Data Privacy Policy

Thank you for your interest in the products and services of the SPINNER brand. This document informs you in detail about the data that SPINNER GmbH collects during your visit to our website and how we process this information.

Contents

  1. Controller and data protection officer
  2. Data capture in connection with the use of our website
  3. Contact form and contact by email
  4. Data capture during use of our online shop
  5. Transfer of data to other parties
  6. Newsletter
  7. Use of cookies
  8. Capture and processing of utilization data
  9. Embedded YouTube videos
  10. Social plugins and social media
  11. Google Analytics
  12. Google AdWords
  13. Online advertising
  14. Map services
  15. Protection of your personal data
  16. Your rights

1.    Controller and data protection officer

Controller in the sense of Art. 4, No. 7 of the General Data Protection Regulation (GDPR) of the European Union:
SPINNER GmbH, represented by managing directors Katharina König and Torsten Smyk

Erzgiessereistr. 33
80335 Munich, Germany
Phone:     +49 89 12601 0
Fax:     +49 89 12601 1292
Email:    This email address is being protected from spambots. You need JavaScript enabled to view it.

Data protection officer:

TÜV SÜD Sec-IT GmbH
Friederike Rühl
This email address is being protected from spambots. You need JavaScript enabled to view it.

2.    Data captured in connection with the use of our website

2.1    Captured data

Every time that our website is called, our system―i.e. the webserver―automatically captures information on the computer or other device used to access it.
We collect the following information:

  • The browser type and version
  • The operating system running on the user’s device
  • The user’s Internet service provider
  • The user’s IP address
  • The date and time at which our website is accessed
  • The website, if any, from which the user has linked to our website

2.2    Purpose of use

It is necessary for our system to temporarily save your IP address in order to deliver our website to your computer. For this to work, the IP address must remain stored for the duration of the session.
The information listed above is stored in log files to ensure that our website works as intended. In addition, these data allow us to improve the website and protect our IT systems (e.g. by detecting malicious attacks).

2.3    Legal basis

The legal basis for capturing and temporarily storing these data and log files is a weighing of legitimate interests as per Art. 6, Paragraph 1, Point f of the General Data Protection Regulation of the European Union (GDPR). We have a legitimate interest in making our website available.

2.4    Duration of data storage

The above-mentioned data are erased as soon as they are no longer required for the purposes for which they were captured. Data captured to enable you to access our website are deleted at the end of the current session.

3.    Contact form, email and social media

3.1    Data capture

You may contact us by using our contact form, sending a message to the provided email address, or via our social media pages. In all cases, we store the personal data you communicate along with your question or request.

3.2    Purpose of data processing

These personal data are processed by us solely for the purpose of processing your message.

3.3    Legal basis for data processing

The legal basis for processing data that you communicate to us when submitting a question or request is a weighing of legitimate interests as per Art. 6, Paragraph 1, Point f of the GDPR (our legitimate interest is to communicate with external customers and other interested parties), the performance of a precontractual condition, or the fulfillment of a contract as per Art. 6, Paragraph 1, Point b of the GDPR.

3.4    Duration of data storage

The above-mentioned data are erased as soon as they are no longer required for fulfilling the purpose for which they have been captured. Regarding personal data that are sent to us by email or using the contact form, this is the case when processing of your request has been completed.
For information on processing of your data by other providers, please consult:

4.    Data capture during use of our online shop

4.1.    Captured data

If you would like to use our online shop, you must register as a user. We capture and store user and company data (name, postal address, email address, payment data etc.) that you enter. We also combine certain information, such as prices and price lists applicable to use, payment terms, Incoterms® 2010 or other conditions, with your profile. In all cases, processing of your personal data explicitly takes place on a voluntary basis, i.e. with your consent.

4.2    Data transfer for payment processing

To enable payment for orders placed in our online shop, we use the products and services of Wirecard AG, Einsteinring 35, 85609 Aschheim, Germany ("Wirecard"). If you use a credit card to pay in our online shop, Wirecard receives payment data for processing your payment. More information is available in Wirecard’s data privacy policy, which can be viewed at https://www.wirecardbank.com/fileadmin/user_upload/wirecardbank/fileuploads/Dokumente/Wirecard_-_Kommunikation_Haendler_WDB_als_Controller_-_EN.PDF.
For integrating Wirecard’s services in our online shop, we use the products and services of Computop Wirtschaftsinformatik GmbH, Schwarzenbergstr. 4, 96050 Bamberg, Germany ("Computop"). We have concluded an order processing agreement with Computop for this purpose.

4.2    Purposes of data processing

We process the personal data captured by us via our online shop exclusively for the following purposes: for checking your profile (commercial customer, internal compliance, if relevant credit rating), for confirming and processing your order and payments, for delivering merchandise while meeting any applicable customs and export requirements, for providing services, for communicating with you, and possibly for analyzing the use of our online shop.

4.3    Legal basis for data processing

The legal basis for processing your personal data is a contract with you as per Art. 6, Paragraph 1, Point b of the GDPR and/or a weighing of legitimate interests as per Art. 6, Paragraph 1, Point f of the GDPR.

4.3    Duration of data storage

The above-mentioned data are erased as soon as they are no longer required for fulfilling the purpose for which they have been captured. Regarding data captured during registration in order to perform a contract or precontractual measures, this is the case when the data are no longer needed to perform the contract. After concluding a contract, it can also be necessary to store personal data of the other party for complying with contractual or legal obligations (e.g. the requirement to retain documents and information of relevance to taxation). We may store data relevant to invoices for up to 10 years.

5.    Transfer of data to other parties

Personal data captured via this website are only transferred to third parties or contractors to the required extent. For example, we pass your address data to shipping and delivery companies in order for you to receive ordered merchandise.

5.1    Recipients and categories of recipients of personal data

The recipients of data are:

  • Government agencies that are legally entitled to receive data (such as social security bodies and tax authorities)
  • In-house departments that are involved in executing relevant business processes (e.g. accounting and IT)
  • External contractors involved in the processing or use of personal data in accordance with Arts. 28 ff. of the GDPR
  • External contractors hired to perform certain business processes (e.g. shipping companies)
  • Companies affiliated with SPINNER (e.g. wholly owned subsidiaries)
  • SPINNER sales partners (e.g. distributors)

5. 2    Legal basis for transferring data

Your personal data are transferred on the basis of your consent (Art. 6, Paragraph 1, Point a of the GDPR), either to fulfill a contract with you (Art. 6, Paragraph 1, Point b of the GDPR) or to comply with a legal obligation to which we are subject (Art. 6, Paragraph 1, Point c of the GDPR). Any processing of your data by a recipient at our request is based on an order processing agreement with that recipient.

5.3    Transfer to other countries

No personal data are transferred to other countries.

6.    Newsletter

We publish a newsletter to inform you about us and our offering.

In order for you to receive the newsletter, we require your email address. When subscribing to the newsletter, you must give us permission to send it to you. The captured data will only be used to send the newsletter.

The legal basis for data processing in this case is Art. 6, Paragraph 1, Point a of the GDPR (by your consent).

Our newsletter is sent via MailChimp. The plugins and functions of MailChimp are an offering of The Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308.

After you subscribe to our newsletter, the data you provide are transferred to MailChimp and stored there. MailChimp then sends you an email for you to confirm your subscription (“double opt-in”). MailChimp uses the Google Analytics tool. You can find details on Google Analytics in section 11 of this document.

The data privacy policy of Rocket Science Group LLC is available at http://mailchimp.com/legal/privacy/.

You may at any time revoke your consent for us to send you the newspaper, along with the associated capture and storage of data. You can do this using a link in the newsletters or by informing us via any of the contact channels given above.

7.    Use of cookies

This website uses both temporary session cookies and permanent cookies. Cookies are small text files that your Internet browser stores locally on your computer. These allow us to recognize you if and when you return to our website. This saves you, for example, the trouble of having to register again and helps us recommend relevant products to you. Cookies are a prerequisite for using the shopping basket in our online shop. If you disable cookies in your browsers, you may not be able to fully take advantage of this website’s functionality.

We also use cookies to analyze use of our website and display relevant advertising to you. In this data privacy policy, we describe how to use the cookie settings of your browser. Additional general information on cookies is provided in the following.

Name of cookie    
Description

Session cookie   
A session cookie is used to facilitate use of the many services available on this website.

Authentication/login    
Sustains the login while you are visiting a page.

Shopping basket  
Remembers the contents of the shopping basket.

Most recently viewed products    
Remembers the most recently viewed products.

Number of products in list    
Remembers the number of products to be shown in list or tile views.

Selected product list view    
Remembers whether a customer has chosen the list or tile view.

“Use of cookies” warning    
Remembers if the user does not wish to be shown the cookie warning again on every page.

MyAccount panel cookie    
Remembers the navigation settings at the lower left in the customer account section.

FileDownload    
Remembers PDF documents that have been downloaded.

_ga    
Google Analytics cookie used to distinguish users

_gid    
Google Analytics cookie used to distinguish users

_gat    
Used to throttle the Google Analytics request rate

AMP_TOKEN    
Contains a token that can be used to retrieve a client ID from the AMP client ID service. Other possible values indicate opt-out, inflight request, or an error retrieving a client ID from the AMP client ID service.

gac<property-id>    
Contains campaign-related information for the user. When Google Analytics and Google Ads accounts are linked, this cookie is read by Google Ads website conversion tags.

8.    Capture and processing of utilization data

We capture data on use of this website for statistical purposes, for improving our service, for identifying and diagnosing problems with or misuse of our online offering or telecommunications services and systems, and for marketing purposes. What we actually do with this data is described in greater detail in the following sections.

9.    Embedded YouTube videos

Videos stored at YouTube are embedded in our website. The provider of the YouTube service is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Among other things, YouTube uses cookies to maintain the integrity of video statistics and improve the usability of cookies. Videos stored at YouTube are embedded in our website in “extended data protection mode”. Cookies are only placed on your computer by YouTube if you play a video that is stored at YouTube and embedded in our website. The effect of “extended data protection mode” is that YouTube only saves cookies on your computer that contain no personally identifiable data. You can completely prevent the use of cookies by disabling them in your browser settings.

To the extent that personal data are processed in connection with using YouTube, this is done on the basis of a weighing of interests in accordance with a weighing of legitimate interests as per Art. 6, Paragraph 1, Point f of the GDPR (here our legitimate interest is to improve the design of our website to meet your requirements better) or on the basis of your consent as per Art. 6, Paragraph 1, Point a of the GDPR.

More information on data protection and the use of cookies by YouTube is available in the data privacy policy of YouTube at https://policies.google.com/privacy?hl=en. You can also manage your cookie-related settings there.

10.    Social plugins und social media

Our website uses social plugins, i.e. plugins of social media of the provider “AddToAny”.

For better protection of your data when visiting our website, these plugins are not fully integrated. Instead, they are only inserted with the aid of HTML links (the “Shariff solution”). This prevents a connection being made to the servers of a social media network when you open a page of our website. If you click on one of the buttons, a new window opens in your browser and calls a page of the other service provider’s website, on which you can then (possibly after entering your login data) click the “like” or “share” button, for example.

To the extent that personal data are processed when using social plugins, this takes place on the basis of a weighing of legitimate interests as per Art. 6, Paragraph 1, Point f of the GDPR (here our legitimate interest is to improve our website’s design to meet your needs better).

For information on the purpose and scope of data capture and further processing and use of captured data by other providers on their websites and your rights and possibilities for safeguarding your privacy by changing settings, please consult the data privacy policies of AddToAny (https://www.addtoany.com/privacy) and the social media providers concerned:

11.    Google Analytics

11.1    Data capture and purpose

This website uses Google Analytics, a web analysis service provided by Google, Inc. (“Google”). Google Analytics uses cookies: text files that are stored on your device for analyzing how you use the website. The information on the use of our services generated in this way is typically transmitted to and stored by Google on servers in the United States. If IP anonymization is enabled on this website, Google crops the IP addresses of users in countries that belong to the European Union or have signed the EEA Agreements. Only in special cases is a full IP address first sent to a Google server in the USA and then cropped. At our request, Google uses this information to evaluate your use of this website, compile reports on website activity, and provide us with other services related to use of this website and the Internet. The IP address sent by your browser is not mingled with any other data of Google’s. You can prevent cookies from being stored on your device by selecting appropriate browser settings; however, please be advised that if you do this you may not be able to fully take advantage of all of this website’s functions. You can also prevent cookie-generated data pertaining to your use of this website (including your IP address) from being captured and sent to Google processing by downloading and installing the browser plugin available at the following address: http://tools.google.com/dlpage/gaoptout?hl=en. It sets an opt-out cookie that suppresses capture of your data while visiting our website.

11.2    Google Analytics

For detailed information on the conditions of use of and protection of data by Google Analytics, please go to https://marketingplatform.google.com/about/analytics/terms/us/ or https://policies.google.com/?hl=en&gl=de. On our website, the code “gat._anonymizeIp()” has been added to Google Analytics to ensure anonymized capture of IP addresses. Please note that if you object to the associated tracking, the opt-out cookie may not have the desired effect. One solution is to install an opt-out browser add-on that is available from Google here.

This website uses Google Analytics, a web analysis service provided by Google, Inc. (“Google”). Google Analytics uses cookies to permit statistical analysis of how you use our website. If you access this website from a location in the European Union (EU) or European Economic Area (EEA), Google crops your IP address before transmitting it to the United States. Only in exceptional cases is your computer’s complete IP address first sent to a Google server in the United States then cropped. Google has obtained certification under the EU-U.S. Privacy Shield and therefore ensures an appropriate level of data protection. At our request, Google uses this information to compile reports on website activity. The IP address sent by your browser is not mingled with any other data of Google’s. These analyses help us improve our services by ascertaining which of them are more or less popular with users.

11.3    Legal basis

To the extent that personal data are processed in connection with the use of Google Analytics, this occurs on the basis of a weighing of legitimate interests as per Art. 6, Paragraph 1, Point f of the GDPR (here our legitimate interest is to improve our website’s design to meet your needs better).

12.    Google AdWords

12.1 Method and purpose of data capture

To measure the success of ads that we place with Google (“Google Ads”), we use Google Conversion Tracking, an analysis service of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Ads places a “conversion cookie” on your computer if you reach our website via a Google ad. These cookies lose their validity after 30 days and cannot be used to personally identify you. They merely register that you have clicked on one of our ads and consequently been redirected to our website. This tells us the total number of users that have clicked on an ad of ours and been routed to our website. We do not receive any information that could be used to identify users.
The personal data that Google captures in this way are also stored and processed on servers in the United States. The European Commission has not yet decided that the United States generally provides an adequate level of data protection. However, Google has pledged to comply with the terms of the EU-US Privacy Shield framework agreement regulating transatlantic exchanges of personal data for commercial purposes. More information on this is available at https://policies.google.com/privacy/frameworks?hl=en&gl=de. For more information on data protection at Google, see https://policies.google.com/privacy?gl=de&hl=en.

If you do not wish to participate in this tracking process, you can disable it at https://adssettings.google.com/. You can also disable cookies for conversion tracking by setting your browser to block cookies of the “googleadservices.com” domain.

12.2    Legal basis

The legal basis for processing your data is Art. 6, Paragraph 1, Point f of the GDPR (a weighing of interests based on our legitimate interest in being able to measure and therefore also control the success of our online advertising better).

13.    Online advertising

13.1    Method and purpose of data capture

This website uses the DoubleClick service. DoubleClick uses information on your visits to our or other websites in order to place online ads on products or services that may interest you, and employs cookies to capture it. DoubleClick is a service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. DoubleClick collects, processes or uses personal data based on its own criteria, and SPINNER GmbH therefore accepts no responsibility for the capture, processing or use of data by DoubleClick. Please refer to the data privacy policy of DoubleClick at http://www.google.de/policies/technologies/ads/. You can stop DoubleClick from collecting and processing data for the above-mentioned purposes at https://www.google.com/settings/ads/onweb/. If you want to permanently disable the DoubleClick cookie, you can install the extension available at https://support.google.com/ads/answer/7395996. SPINNER GmbH does not receive any data from or derived from the use of DoubleClick.

13.2    Legal basis

To the extent that personal data are processed in connection with the use of DoubleClick, this is based on a weighing of interests as per Art. 6, Paragraph 1, Point f of the GDPR (with our legitimate interest being that to practice direct advertising).

14.    Map services

14.1    Data capture and purpose

This website uses Google Maps: a map service that visually depicts geographical information. Google Maps is a service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Maps collects, processes or uses personal data according to its own criteria, and SPINNER GmbH therefore accepts no responsibility for the capture, processing or use of data by Google Maps. Please refer to the terms of use of Google Maps at https://www.google.com/intl/en/help/terms_maps/ and the data privacy policy of Google Maps (Google) at https://policies.google.com/privacy?hl=en. SPINNER GmbH does not receive any data from Google Maps or data that may arise from the use of Google Maps.

14.2    Legal basis

To the extent that personal data are processed in connection with the use of Google Maps, this occurs on the basis of a weighing of legitimate interests as per Art. 6, Paragraph 1, Point f of the GDPR (here our legitimate interest is to improve our website’s design to meet your needs better) or on the basis of your consent in accordance with Art. 6, Paragraph 1, Point a of the GDPR.

15.    Protection of your personal data

SPINNER GmbH protects your personal data from unauthorized access, use or publication. For this purpose, SPINNER GmbH takes appropriate technical precautions that reflect the current state of technology. If you need to enter account or credit card information in order to make payment, this is stored exclusively with the contracted PCI-DSS-certified payment service provider and not with us. However, SPINNER GmbH calls your attention to the fact that data transmission over the Internet (e.g. when communicating by email) may suffer from security issues. It is therefore not possible to guarantee that all of your personal data will be absolutely safe from unauthorized access by third parties.

Apart from this, we strongly advise you to also protect yourself, for example by keeping your passwords secret.

16.    Your rights

As a “data subject” in the sense of the GDPR, you have the following rights:

Exercising your rights to erasure, restriction of processing, objection or withdrawal can prevent you from fully taking advantage of our website.

You can directly exercise any of your above-mentioned rights as a data subject in writing by letter to SPINNER GmbH, Erzgiessereistrasse 33, 80335 Munich, Germany or email to This email address is being protected from spambots. You need JavaScript enabled to view it.. We will then immediately confirm in writing that you have done so and comply with your wishes. It is not sufficient to notify us by phone.  

  • Right to lodge a complaint with a supervisory authority in accordance with Art. 77 of the GDPR: if you, as an affected individual, consider that the processing of personal data relating to you via our website violates the General Data Protection Regulation, you have the right to lodge a complaint with the responsible supervisory authority, in particular in the EU member state of your habitual residence, place or work or place of the alleged infringement.

Responsible supervisory authority in Bavaria: Bayerisches Landesamt für Datenschutzaufsicht, Promenade 27 (Schloss), D-91522 Ansbach, phone: +49 (0) 981 53 1300, fax: +49 (0) 981 53 98 1300, email: poststelle(at)lda.bayern(dot)de.

Please note that these rights only apply if certain other legal prerequisites are met.

This data protection information reflects the situation as of July 2019.

© 2019 | SPINNER GmbH | Erzgiessereistr. 33 | 80335 Munich | Germany
Phone +49 (89) 12601-0 | info@spinner-group.com | Imprint | Data Privacy Policy