Vondos GmbH
Deisterstraße 20
31785 Hameln
Germany
Phone number
+49 5151 9818339
E-mail
mail@vondos.de
CEO
Fabian Simon,
Dennis van der Zwaag
Register court
Amtsgericht Hannover
Register number
HRB 206395
VAT ID no.
DE274835149
The information in this privacy policy serves to clarify the purpose, scope, and nature of the processing of your personal data within our entire website and all associated websites including their functions and content (hereinafter collectively referred to as “website”). This policy applies to all platforms and devices (e.g. mobile devices or desktop PCs) on which our website is used or executed, regardless of the domains or systems used. This information is given in accordance with Article 13 of the General Data Protection Regulation (GDPR).
Terms such as “personal data” or its “processing” are explained in the definitions in Article 4 of the GDPR.
Personal user data processed within this website are, for example, personal data (such as customer name and address), contract data (contract numbers, clerks, services used, information on payment), as well as data on use and customer input within our website (e.g. interest in certain products or content or input in the contact form).
The persons affected by the data processing include all visitors to our website including business partners, interested parties and customers, hereinafter referred to as “users.”
All personal user data is processed in compliance with the relevant data protection regulations. The basis for this is the existence of legal permission and the consent of the user. If data processing is necessary for the provision of our contractual services (e.g. order processing) or the online service (e.g. to ensure and comply with legal requirements), or also due to our legitimate interest (e.g. for the security of our website within the meaning of Article 6 (1f) of the GDPR, analysis required to optimize the security and profitability of our operations, including profiling for advertising and marketing purposes, collection of reach and access data, and third-party services), we will use the data as permitted by law.
Article 6 (1a) and Article 7 of the GDPR form the legal basis for the permissions; Article 6 (1b) of the GDPR serves as the legal basis for processing for the purposes of performing contracts and services. The legal basis for processing data for the purposes of fulfilling our legal obligations is Article 6 (1c) of the GDPR, and the basis for processing data for the purposes of safeguarding our legitimate interests is Article 6 (1f) of the GDPR.
Data is only passed on to third parties within the framework of legal requirements. It only takes place if this is necessary for contractual purposes/fulfillment (in accordance with Article 6 (1b) of the GDPR), or due to legitimate interests in our economic and effective business operations (pursuant to Article 6 (1f) of the GDPR).
In order to satisfy legal requirements and to protect personal data, we also take appropriate legal, technical, and organizational measures when using subcontractors.
If third-party services, tools, or other means are used, and the named headquarters of this provider is in a third country, data transfer to this country is also likely. The GDPR is an EU regulation and applies to all member states in any case. Transmission to countries outside of the EU or the European Economic Area will only take place with legal permission, the consent of the user, or an appropriate level of data protection in the respective third country. We identify these third-party providers in the following sections.
Our websites and our email service are hosted by Vondos GmbH (Deisterstrasse 20, 31785 Hamelin, Germany) and by the colocation provider Hetzner Online GmbH (Industriestr. 25, 91710 Gunzenhausen,Germany) (hereinafter “host”). Personal data collected on our websites is stored on our host’s servers. This may include IP addresses, contact requests, metadata and communication data, contract data, contact data, website views, and other data that is generated about a website.
The host is used for the purpose of fulfilling the contract with our potential and existing customers (Article 6 (1b) of the GDPR) and in the interests of providing our website in a secure, fast, and efficient way through a professional provider (Article 6 (1f) of the GDPR).
Our host will only process your data in so far as this is necessary to fulfill its service obligation and to follow our instructions with regard to this data. In order to guarantee that processing takes place in compliance with data protection regulations, we have signed a contract regarding order processing with our hosting provider.
In order to protect the data processed by us against accidental or intentional manipulation, destruction, loss or access by unauthorized persons, and to comply with the provisions of data protection laws, we take technical, organizational and contractual security measures in accordance with the state of the art.
One of these security measures is encrypted transmission of data between our server and your browser.
In order to fulfill our contractual and service obligations, we process inventory data (e.g. name and address as well as user contact data) and data on concluded contracts (e.g. services used, information on payment and shipping) in accordance with Article 6 (1b) of the GDPR.
Users are informed about the mandatory information required to create a user account during the registration process. Search engines cannot index user accounts, as these accounts are not public. Data of terminated user accounts is deleted, unless storage is necessary for commercial or tax reasons (according to Article 6 (1c) of the GDPR). In the event of termination, users are responsible for backing up their data before the end of the contract. We are entitled to irretrievably delete all of the user’s data that was stored during the term of the contract.
We store the IP address and time when the user registers, logs in again and uses our online services to protect against misuse or unauthorized use and to protect our legitimate interests. As a matter of principle, this data is not passed on to third parties, the exceptions being the pursuit of our claims or a legal obligation in accordance with Article 6 (1c) of the GDPR.
We create a user profile based on usage data (e.g. visits to our websites or certain product interests) and content data (entries in forms or information in the customer account) for advertising purposes in order to be able to display product information and offers of interest to the user.
The user’s details are stored so we can process user inquiries (via email or contact form), in accordance with Article 6 (1b) of the GDPR.
Our inquiry organization (customer relationship management) may store user information under certain circumstances.
Within the meaning of Article 6 (1a) of the GDPR, we maintain online presences on social networks and platforms by consent. We try to communicate with customers, prospective customers, and users there, likewise we provide information there about our services. When calling up the respective networks and platforms, the terms and conditions and data processing policies of the respective operators apply.
The data of users who communicate with us or interact with our content is processed insofar as this privacy policy does not specify any further processing of data.
Cookies are small files that are stored on users’ data carriers.
We mainly use cookies (session cookies), which are deleted again from the respective storage medium when the browser session ends. Session cookies are required, for example, to enable shopping cart functions or to store your entries across multiple pages. However, we also use cookies that remain on the user’s hard drive. This allows the user to be automatically recognized on a revisit, as well as their preferred inputs and settings. These cookies are stored on the hard drive for a period of one month to 10 years and are automatically deleted after the specified time. These cookies are primarily used to make the online offer more user-friendly, safer, and more effective.
We also inform users within this privacy policy about the use of cookies in connection with pseudonymous reach measurement.
If users wish to prevent the storage of cookies, this option can be manually disabled in their own browser settings. Cookies that have already been stored can also be deleted there, however, disabling cookies can result in functional restrictions of our online offer.
Use of cookies for reach measurement and advertising purposes can be objected to via the network advertising initiative https://optout.networkadvertising.org , deactivation page, the European website https://www.youronlinechoices.com/uk/your-ad-choices as well as the US website https://www.aboutads.info/choices .
Every time you access our servers, we collect, in our legitimate interest within the meaning of (Article 6 (1f) of the GDPR), corresponding data (known as server log files), including date and time, amount of data, name of the website being called up, success message about the retrieval, the operating system including browser type and version, the previously visited website, the IP address, and the provider.
The log file information is stored for a maximum of seven days for security reasons for the clarification of fraud or abuse, and then deleted. If certain data is necessary for evidentiary purposes, deletion will be deferred until final clarification of the incident.
Google Analytics is a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. We use Google Analytics for the optimization, analysis, and the economic operation of our website, for our own interest within the meaning of Article 6 (1f) of the GDPR, but only in a very limited form. Data is only collected anonymously, for statistical purposes. Google itself does not set any cookies and no data is used for advertising purposes. As a rule, Google truncates the IP address of the user within the EU or the EEA region (activated IP anonymization). IAs part of this use, personal data is transmitted to Zoom Video Communications Inc, 55 Almaden Blvd, 6th Floor, San Jose, CA 95113, USA. There is no appropriateness decision by the European Commission in place. Data transfer takes place on the basis of the EU standard contractual clauses.
Furthermore, we also use the full functional framework of Google Analytics with the consent of the user (Article 6 (1a) of the GDPR). In some cases, such as for analysis cookies, this applies information about the user’s use of the website.
Google creates reports on the use of our website on our behalf. Information is collected on our behalf about the activities of users within our offering for this purpose and for other services. This information can also be used to create pseudonymous usage profiles.
Users can prevent the collection and processing of user data by downloading and installing the browser plug-in available via this link: https://tools.google.com/dlpage/gaoptout?hl=de Storage of cookies can also be avoided through settings in the respective browsers or by withdrawing consent in our Consent Manager. You can customize your consents by opening the Consent Manager at the top of this Privacy Policy and specifying the appropriate settings.
You can find out more about setting and objection options and data collection by Google directly from Google: https://www.google.com/intl/de/policies/privacy/partners , https://www.google.com/policies/technologies/ads , ,and you can also view and edit your ad settings here: https://adssettings.google.com/authenticated
With the separate consent of the user within the meaning of Article 6 (1a) of the GDPR, we use Google Signal services, which enable Google Analytics to measure cross-device interaction with our content.
You can disable interest-based advertising by Google marketing services by using the settings and opt-out options provided by Google: https://www.google.com/ads/preferences . You can customize your consents by opening the Consent Manager at the top of this Privacy Policy and specifying the appropriate settings.
The overview page: https://www.google.com/policies/technologies/ads from Google provides you with further information on the use of data for marketing purposes. You can find Google’s privacy policy at https://www.google.com/policies/privacy.
We use “Google Optimize” to find out how various changes to our website (e.g. layout, design, etc.) affect user behavior. We use Google Analytics for the optimization, analysis, and the economic operation of our website, for our own interest within the meaning of Article 6 (1f) of the GDPR. Cookies, which store details about the test, are stored on the user’s device for this purpose. This is enabled by default and can be disabled in the Consent Manager at the top of the page. You can customize your consents by opening the Consent Manager at the top of this Privacy Policy and specifying the appropriate settings.
In our legitimate interest within the meaning of Article 6 (1f) of the GDPR, we use the Google Tag Manager service to control and operate the website content. This is a tag management service provided on a domain without cookies, which supports us in the area of consent management as well as the integration of various third-party providers. This service is essential for the operation of the site.
With the user’s consent within the meaning of Article 6 (1a) of the GDPR, we use on our website the “Facebook Pixel”, which is operated by Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are an EU resident, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”).
We use the Facebook Pixel to display the ads we place only to those Facebook users who have also shown an interest in our website, certain products or topics. We also want to use the Facebook Pixel to ensure that our ads on Facebook are in line with the potential interest of users and are not a nuisance. The Facebook Pixel enables us to determine the effectiveness of our Facebook ads and to compile statistics on how many users visit our online offering via an ad.
If one of our websites is called up, the Facebook Pixel is automatically integrated into the page and a cookie can be stored on the user’s device. If the user is logged in to Facebook during this time or logs in later, the visit to our website is also stored in the corresponding Facebook profile. The collected data is anonymized and does not allow us to draw any conclusions about the user’s identity. Facebook itself, however, stores and processes the data, making it possible for Facebook to use it for its own advertising or market research purposes through the connection to the respective Facebook profile. If it is necessary to match the data on our part with Facebook, it will first be encrypted within the browser and only then sent by us to Facebook via a secure connection.
The scope and processing of the data are set out in Facebook’s Data Use Policy. You can also find basic guidance on Facebook ads at: https://www.facebook.com/policy.php. More information about Facebook Pixel and how it works can be found in the Help section of Facebook at: https://www.facebook.com/business/help/ and https://www.facebook.com/policy.php.
It is possible to object to the data collection by the Facebook Pixel and to the use of your data to display Facebook ads. To do so, visit the page set up by Facebook and follow the instructions on the settings for usage-based advertising: https://www.facebook.com/settings?tab=ads. All settings are platform-independent, so the application runs on all end devices (such as mobile or desktop devices).
Whether the collection of your data by means of the Facebook pixel is activated on our website or not, you can view and also change it in our Consent Manager.
Furthermore, use of cookies for reach measurement and advertising purposes can be objected to via the network advertising initiative https://optout.networkadvertising.org, deactivation page, the European website https://www.youronlinechoices.com/uk/your-ad-choices as well as the US website https://www.aboutads.info/choices. You can customize the consent options by opening the Consent Manager at the top of this Privacy Policy and specifying the appropriate settings.
In the case of consent within the meaning of Article 6 (1a) of the GDPR, we work with the Mouseflow, ApS service (Flaesketorvet 68, 1711 Copenhagen V, Denmark). This allows us to create heatmaps and session records. Mouseflow allows us to track the movements of the mouse pointer on our websites. Besides information about which windows or buttons are clicked by the user and how far in the text is scrolled in each case, technical data such as information about the operating system, the browser and similar can also be collected and processed. User profiles are temporarily created for this purpose. These also allow us to gather direct feedback from website visitors. In this way, direct interaction can be used to increase customer friendliness and usability. Privacy Policy: https://mouseflow.com/privacy/. You can view and change the consent in our Consent Manager.
Offers from third-party providers are also used within our website. The basis for this is also our legitimate interest within the meaning of Article 6 (1f) of the GDPR. The third-party providers need to be able to recognize the IP address of the user for the content and its display (e.g. videos or fonts). This is unavoidable for sending the content to the browser. When selecting third-party providers, we take care to use only providers that use the IP address exclusively for the delivery of content. Third-party vendors may also use web beacons or pixel tags to collect data for statistics and marketing. This can be used, for example, to evaluate information about visitors to the website. All data can be stored pseudonymously in cookies on the device used by the user. This data includes technical information on the operating system and browser, as well as data on the use of the offer. This data can also be linked to data from other sources.
Below you will find an overview of the third-party providers we integrate, including links to the corresponding privacy statements. These also contain further information on objection options as well as opt-out options, if these are possible.
Upon request, every user can receive information about their personal data that we store.
Users also have the right to have incorrect data corrected and to restrict the processing and deletion of their personal data. In addition, the right to data portability can be asserted. A complaint may be made to the responsible supervisory authority at any time.
Any consent given by the user can be revoked at any time in principle, but only with future effect.
Data that is not subject to a statutory retention period will be deleted as soon as it is no longer required for its purpose. If it is not possible to delete the data due to its legally permissible purpose or other provisions, its processing will be restricted. Accordingly, blocking the data prevents processing for other purposes.
The storage takes place in accordance with Article 257 Paragraph 1 of the German Commercial Code (Handelsgesetzbuch, HGB) (for commercial books, inventories, opening balances, annual financial statements, commercial letters, accounting vouchers, etc.) for six years as well as in accordance with Article 147 Paragraph 1 of the Tax Code (Abgabenordnung) (for books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.) for 10 years.
If the user has given their consent to the processing of personal data relating to them for one or more specific purposes, the user shall be entitled to revoke such consent with effect for the future.
In particular, the user has the right to object to the processing of personal data at any time free of charge with effect for the future within the scope of legitimate interests. To do so, simply send an email to datenschutz@vondos.de or to the above postal address.
Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the member state of their residence, place of work or the place of the alleged infringement, if the data subject considers that the processing of personal data relating to them infringes this Regulation.
A competent authority is, for example, the State Commissioner for Data Protection of Lower Saxony, Prinzenstrasse 5, 30159 Hanover. However, the user can also select a different one.
The following data must be provided (mandatory data):
Fulfillment of the contract:
The provision of the following data is mandatory for the conclusion of a contract (mandatory data):
The following data is mandatory to use the newsletter: Email address. All other information is not required for the conclusion of the contract and is therefore voluntary. If the mandatory information required to conclude the contract is not provided, the contract will not be concluded. Failure to provide the voluntary information will not affect the conclusion of the contract.
Use of the contact form or other contact:
The following data is mandatory to process a request via the contact form (mandatory data):
All other information is not required for the processing of a contact request and is therefore voluntary. If the mandatory information required for processing a contact request is not provided, the contact request will not be processed. Failure to provide the voluntary information will not affect the processing of the contact request. There is no obligation to provide data for processing of any other request.
Automated decision making:
No automated form of decision-making, including profiling, takes place.
We reserve the right to change this privacy policy in the event of changes in the legal situation as well as changes to our services or data processing. However, this applies exclusively with regard to declarations on data processing. If user consents are required or if components of the data protection declaration contain regulations of the contractual relationship with the users, changes may only be made with the consent of the users.
We ask users to regularly obtain independent information about the content of the privacy policy.