Data Protection Statement
cosnova GmbH (referred to below as “we”) appreciates your interest in our company and our products. It is therefore important to us that you feel safe when you visit our website (referred to below as: “Website”), also in terms of the protection of your personal data.
The controller as defined in the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection legislation is:
Am Limespark 2
65843 Sulzbach, Germany
Telephone: +49 6196 76156-0
Fax: +49 6196 76156-1298
You can find more information about us in the provider information [HYPERLINK].
64380 Rossdorf, Germany
Telephone: +49 6154 57605-0
Fax: +49 6154 57605-29
If you use the website for information purposes only, i.e. if you do not send us information in any other way, we only collect the personal data that your browser sends to our server. We collect the following data which is technically necessary for us to display our Website in the version and language suitable for you to ensure stability and security, and to prepare general reports about the use of our Website (the legal basis is Art. 6(1)(1)(f) GDPR):
– IP address
– date and time of the request
– content of the request (specific page)
– website from which the request originates
– operating system
The above data will be deleted promptly if it is no longer required for the above purposes, and no later than 30 days after we have collected it.
If you provide us with further personal data, e.g. in the course of registration, a contact form, survey, sweepstakes or for the performance of a contract, we will use this data for the purposes specified, for customer administration and – where necessary – for processing and accounting for any business transactions, in each case to the extent required for this purpose.
If you use our digital testers, we determine your approximate location (to an accuracy of approx. 50km) from an IP address that has been anonymised by shortening it and by scanning the QR code, we determine which version of our point of sale you are facing. This data is used exclusively for statistical purposes and is not combined with other data.
If you contact us by email (e.g. to the address given above), the personal data transferred with your email will be stored. The data will not be shared with third parties. The data will be processed exclusively for purposes of processing the conversation.
The legal basis for the processing of data transmitted in the course of sending a message is Art. 6(1)(1)(b) and (f) GDPR. This data will be used solely for processing the contact; this also includes our necessary legitimate interest in processing the data within the meaning of Art. 6(1)(1)(f) GDPR. The data will be deleted as soon as it is no longer required for the purpose for which it was collected, which is the case when the respective conversation with the user has ended. The conversation ends when it is clear from the circumstances that the matter in question has been conclusively clarified.
In addition to the data mentioned above, cookies are stored on your computer when you use our Website. Cookies are small text files stored on your hard drive in accordance with the browser you are using and through which certain information is transmitted to the party that sets the cookie (in this case by us). Cookies cannot execute programs or transfer viruses to your computer. They are used to make the internet offer more user-friendly and effective as a whole.
This website uses the following types of cookies and their the scope and function are explained below:
- transient cookies. Transient cookies are automatically deleted when you close the browser. This includes in particular session cookies. These store a so-called session ID which allows various requests from your browser to be assigned to the common session. This enables your computer to be recognised when you return to our Website. Session cookies are deleted when you log out or close the browser. For example the contents of a shopping basket in an online shop or a login status can be stored in this type of cookie.
- persistent cookies. Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
You can configure your browser settings according to your wishes and e.g. refuse to accept third-party cookies or all cookies. Stored cookies can be deleted in the system settings of the browser. Please note that if you do so you may not be able to use all the functions of this Website.
You can find a list of the cookies used here [HYPERLINK]
(d) Cancelling cookies
You can withdraw your consent to the setting of cookies for the future by clicking on the small cookie symbol at the bottom left of the Website.
(e) Google Tag Manager
This Website uses Google Tag Manager. Google Tag Manager is a solution that allows us to manage website tags via an interface. The tool itself (that implements the tags) is a cookie-free domain and does not store any personal data. The tool triggers other tags that may collect data. Google Tag Manager does not access this data. If deactivation has been carried out at the domain or cookie level, this remains for all tracking tags implemented with Google Tag Manager.
Information about the third party: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. So-called standard contractual clauses in accordance with Art. 46 GDPR have been concluded as adequate guarantees with this service provider. Legal basis: Art. 6(1)(f) GDPR (legitimate interest).
We sometimes use service providers bound by instructions for certain data processing activities. Without exception, these are service providers that are bound by instructions and process the data on our behalf and according to our instructions.
If it is required for the clarification of an illegal or fraudulent use of our Website or for legal prosecution, personal data will be forwarded, where applicable, to the prosecution authorities and to injured third parties. However, this only occurs if there are indications of illegal or fraudulent behaviour.
In the course of the further development of our business, the structure of our company may change due to changes in legal form, the establishment, purchase or sale of subsidiaries, parts of companies or components. In case of such transactions, customer information may be shared with the acquirer or legal successor, together with the part of the business to be transferred.
It is possible that we may transfer personal data to countries outside the EU (“third countries”). Any transfer of data to a recipient in a third country will take place in compliance with the applicable data protection law. Where the European Commission has not determined that an adequate level of protection exists in a third country, we will provide appropriate safeguards to ensure that your data is adequately protected. This can be done in particular by concluding data processing agreements which contain EU standard data protection clauses and which, in the opinion of the European Commission, provide adequate safeguards (available at: http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm). Please contact us for further details.
Our Website may also contain offers from third parties. If you click on such an offer, we will transfer data to the respective provider to the extent required (e.g. information that you have found this offer with us and, where applicable, further information that you have already provided for this purpose on our Website).
If we use so-called “social plug-ins” from social networks on our Website, we ask for your consent before using them.
If you have a user account with the network and are logged in at the time of activating the social plug-in, the network can link your visit to our Website to your user account. If you want to prevent this, please log out of the network before activating the social plug-in.
If you click on the link to an offer or activate a social plug-in, it is possible that personal data may be transferred to providers in countries outside the European Economic Area which, in the view of the European Union (“EU”), do not guarantee an “adequate level of protection” for the processing of personal data that meets EU standards. Please bear this in mind before clicking on a link or activating a social plug-in that triggers a transfer of your data.
The social plug-in remains active until you deactivate it or delete your cookies.
We have included YouTube videos in our online offer on the basis of our legitimate interests (i.e. interest in the optimisation of our online offer within the meaning of Art. 6(1)(1)(f) GDPR), which are stored on http://www.youtube.com and can be played directly from our Website. These are all integrated in “extended data protection mode”, i.e. no data about you as a user is transferred to YouTube unless you play the videos. The data mentioned in the following paragraph will only be transmitted when you play the videos. We have no influence on this data transfer.
When you visit the Website, YouTube obtains your IP address and the information that you have visited the relevant sub-page of our Website. This occurs irrespective of whether YouTube provides a user account which you use to log in or whether no such user account exists. If you are logged in with Google, your data will be linked directly to your account. If you do not wish your profile to be linked to YouTube, you must log out before activating the button. YouTube stores your data as user profiles and uses it for the purposes of advertising, market research and/or demand-oriented design of its website. Such an analysis is carried out in particular (even for users not logged in) to provide advertising that is appropriate for their needs and to inform other users of the social network about your activities on our Website. You have a right of objection to the creation of these user profiles and you must contact YouTube in order to exercise this right.
On this Website we use the offer of Google Maps on the basis of our legitimate interests (i.e. interest in the optimisation of our online offer as defined in Art. 6(1)(1)(f) GDPR). This enables us to display interactive maps directly on the Website and enables you to use the map function conveniently, e.g. when using our Storefinder.
When you visit the Website, Google receives your IP address and the information that you have accessed the relevant sub-page of our Website. This happens irrespective of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in with Google, your data will be linked directly to your account. If you do not wish your data to be assigned to your profile on Google, you must log out before activating the button. Google stores your data as user profiles and uses it for the purposes of advertising, market research and/or the needs-related design of its website. Such an analysis is carried out in particular (even for users not logged in) to provide advertising that is appropriate for their needs and to inform other users of the social network about your activities on our Website. You have a right of objection to the creation of these user profiles and you must contact Google to exercise this right.
This Website offers an Interactive Digital Assistant. This service is provided by Zoovu (Germany) GmbH, Skalitzer Str. 104, 10997 Berlin, Germany. We use this tool on our own responsibility and have entered into a data protection agreement with Zoovu that our customers’ data may only be processed on the basis of our instructions, must not be shared with third parties and must be adequately protected technically.
When you use the service and if you have given us permission to do so, e.g. by giving us your consent via the tracking banner, we collect the following usage data:
usage data: (performance of the Digital Assistant, answering questions, navigation, product recommendations, purchases)
browser / operating system / device used
source of the reference
The usage data collected (using a cookie ID) is used to improve the Digital Assistant experience, for technical purposes and to improve the service. Your IP address is not collected. It is therefore not possible to infer the user’s identity from the ID used.
If you have not given us permission to do so, e.g. by refusing consent via the tracking banner, only those cookies will be set that are necessary to provide the service, but there will be no tracking of usage as described above.
(h) Openweather widget
(i) Commerce Connector
(j) Consent manager
You can object to processing. Your right to object exists for reasons that arise from your particular situation. If you wish to object, please email email@example.com.
We wish to tailor the content of our Website as closely as possible to your interests and thus improve our service to you. We use so-called tracking technologies to identify usage preferences and particularly popular areas of the Website.
We use so-called (re-)targeting technologies so that we can tailor our online marketing (e.g. banner advertising) more specifically to your usage-related interests. These are read and used when you visit other websites that work with the providers of these (re-)targeting technologies in order to provide you with information that is as interest-related as possible.
When the above technologies are used, cookies on our Website and (in the case of retargeting) on third-party websites will record your interest in our products and services. This involves the use of random identifiers (so-called cookie IDs), which we do not associate with your name, address or similar information, even if this information is known to us (e.g. from an existing contractual relationship), unless you have consented to this.
In the exceptional cases in which personal data is transferred to the USA, we have agreed so-called standard contractual clauses with Google.
We use the service of the marketing platform Olapic Inc. New York, USA (“Olapic”). Olapic searches for us on Instagram for images and videos that show our products and may be suitable for sharing with our community (“Contributions”). If we wish to share these Contributions via the internet and/or distribute them through print media, we will contact the Instagram users who uploaded the relevant Contribution in their profile. If they agree and wish to grant us the rights requested, the Instagram users concerned may confirm our terms of participation.
It is also possible to upload pictures directly. You can use your social media account for this purpose or upload the image directly via your PC. In the latter case, you can decide yourself which name should be displayed.
Any use of the Contributions and any information linked to them only takes place with the consent of the respective user, Art. 6(1)(1)(a) GDPR. If we share the Contributions via the internet and/or distribute them in print media, we will share the contribution and any information linked to it and provide the user name.
By using Olapic, we are pursuing the interest of marketing our products using digital and non-digital channels, and reaching our target group using social media. The legal basis for the use is Art. 6(1)(1)(b) and (f) GDPR.
A pixel of Facebook Ireland Limited is integrated into this Website (website custom audience pixel). If you have given your consent, this pixel collects information about the use of this Website (e.g. information about items viewed) by us and Facebook Ireland Limited in joint responsibility and transmits it to Facebook Ireland Limited. This information may be attributed to you personally using other information that Facebook Ireland Limited has stored about you for example, because of your ownership of an account on the social network “Facebook”. The information collected via the pixel can be used to display interest-related advertising on our offers in your Facebook account (retargeting). The information collected through the pixel may also be aggregated by Facebook Ireland Limited, and the aggregated information may be used by Facebook Ireland Limited for its own advertising purposes and for advertising purposes of third parties. For example, Facebook Ireland Limited may infer certain interests from your browsing behaviour on this Website and may also use this information to promote third-party offers. Facebook Ireland Limited may also combine the pixel information with other information that Facebook Ireland Limited has collected about you through other websites and/or in connection with your use of the “Facebook” social network so that a profile about you can be stored on Facebook Ireland Limited. This profile may be used for advertising purposes. Facebook Ireland Limited is solely responsible for the permanent storage and the displayed further processing of tracking data collected via the website custom audience pixel used on this Website. The legal basis for this data processing is Art. 6(1)(1)(a) GDPR.
For more information about privacy at Facebook Ireland Limited, please visit https://www.facebook.com/policy.php. Here you will also find information about how to assert your rights (e.g. right to erasure) with regard to Facebook Ireland Limited. You can withdraw your consent to the transfer of data to Facebook Ireland Limited by using the pixel on this Website at https://www.youronlinechoices.com/de/praferenzmanagement/.
We only use Google Marketing products (e.g. Search Ad, Display & Video 360) with your express consent, which you can declare by clicking on the “Agree” button in the cookie banner of the Website. We store your consent in a cookie on your end device so that you are not asked for your consent every time you visit our Website, and for legal reasons together with the IP address and time on our servers; we will erase this information or restrict its processing if you withdraw your consent. Google uses personal data to personalise advertisements and cookies can be used for both personalised and non-personalised advertising. Further information is available at https://policies.google.com/technologies/partner-sites?hl=de.
We use a pixel from the provider TikTok on this Website (for the EU: TikTok Information Technologies UK Limited, Aviation House, 125 Kingsway Holborn, London, WC2B 6NH.). This is a code that we have implemented on our Website. With the help of this code, providing you consent, a connection to the TikTok servers will be established when you visit our Website in order to track your behaviour on our Website. Personal data such as the IP address and other information such as device ID, device type and operating system can also be transferred to TikTok. TikTok uses email or other login or device information to identify users of our Website and to assign their actions to a TikTok user account.
TikTok uses this data to display advertising to its users in a targeted and personalised manner and to create interest-related user profiles. The data collected will only be used by us as part of the measurement of the effectiveness of advertising placements.
In principle, your data will be processed within the EU or the EEA. A corresponding data protection agreement has been concluded with TikTok for this purpose. If personal data is transmitted to countries outside the EU or the EEA, this is done under template contracts of the so-called standard contractual clauses.
We only send newsletters as emails with promotional information about our products, offers, promotions and our company (referred to below as “Newsletters”) with the consent of the recipient or a statutory permission, Art. 6(1)(1)(a) and Art. 7 GDPR. The following information is to inform you about the registration, shipping and evaluation procedures, and your rights to object.
It is sufficient to provide your email address to register for the Newsletter.
Registration takes place in a so-called double opt-in procedure. This means that you will receive an email after registration requesting confirmation of your registration. This confirmation is necessary so that no one can register with unknown email addresses.
Registrations for the Newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. The changes to your data stored by us will also be logged.
The newsletters contain a so-called “web beacon”, i.e. a pixel-sized file that is retrieved by us or our service provider when the Newsletter is opened by a server, and comparable technologies. As part of this retrieval, technical information will be collected initially, such as information about the browser and your system, as well as your IP address and time of retrieval. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined with the help of the IP address), or the access times. Statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. This information might be assigned to the individual Newsletter recipients for technical reasons. However, it is not our aim to observe individual users. We use the evaluations much more to recognise the reading habits of our users and to adapt our content to them, or to send different content according to the interests of our users. The legal basis for this is Art. 6(1)(1)(f) GDPR.
You can unsubscribe from our Newsletter at any time, i.e. withdraw your consent. Withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent until its withdrawal. You will find a link to cancel the Newsletter at the end of each Newsletter.
When you unsubscribe from the Newsletter, personal data will be deleted, unless its retention is legally required or justified, and in this case processing is limited only to these exceptional purposes. In particular, we may use the email addresses provided for up to three years on the basis of our legitimate interests in accordance with Art. 6(1)(1)(f) GDPR before we delete them for the purposes of sending the Newsletter so that we can prove a previously given consent. The processing of this data is limited to the purpose of a possible defence against claims. An individual erasure request is possible at any time if the former existence of consent is confirmed at the same time.
We also maintain corporate presences on social networks such as Facebook and Instagram to which we link on our Website. When you access the relevant networks and platforms, the terms and conditions and data processing guidelines of the respective operators apply, over which we have no influence. When you do so, data may also be processed outside the European Union.
You have the right, at any time and on request, to obtain from us information about the personal data processed by us concerning you in accordance with Art. 15 GDPR. You can send a request by post or email for this purpose to the contact address provided.
You have the right to demand that we rectify, without undue delay, the personal data that concerns you in accordance with Art. 16 GDPR if it is incorrect. Please contact us at the address provided to do so.
You have the right, under the conditions described in Art. 17 GDPR, to demand that we erase the personal data that concerns you. These conditions provide in particular for a right of erasure if the personal data is no longer required for the purposes for which it was collected or otherwise processed, and in cases of unlawful processing, withdrawal or the existence of an obligation to erase the data under European Union law or the law of the member state to which we are subject. To exercise your right of erasure, please contact us at the address provided.
You have the right to demand that we restrict processing in accordance with Art. 18 GDPR. This right exists in particular if the accuracy of the personal data is disputed between the user and us, for the period of time required to verify its accuracy, and if the user requests restricted processing instead of erasure if there is an existing right to erasure; also if the data is no longer required for the purposes we pursue, but the user needs it to assert, exercise or defend legal claims, and if the successful exercise of an objection is still disputed between us and the user. To exercise your right to restrict processing, please contact us at the address provided.
You have the right to receive from us the personal data concerning you which you have provided to us in a structured, common, machine-readable format in accordance with Art. 20 GDPR. To exercise your right to data portability, please contact us at the address provided.
Under Art. 21 GDPR, for reasons arising from your particular situation, you have the right to object at any time to the processing of personal data that concerns you which is carried out on the basis of Art. 6(1)(1)(e) or (f) GDPR. We will cease processing your personal data unless we can prove compelling reasons for processing worthy of protection that outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.
You have the right to withdraw consents given in accordance with Art. 7(3) GDPR with effect for the future. Withdrawal of consent does not affect the lawfulness of the processing carried out until its withdrawal on the basis of the consent.
You also have the right to lodge complaints with the data protection supervisory authorities.
The competent supervisory authority for us is:
Der Hessische Datenschutzbeauftragte (The Hessian Data Protection Commissioner)
Gustav-Stresemann-Ring 1, 65189 Wiesbaden, Germany
P.O. Box 31 63, 65021 Wiesbaden, Germany
Telephone: +49 611 14080
Fax: +49 611 1408 – 900
Internet at: http://www.datenschutz.hessen.de