact form and e-mail

You can contact us using the contact form on our website. If you use this possibility, the data entered in the input mask will be transmitted to us and saved. Here some fields are mandatory, others are optional. Depending on which data fields you fill in, they will be transmitted to us.

At the time of sending the message, the following data is also stored:

Your IP address
Date and time of dispatch
For the processing of the data in the context of the sending process your consent is obtained and referred to this privacy statement.

Alternatively, we offer contacting by using the provided e-mail address. In this case, your personal data transmitted to us by e-mail will be stored.

In this context, there is no disclosure of the data to third parties. The data is used exclusively for processing the communication.

Legal basis for the processing of the data is in the presence of your consent Art. 6 para. 1 lit. a GDPR, in the course of sending an e-mail, this is Art. 6 para. 1 lit. f GDPR. If the e-mail contact aims to conclude a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

The processing of the personal data from the input mask serves us only to process the contact. In the case of contacting by e-mail, the required legitimate interest in the processing of the data lies here as well.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

Your data will be deleted as soon as they are no longer necessary to achieve the purpose of their survey. For the personal data from the contact form input form and those sent by e-mail, this will be the case when communication with you has been completed. The communication is concluded for us when it can be deduced from the circumstances that the discussed facts are finally clarified.

The additional personal data collected during the sending process will be deleted at the latest after a period of seven days.

You have the opportunity to revoke your consent to the processing of personal data at any time. If you contact us by e-mail, you may opt out of storage at any time and we will be unable to continue communication with you. Questions asked by you can then no longer be answered.

You can object to the storage and processing by simple message to the contact details given in the imprint or revoke the consent.

All personal data stored in the course of the communication will be deleted in this case, as far as no subsequent deletion for other compelling reasons has to be made.

 

VIII. Use of Google (Universal) Analytics for Web Analytics

We use Google (Universal) Analytics, a web analytics service of Google LLC (www.google.com), for the purpose of website analysis.

[Please provide full address here] The Google Analytics component is operated by Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.

Google (Universal) Analytics uses methods that allow you to analyze the use of the website, such as cookies. The automatically collected information about your use of this website is usually transmitted to a Google server in the USA and stored there. By activating IP anonymization on this website, the IP address will be shortened prior to transmission within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there. The anonymized IP address provided by Google Analytics within the scope of Google Analytics will not be merged with other data provided by Google. After purpose and end of the use of Google Analytics by us, the data collected in this context will be deleted.

Legal basis for the processing of the data is in the presence of your consent Art. 6 para. 1 lit. a GDPR.

Google LLC is headquartered in the US and is certified under the EU-US Privacy Shield. A current certificate can be found here: https://www.privacyshield.gov/list. As a result of this agreement between the US and the European Commission, the latter has established an appropriate level of data protection for companies certified under the Privacy Shield.

You may revoke your consent at any time with future effect by downloading and installing the browser plug-in available at the following link or similar browser plug-ins: http://tools.google.com/dlpage/gaoptout?hl=en
This prevents the collection of data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google.

As an alternative to the browser plug-in, you can click on http://tools.google.com/dlpage/gaoptout?hl=en this link to prevent the future detection by Google Analytics on this website. An opt-out cookie is stored on your device.

If you delete your cookies, you will be asked to give your consent again.

 

IX. Use of plugins of networks on Facebook, Twitter, Xing, Linkedin and Youtube

Buttons from networks are used on our website. We are represented on facebook, twitter, xing, linkedin and youtube.

In order to increase the protection of your data when visiting our website, these buttons are not fully integrated as plugins, but only by using an HTML link in the page. This integration ensures that when you call up a page of our website that contains such buttons, no connection with the servers of the provider of the respective network is established.

If you click on one of the buttons, a new window of your browser opens and calls up the page of the respective service provider on which you can enter (for example, after entering your login data). press the Like or Share button.

The respective operator of the networker always receives information about the corresponding component that you have visited our website, if you are simultaneously logged in to the network at the time of accessing our website; this takes place regardless of whether you click on the link of the network or not. If you would like to avoid this transmission to the social network operator, you must log out of your network before calling our website.

Purpose and scope of the data collection and the further processing and use of the data by the providers on their pages, the deletion procedure, as well as a contact option and your related rights and settings options to protect your privacy, please refer to the privacy policy of the respective provider.

The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. Persons responsible for the processing of personal data, if an affected person lives outside the US or Canada, are Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland.

You will learn more about

https://de-de.facebook.com/about/privacy/

The operating company of Twitter is Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

You will learn more about

https://twitter.com/privacy

The operating company of Xing is XING SE, Dammtorstraße 30, 20354 Hamburg, Germany.

You will learn more about

https://www.xing.com/privacy

LinkedIn’s operating company is LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. Privacy Policy outside the United States is handled by LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

You will learn more about:

https://www.linkedin.com/legal/cookie-policy

https://www.linkedin.com/legal/privacy-policy

YouTube’s operating company is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.

You will learn more about:

https://www.youtube.com/yt/about/de/

https://www.google.de/intl/de/policies/privacy/

The legal basis for processing the data on the basis of your consent is Art. 6 para. 1 lit. a GDPR. Otherwise, this also serves to safeguard our legitimate interests, which predominate as part of a balance of interests, in optimally marketing our offer pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.

 

X. Rights of the person concerned

If your personal information is being processed, you are the „Concerned“ i.S.d. GDPR and you have the following rights to the responsible person (see above):

 

Right to information

You may ask the person in charge to confirm if personal data concerning you is processed by us.

If such processing is available, you can request information from the person responsible about the following information:

(1) the purposes for which the personal data are processed;

(2) the categories of personal data being processed;

(3) the recipients or the categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed;

(4) the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the retention period;

(5) the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;

(6) the existence of a right of appeal to a supervisory authority;

(7) all available information on the source of the data if the personal data is not collected from the data subject;

(8) the existence of automated decision-making including profiling under Article 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, and the scope and intended impact of such processing on the data subject.

You have the right to request information about whether the personal data relating to you are transferred to a third country or to an international organization. In this connection, you can request the appropriate guarantees in accordance with. Art. 46 GDPR in connection with the transfer.

 

Right to rectification

You have a right to rectification and / or completion to the controller, if the personal data you process is incorrect or incomplete. The responsible person must make the correction without delay.

 

Right to restriction of processing

You may request the restriction of the processing of your personal data under the following conditions:

(1) if you contest the accuracy of your personal information for a period of time that enables the controller to verify the accuracy of your personal information;

(2) the processing is unlawful, and you refuse the deletion of the personal data and instead demand the restriction of the use of the personal data;

(3) the controller no longer requires personal data for the purposes of processing, but you need them for the purposes of asserting, exercising or defending legal claims; or

(4) if you have filed an objection against the processing pursuant to Art. 21 (1) GDPR and it is not yet certain whether the legitimate reasons of the person responsible outweigh your reasons.

If the processing of personal data concerning you has been restricted, this data may only be used with your consent or for the purposes of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest Union or a Member State.

If the limitation of the processing after the above-mentioned conditions are restricted, you will be informed by the person in charge before the restriction is lifted.

 

Right to delete

Deletion obligations

You may require the controller to delete your personal information without delay, and the controller is required to delete that information immediately if one of the following is true:

(1) Personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You revoke your consent, to which the processing acc. Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. GDPR and there is no other legal basis for processing.

(3) According to. Art. 21 para. 1 GDPR you object to the processing and there are no prior justifiable reasons for the processing, or you object to processing through. Art. 21 para. 2 GDPR.

(4) Your personal data have been processed unlawfully.

(5) The deletion of personal data concerning you shall be required to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.

(6) The personal data concerning you were collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.

 

Information to third parties

If the person in charge has made the personal data concerning you public and is acc. Article 17 (1) of the GDPR, it shall take appropriate measures, including technical means, to inform data controllers who process the personal data that you have been identified as being affected, taking into account available technology and implementation costs Persons requesting deletion of all links to such personal data or of copies or replications of such personal data.

 

Exceptions

The right to erasure does not exist if the processing is necessary

(1) to exercise the right to freedom of expression and information;

(2) to fulfill a legal obligation which requires processing under the law of the Union or the Member States to which the controller is subject or for the performance of a task which is in the public interest or in the exercise of official authority conferring on the controller;

(3) for reasons of public interest in the field of public health pursuant to Art. 9 (2) lit. h and i and Art. 9 (3) GDPR;

(4) for archival purposes of public interest, scientific or historical research purposes or for statistical purposes acc. Article 89 (1) GDPR, to the extent that the law referred to in subparagraph (a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or

(5) to assert, exercise or defend legal claims.

 

Right to information

If you have the right of rectification, erasure or restriction of processing to the controller, he/she is obliged to notify all recipients to whom your personal data have been disclosed of this correction or deletion of the data or restriction of processing, unless: this proves to be impossible or involves a disproportionate effort.

You have a right to the person responsible to be informed about these recipients.

 

Right to data portability

You have the right to receive personally identifiable information you provide to the controller in a structured, common and machine-readable format. You also have the right to transfer this data to another person without hindrance by the person responsible for providing the personal data, provided that

(1) the processing on a consent acc. Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract acc. Art. 6 para. 1 lit. b GDPR is based and

(2) the processing is done by automated means.

In exercising this right, you also have the right to obtain that your personal data relating to you which are transmitted directly from one person to another, insofar as this is technically feasible. Freedoms and rights of other persons may not be affected.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the controller.

 

Right to objection

You have the right at any time, for reasons that arise from your particular situation, to object against the processing of your personal data, which pursuant to Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions.

The controller will no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is intended to assert, exercise or defend legal claims.

If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

Regardless of Directive 2002/58/EC, you have the option, in the context of the use of information society services, of exercising your right to opt-out by means of automated procedures that use technical specifications.

 

Right to revoke the data protection consent declaration

You have the right to revoke your data protection declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

 

Automated decision on an individual basis including profiling

You have the right not to be subjected to a decision based solely on automated processing – including profiling – that will have legal effect or similarly affect you in a similar manner. This does not apply if the decision

(1) is required for the conclusion or performance of a contract between you and the controller,

(2) is permitted by Union or Member State legislation to which the controller is subject, and where such legislation contains appropriate measures to safeguard your rights and freedoms and legitimate interests, or

(3) results from your express consent.

However, these decisions must not be based on special categories of personal data under Art. 9 (1) GDPR, unless Art. 9 (2) lit. a or g GDPR applies and reasonable measures have been taken to protect the rights and freedoms as well as your legitimate interests.

With regard to the cases referred to in (1) and (3), the person responsible shall take appropriate measures to uphold the rights and freedoms and their legitimate interests, including at least the right to obtain the intervention of a person by the controller, to express his/her own position and heard on challenge of the decision.

 

Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of its place of residence, employment or the place of the alleged infringement, if you believe that the processing of the personal data concerning you is against the GDPR violates.

The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.

 

XI. Definitions

Personal data is any information relating to an identified or identifiable natural person (hereinafter the „data subject“). A natural person is considered to be identifiable who, directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special features, expresses the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person can be identified.

Affected person is any identified or identifiable natural person whose personal data is processed by the controller.

Processing means any process or series of operations related to personal data, such as collecting, collecting, organizing, storing, adapting or modifying, reading, querying, using, with or without the help of automated procedures; disclosure by submission, dissemination or other form of provision, reconciliation or association, restriction, erasure or destruction.

Restriction of the processing is the marking of stored personal data with the aim to limit their future processing.

Profiling is any kind of automated processing of personal data that consists in using that personal information to evaluate certain personal aspects relating to a natural person, in particular aspects relating to job performance, economic situation, health, personal to analyze or predict preferences, interests, reliability, behavior, whereabouts or relocation of that natural person.

The responsible person or controller is the natural or legal person, public authority, body or body that, alone or in concert with others, decides on the purposes and means of processing personal data. Where the purposes and means of such processing are determined by Union law or the law of the Member States, the controller or the specific criteria for his designation may be provided for under Union or national law.

The processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.

Recipient is a natural or legal person, agency, agency or other entity to whom Personal Data is disclosed, whether or not it is a third party. However, authorities which may receive personal data under Union or national law in connection with a particular mission are not considered as beneficiaries.

Third is a natural or legal person, public authority, body or body other than the data subject, the controller, the processor and the persons authorized under the direct responsibility of the controller or processor to process the personal data.

Consent is any voluntarily given and unambiguously expressed in the form of a statement or other unambiguous confirmatory act by the data subject for the particular case in which the data subject indicates that they consent to the processing of the personal data concerning him or her is.