Privacy Policy

1. Data protection at a glance

General Information

The following information provides a simplified overview of what happens to your personal data when you visit this website. Personal data is any data by which you can be personally identified. For detailed information on the subject of data protection, please refer to our Privacy Policy, which is reproduced after this text.

Data collection on this website

Who is responsible for data collection on this website?

The website operator is responsible for data processing on this website. Their contact details are found in the “Information about the controller” section of the Privacy Policy.

How do we collect your data?

Your data is collected firstly when you send information to us. This may be data that you enter in a contact form or elsewhere. Other data is collected automatically by our IT systems or with your consent when you visit the website. This mainly refers to technical data (e.g. internet browser, operating system, time of page access). The data is collected automatically as soon as you open this website.

For which purposes do we use your data?

Some of the data is collected to ensure that the website is provided without errors. Other data may be used to analyse your usage behaviour.

Which rights do you have in regard to this data?

You have the right at any time to obtain without charge information about the origin, recipient and purpose of the personal data stored about you. Moreover, you have the right to request the rectification or erasure of this data. Where you have provided consent to data processing, you may withdraw this consent at any time with effect for the future. You also have the right to request the restriction of processing of your personal data if certain conditions are met. Furthermore, you have the right to lodge a complaint with the competent supervisory authority. You may contact us at any time to exercise these rights or if you have other questions concerning data protection.

Analysis tools and tools provided by third parties

There is a possibility that your browsing patterns will be statistically analyzed when your visit this website. Such analyses are performed primarily with what we refer to as analysis programs.

For detailed information about these analysis programs please consult our Data Protection Declaration below.

2. Hosting

We host the content of our website with the following provider: IONOS

IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany.

Whenever you visit our website, IONOS records various logfiles along with your IP addresses. For details, please consult the data privacy policy of IONOS: https://www.ionos.de/terms-gtc/terms-privacy.

The use of IONOS is based on Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in ensuring that our website is presented as reliably as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.

contract processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

3. general instructions and mandatory information

privacy policy *

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this Privacy Policy.

A variety of personal data is collected when you use this website. Personal data is any data by which you can be personally identified. This Privacy Policy explains which data we collect and how it is used. It also describes the purposes of its use.

Please note that security vulnerabilities may affect data transmission on the internet (e.g. communication by email). Complete protection of data from unauthorised access by third parties is not possible.

Information concerning the controller

The controller for data processing on this website is:
Ursula Huppertz
Mauerstr. 2
47228 Duisburg
Telefon:  +49 (0) 2065 6939015
EMail: vertrieb@holz-und-stein.de

The controller is the natural or legal person who alone or jointly with others determines the purposes and means by which personal data is processed (e.g. names, email addresses, etc.).

Retention period

We will retain your personal data until the purpose of its processing no longer applies, unless a more specific retention period is stated in this Privacy Policy.

Your data will be erased if you submit a justified request for erasure or withdraw your consent to data processing. This does not apply if we have other lawful reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be erased once these reasons no longer apply.

General information concerning the legal bases for data processing on this website

Where you have consented to data processing, we will process your personal data on the basis of Art. 6 para. 1 point a) DSGVO or, if special categories of data are processed pursuant to Art. 9 para. 1 DSGVO, in accordance with Art. 9 para. 2 point a) DSGVO. If you have given explicit consent to the transfer of personal data to third countries, data processing shall also be carried out on the basis of Art. 49 para. 1 point a) DSGVO.

In the event of your consent to the storage of cookies or access to information on your terminal device (e.g. via device fingerprinting), data processing shall also take place on the basis of Section 25 para. 1 TTDSG. Consent may be withdrawn at any time. Where your data is required for the performance of a contract or for measure prior to the conclusion of a contract, we will process your data on the basis of Art. 6 para. 1 point b) DSGVO. Furthermore, we process your data where necessary for compliance with a legal obligation on the basis of Art. 6 para. 1 point c) DSGVO.

Data processing may also take place on the basis of our legitimate interest pursuant to Art. 6 para. 1 point f) DSGVO. The following paragraphs of this Privacy Policy contain information on the relevant legal basis in each case.

Information on the data transfer to third-party countries that are not secure under data protection law and the transfer to US companies that are not DPF-certified

We use, among other technologies, tools from companies located in third-party countries that are not safe under data protection law, as well as US tools whose providers are not certified under the EU-US Data Privacy Framework (DPF). If these tools are enabled, your personal data may be transferred to and processed in these countries. We would like you to note that no level of data protection comparable to that in the EU can be guaranteed in third countries that are insecure in terms of data protection law.

We would like to point out that the US, as a secure third-party country, generally has a level of data protection comparable to that of the EU. Data transfer to the US is therefore permitted if the recipient is certified under the “EU-US Data Privacy Framework” (DPF) or has appropriate additional assurances. Information on transfers to third-party countries, including the data recipients, can be found in this Privacy Policy.

Recipients of personal data

In the scope of our business activities, we cooperate with various external parties. In some cases, this also requires the transfer of personal data to these external parties. We only disclose personal data to external parties if this is required as part of the fulfillment of a contract, if we are legally obligated to do so (e.g., disclosure of data to tax authorities), if we have a legitimate interest in the disclosure pursuant to Art. 6 (1)(f) GDPR, or if another legal basis permits the disclosure of this data. When using processors, we only disclose personal data of our customers on the basis of a valid contract on data processing. In the case of joint processing, a joint processing agreement is concluded.

Withdrawal of your consent to data processing

Many data processing operations are only permitted with your explicit consent. You may withdraw consent you have given at any time. This does not affect the lawfulness of data processing carried out prior to the withdrawal of consent.

Right to object to the collection of data in specific cases and to direct marketing (Art. 21 DSGVO)

WHERE DATA PROCESSING IS PERFORMED ON THE BASIS OF ART. 6 PARA. 1 POINT E) OR F) DSGVO, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE SPECIFIC LEGAL BASIS FOR PROCESSING IS AS STATED IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING IS FOR THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21 PARA. 1 DSGVO).

WHERE YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS CONNECTED TO THIS FORM OF DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION PURSUANT TO ART. 21 PARA. 2 DSGVO).

Right to lodge a complaint with the competent supervisory authority

In the event of a breach of the DSGVO, data subjects shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or the place of the alleged breach. The right of to lodge a complaint is without prejudice to other administrative or judicial remedies.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or for the performance of a contract handed over to you or a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only take place if it is technically feasible.

Information, erasure and rectification

Within the framework of the applicable legal provisions, you have the right at any time to obtain without charge information concerning the personal data stored about you, its origins and recipients and the purpose of the data processing and, if applicable, a right to the rectification or erasure of this data. You may contact us at any time to exercise these rights or if you have other questions concerning data protection.

Right to the restriction of processing

You have the right to request the restriction of processing of your personal data. You may contact us at any time in this regard. The right to the restriction of processing applies in the following cases:
• Should you dispute the accuracy of your personal data stored by us, we will usually need time for verification. You have the right to request the restriction of processing of your personal data for the time it takes us to verify your claim.
• Where the processing of your personal data is or was unlawful, you may request the restriction of data processing instead of erasure.
• If we no longer need your personal data, but it is required by you for the establishment, exercise or defence of legal claims, you have the right to request the restriction of processing of your personal data instead of erasure.
• It will be necessary to weigh up your interests against ours if you have lodged an objection pursuant to Art. 21 para. 1 DSGVO. You have the right to request the restriction of processing of your personal data for as long as it has not been established which interests outweigh the interests of the other party.

If you have requested the restriction of the processing of your personal data, this data may – with the exception of storage – only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.

SSL/TLS encryption

This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content such as orders or enquiries that you send to us as the website operator. You can tell that a connection is encrypted by the fact that the browser address line changes from “http://” to “https://” and by the padlock icon in your browser line. Third parties will be unable to read the data that you send to us when SSL or TLS encryption is enabled.

Objection to marketing e-mails

The contact details published in the site notice for compliance with mandatory disclosure obligations must not be used for the transmission of marketing and informational material that we have not explicitly requested. The website operators explicitly reserve the right to take legal action in the event of unsolicited dissemination of marketing information, for example in the form of spam emails.

4. Data collection on this website

Cookies

Our websites and pages use what the industry refers to as “cookies.” Cookies are small data packages that do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or they are permanently archived on your device (permanent cookies). Session cookies are automatically deleted once you terminate your visit. Permanent cookies remain archived on your device until you actively delete them, or they are automatically eradicated by your web browser.

Cookies can be issued by us (first-party cookies) or by third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services of third-party companies into websites (e.g., cookies for handling payment services).

Cookies have a variety of functions. Many cookies are technically essential since certain website functions would not work in the absence of these cookies (e.g., the shopping cart function or the display of videos). Other cookies may be used to analyze user behavior or for promotional purposes.

Cookies, which are required for the performance of electronic communication transactions, for the provision of certain functions you want to use (e.g., for the shopping cart function) or those that are necessary for the optimization (required cookies) of the website (e.g., cookies that provide measurable insights into the web audience), shall be stored on the basis of Art. 6(1)(f) GDPR, unless a different legal basis is cited. The operator of the website has a legitimate interest in the storage of required cookies to ensure the technically error-free and optimized provision of the operator’s services. If your consent to the storage of the cookies and similar recognition technologies has been requested, the processing occurs exclusively on the basis of the consent obtained (Art. 6(1)(a) GDPR and § 25 (1) TTDSG); this consent may be revoked at any time.

You have the option to set up your browser in such a manner that you will be notified any time cookies are placed and to permit the acceptance of cookies only in specific cases. You may also exclude the acceptance of cookies in certain cases or in general or activate the delete-function for the automatic eradication of cookies when the browser closes. If cookies are deactivated, the functions of this website may be limited.

Which cookies and services are used on this website can be found in this privacy policy.

contact form

When you use the contact form to send us enquiries, the details you provide in the enquiry form, including the contact details entered by you, will be stored by us for the purpose of processing the enquiry and for the event that we have any questions. We will not pass on this data without your consent.

This data is collected on the basis of Art. 6 para. 1 point b) DSGVO, insofar as your enquiry relates to the performance of a contract or is necessary to take steps prior to entering into a contract. Processing is based in all other cases on our legitimate interest in the efficient handling of enquiries addressed to us (Art. 6 para. 1 point f) DSGVO) or on your consent (Art. 6 para. 1 point a) DSGVO) where this has been requested; consent may be withdrawn at any time.

The data you enter in the contact form will remain with us until you request its erasure by us, withdraw your consent to its storage or the purpose for storing the data no longer applies (e.g. after we have completed the processing of your enquiry). Mandatory statutory provisions – retention periods in particular – remain unaffected.

Enquiries by email, telephone or fax

If you contact us by e-mail, telephone or fax, your inquiry including all personal data resulting from it (name, inquiry) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.

This data is collected on the basis of Art. 6 para. 1 point b) DSGVO, insofar as your enquiry relates to the performance of a contract or is necessary to take steps prior to entering into a contract. Processing is based in all other cases on our legitimate interest in the efficient handling of enquiries addressed to us (Art. 6 para. 1 point f) DSGVO) or on your consent (Art. 6 para. 1 point a) DSGVO) where this has been requested; consent may be withdrawn at any time.

The data sent to us in the contact enquiries will remain with us until you request its erasure by us, withdraw your consent to its storage or the purpose for storing the data no longer applies (e.g. after we have completed the processing of your concern). Mandatory statutory provisions – legal retention periods in particular – remain unaffected.

5. Analytics tools and advertising

IONOS WebAnalytics

This website uses IONOS WebAnalytics analysis services. The provider of these services is 1&1 IONOS SE, Elgendorfer Straße 57, 56410 Montabaur, Germany. In conjunction with the performance of analyses by IONOS, it is possible to e.g., analyze the number of visitors and their behavior patterns during visits (e.g., number of pages accessed, duration of their visits to the website, percentage of aborted visits), visitor origins (i.e., from which site does the visitor arrive at our site), visitor locations as well as technical data (browser and session of operating system used). For these purposes, IONOS archives in particular the following data

  • Referrer (previously visited website)
  • Accessed page on the website or file
  • Browser type and browser version
  • Used operating system
  • Type of device used
  • Website access time
  • Anonymized IP address (used only to determine the access location)

According to IONOS, the data recorded are completely anonymized so they cannot be tracked back to individuals. IONOS WebAnalytics does not archive cookies.

The data are stored and analyzed pursuant to Art. 6(1)(f) GDPR. The operator of the website has a legitimate interest in the statistical analysis of user patterns to optimize both, the operator’s web presentation as well as the operator’s promotional activities. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.

For more information affiliated with the recording and processing of data by IONOS WebAnalytics, please click on the following link of the data policy declaration: https://www.ionos.de/terms-gtc/datenschutzerklaerung/. https://www.ionos.de/terms-gtc/datenschutzerklaerung/

contract processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

IP anonymization

We utilize WP Statistics with anonymised IP. Your IP address is reduced so that it can no longer be directly assigned to you.

6. Newsletter

Newsletter data

If you would like to subscribe to the newsletter offered on this website, we will need from you an e-mail address as well as information that allow us to verify that you are the owner of the e-mail address provided and consent to the receipt of the newsletter. No further data shall be collected or shall be collected only on a voluntary basis. We shall use such data only for the sending of the requested information and shall not share such data with any third parties. The processing of the information entered into the newsletter subscription form shall occur exclusively on the basis of your consent (Art. 6(1)(a) GDPR). You may revoke the consent you have given to the archiving of data, the e-mail address, and the use of this information for the sending of the newsletter at any time, for instance by clicking on the “Unsubscribe” link in the newsletter. This shall be without prejudice to the lawfulness of any data processing transactions that have taken place to date. The data deposited with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter or the newsletter service provider and deleted from the newsletter distribution list after you unsubscribe from the newsletter or after the purpose has ceased to apply. We reserve the right to delete or block e-mail addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest in accordance with Art. 6(1)(f) GDPR. Data stored for other purposes with us remain unaffected. After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist, if such action is necessary to prevent future mailings. The data from the blacklist is used only for this purpose and not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6(1)(f) GDPR). The storage in the blacklist is indefinite. You may object to the storage if your interests outweigh our legitimate interest.

7. Plugins und Tools

Wordfence

We have included Wordfence on this website. The provider is Defiant Inc, Defiant, Inc, 800 5th Ave Ste 4100, Seattle, WA 98104, USA (hereinafter “Wordfence”). Wordfence is designed to protect our website from unwanted access or malicious cyberattacks. To accomplish this, our website establishes a permanent connection with Wordfence’s servers, which check and block their databases against access to our website. The use of Wordfence is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the most effective protection of his website against cyberattacks. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time. Data transmission to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.wordfence.com/help/general-data-protection-regulation/. https://www.wordfence.com/help/general-data-protection-regulation/.

contract processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.