Privacy policy

Thank you for visiting our online store and for your interest in our company and our services. With the following data protection declaration, we explain which personal data we collect about you when you visit our website www.terrax-onlineshop.de and how this is used. You will also find information below about which data is collected as a result of a business relationship and when you apply for a job. At the same time, this compilation serves to inform you about the processing of your data in accordance with Art. 13 of the General Data Protection Regulation (DSGVO).

We take the protection of personal data very seriously and always process it in accordance with the applicable data protection regulations, in particular the EU Data Protection Regulation DSGVO. With this privacy policy, we would like to fully inform you about the nature, scope and purpose of the personal data we process and your rights as a data subject.

Responsible party in terms of data protection laws - in particular the EU General Data Protection Regulation (DSGVO):

Company: TERRAX Außenhandels-GmbH

Legal representative: Johannes Neisemeier

Managing Director: Johannes Neisemeier

Address: Endelner Feld 22, 46286 Dorsten

Phone: +49 2369 20338-0

E-mail: info(at)terrax.de

Contact details of our data protection officer are:
E-Mail: datenschutz(at)terrax.de

Information and rights regarding your personal data

In accordance with Art. 15 DSGVO, you are entitled at any time to ask Terrax Außenhandels-GmbH for comprehensive information about the data stored about you. In accordance with Art. 16, 17 and 18 DSGVO, you can request the correction, deletion and restriction of individual personal data at any time.

• Right to information: You can request information pursuant to Art. 15 DSGVO about your personal data processed by us.
• Right to object according to Art. 21 (1) DSGVO: You have a right to object on specific grounds.
• Right to rectification: if the information concerning you is not (or no longer) accurate, you may request a rectification in accordance with Art. 16 DSGVO. If your data is incomplete, you can request that it be completed.
• Right to erasure: You may request the erasure of your personal data in accordance with Art. 17 DSGVO.
• Right to restriction of processing: you have the right to request restriction of the processing of your personal data in accordance with Art. 18 DSGVO.
• Right to lodge a complaint: If you believe that the processing of your personal data violates data protection law, you have the right to lodge a complaint with a data protection supervisory authority pursuant to Art. 77(1) DSGVO. This includes the data protection supervisory authority responsible for the controller:
• State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia,
• P.O. Box 20 04 44, 40102 Düsseldorf, Germany, Tel. 0211/38424-0, poststelle@ldi.nrw.de.
• Right to data portability: In the event that the requirements of Article 20 (1) DSGVO are met, you have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to third parties. The collection of data for the provision of the website and the storage of log files are absolutely necessary for the operation of the internet pages. They are therefore not based on consent according to Art. 6 (1) a DSGVO or on a contract according to Art. 6 (1) b DSGVO, but are justified according to Art. 6 (1) f DSGVO. The requirements of Art. 20 (1) DSGVO are therefore not met.

If you have given us your consent to the collection and processing of your personal data, you can change or completely revoke this consent at any time. However, this effect will only unfold in the future from revocation. You can send the revocation either by post, by e-mail or by fax to the contractual partner. You will not incur any costs other than the postage costs or the transmission costs according to the existing prime rates.

Supervisory authority

A complaint can be filed with the data protection authority in the country where you reside or work or where the alleged violation occurred. Please refer to the following link for the supervisory authority responsible for you: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html 

Purposes of data processing by the controller and third parties

We collect and process your personal data only for the purposes that you will find in our privacy policy. A transfer of your personal data to third parties outside the purposes stated here will not take place, unless:

• You have given us your express consent to do so,
• this is necessary for the performance of a contract with you,
• this is necessary to fulfill a legal obligation,
• or this is necessary to protect legitimate interests, but only if we must and can assume that there is no predominantly legitimate interest on your part in not disclosing your data.

Deletion or blocking of the data

In accordance with the legal requirements, we adhere to the principles of data avoidance and data economy. Your personal data will therefore only be stored by us for as long as is necessary for the stated purposes or as long as the periods stipulated by the legislator must be observed. After expiry of these periods or after fulfillment of the purpose, the data will be routinely blocked or deleted in accordance with the statutory provisions.

1. collection of general information when visiting our webshop

When visiting our webshop, information of a general nature is collected. This information is only technically necessary to display the content correctly. When using the Internet, this information is automatically and necessarily collected.

Every time you access content on the website, data is temporarily stored that may allow identification. The following data is collected:

• Date and time of access
• IP address
• Host name of the accessing computer
• External pages from which our website was accessed
• External pages accessed via our website
• Pages visited on our website
• Message whether the retrieval was successful
• Amount of data transferred
• Information about browser type and version used
• Operating system
• Web analytics data / pseudonymous usage profiles (cookie ID, ad ID, etc.)

The temporary storage of data is necessary for the course of a website visit to enable the delivery of content. Further storage in log files takes place in order to ensure the functionality of the website and the security of the information technology systems. Our legitimate interest in data processing also lies in these purposes.

• On what legal basis is this data processed? The data is processed on the basis of Art. 6 (1) lit. f DSGVO.
• Are there other recipients of the personal data besides the responsible party? The webshop is operated (hosted) by GEDAK GmbH, Mülhauser Str. 157, D-47906 Kempen. The hoster receives the above data as an order data processor.
• How long will the data be stored? The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case when the respective session has ended. The log files are kept directly and exclusively accessible to administrators for a maximum of 24 hours. After that, they are only indirectly available via the reconstruction of backup tapes and are finally deleted after a maximum of 4 weeks.

The processing of your personal data is derived from our legitimate interest in the aforementioned data collection purposes. We do not use your data to draw conclusions about your person. Recipients of the data are only the responsible office in our company or any commissioned data processors. Anonymous information of this kind may be statistically evaluated by us in order to optimize our Internet presence and the technology behind it.

Registration and order process/ checkout

As an e-commerce system, it is mandatory to process data, for example, to record delivery addresses. In order to be able to place an order and perform other actions in the store, a customer account is required. This contains, among other things, the name and company name, address data (billing address, delivery address) and communication data (e-mail address, telephone and fax number). All this information is stored in the order. In addition, the ordered products and also the IP address. In addition, the referrer - i.e. the source from which the store is accessed - is also stored. As a registered user, you have the option at any time to change or delete the data you provided during registration. Of course, you also have the right to know at any time which personal data is stored. We will gladly comply with a correction or deletion at your request, provided that there are no legal obligations to retain data.

The following data is collected when ordering goods:

• Customer status (corporate customer)
• Company
• Customer number
• Sales tax ID
• Salutation
• First name, last name
• Telephone number
• Address
• E-mail address

When specifying a delivery address different from the billing address, the following data will be collected additionally:

• Company
• Salutation
• First and last name
• Address
• Optional: Department

Furthermore, we collect in the context of the ordering process, the payment method requested by you according to the selection there.

We need the data collected in the ordering process for the following purposes:

• for your identification as a customer
• to carry out your order
• to contact you with any queries, clarification of discrepancies or other information about your order
• to issue an invoice
• for possible warranty and liability questions as well as for possible assertion of claims against you
• for the administration of our customer data

Legal basis: Conclusion of contract Art. 6 lit. b DSGVO

Data transfer to third parties: parcel service provider/forwarding agent, accounting office/tax consultant

Data transfer abroad: parcel service provider/forwarding agent for foreign orders

Storage period: according to legal storage obligations (usually 10 years)

Only "payment on account" is offered as a payment method in our webshop. We do not use any external payment service such as PayPal or credit card. The online store is primarily aimed at our existing customers. As a new customer we request a business registration and perform a credit check at Creditreform.

Creditreform

Our company regularly checks your creditworthiness when concluding contracts and, in certain cases where there is a justified legitimate interest, we also check the creditworthiness of existing customers. For this purpose, we cooperate with Creditreform Boniversum GmbH, Hellersbergstraße 11, 41460 Neuss, from which we receive the data required for this purpose. For this purpose, we transmit your name and contact details to Creditreform Boniversum GmbH. You can find the information pursuant to Art. 14 of the EU General Data Protection Regulation on the data processing that takes place at Creditreform Boniversum GmbH here: https://www.boniversum.de/eu-dsgvo/informationen-nach-eu-dsgvo-fuer-verbraucher/

Shopware eCommerce-Software

Our webshop is a Shopware eCommerce solution. Shopware stores cookies in your browser to ensure the basic functions of the store. By means of the cookies, e.g. the shopping cart content, the login state and also the CSRF protection is enabled. Without having cookies allowed in the browser, Shopware cannot be used. Shopware only stores IDs in your browser, the assignment to the respective information is done in the application area.

Based on the session cookie, Shopware decides whether you have an active shopping cart and whether you are logged in. It therefore serves as identification between your browser and the server. No other information is stored in the browser except for the session ID. The handling of session cookies is controlled on the server side via PHP and is independent of Shopware.

In addition, Shopware generates an individual CSRF cookie when you visit the store, so that you can operate the individual areas of the store.

In addition, an SLT cookie is set, which allows us to recognize you when you return to our online store, even if the session has already expired. The SLT cookie can be deactivated in the basic settings of your browser.

When you place a product on the notepad, a cookie with the name "sUniqueID" is created for this purpose in order to save the contents of the notepad. The saved products are stored in the s_order_notes table. For more information, please refer to the "Cookies" section of this Privacy Policy.

The browser's Local Storage also stores the "recently viewed items" information.

You can find more information about Shopware here:
https://www.shopware.com/de/datenschutz/
shopware AG, Ebbinghoff 10, 48624 Schöppingen, Telefon: +49 (0) 2555 92885-0, Fax: +49 (0) 2555 92885-99

SSL encryption

To protect your data during transmission, we use state-of-the-art encryption methods (e.g. SSL) via HTTPS.

Integration of social media (Facebook etc.)

We use a link on our website to the networks Facebook, YouTube, Instagram, LinkedIn and Xing. This is a linking of the logo graphics to the corresponding network. Except for a possible storage of the referrer URL, no data is stored on our website. Data processing and a possible data transfer in the corresponding networks is not our responsibility.

Type of data: inventory data (e.g. names, addresses), contact data (e.g. e-mail, phone numbers), content data (e.g. entries in online forms), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

Data subjects: Users (e.g., website visitors, users of online services).

Purposes of processing: contact requests and communication, tracking (e.g. interest/behavioral profiling, use of cookies), remarketing, reach measurement (e.g. access statistics, recognition of returning visitors).

Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).

For more information, please visit:

• Facebook: Social network; service provider: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; Privacy policy: https://www.facebook.com/about/privacy; Opt-out: Ads settings: https://www.facebook.com/settings?tab=ads; Additional privacy notices: Facebook Page Personal Data Sharing Agreement: https://www.facebook.com/legal/terms/page_controller_addendum, Facebook Page Privacy Notice: https://www.facebook.com/legal/terms/information_about_page_insights_data.
• Instagram: social network; service provider: Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA; Website: https://www.instagram.com; Privacy policy: https://instagram.com/about/legal/privacy.
• LinkedIn: Social network; service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Website: https://www.linkedin.com; Privacy policy: https://www.linkedin.com/legal/privacy-policy; Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
• Xing: Social network; service provider: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany; Website: https://www.xing.de; Privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.

Data processing when visiting our social media profiles on external platforms

We are represented with a company page on the above-mentioned social media platforms. Through this, we would like to offer you further opportunities for information about our company and for exchange. Insofar as you visit a profile on a social media platform or interact with it, personal data may be processed. Personal data also includes information associated with a social media profile used, as well as messages and statements made using the profile. In addition, during your visit to a social media profile, certain information is often automatically collected, which may also constitute personal data.

a. Facebook and Instagram

When you visit our Facebook or Instagram page, through which we present our company and individual products from our range, certain information about you is processed. The sole controller of this processing of personal data is Facebook Ireland Ltd (Ireland/EU - "Facebook"). For more information about the processing of personal data by Facebook, please visit: https://www.facebook.com/privacy/explanation.

Facebook offers you the opportunity to object to certain data processing. Information on this as well as opt-out options can be found at: https://www.facebook.com/settings?tab=ads.

Facebook provides us with anonymized statistics and insights for our Facebook and Instagram page, which we use to gain knowledge about the types of actions users take on our page (so-called "page insights"). The basis for the creation of page insights is certain information about people who have visited our site. This processing of personal data is carried out by Facebook and us as joint controllers. The processing serves our legitimate interest in evaluating the types of actions taken on our site and improving our site based on these insights. The legal basis for this processing is Art. 6 (1) p. 1 lit. f DSGVO. 

We cannot assign the information obtained via Page Insights to individual Facebook profiles that interact with our Facebook page. We have entered into a joint controller agreement with Facebook, which specifies the distribution of data protection obligations between us and Facebook. For details about the processing of personal data to create Page Insights and the agreement entered into between us and Facebook, please visit: https://www.facebook.com/legal/terms/information_about_page_insights_data

In relation to these data processing operations, you have the option of asserting your data subject rights (see "Your rights" in this regard) against Facebook as well. Further information on this can be found in Facebook's privacy policy at: https://www.facebook.com/privacy/explanation.

In accordance with the Facebook privacy policy, user data is also processed in the USA or other third countries. Facebook only transfers user data to countries for which an adequacy decision has been issued by the European Commission in accordance with Article 45 of the GDPR or on the basis of appropriate safeguards in accordance with Article 46 of the GDPR.

b. LinkedIn

When visiting our LinkedIn site, if you are located within the EU or the EEA as well as Switzerland, LinkedIn Ireland Unlimited Company (Ireland/EU - "LinkedIn") Attn: Legal Dept. (Privacy Policy and User Agreement), Wilton Plaza, Wilton Place, Dublin 2 is generally the sole controller of your personal data. If you are located outside of the above-mentioned space, LinkedIn Corporation, Attn: Legal Dept. (Privacy Policy and User Agreement), 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA is the sole controller of your personal data.

When you visit, follow, or engage with our LinkedIn company page, LinkedIn processes personal data to provide us with anonymized statistics and insights. This provides us with insights into the types of actions that people take on our site (so-called page insights). For this purpose, LinkedIn processes in particular such data that you have already provided to LinkedIn via the information in your profile (e.g. data on your professional position, country, industry, seniority, company size and employment status). In addition, LinkedIn will process information about how you interact with our LinkedIn company page, such as whether you are a follower of our LinkedIn company page. With the page insights, LinkedIn does not provide us with any personal data about you. We only have access to the aggregated Page Insights. It is also not possible for us to draw conclusions about individual members via the information provided. This processing of personal data in the context of the Page Insights is carried out by LinkedIn and us as joint controllers. The processing serves our legitimate interest in evaluating the types of actions taken on our LinkedIn company page and improving our company page based on these insights. The legal basis for this processing is Art. 6 (1) p. 1 lit. f DSGVO.

We have entered into a joint controller agreement with LinkedIn, which sets out the distribution of data protection obligations between us and LinkedIn. The agreement is available at: https://legal.linkedin.com/pages-joint-controller-addendum

In relation to these data processing operations, you have the possibility to assert your data subject rights (see "Your rights" in this regard) also against LinkedIn. Further information on this can be found in LinkedIn's privacy policy at: https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy and https://www.linkedin.com/help/linkedin/ask/PPQ?lang=de.

Please note that according to the LinkedIn Privacy Policy, personal data is also processed by LinkedIn in the USA or other third countries. LinkedIn transfers personal data only to countries for which an adequacy decision of the European Commission according to Art. 45 DSGVO exists or on the basis of appropriate guarantees according to Art. 46 DSGVO.

c. Xing

We operate a business profile for self-promotion on the social media network XING. According to the ruling of the European Court of Justice (ECJ) of 05.06.2018, Ref. C-210/16, the operator of social media sites is at least jointly responsible for data processing within the meaning of Art. 26 DSGVO. We assume an analogous applicability of this decision also to XING. So far, we are not aware of XING offering an agreement that meets the requirements of Art. 26. After inquiry, we received a response from Xing's data protection officers: In our current view, there is no case of joint responsibility, which is why we do not conclude any data processing agreements pursuant to Art. 26 DSGVO.

• Type of data: e-mail address, name, contact details, data published by the user.
• Purpose: To establish contact on the company profile, networking business partners.
• Legal basis: Contract fulfillment Art. 6 lit. b DSGVO, legitimate interest Art. 6 lit. f, consent Art. 6 lit. a
• Data transfer to third parties: not known except for XING
• Data transfer abroad: does not take place
• Storage period: all data is deleted upon unsubscription

We would like to point out that the privacy policy of XING SE, Dammtorstraße 30, DE-20354 Hamburg, Germany, Tel.: +49 40 419 131-0 , Fax: +49 40 419 131-11, E-Mail: info(at)xing.com, (hereinafter: XING) is applicable for any processing going beyond this on our XING company website. Further information on the processing of personal data by XING can be found here: https://privacy.xing.com/de/datenschutzerklaerung

Processing of data you provide to us via our social media pages
We process information that you have provided to us via our company page on the respective social media platform. Such information can be, for example, the username used, contact details or a message to us. We regularly process this personal data only if we have previously expressly requested you to provide us with this data. This processing by us takes place as the sole responsible party. We process this data on the basis of our legitimate interest in contacting inquiring persons. The legal basis is Art. 6 para. 1 p. 1 lit. f DSGVO.

Use of script libraries

To provide basic and necessary functions (responsiveness, etc.) and to ensure a graphically correct display of our website, we use script and font libraries. All script and font files are stored locally on the web server. They are not accessed via a link to the script and font provider (no connection via a Content Delivery Network - CDN). There is a high probability that no data is stored.

Use of Google Analytics

GoogleAnalytics is not integrated on this website.

Use of Google Maps

GoogleMaps is not integrated on this website.

Use of Videos

Videos are not embedded on this website.

Cookies

Cookies are text files that are stored on the end device of the Internet user. They are used to control the Internet connection during your visit to our website. At the same time, these cookies provide us with information that allows us to optimize our website to the needs of our visitors. Cookies are partly stored by your browser only for the duration of your stay on the website, but partly for a longer period of time. All cookies on our website contain purely technical information, not personal data. You can also view our website without cookies. However, most browsers accept cookies automatically. You can prevent cookies from being stored by specifying this in your browser settings. If you do not accept cookies, this may lead to functional restrictions of our offers.

See: https://www.allaboutcookies.org/

Terrax-Newsletter

If you have given us your express consent, we will send you our newsletter or similar information at regular intervals by e-mail to your specified e-mail address. The specification of your e-mail address is sufficient for this purpose. When registering to receive the newsletter, the data provided will only be used for this purpose. For an effective registration, a valid e-mail address is necessary. To ensure that a registration is actually made by the owner of an e-mail address, we use the "double opt-in" procedure. In this process, the order of the newsletter, the sending of a confirmation e-mail and the receipt of the response requested herewith are logged. No further data is collected. The data will be used exclusively for sending the newsletter and will not be passed on to third parties. Of course, you can revoke your consent to the storage of your personal data and its use for sending the newsletter at any time. In each newsletter you will find a corresponding link for this purpose. In addition, you can unsubscribe directly on our website or communicate your wish to revoke your consent at info(at)terrax.de.

• Type of data: e-mail address, name if applicable
• Purpose: to receive the newsletter
• Legal basis: consent Art. 6 lit. a DSGVO
• Data transfer to third parties: Newsletter provider @computational (order data processor).
• Data transfer abroad: does not take place
• Storage period: all data will be deleted upon unsubscription

2. Collection of customer data within the scope of our business relationship

We process the following personal data if a contractual relationship exists between you and us or you have otherwise transmitted the data to us:

• Company data (name, address, UID, business registration)
• Personal data (name, address)
• Communication data (telephone number, fax, e-mail address, Skype, website)
• Contract master data (contractual relationship, contractual interest)
• Billing and payment data
• Storage period: according to the legal obligation to keep records

When we provide chargeable services for you, we request data, such as payment details, in order to be able to execute your order. We store this data in our systems until the statutory retention periods have expired. Our company regularly checks your creditworthiness when concluding contracts and, in certain cases where there is a justified legitimate interest, we also check the creditworthiness of existing customers. For this purpose, we work with Creditreform Boniversum GmbH, Hellersbergstraße 11, 41460 Neuss, from which we receive the data required for this purpose. For this purpose, we transmit your name and contact details to Creditreform Boniversum GmbH. The information pursuant to Art. 14 of the EU Data Protection Basic Regulation on the processing of data by Creditreform Boniversum GmbH can be found here: www.boniversum.de/eu-dsgvo.

Information on the purpose of processing and the legal basis

We collect this data for the purpose of fulfilling the contract, expanding the business relationship and/or providing appropriate advice and information about our company's products via mail, telephone or e-mail. The data is necessary and required for this purpose. The legal basis is derived from the DSGVO Art. 6 para. 1, lit. a (consent), lit. b (contract performance) and lit. f (legitimate interest). A data transfer (except to our contract data processors) does not take place.

See "Information requirements for customers" at the end of this privacy policy.

3. Handling of application documents

Application documents are stored in accordance with the statutory retention period. Personal application data is generally deleted after 3 to 6 months after completion of the application process. This does not apply if legal provisions or a voluntary consent of the person concerned prevent deletion. Please note that transmission of your application documents in a normal e-mail is not encrypted and therefore insecure. However, you can send your e-mail attachment as an encrypted PDF.  Alternatively, you can also send your application by post - this is the most secure method (registered mail, etc.). We process the personal data that you have brought to our attention in the course of your application.

Information on the purpose of processing and the legal basis

We process the data that you have sent us in connection with your application in order to assess your suitability for the position (or other open positions in our companies, if applicable) and to carry out the application procedure. The legal basis for the processing of your personal data in this application procedure is primarily Section 26 BDSG. According to this, the processing of data required in connection with the decision on the establishment of an employment relationship is permissible. Should the data be required for legal prosecution after completion of the application procedure, if applicable, data processing may be carried out on the basis of the requirements of Art. 6 DSGVO, in particular to safeguard legitimate interests pursuant to Art. 6 (1) DSGVO. Our interest then consists in the assertion or defense of claims. If there is a need for longer-term storage (e.g. for further vacant positions or positions that become vacant), this will be done on the basis of your consent in writing (pursuant to Art. 6 Para. 1 lit. a DSGVO). See "Information requirements for applicants" at the end of this privacy policy.

Adaptation of the data protection guidelines

Due to the further development of our website or the implementation of new technologies or similar, it may become necessary to change this data protection notice. We reserve the right to change the data protection information at any time with effect for the future. We recommend that you read the current data protection information again from time to time.

Questions about data protection

If you have any questions regarding data protection, please feel free to contact our data protection officer: datenschutz(at)terrax.de.

Datenschutzerklaerung-terrax-onlineshop-DE
Information for customers according to Art. 13 DSGVO and § 32 BDSG
Terrax-Informationspflicht-Bewerber