Data Privacy Statement

We are pleased that you are interested in our company. Data protection is of the utmost importance to the management of ChiruTec GmbH. In principle, the ChiruTec GmbH website can be used without the disclosure of any personal data. However, if the data subject uses certain services offered by the company on our website, the processing of personal data may be necessary. In cases when the processing of personal data is necessary and there is no legal basis for the respective processing, we will generally obtain consent from the data subject.

The processing of personal data such as names, addresses, email addresses or phone numbers from data subjects is always performed in compliance with the General Data Protection Regulation and the pertinent country-specific data protection regulations to which ChiruTec GmbH is subject. This privacy policy provides data subjects with information on the scope, extent and purpose of our collection, use and processing of personal data. It also informs data subjects of their rights in this regard.

As the controller for the processing, ChiruTec GmbH has implemented various technical and organisational measures in order to ensure the highest possible level of protection for personal data processed on our website. Nevertheless, by virtue of its nature, web-based data transfers may be subject to security breaches and, as such, absolute protection cannot be ensured. For this reason, data subjects are at liberty to select alternative methods, such as a phone call, to disclose personal data to us.

The following privacy policy provides information on the scope, extent and purposes of the collection and use of personal data when using this website.

I. GENERAL INFORMATION

1. Controller

The data controller for the data collection, processing and use in relation to the use of our website, including the online shop, is:

ChiruTec GmbH
Märkersteig 12-16
14974 Ludwigsfelde
Germany

Phone +49 3378 5175-800
Fax +49 3378 5175-9800

The controller also operates a legally non-independent branch in Switzerland at the following registered office:

ChiruTec GmbH (Swiss Branch)
Höhenstrasse 33
8127 Forch
Switzerland

Phone +41 41 5110-250
Fax +41 41 5110-251

ChiruTec GmbH Germany is the controller for all data processing performed in relation to the website www.chirutec.com and the online shop at https://shop-che.chirutec.com/. In particular, the technical infrastructure of the website, online shop and shop system are operated and maintained by, and the responsibility of ChiruTec GmbH (Germany). ChiruTec GmbH is responsible for data collections related to the website and online shop.

Whilst the Swiss branch is the signatory for the invoice generated upon conclusion of sales contracts in the online shop, ChiruTec GmbH Germany is the controller in terms of data protection regulations.

On 26th July 2000, the European Commission ruled that Swiss law provides adequate protection of personal data and therefore data transfers from Member States to Switzerland are permitted as per Art. 45, para. 3 GDPR.

The processing of personal data such as names, addresses, email addresses or phone numbers from data subjects is always performed in compliance with the General Data Protection Regulation and the pertinent Swiss data protection regulations to which ChiruTec GmbH is subject.

2. Contact details for questions related to data protection

Please direct any questions or remarks on the topic of data protection to the Data Protection Officer at: privacy@chirutec.com.

3. Definition of key terms

GDPR stands for the General Data Protection Regulation; BDSG is the abbreviation for the German Federal Data Protection Act.

Personal data, in terms of the EU GDPR, means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly.

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

II. Data processing when you visit our website 

1. Accessing the website and log files

Explanation and purpose of processing

Each time you visit our website, we automatically process the following information:

  • the IP address of your computer or other device (e.g. tablet, PC or smartphone) and the request(s) submitted by your browser
  • the transferred data volume, the browser type, the browser version, the browser language, the screen resolution and the operating system used.

The collection of your IP address and the information on requests submitted by your web browser are technically required to access and use the website; access to the website is not possible without the processing of this data and the webpages will not be displayed. Once it is no longer technically required for the access/use of the website, the processing of your IP address will be anonymised through truncation or erased.

The information pertaining to the transferred data volume, the browser type and version, the screen resolution and the operating system used is collected and processed in order to optimise the display of the website content, to determine the system capacity utilisation and to implement modifications and improvements for the website in the future on the basis of statistical analyses, if applicable.

Your data is erased as soon as it is no longer required for the purpose for which it was collected. Data that was solely collected for the provision of the website shall, as a rule, consequently be erased once the respective session has expired. Log files are erased or anonymised within 7 days to ensure that allocation to the website visitor is no longer possible.

Legal basis:

This data processing takes place on basis of Art. 6 para. 1 lit. f GDPR. The legitimate interests in processing pursued by the controller are enabling access to the website, the optimised display of the content for the user and further improvement/optimisation of the website in the future.

Right to object:

In the event that data processing is performed on the legal basis of Art. 6, para. 1, lit. f GDPR, the user shall be entitled to lodge an objection to this processing without prejudice to any other rights. Please refer to the following text for more information (“Data subject rights”).

2. General information on cookies and data transfers to the USA

a) General information on cookies

We use cookies on our website. Cookies are small text files that are locally stored on your device (e.g. PC, smartphone, tablet) when you visit our website. They contain various information on the used device and user behaviour and are sent back to the web server that originally set the cookie in order to recognise the user and their settings the next time they visit the website.

You can adjust your browser settings to prevent the storage of cookies. Furthermore, cookies that have already been stored can be deleted at any time in your browser. Under certain circumstances, preventing or deleting cookies may impair the use of certain features on the visited website. You can also easily adjust your settings for various cookies directly on our website (please refer to the following explanations).

b) Types of cookies

In general, cookies can be classified into the following categories:

  • Strictly necessary cookies: These cookies are essential for you to access the website, browse without any issues and display the content of our website as intended.
  • Preference cookies: These make the website easier to use for our users (e.g. no need to readjust your settings each time you visit the website).
  • Statistics cookies: These cookies collect information on how you use our website. They help us to statistically analyse your use of the website, primarily for the future improvement and optimisation of our website and services.
  • Personalisation: These cookies are used to tailor the website content and features to the user’s interests through the storage and processing or user information and behaviour in order to personalise services.

Our website currently solely uses strictly necessary cookies that are required for the display or use of the website and shop features. In particular, cookies are used on the following grounds:

  • Cookies to temporarily store shopping cart information
  • Cookies to facilitate logging into the customer/user section

Cookies are deleted at the end of the respective session. You will be informed about the use of cookies upon your initial visit to the website with the notification banner.

c) Legal bases for the use of cookies

We use strictly necessary cookies: on the basis of our legitimate interest as per Art. 6, para. 1, lit. f GDPR. Our legitimate interest in processing lies in facilitating the proper display and use of the features on our website.

III. Data processing in relation to the online shop

1. Registration for the online shop

Explanation and purpose of processing

You are required to register with our website prior to placing an order on our online shop, which will also grant you access to the online customer portal. In this online customer portal, you can view and amend delivery addresses, payment information etc. and access your order history.

When you register, you will be required to provide mandatory information in addition to your email address and password, which is required for conclusion and performance of the contract.

  • Company
  • Title, first name, surname
  • Address, country
  • Delivery address, delivery country

All other information is optional. You can change this information at any time in your user portal and add additional information to your user account. Furthermore, additional information will be stored in your account when you use the online shop, namely the content of your shopping cart, the content of your favourites list and information on previous orders.

Orders in our online shop are reserved for people who exercise commercial or self-employed professional activities, or are legal entitles governed by public law or public special funds upon conclusion of the contract. Following registration, we check whether these criteria have been fulfilled and may request further evidence if necessary.

This personal data is processed in order to establish and manage a customer account to enable the customer to place and view orders placed in our online shop and – in the event that an order is placed – to establish, perform and process concluded contracts.

Declaration of consent upon registration

The creation of a user account and the associated subsequent data processing takes place on the basis of your prior consent, which you are required to grant during the registration process.

As there is no statutory or contractual obligation to register or disclose your personal data, granting your consent is not mandatory. Previously granted consent can be revoked at any time with future effect. Please contact us at user@chirutec.com in order to revoke your consent. In this case, any processing of personal data that occurs prior to the revocation shall remain lawful.

It is important to note that without the prior granting of your consent, you will not be able to register on our website or place orders. In the event that you revoke previously granted consent, your user account will be deleted.

We would like to point out that we shall continue to store and process information related to orders, even after deletion of your user account, if this is required for the establishment, performance or termination of contracts concluded with you and/or we are obligated to comply with statutory retention periods (especially retention periods stipulated under fiscal/accounting law). This form of data processing does not take place on the basis of your consent but rather on the basis of legal authorisation.

Legal bases:

The legal basis for the processing of data in order to establish and maintain a customer account is Art. 6, para. 1, clause 1, lit. a GDPR and, for the processing of data to establish and process orders, Art. 6, para. 1, clause 1, lit. b GDPR.

2. Credit card payment

Explanation and legal basis

We use “Saferpay”, a service provided by the specialist service provider SIX Payment Services AG, Hardturmstrasse 201, CH-8005 Zurich, Switzerland (hereinafter referred to as “Six”) in order to process credit card order payments. You can read the provider’s privacy policy at: https://www.six-payment-services.com/de/home/service-support/privacy-notice-cardholders.html#scrollTo=andere_zahlverfahrenmitkarte.

Your payment is processed using a plugin provided by Six which has been integrated into our shop system. We do not collect any payment data in relation to the payment process. This data is instead collected directly by Six. We solely transfer the order number and invoiced amount to Six.

Data processing carried out by us in relation to payment takes place on the legal basis of Art. 6, para. 1, clause 1, lit. b GDPR (establishment and performance of the contract).

Transfers to Switzerland (third country)

When you use Saferpay, your data will be transferred to Six, which is headquartered in Switzerland. On 26th July 2000, the European Commission ruled that Swiss law provides adequate protection of personal data and therefore data transfers from Member States to Switzerland are permitted as per Art. 45, para. 3 GDPR.

3. Payment via PayPal

Explanation and legal basis

We provide the option to pay via PayPal. PayPal is a payment service provided by PayPal Europe S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg (www.paypal.com). Learn more about data protection at PayPal at the following link: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Your payment is processed using a plugin provided by PayPal which has been integrated into our shop system. We do not collect any payment data in relation to the payment process. This data is instead collected directly by PayPal. We solely transfer the order number and invoiced amount to PayPal.

We would like to draw your attention to the fact that PayPal transfers the disclosed data to credit agencies in order to verify your identify and credit score.

Data processing carried out by us in relation to payment takes place on the legal basis of Art. 6, para. 1, clause 1, lit. b GDPR (establishment and performance of the contract).

IV. Contact form

Explanation and purpose of processing

If you have any questions or requests, please use the contact form on our website or contact us by email. When you contact us in this way, the personal data you disclose will be electronically processed in order to respond to your query or process your request. If you use the online contact form, you will be required to enter a valid email address so that we can respond to your query. We also ask that you provide your name.

Personal data collected in relation to your use of the contact form will be erased as soon as the storage thereof is no longer required, or, in the event that statutory retention periods apply, processing thereof shall be restricted, unless further processing is permitted by the law.

Legal bases

We process your personal data when you contact us on the basis of Art. 6, para. 1, clause 1, lit .f GDPR. The legitimate interests behind this processing are processing and responding to your query. In certain circumstances, the processing of your data may also take place on different legal bases. In individual cases, the processing of this data may be permitted or prohibited by additional legal bases, such as Art. 6, para. 1, clause 1, lit. c GDPR (statutory duties, e.g. retention periods under commercial or fiscal law) or Art. 24, para. 1, no. 1 (BDSG) (assertion of or defence against civil claims).

V. Recipients of personal data

1. Logistics service providers for order processing

The delivery of the goods is carried out with the assistance of the logistics service provider PostLogistics AG, Allmendstrasse 8, 5612 Villmergen. The following data is disclosed to the logistics service provider headquartered in Switzerland for the purpose of performing the contract:

Customer address, customer number, order number, delivery date, payment term, order items, order quantity.

2. Other third parties

The provision of our website may involve additional disclosures of personal data to the following categories of third parties – always strictly in order to fulfil specified purposes – also regarded as processors as per Art. 28 GDPR:

  • System administrators (hardware/software maintenance)
  • Server hosting

VI. Data subject rights

a) You reserve the right to demand confirmation from us on whether we process your personal data. In the event that we do process your personal data, you shall be entitled to receive information about this personal data to the legally-permitted scope (Art. 15 GDPR in conjunction with Art. 34 BDSG). This shall not apply if the data

  • is only stored as erasure thereof is prohibited by legal or statutory retention periods or
  • solely serves the purposes of data backups or privacy monitoring

and the provision of information would entail disproportionate effort and processing for other purposes is prohibited by appropriate technical and organisational measures.

b) Furthermore, you also reserve the right to demand the rectification of incorrect personal data and – with regard to the purposes of processing – to demand the completion of incomplete personal data with a supplementary declaration (Art. 16 GDPR).

c) In the cases specified in Art. 17, para. 1, lit. a to f GDPR, you are also granted the right to demand erasure of your personal data, provided none of the exceptions as per Art. 17, para.3 GDPR apply, and to restrict data processing for the cases stipulated in Art. 18, para. 1 GDPR.

d) Furthermore, in the cases specified in Art. 20, para. 1 GDPR, you are entitled to data portability.

e) Declarations of consent may be revoked at any time with future effect without the statement of grounds.

f) You also reserve the right to lodge a complaint with the competent supervisory authority if you have reason to suspect that processing of your personal data may violate the GDPR. The supervisory authority responsible for the central office can be contacted here: https://www.lda.brandenburg.de.

g) The right to object to processing on the basis of legitimate interests

If your data is processed on the basis of Art. 6, para. 1, lit. g GDPR (legitimate interest), you are entitled to lodge an objection to processing of your personal data for reasons pertaining to your personal circumstances at any time.

VII. Final provisions

1. Automated decision-making and profiling

Automated decision-making and profiling are not performed.

2. No obligation to provide data

In principle, you are not required by any statutory or contractual provisions to provide personal data to visit our website. However, the provision of personal data may be required by your contract or law if a contractual relationship has been or will be established between you and us, for instance. As such, the contractual party or natural person acting on behalf of a legal entity must be informed of this duty upon conclusion of a contract.

 

This privacy policy is subject to future change at any time to adapt to changed circumstances, in particular to adapt to changes in statutory provisions, official practice or jurisprudence. The current version can be found in the Data Privacy Statement section on our homepage.

Version: February 2021