Privacy

Holz Frank GmbH & Co. KG is pleased about your visit to our website and your interest in us and our services. We take the protection of personal data very seriously and want you to feel safe when visiting our website. We process personal data collected when you visit our website in accordance with the statutory provisions, in particular the GDPR.

Responsible party:

Holz Frank GmbH & Co. KG
Owner: Fabian Frank
Houbirgstrasse 9
91217 Hersbruck

What is personal data?

Personal data is information about you that allows identification. This includes, for example, your last name, first name, address, and email address. In some cases, we require your name and address, as well as other information, in order to offer you the desired items or services. We only store the data that you have transmitted to us automatically or voluntarily.

How is personal data processed?

At some points on our website, we offer you the opportunity to contact us or use certain services. We only store the personal data transmitted in this way for the purpose for which it was provided to us, such as to process your inquiry or to answer any questions you may have.

What data is requested?

If the website offers the option to enter personal or business data (email addresses, names, addresses), the user provides this data on an expressly voluntary basis. The use of all offered services is permitted - as far as technically possible and reasonable - without providing such data or by providing anonymized data or a pseudonym. By correctly providing the optional data, you enable us to provide you with personal and individual support.

SSL Encryption

To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g., SSL) over HTTPS.

Is the confidentiality of email traffic/contact forms guaranteed?

If you wish to contact us using your own email account, please note that the confidentiality of the transmitted information may not be guaranteed.

If the data is collected and processed via our contact form, it is encrypted before being transmitted. You are also welcome to send us confidential information by post.

Is data logged during my visit?

Every time a user accesses a page on our website and every time a file is retrieved, access data about this process is stored in a log file on our server.

IP address

Page from which the file was requested

Date, time

Browser type and browser settings

Operating system

The page you visited

Amount of data transferred

Access status (file transferred, file not found, etc.)

This data will not be merged with other data sources. Processing is carried out in accordance with Art. 6 (1) (f) GDPR based on our legitimate interest in improving the stability and functionality of our website.

Are cookies used?

When you visit our website, we may store information on your computer in the form of cookies. Cookies are small files that are transferred from an internet server to your browser and stored on its hard drive. Only the internet protocol address is stored – no personal data. The legal basis for the use of cookies is Art. 6 (1) (f) GDPR.

Some so-called session cookies are used, which are automatically deleted after the end of the visit. Other cookies remain stored on your device until you delete them or until they expire. This offers you the advantage of not having to re-enter your data when filling out forms. Furthermore, these cookies allow you to be recognized the next time you visit.

Most browsers are set to accept cookies automatically. However, you can deactivate the storage of cookies or set your browser to notify you as soon as cookies are sent.

If you have deactivated all cookies in your browser, a so-called session ID is used to identify you during a continuous access to our website. In this case, too, no data is stored on your computer. The session ID will be deleted after your access has ended.

Detailed information about the respective services for which we use cookies can be found in the cookie settings.

Collection and processing of data when ordering in the shop

If you have provided us with further personal data (address, payment terms), we will only use it to process the order or to fulfill contracts concluded with you and to deliver the goods. The legal basis for this is Art. 6 (1) (b) GDPR, contractual or pre-contractual measures.

Payments when ordering

When using the PayPal payment method, data will be transmitted to the payment service provider PayPal. The payment service provider is responsible for payment data. Information, in particular about the responsible body of the respective payment service provider, the contact details of the payment service provider's data protection officer, and the categories of personal data processed by the payment service provider, can be found at the following address: PayPal Privacy Policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE. The legal basis for this is Art. 6 (1) (b) GDPR, contractual or pre-contractual measures.

DATA PROTECTION PROVISIONS RELATING TO KLARNA AS A PAYMENT METHOD The controller has integrated Klarna components on this website. Klarna is an online payment service provider that enables purchase on account or flexible installment payments. Furthermore, Klarna offers additional services, such as buyer protection or identity and credit checks. Klarna's operating company is Klarna AB, Sveavågen 46, 111 34 Stockholm, Sweden. If the data subject selects either "purchase on account" or "installment purchase" as a payment option during the ordering process in our online shop, the data subject's data will be automatically transmitted to Klarna. By selecting one of these payment options, the data subject consents to the transmission of personal data required to process the purchase on account or instalment, or for identity and credit checks. The personal data transmitted to Klarna generally includes first name, last name, address, date of birth, gender, email address, IP address, telephone number, mobile phone number, and other data necessary to process a purchase on account or instalment. Personal data related to the respective order is also necessary to process the purchase contract. In particular, this may involve a mutual exchange of payment information, such as bank details, card number, expiration date, and CVC code, number of items, item number, data on goods and services, prices and taxes, information on previous purchasing behavior, or other information on the financial situation of the data subject. The purpose of transferring data is, in particular, identity verification, payment administration, and fraud prevention. The controller will transfer personal data to Klarna, in particular if there is a legitimate interest in the transfer. The personal data exchanged between Klarna and the controller will be transferred by Klarna to credit reporting agencies. This transfer is for the purpose of identity and credit checks. Klarna also transfers personal data to affiliated companies (Klarna Group) and service providers or subcontractors, insofar as this is necessary to fulfill contractual obligations or if the data is to be processed on their behalf. To decide on the establishment, implementation, or termination of a contractual relationship, Klarna collects and uses data and information about the data subject's previous payment behavior as well as probability values for their future behavior (so-called scoring). The scoring is calculated based on scientifically recognized mathematical and statistical procedures. The data subject has the option of revoking their consent to the handling of personal data by Klarna at any time. A revocation does not affect personal data that must be processed, used, or transmitted for (contractual) payment processing. Klarna's applicable data protection provisions can be found at https://cdn.klarna.com/1.0/shared/content/policy/data/de_de/data_protection.pdf.

DATA PROTECTION PROVISIONS RELATING TO SOFORT TRANSFER AS A PAYMENT METHOD The controller has integrated components of Sofortüberweisung on this website. Sofortüberweisung is a payment service that enables cashless payment for products and services online. Sofortüberweisung represents a technical process through which the online merchant receives immediate payment confirmation. This enables a merchant to deliver goods, services, or downloads to the customer immediately after the order. The operating company of Sofortüberweisung is SOFORT GmbH, Fußbergstrasse 1, 82131 Gauting, Germany. If the data subject selects "Sofortüberweisung" as a payment option during the ordering process in our online shop, the data subject's data will be automatically transmitted to Sofortüberweisung. By selecting this payment option, the data subject consents to the transmission of personal data required for payment processing. When completing a purchase via Sofortüberweisung, the buyer transmits the PIN and TAN to Sofort GmbH. Sofortüberweisung then carries out a transfer to the online retailer after a technical check of the account balance and retrieving further data to verify the account balance. The online merchant is then automatically notified of the completion of the financial transaction. The personal data exchanged with Sofortüberweisung includes first name, last name, address, email address, IP address, telephone number, mobile phone number, or other data necessary for payment processing. The purpose of transmitting the data is payment processing and fraud prevention. The controller will also transmit other personal data to Sofortüberweisung if there is a legitimate interest in doing so. The personal data exchanged between Sofortüberweisung and the controller may, under certain circumstances, be transmitted by Sofortüberweisung to credit reporting agencies. This transfer is for identity and credit checks. Sofortüberweisung may share personal data with affiliated companies, service providers, or subcontractors if necessary to fulfill contractual obligations or if the data is to be processed on their behalf. The data subject has the option of revoking their consent to the handling of personal data at any time. Revoking consent does not affect personal data that must be processed, used, or transmitted for (contractual) payment processing. Sofortüberweisung's applicable privacy policy can be found at https://www.sofort.com/ger-DE/datenschutzerklaerung-sofort-gmbh/.

Do you share my data with third parties?

Your personal data will only be shared or transmitted to third parties if this is necessary for the purpose of contract processing – in particular, the transfer of address data to shipping companies – or if the data is required for billing purposes, or if you have previously consented. You have the right to revoke your consent at any time with future effect. Personal data will only be collected and transmitted to authorized government institutions and authorities within the framework of the relevant laws or if we are required to do so by court order. All employees and service providers have been obligated to maintain confidentiality and to comply with data protection regulations. Stored personal data will be deleted if you revoke your consent to storage, if knowledge of the data is no longer required to fulfill the purpose for which it was stored, or if its storage is inadmissible for other legal reasons.

Customer account/orders

Customer account

When you open a customer account, we collect your personal data to the extent specified therein. Data processing serves the purpose of improving your shopping experience and simplifying order processing. Processing is carried out on the basis of Art. 6 (1) (a) GDPR with your consent. You can revoke your consent at any time by notifying us, without affecting the legality of the processing carried out on the basis of your consent until the revocation. Your customer account will then be deleted.

Use of the email address for sending newsletters

We use your email address, regardless of contract processing, exclusively for our own advertising purposes to send newsletters, provided you have expressly consented to this. Processing is carried out on the basis of Art. 6 (1) (a) GDPR with your consent. You can revoke your consent at any time without affecting the legality of the processing carried out on the basis of your consent until the revocation. You can unsubscribe from the newsletter at any time by using the corresponding link in the newsletter or by notifying us. Your email address will then be removed from the mailing list.

Use of the email address for sending direct mail

We use your email address, which we received as part of the sale of a product or service, to electronically send advertising for our own products or services similar to those you have already purchased from us, unless you have objected to this use. Providing the email address is necessary for the conclusion of the contract. Failure to provide it will result in no contract being concluded. Processing is based on Art. 6 (1) (f) GDPR due to our overriding legitimate interest in direct mail. You can object to this use of your email address at any time by notifying us. The contact details for exercising your objection can be found in the imprint. You can also use the link provided in the promotional email. This will incur no fees other than the transmission costs according to the basic rates.

External Hosting

This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster's servers. This may include, in particular, IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses, and other data generated via a website. The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 (1) (b) GDPR) and in the interest of a secure, fast, and efficient provision of our online offering by a professional provider (Art. 6 (1) (f) GDPR). If consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and § 6 (1) (f) GDPR. 25 Para. 1 TTDSG, insofar as the consent covers the storage of cookies or access to information on the user's terminal device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time. Our host will only process your data to the extent necessary to fulfill its service obligations and will follow our instructions regarding this data. We use the following host: ecomDATA GmbH Steinamangererstraße 9/16 7400 Oberwart Austria.

Contract processing: We have concluded a contract for contract processing (AVV) with the above-mentioned provider. This is a contract required by data protection law that guarantees that the personal data of our website visitors is only processed according to our instructions and in compliance with the GDPR.

Google Web Fonts

Google Web Fonts (http://www.google.com/webfonts/) are used to visually enhance the display of various information on our website. The web fonts are transferred to the browser's cache when the page is accessed so that they can be used for display. If the browser does not support Google Web Fonts or prevents access, the text is displayed in a standard font. When the page is accessed, no cookies are stored on the website visitor's computer. Data transmitted in connection with the page access is sent to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com. They will not be associated with data that may be collected in connection with the parallel use of authenticated Google services such as Gmail. You can set your browser so that the fonts are not loaded from Google servers (e.g., by installing add-ons such as NoScript or Ghostery for Firefox). If your browser does not support Google Fonts or you prevent access to Google servers, the text will be displayed in the system's default font.

Information about the Google Privacy Policy and Google Terms of Use can be obtained directly from Google: http://www.google.com/intl/de-DE/privacy/

Google Analytics

This website uses Google Analytics, a web analysis service provided by Google Inc. ("Google"). Google Analytics uses so-called "cookies." and text files stored on your computer that enable analysis of your website use. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there.

If IP anonymization is activated on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage.

The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can prevent cookies from being saved by setting your browser software accordingly; However, please note that if you do so, you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout.

This website uses Google Analytics with the extension "_anonymizeIp()". IP addresses are therefore only processed in a shortened form to prevent any direct personal reference.

Further information on Google's privacy policy can be found here: https://support.google.com/analytics/answer/6004245?hl=de

Google CDN

We use Google CDN to properly deliver the content of our website. Google CDN is a service provided by Google Ireland Limited, which acts as a content delivery network (CDN) on our website. A CDN helps to deliver the content of our online offering, especially files such as graphics or scripts, more quickly using regionally or internationally distributed servers. When you access this content, you establish a connection to servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Your IP address and, if applicable, browser data such as your user agent are transmitted. This data is processed exclusively for the purposes stated above and to maintain the security and functionality of Google CDN. The use of the content delivery network is based on our legitimate interests, i.e., interest in the secure and efficient provision and optimization of our online offering in accordance with Art. 6 (1) (f) GDPR. We have no influence over the specific storage period of the processed data; it is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google CDN: https://policies.google.com/privacy.

Google Tag Manager

This website uses Google Tag Manager. This service allows website tags to be managed via an interface. Google Tag Manager only implements tags. This means: no cookies are used and no personal data is collected. Google Tag Manager triggers other tags, which in turn may collect data. However, Google Tag Manager does not access this data. If deactivation has been carried out at the domain or cookie level, it remains in effect for all tracking tags implemented with Google Tag Manager.

Google reCAPTCHA

Google reCAPTCHA is a service provided by Google Ireland Limited and enables us to distinguish whether a contact request originates from a natural person or is automated using a program, e.g., when entering data into online forms. "reCAPTCHA" prevents attacks from, for example, so-called bots. ("reCAPTCHA") is provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: http://www.google.de/intl/de/policies/privacy/; Google Terms of Use: https://www.google.com/intl/de_de/help/terms_maps.html;

JSDelivr CDN

We use JSDelivr CDN to properly deliver the content of our website. JSDelivr CDN is a service provided by Prospect One, which acts as a content delivery network (CDN) on our website.

A CDN helps to deliver the content of our online offering, especially files such as graphics or scripts, more quickly using regionally or internationally distributed servers. When you access this content, you establish a connection to servers of Prospect One, Krolewska 65a, Krakow, Malopolskie 30-081, Poland. Your IP address and, if applicable, browser data such as your user agent are transmitted. This data is processed exclusively for the purposes stated above and to maintain the security and functionality of JSDelivr CDN.

The use of the content delivery network is based on our legitimate interests, i.e., the interest in the secure and efficient provision and optimization of our online offering in accordance with Art. 6 (1) (f) GDPR.

The specific storage period of the processed data cannot be influenced by us; it is determined by Prospect One. Further information can be found in the privacy policy for JSDelivr CDN: https://www.jsdelivr.com/privacy-policy-jsdelivr-net.

Facebook Pixel

We use Facebook Pixel from Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, to create so-called custom audiences, i.e. to segment visitor groups of our online offering, determine conversion rates, and subsequently optimize them. This happens in particular when you interact with advertisements that we have placed with Facebook Ireland Ltd.

We process your data with the help of Facebook Pixel for the purpose of optimizing our website and for marketing purposes based on your consent in accordance with Art. 6 (1) (a) GDPR.

The specific storage period of the processed data cannot be influenced by us, but is determined by Facebook Ireland Ltd. Further information can be found in the Facebook Pixel privacy policy: https://www.facebook.com/privacy/explanation.

Facebook Button

We have integrated the Facebook button on our website. The Facebook button is a service provided by Facebook Ireland Ltd. We use the Facebook button by placing share buttons on our website so that website visitors can share content on the Facebook social network.

When you access this content, you establish a connection to servers of Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Your IP address is transmitted anonymously. According to the Facebook button, no personal data is processed.

If you log in using your social media account, it is possible that data will be collected, processed, and stored by this provider.

The use of the service is based on our legitimate interests, i.e., interest in the platform-independent provision of content in accordance with Art. 6 (1) (f) GDPR.

The specific storage period of the processed data cannot be influenced by us, but is determined by Facebook Ireland Ltd. Further information can be found in the privacy policy for the Facebook button: https://www.facebook.com/policy.php.

Bootstrap CDN

We use Bootstrap CDN to properly deliver the content of our website. Bootstrap CDN is a service provided by Bootstrap that acts as a content delivery network (CDN) on our website.

A CDN helps to deliver the content of our online offering, especially files such as graphics or scripts, more quickly using regionally or internationally distributed servers. When you access this content, you establish a connection to Bootstrap servers, whereby your IP address and, if applicable, browser data such as your user agent are transmitted. This data is processed exclusively for the purposes stated above and to maintain the security and functionality of Bootstrap CDN.

The use of the content delivery network is based on our legitimate interests, i.e., interest in the secure and efficient provision and optimization of our online offering in accordance with Art. 6 (1) (f) GDPR.

The specific storage period of the processed data cannot be influenced by us; it is determined by Bootstrap. For further information, please see the Bootstrap CDN privacy policy: https://www.bootstrapcdn.com/privacy-policy/.

Google Translate

We have integrated components of Google Translate on our website. Google Translate is a service provided by Google Ireland Limited and offers translation solutions for websites and web applications.

When you use the translation function on our website, you establish a connection to servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Your IP address and, if applicable, browser data such as your user agent are transmitted. This data is processed exclusively for the purposes stated above and to maintain the security and functionality of Google Translate.

The use of the service is based on our legitimate interests, i.e., the interest in providing the full functionality of the website and optimizing our online offering in accordance with Art. 6 (1) (f) GDPR.

The specific storage period of the processed data cannot be influenced by us; it is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Translate: https://policies.google.com/privacy.

The specific storage period of the processed data cannot be influenced by us; it is determined by tawk.to, Inc. Further information can be found in the privacy policy for tawk.to Chat: https://www.tawk.to/privacy-policy/.

SHOP INFORMATION

We use SHOP INFORMATION to properly provide the content of our website. SHOPAUSKUNFT is a service provided by Händlerbund Management AG, which acts as a Content Delivery Network (CDN) on our website.

A CDN helps deliver content from our online offering, especially files such as graphics or scripts, more quickly using regionally or internationally distributed servers. When you access this content, you establish a connection to servers of Händlerbund Management AG, Torgauer Str. 233, ArcusPark / Haus B, 04347 Leipzig, Germany. Your IP address and, if applicable, browser data such as your user agent are transmitted. This data is processed exclusively for the purposes stated above and to maintain the security and functionality of SHOPAUSKUNFT.

Storage Period

The specific storage period of the processed data cannot be influenced by us; it is determined by Händlerbund Management AG. Further information can be found in the privacy policy for SHOPAUSKUNFT: https://www.shopauskunft.de/datenschutz

Händlerbund Siegel

We use the Händlerbund Siegel to properly provide the content of our website. Händlerbund Siegel is a service provided by Händlerbund Management AG, which acts as a content delivery network (CDN) on our website.

The use of the Content Delivery Network is based on our legitimate interests, i.e., interest in the secure and efficient provision and optimization of our online offering in accordance with Art. 6 (1) (f) GDPR.

The specific storage period of the processed data cannot be influenced by us, but is determined by Händlerbund Management AG. Further information can be found in the privacy policy for the Händlerbund seal: https://www.haendlerbund.de/de/datenschutzerklaerung.

Presences on social networks

We operate various online presences within social networks – fan page(s) – to communicate with active users. We also offer visitors information about our company, our products, and services on the social media platforms.

The legal basis for the operation of our fan page(s) on social media platforms – including the legal basis for the processing of personal data – is the German Data Protection Act (GDPR). is based on legitimate interest pursuant to Art. 6 (1) (f) EU GDPR. The purpose is timely customer communication, as well as advertising and public relations.

Your IP address is recorded and stored when you visit the social media platform. Typically, a cookie is set that stores your visit and other data about your visit to the social media platform.

You can regularly access the social media fan page(s), regardless of whether you have a user account on the respective platform and are logged in or not. In both cases, however, your data will be processed by the social media platform.

If you are logged in to the respective social media platform, your visit will be recorded using cookies or other technical means and assigned to your user account. This gives the social media platform the opportunity to analyze user behavior. A user profile with your interests may be generated, which can display interest-based advertising both within and outside the social media platform. This can even happen across devices. Furthermore, your data may be used for market research and advertising. Furthermore, your user profile and your content may be recognized. For details, please refer to the following privacy policies and information obligations of the social media platform(s) used.

A detailed description, privacy policy, and information obligations of our social media platforms— Fan page(s) can be found here (link to a separate Social Media menu item or PDF file about the social media).

Services and service providers used:

We integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These may include, for example, maps, bot detection, graphics, posts, videos, or social media buttons (hereinafter collectively referred to as "content").

The integration always requires that the third-party providers of this content process the user's IP address, since without the IP address they could not send the content to their browser. The IP address is therefore required to display this content or functions. We endeavor to only use content whose respective providers use the IP address solely to deliver the content. We assume no responsibility for the data protection practices of other websites. By integrating the plug-ins, the social network receives the information that you have accessed the corresponding page from our website. If you are logged into the social network, your visit can be assigned to your social network account.

If you do not want social networks to collect data about you via active plug-ins, you can either deactivate the social plug-ins with one click on our websites or select the "Block third-party cookies" function in your browser settings. The browser will then not send any cookies to the server for embedded content from third-party providers. However, with this setting, other cross-site functions may no longer function, in addition to the plug-ins.

The following services or plug-ins are used:

Facebook:

Social network; Service provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; website: https://www.facebook.com; privacy policy: https://www.facebook.com/about/privacy; opt-out option: advertising settings: https://www.facebook.com/settings?tab=ads; additional information on data protection: Agreement on joint processing of personal data on Facebook pages: https://www.facebook.com/legal/terms/page_controller_addendum, data protection information for Facebook pages: https://www.facebook.com/legal/terms/information_about_page_insights_data.

Instagram:

Social network; Service provider: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA; Website: https://www.instagram.com; Privacy Policy: http://instagram.com/about/legal/privacy.

YouTube:

Videos; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://www.youtube.com; Privacy Policy: https://policies.google.com/privacy Opt-out: Opt-out plugin: http://tools.google.com/dlpage/gaoptout?hl=de, Settings for the display of advertisements: https://adssettings.google.com/authenticated.

How can the use of personal data be influenced?

Of course, you have the sole right to decide whether and for what purposes we may use your data. Furthermore, you alone determine whether we may use your data for consulting, advertising, and market research purposes. Here, too, you can, of course, revoke your consent at any time.

We adhere to the principles of data avoidance and data economy. We therefore only store your personal data for as long as necessary to achieve the purposes stated here or as required by the various retention periods stipulated by law. After the respective purpose no longer applies or these periods expire, the corresponding data is routinely blocked or deleted in accordance with legal regulations.

What security precautions have we taken?

We have taken technical and administrative security precautions to protect your personal data against loss, destruction, manipulation, and unauthorized access. All employees and service providers are obligated to maintain confidentiality and comply with data protection regulations.

Whenever we collect and process personal data, it is encrypted before it is transmitted. This means that your data cannot be misused by third parties.

Will this privacy policy also be changed?

Due to current circumstances, such as an amendment to the Federal Data Protection Act (BDSG-new, GDPR), we will - if necessary - update this privacy policy.

How can I review, correct, revoke, or delete my data?

Under the conditions of the legal provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG), you as the data subject have

the right to:

Information in accordance with Art. 15 GDPR, § 34 BDSG (German Federal Data Protection Act) about the data stored about you in the form of meaningful information on the details of the processing, as well as a copy of your data;

Correction in accordance with Art. 16 GDPR of incorrect or incomplete data stored by us;

Deletion in accordance with Art. 17 GDPR of the data stored by you, provided that the processing is not necessary for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest or for the assertion, exercise, or defense of legal claims;

Restriction of processing in accordance with Art. 18 GDPR, if the accuracy of the data is doubted, the processing is unlawful, we no longer need the data and you refuse to delete it because you need it to assert, exercise or defend legal claims or you have objected to processing pursuant to Art. 21 GDPR.

Data portability pursuant to Art. 20 GDPR, if you have provided us with personal data within the scope of consent pursuant to Art. 6 (1) (a) GDPR or on the basis of a contract pursuant to Art. 6 (1) (b) GDPR and this data has been processed by us using an automated procedure. You will receive your data in a structured and machine-readable format, or we will transmit the data directly to another controller, where technically feasible.

Objection pursuant to Art. 21 GDPR to the processing of your personal data, provided that this is based on Art. 6 (1) (e) or (f) GDPR and there are reasons for doing so that arise from a particular situation or the objection is directed against direct advertising. However, the right to object does not apply if overriding, compelling legitimate grounds for the processing are proven or if the processing is carried out to assert, exercise, or defend legal claims. If the right to object does not apply to individual processing operations, this will be stated there.

Revocation of your consent pursuant to Art. 7 (3) GDPR with future effect.Complaint(https://www.lda.bayern.de/de/beschwerde.html) pursuant to Art. 77 GDPR with a supervisory authority if you believe that the processing of your personal data violates the GDPR. You can contact the supervisory authority of your usual place of residence, your place of work, or our company headquarters. Further information on the supervisory authorities in the European Union can be found here: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm

Article 6(1)(a) GDPR serves as the legal basis for our company's processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary to fulfill a contract to which the data subject is a party, as is the case, for example, with processing operations necessary for the delivery of goods or the provision of other services or consideration, the processing is based on Art. 6 (1) (b) GDPR. The same applies to processing operations necessary to carry out pre-contractual measures, such as in cases of inquiries about our products or services. If our company is subject to a legal obligation that requires the processing of personal data, such as to fulfill tax obligations, the processing is based on Art. 6 (1) (c) GDPR.

In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured in our company and their name, age, health insurance data, or other vital information had to be passed on to a doctor, hospital, or other third parties. In this case, the processing would be based on Art. 6 (1) (d) GDPR. Ultimately, processing operations could be based on Art. 6 (1) (f) GDPR. This legal basis is used for processing operations that are not covered by any of the aforementioned legal bases, if the processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights, and freedoms of the data subject do not override such interests. We are permitted to carry out such processing operations in particular because they were specifically mentioned by the European legislator. In this respect, the legislator took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (Recital 47, Sentence 2 GDPR).

All visitors to our website can contact us in writing with data protection questions at:

Holz Frank GmbH & Co. KG

Owner: Fabian Frank
Houbirgstrasse 9
91217 Hersbruck
E-mail: info@holz-frank.com

Our duty to provide information according to[S2] Art. 13 and Art. 14 GDPR can be found here:

Applicants

Customers/Prospective Customers