The following data privacy statement applies to the use of our online offer dhd.audio (hereinafter referred to as “website”).
We attach great importance to data protection. Your personal data is collected and processed in compliance with the applicable data protection regulations, in particular with the General Data Protection Regulation (GDPR).
1 Data privacy controller
Responsible for the collection, processing and use of your personal data within the meaning of art 4 para GDPR is
DHD audio GmbH, Haferkornstr. 5, 04129 Leipzig, Germany.
If you wish to object to our collection, processing or use of your data in accordance with this privacy policy as a whole or for individual measures, you can direct your objection to the body in charge.
You can save and print out this privacy statement at any time.
2 General purposes of processing
We use personal data for the purpose of operating the website and, if commissioned by you, to generate and process offers and orders.
3 What data do we use and why?
3.1 Hosting
The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage and database services, security services and technical maintenance services, which we use for the purpose of operating the website.
Here we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta data and communication data of customers, prospective customers and visitors to our website on the basis of our legitimate interests in an efficient and secure provision of our website in accordance to art 6 para 1 s 1 lit f GDPR in connection with art 28 GDPR.
3.2 Access data
We collect information about you when you use this website. We automatically collect information about your usage behaviour and interaction with us and record data about your computer or mobile device. We collect, store and use data about every access to our website (so-called server log files). Access data includes:
- name and URL of the accessed file
- date and time of access
- transferred data volume
- Message about successful access (HTTP response code)
- browser type and browser version
- operating system
- referrer URL (i.e. the previously visited page)
- Websites accessed by the user’s system through our website
- Internet service provider of the user
- IP address and requesting provider
Without allocating it to your person or and without any other profiling, we use this log data for statistical evaluations for the purpose of operation, security and optimisation of our website. It is furthermore used for anonymous recording of the visitor number to our website (traffic) and of the extent and type of use of our website and services. We use log data also for billing purposes in order to quantify the number of clicks received from cooperation partners. Based on this information, we are able to provide personalized and location-based content, to analyse traffic, to do troubleshooting and to correct errors, and to improve our services.
This is actually our legitimate interest according to art 6 para 1 s 1 lit f GDPR.
We reserve the right to check the log data subsequently if there is a justified suspicion of illegal use based on concrete evidence. We store IP addresses in the log files for a limited period of time if this is necessary for security purposes or for the provision or billing of a service, e.g. if you use one of our offers. After the order process has been cancelled or payment has been received, we will delete the IP address if this is no longer required for security purposes. We also store IP addresses if we have a concrete suspicion of a criminal offence in connection with the use of our website. In addition, we store the date of your last visit (e.g. when registering, logging in, clicking on links, etc.) as part of your account.
3.2.1 Matomo
In addition to the creation of logfiles we use the open-source software Matomo to analyze the use of our website, which helps us to understand how our website is used, so that can we can optimize it further. This is our legitimate interest according to art 6 para 1 s 1 lit f GDPR. We use the Matomo software with the option activated to anonymize the visitor’s IP address. It truncates the last two bytes of the IP address and therefore makes it impossible to track the collected data to you or your used internet accesss.
If you don’t agree to the collection of data by this software, you can deactivate the installation of cookies in your browser settings. Alternatively, you can also uncheck the following checkbox. Please note that cookies must be enabled for this, so that the software can remember your descision.
3.3 Cookies
We use so-called session cookies to optimize our website. A session cookie is a small text file that is sent by the respective servers when you visit a website and is stored temporarily on your hard drive. This file as such contains a so-called session ID, which enables the assignment of various requests of your browser to the common session. This will allow your computer to be recognized when you return to our website. These cookies are deleted after you close your browser. They are used, for example, to enable you to use the shopping basket function across several pages.
To a small extent, we also use persistent cookies (similar small text files that are stored on your end device), which remain on your end device and enable us to recognize your browser upon your next visit. These cookies are stored on your hard disk and are deleted automatically after the specified time (1 month to 10 years). This helps us to present our offer to you in a more user-friendly, effective and secure manner and, for example, to display information on the site that is specifically tailored to your interests.
Our legitimate interest in the use of cookies according to art 6 para 1 s 1 lit f GDPR is to make our website more user-friendly, effective and secure.
The following data and information are stored in the cookies:
- log-in information
- language settings
- search terms entered
- information on the number of visits to our website and use of individual functions of our website.
When the cookie is activated, it is assigned an identification number and your personal data is not assigned to this identification number. Your name, IP address or similar data that would allow the cookie to be assigned to you will not be placed in the cookie. Based on the cookie technology, we only receive pseudonymous information, for example about which pages of our shop have been visited, which products have been viewed, etc.
You can set your browser so that you will be informed in advance about the setting of cookies. Then you can decide individually, whether you want to exclude the acceptance of cookies for certain cases or in general, or cookies to be completely prevented. This may limit the functionality of the website.
3.4 Data for the fulfilment of our contractual obligations
We process personal data that we need to fulfil our contractual obligations, such as name, address, e-mail address, ordered products, invoice data and payment data. The collection of this data is necessary for the conclusion of the contract.
The data will be deleted after expiry of warranty periods and legal storage periods. Data linked with a user account (see below) will always be retained for the duration of the account.
The legal basis for this data processing is art 6 para 1 s 1 lit b GDPR, as this data is required so that we can fulfil our contractual obligations towards you.
3.5 User Account
User accounts are only created by us upon your request.
If you are already a DHD customer and additionally need an account for the extended use of the website, we use the following information from your existing master data: Name, company name, address, e-mail address, telephone number, information on terms of payment and delivery. If we have not received your data yet, we use the written contact data provided by you to create the account. We only transfer those data into your account that is required to use the activated website.
To ensure your proper registration and to prevent unauthorized registrations by third parties, you will receive an e-mail after your registration to define a secure password. The system will reject any insecure passwords (i.e. passwords that are too short or too simple). The password is stored encrypted on the server and cannot be read out again in cleartext. The password used is therefore unknown to us. In case you have forgotten your password, you can reset it. For this you need access to the e-mail address that is assigned to the account.
You can demand from us deletion of a created user account at any time without incurring any costs other than the transmission costs according to the basic tariffs. A written notice to the contact data mentioned under item 1 (e.g. email, fax, letter) is sufficient for this purpose. We will then delete your stored personal data, as far as we are not required to store them for the processing of orders or due to legal storage obligations.
The legal basis for this data processing is your consent in accordance with art 6 para 1 s 1 lit a GDPR.
3.6 Email Contact
If you contact us (e.g. by email), we will process your details for the handling of your request and in the case of follow-up questions.
If the data processing takes place in order to execute pre-contractual measures which arise upon your request or, if you are already our customer, in the course of the execution of the contract, the legal basis for this data processing is art 6 para 1 s 1 lit b GDPR.
We will only process further personal data if you give your consent (art 6 para 1 s 1 lit a GDPR) or if we have a legitimate interest in processing your data (art 6 para 1 s 1 lit f GDPR). An example for a legitimate interest is to reply to your e-mail.
We use Microsoft Exchange Online as our email server for communication purposes. By using our website and providing your email address, you acknowledge that your data will be processed by Microsoft in accordance with their privacy policies. We are committed to protecting your personal information and ensuring that your data is handled securely. For more details on how Microsoft processes your data, please refer to their Privacy Statement.
3.7 Quotation request form
We offer you the service of requesting a quotation for a shopping cart you have compiled. As we do not usually supply end customers but only our dealers, the country of your location is queried in the quotation form. The system then checks whether there is at least one authorized dealer in your country. You will then receive a list for selecting the desired dealer. If there is no authorized dealer for your country, DHD is the only contact available.
After you have selected the dealer, a message box will appear, containing the distributor’s contact details. By submitting the form, your request and provided information will be sent by e-mail to the indicated dealer’s email address. We are not responsible for compliance with the GDPR by our dealers who receive your data via email as a result of this process. If we are not your responsible dealer, we will not receive a copy of your inquiry. Our server only stores your shopping cart content; no personal data is stored.
3.8 Newsletter Subscription
You can subscribe to our newsletter in the footer of our site to stay informed about the latest developments about DHD audio. We are using the newsletter provider MailChimp. To ensure that no one else subscribes using your email address, you will receive a confirmation email containing an activation link. You must click on this link to confirm that you are the owner of the email address and agree to receive our newsletters.
4 Storage Time
Unless specifically stated, we only store personal data for as long as it is necessary to fulfil the purposes pursued.
In some cases, for example with regard to tax or commercial law, legislature requires storage of personal data. In these cases, we will only store the data for those legal purposes, but will not process in any other way. The data will be deleted after expiry of the legal storage period.
5 Your rights as a data subject
According to the applicable laws, you have various rights regarding your personal data. If you wish to assert these rights, please send your request, clearly identifying yourself, by email or by post to the address specified in section 1.
Please find below an overview of your rights.
5.1 Right of confirmation and access
You have the right to clear information about the processing of your personal data.
Specifically:
You have the right at any time to obtain from us confirmation as to whether personal data relating to you will be processed. If this is the case, you have the right to request from us free-of-charge information about the personal data stored about you, including a copy of this data. Furthermore, you have a right to the following information:
- the purposes for the processing;
- the categories of personal data processed;
- the recipients or categories of recipients to whom the personal data have been or are still being disclosed, in particular recipients in third countries or international organisations;
- if applicable, the planned time period for which the personal data will be stored or, if not applicable, the criteria for determination of this time period;
- the existence of a right to rectification or erasure of your personal data or to restriction of the processing by the data controller, or of a right of objection against such processing;
- the existence of a right to lodge a complaint with a supervisory authority;
- in the case that the personal data are not collected from the data subject, any available information as to their source;
- the existence of automated decision-making, including profiling, referred to in art 22 paras 1 and 4 GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Where personal data are transferred to a third country or to an international organisation, you have the right to be informed of the appropriate safeguards according to article 46 relating to the transfer.
5.2 Right to rectification
You have the right to obtain from us the rectification and, if applicable, the completion of personal data concerning you.
Specifically:
You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
5.3 Right to erasure (“right to be forgotten”)
In several cases, we are obligated to delete personal data concerning you.
Specifically:
According to art 17 para 1 GDPR, you have the right to obtain from us the erasure of personal data concerning you without undue delay and we have the obligation to erase personal data without undue delay where one of the following grounds applies:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- you withdraw consent on which the processing is based according to art 6 para 1 s 1 lit a GDPR or to art 9 para 2 lit a, and where there is no other legal ground for the processing.
- you object to the processing according to art 21 para 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing according to art 21 para 2 GDPR.
- the personal data have been unlawfully processed.
- the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which we are subject.
- the personal data have been collected in relation to the offer of information society services referred to in art 8 para 1 GDPR.
Where we have made the personal data public and we are obliged according to art 17 para 1 GDPR to erase the personal data, we, taking account of available technology and the cost of implementation, will take reasonable steps, including technical measures, to inform the data controllers which are processing the personal data that you have requested them the erase any links to, or copy or replication of, those personal data.
5.4 Right to restriction of processing
In several cases you have the right to request from us restriction of processing of your personal data.
Specifically:
You have the right to obtain from the controller restriction of processing where one of the following applies:
- the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data,
- the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
- we no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims,
- you have objected to processing according to art 21 para 1 pending the verification whether the legitimate grounds of our company override yours.
5.5 Right to data portability
You have the right to receive, transmit or let us transmit the personal data concerning you in machine-readable format.
Specifically:
You have the right to receive the personal data concerning him or her, which he or she has provided to us, in a structured, commonly used and machine-readable format and you have the right to transmit those data to another data controller without hindrance from us, where:
- the processing is based on consent according to art 6 para 1 s1 lit a GDPR or art 9 para 2 lit a GDPR or on a contract pursuant to art 6 para 1 s 1 lit b GDPR and
- the processing is carried out by automated means.
In exercising your right to data portability according to paragraph 1, you have the right to have the personal data transmitted directly from us to another data controller, where technically feasible.
5.6 Right to object
You have the right to object to a legitimate processing of your personal data by us on grounds relating to your particular situation and unless our interests in the processing prevail.
Specifically:
At any time you have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on art 6 para 1 s 1 lit e or lit f GDPR. This includes profiling based on those provisions. We shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct-marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling that it is related to such direct marketing.
Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to art 89 para 1 GDPR, you have the right, on grounds relating to your particular situation, to object to processing of personal data concerning you, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
5.7 Automated decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you in a similar way.
5.8 Right to withdraw data-privacy consent
You have the right to withdraw consent at any time to processing of personal data.
5.9 Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes this Regulation.
6 Data security
We make every effort to ensure the security of your data in accordance with the applicable data protection laws and technical possibilities.
Your personal data will be transmitted encrypted. This applies to your orders and also to the customer login. We use the SSL (Secure Socket Layer) coding system, but point out that data transmission over the Internet (e.g. communication by email) can have security gaps. A complete protection of data against access by third parties is not possible.
To secure your data, we maintain technical and organisational security measures in accordance with art 32 GDPR which we will constantly update to the state of the art.
Furthermore, we do not guarantee that our offer will be available at certain times; disruptions, interruptions or failures cannot be ruled out. The servers we use are regularly and carefully secured.
7 Disclosure of data to third parties, no data transfer to non-EU countries
In general, we only use your personal data within our company.
If and as far as we involve third parties in the fulfilment of contracts (such as logistics service providers), these parties will only receive personal data to the extent to which the transfer is required for the corresponding service.
In the event that we outsource certain parts of data processing (“order processing”), we contractually oblige our contractors who process the data to use personal data only in accordance with the requirements of data protection laws and to ensure the protection of the rights of the affected person.
We are using Google Maps and Youtube services to integrate content into our website. We protect your privacy by not directly integrating the content of these providers. Before displaying these contents you will be informed that you have to agree to the data transfer to these services independently and beforehand. Only after you have clicked on “I ACCEPT”, your browser will establish a connection to these servers (so-called two-click solution). The legal basis for the processing of data following the consent of the user is art 6 para 1 s 1lit a GDPR.
A data transmission to places or persons outside the EU apart from the case mentioned in Section 3.7 and apart from the services described in this paragraph will not take place and is not planned for the future.