Thank you for your interest in our online shop. The protection of your privacy is very important to us. Below we inform you in detail about how we handle your data. Personal data in this context are all data with which you can be personally identified.
The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is TUX Smoking GmbH, Taborstrasse 54/18 e-mail: email@example.com. The controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.
For security reasons and to protect the transmission of personal data and other confidential information (e.g., orders or enquiries to the controller) this website uses SSL or TLS encryption. You can recognise an encrypted connection by the string “https://” and the padlock icon displayed in your browser’s address bar.
If you visit our website for information purposes only, i.e., if you do not register or otherwise provide us with information, we will only collect the data that your browser transmits to our server (so-called server log files). When you visit our website, we collect the following data, which are technically necessary for us to display the website to you:
- Our websites that were visited
- Date and time of access
- Amount of data transferred in bytes.
- Source/link that brought you to the web site.
- The browser used.
- The operating system used.
- The IP address used (as appropriate: in anonymised form)
Data processing is carried out in accordance with Art. 6 para 1 (f) on the lawful basis of our legitimate interest in improving the stability and functionality of our website. The data is not passed on or used in any other way. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.
To make the visit to our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e., after closing your browser (so-called session cookies). Other cookies remain on your device and allow us or our partner companies (third-party cookies) to recognise your browser on your next visit (persistent cookies). If cookies are set, they collect and process certain user information such as browser and location data and IP address values to an individual extent. Gottcha: you’re actually reading our Terms and Conditions. Send us this sentence and get four packs of 55 filters absolutely free of charge. Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie.
In some cases, cookies are used to simplify the ordering process by saving settings (e.g., remembering the contents of a virtual shopping basket for a later visit to the website). If personal data is also processed by individual cookies placed by us, the processing is carried out in accordance with Art. 6 para 1 (b) GDPR for the performance of the contract or in accordance with Art. 6 para. 1 (f) GDPR on the lawful basis of our legitimate interest in the best possible functionality of the website and an effective and customer-friendly visit to the site.
We may work with advertising partners who help us make our website more interesting for you. For this purpose, cookies from partner companies are also stored on your hard disk (third-party cookies) when you visit our website. If we work with the aforementioned advertising partners, you will be informed individually and separately about the use of such cookies and the extent of the information collected in each case in the paragraphs below.
Please note that you can set your browser in such a way that you are informed about the setting of cookies and can decide on a case-by-case basis whether you wish to accept them or exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages the cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You will find these for the respective browsers under the following links:
- Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
- Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
- Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
- Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
- Opera: https://help.opera.com/en/latest/web-preferences/#cookies
Please note that the functionality of our website may be limited if cookies are not accepted.
When you contact us (e.g., via the contact form or by e-mail) personal data is collected. Which data is collected in the case of a contact form can be seen from the respective contact form. This data is stored and used solely for the purpose of responding to your enquiry or for establishing contact and the technical administration this involves. The legal basis for data processing is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 (f) GDPR. If the aim of you contacting us is to conclude a contract, the additional legal basis for the processing is Art. 6 para. 1 (b) GDPR. Your data will be deleted once we have finished processing your enquiry. This is the case when it can be inferred from the circumstances that the relevant facts have been clarified in a conclusive manner and there are no statutory retention obligations that prevent its deletion.
Data Processing when Opening a Customer Account and for Contract Processing
In accordance with Art. 6 para 1 (b) GDPR, personal data will continue to be collected and processed if you provide it to us for fulfilment of a contract or to open a customer account. Which data is collected can be seen from the respective input forms. You may delete your customer account at any time by sending a message to the above address of the data controller. We store and use the data provided by you for contract processing. After processing of the contract has been completed or your customer account has been deleted, your data will be blocked subject to tax and commercial law retention periods. It will be deleted once these periods have expired unless you have expressly consented to the further use of your data or we have reserved the right to make legally permitted further use of your data about which we inform you below.
Use of Your Data for Direct Advertising
Subscription to our E-Mail Newsletter
If you register to receive our e-mail newsletter, we will regularly send you information about our products. The only mandatory information we require for sending the e-mail is your e-mail address. Any other data you provide us with is voluntary and is used to address you personally. We use the so-called double opt-in procedure for sending the newsletter. This means that we will only send you an e-mail once you have expressly confirmed that you have given your permission for us to send you newsletters. We will then send you a confirmation e-mail in which we ask you to click on a link confirming that you wish to receive newsletters in future.
By activating the confirmation link you grant us your permission to use your personal data in accordance with Art. 6 para 1 (a) GDPR. When you subscribe to the newsletter, we store the IP address registered by your Internet service provider (ISP) as well as the date and time you registered so that we are able to trace any possible misuse of your e-mail address at a later date. The data collected by us when you register for the newsletter is used exclusively for the purpose of contacting you for promotional purposes via the newsletter. You can unsubscribe from the newsletter at any time via the link provided for this purpose or by sending a message to the data controller indicated above. After unsubscribing, your e-mail address will be promptly deleted from our newsletter mailing list unless you have expressly consented to the further use of your data or we have reserved the right to make legally permitted further use of your data and about which we inform you in this statement.
Data Processing for Order Handling
1.1 The personal data collected by us will be passed on to the shipping company delivering the goods insofar as this is necessary for the delivery of the goods. We will pass on your payment data to the bank instructed to handle your payment insofar as this is necessary to process the payment. If payment service providers are used, we will explicitly inform you about this below. The lawful basis for passing on the data in this case is Art. 6 para. 1 (b) GDPR.
Use of Social Media: Social Plugins
Instagram as a Standard Plugin
Our website uses so-called social plugins (“plugins”) of the online service Instagram, which is operated by Instagram LLC., 1601 Willow Rd, Menlo Park, CA 94025, USA (“Instagram”). The plugins are marked with an Instagram logo, for example in the form of an “Instagram camera”. An overview of the Instagram plugins and their appearance can be found here: http://blog.instagram.com/post/36222022872/introducing-instagram-badges.
When you call up a page of our website that contains such a plugin, your browser sets up a direct connection with the Instagram servers. The content of the plugin is transmitted by Instagram directly to your browser and integrated into the site. This informs Instagram that your browser has called up the relevant page of our website, even if you do not have an Instagram profile or are not currently logged on to Instagram. This information (including your IP address) is sent by your browser directly to an Instagram server in the USA and stored there.
If you are logged in to Instagram, Instagram can directly associate your visit to our website with your Instagram account. If you interact with the plugins, for example by activating the “Instagram camera button”, this information is also transmitted directly to an Instagram server and stored there. The information is also published on your Instagram account and displayed to your contacts.
The data processing operations described are carried out in accordance with Art. 6 para. 1 (f) GDPR on the lawful basis of Instagram’s legitimate interest in using overlay personalised advertisements, to inform other users of the social networks about your activities on our website and for the needs-based design of the service.
If you do not want Instagram to directly associate the data collected via our website with your Instagram account you must log off from Instagram before visiting our website. You can also object to the loading of Instagram plugins and thus the data processing operations described above in future with add-ons for your browser, e.g., the script blocker “NoScript“ (http://noscript.net/).
Instagram LLC. with headquarters in the USA is certified within the framework of the European Privacy Shield Agreement, which ensures compliance with EU standards of data protection.
The purpose and scope of the data collection and the further processing and use of the data by Instagram, as well as your rights and setting options for the protection of your privacy in this context can be found in Instagram’s Data Policy: https://help.instagram.com/155833707900388/
Tools and Miscellaneous
Our website also uses the reCAPTCHA feature of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google“). This function is mainly used to distinguish whether an entry is made by an individual or is improperly made by machine and automated processing. The service includes the transmission to Google of the IP address and, if applicable, of further data needed by Google for the operation of the reCAPTCHA service and takes place in accordance with Art. 6 para. 1 (f) GDPR on the lawful basis of our legitimate interest in determining the individual intent of Internet activities and to prevent misuse and spam.
Google LLC with headquarters in the USA is certified within the framework of the US-European data protection agreement “Privacy Shield“ which ensures compliance with EU standards of data protection.
Rights of the Data Subject
1.1 The applicable data protection law grants you comprehensive rights as a data subject (rights of access and intervention) vis-a-vis the controller with regard to the processing of your personal data, which are explained below:
- Right of Access in accordance with Art. 15 GDPR: In particular, you have the right to obtain information about your personal data processed by us; the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom your personal data has been or will be disclosed; the planned period for which personal data will be stored or the criteria used to determine that period; the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing; the right to object to such processing; the right to lodge a complaint with a supervisory authority; where the personal data has not been collected by us from you, the right to information about the source of your data; the existence of automated decision-making, including profiling and, at least in those cases, meaningful information about the logic involved; as well as information about the significance and the envisaged consequences of such processing for you, and your right to be notified of the safeguards under Art. 46 GDPR for the transfer of your personal data to a third country;
- Right to Rectification in accordance with Art. 16 GDPR: You have a right to the rectification of inaccurate personal data concerning you and/or the right to have incomplete personal data stored by us completed;
- Right to Erasure in accordance with Art. 17 GDPR: You have the right to obtain the erasure of your personal data where the grounds set out in Art. 17 para. 1 GDPR apply. However, this right does not exist to the extent that processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation which requires processing for the performance of a task carried out in the public interest or for the establishment, exercise or defence of legal claims;
- Right to the Restriction of Processing in accordance with Art. 18 GDPR: You have the right to obtain restriction of the processing of your personal data for the period during which the accuracy of personal data which you have contested is being verified; if you have objected to the erasure of your personal data because the processing is unlawful and have requested the restriction of its use instead; if you require your personal data for the establishment, exercise or defence of legal claims; we no longer need the personal data for the purpose for which it was collected or if you have objected to processing on the grounds of your particular circumstances pending verification of whether our legitimate interests override yours;
- Right to Notification in accordance with Art. 19 GDPR: If you have made use of your right to request the data controller to rectify, erase or restrict processing of your personal data, the controller is obliged to notify each recipient to whom the personal data concerning you has been disclosed of the rectification or erasure of personal data or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients.
- Right to Data Portability in accordance with Art. 20 GDPR: You have the right to receive the personal data you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller where technically feasible;
- Right to Withdraw Consent in accordance with Art. 7 para. 3 GDPR: You have the right to withdraw any consent you have given to the processing of your personal data at any time with effect for the future. If you withdraw your consent, we will without undue delay erase the data concerned unless further processing can be lawfully based on processing without consent. Withdrawing this consent shall not affect the lawfulness of processing based on consent before its withdrawal;
- Right to Lodge a Complaint in accordance with Art. 77 GDPR: If you consider that the processing of personal data relating to you infringes the GDPR, you have – without prejudice to any other administrative or judicial remedy - the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement.
RIGHT OF OBJECTION TO DATA STORAGE
IF, WITHIN THE FRAMEWORK OF A CONSIDERATION OF INTERESTS, WE PROCESS YOUR PERSONAL DATA ON THE GROUNDS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE AT ANY TIME ON GROUNDS ARISING FROM YOUR PARTICULAR SITUATION.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO FURTHER PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OUTWEIGH YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING IS FOR THE PURPOSE OF ESTABLISHING, EXERCISING OR DEFENDING LEGAL CLAIMS.
IF WE PROCESS YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING. YOU MAY EXERCISE THE RIGHT TO OBJECT AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.
Duration of Storage of Personal Data
The duration of the storage of personal data is determined by the respective legal retention period (e.g., commercial and tax retention periods). After expiry of this period, the data will be routinely erased, provided it is no longer necessary for the performance or initiation of the contract and/or there is no longer any legitimate interest on our part in the further storage.