With this privacy policy, we inform you about which personal data we collect in the course of your use of www.frabo.de and for what purpose the data is used. You can access this information at any time at https://www.frabo.de/datenschutz/.

1. Responsible body/contact

FRABO für den Hundesport GmbH
Bahnhofstrasse 1
87493 Lauben/Oberallgäu

If you have any questions or suggestions regarding data protection, you are also welcome to contact us by e-mail at info@frabo.de.

2 Subject of data protection

The subject of data protection is personal data. According to Art. 4 No. 1 DSGVO, this is all information that relates to an identified or identifiable natural person; this includes, for example, names or identification numbers.

3. collection and use of your data

3.1 Calling up our offer

If you call up our website, information is automatically sent to our server by the page and the browser used on your end device and temporarily stored in a so-called log file. The following information is collected without your intervention and stored in the log file until automatic or manual deletion:

  • The IP address of the device used,
  • the date and time of access,
  • the name and URL of the file accessed, the website/app from which the access was made (referrer URL),
  • the unique identifier of the browser you are using
  • Operating system and its interface
  • language and version of the browser software
  • if applicable, the name of your Internet provider.

The processing of the above data is based on Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest follows from the purposes of data collection listed below. At this point, we would like to point out that we cannot draw any conclusions about your identity from the collected data and that we will not do so. The IP address of your terminal device and the other data listed above are used by us for the following purposes:

  • Ensuring a smooth connection setup,
  • Ensuring a comfortable use of our offer,
  • evaluation of system security and stability as well as
  • other administrative purposes.

The data is stored in accordance with the legal retention periods and then automatically deleted. Furthermore, we use so-called cookies, tracking tools and interfaces to other services, e.g. to social media platforms, payment services or CRM systems for our offer. The exact procedures involved and how your data is used for this purpose are explained in more detail below in section 4.

3.2 Data processing upon conclusion of the contract, for the execution and termination of the contract

In the event that you have decided to purchase one of our products in our online store, we process the data required for the conclusion, execution or termination of such (purchase) contract . This includes in particular:

  • E-mail address
  • First name, last name
  • Delivery or home address
  • Invoice and payment data

The legal basis for this is Art. 6 para. 1 lit. a), lit. b) DSGVO. If third parties are involved in the purchase transaction, we pass on the necessary data to them. As far as we do not use your contact data for customer support or customer care (see in detail under 3.3.), we store the data collected for the processing of the contract until the expiry of the purpose or until the expiry of possible contractual revocation, warranty and guarantee rights. After expiry of this period, we retain the personal data required by law for the periods specified by law. For this period (regularly six to ten years from the conclusion of the contract), the data will be processed again solely in the event of an audit by the tax authorities.

3.3 Data processing in the online store (Shopify).

To provide our online store on our site, we use the store solution of Shopify, a service of Shopify Inc, 126 York Street, Suite 200, Ottawa, ON, Canada (hereinafter: "Canada"). If you initiate an order via this store, the following data will be collected

  • Name,
  • Email,
  • details of your order,
  • shipping and billing address,
  • payment details,
  • company name,
  • phone number,
  • IP address,
  • Device information

Processed via the servers of Shopify. This data processing is carried out on the basis of Article 6 (b) DSGVO and is necessary to ensure the smooth processing of your order. Shopify processes data exclusively in accordance with the "Privacy Shield Framework" standard and thus meets the European standards for legally compliant commissioned data processing. Additional information about Shopify and data protection can be found in the provider's privacy policy.

3.4 Data processing for payment processing

If you have decided to purchase one of our products, we will, for the purpose of fulfilling the contract and especially for the purpose of payment processing, on the basis of Article 6 (1) lit. b) DSGVO, process the transaction data, such as e.g.

  • Name,
  • address,
  • e-mail address,
  • account number,
  • bank code,
  • credit card number,
  • invoice amount,
  • currency and
  • Transaction number

We will pass on your payment details to the payment service provider you have chosen (e.g. Paypal, Amazon Payment, Stripe, etc.). The transmission is necessary because otherwise we can not process the order. The data will be used exclusively for the execution and realization of the payment processing and transmitted securely via the "SSL" encryption method. The service providers we offer are certified according to PCI DSS certified. They may transfer, process and store personal data outside the EU. For more information, please check the privacy policy of your service provider.

3.4.1.Online payment service Stripe

For the fulfillment of the contract and especially for the purpose of payment processing, we provide personal data on the basis of Article 6 para. 1 lit a. ) and lit. b) DSGVO, we pass on your name and e-mail address to our payment service provider Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland ("Stripe"). By using Stripe's library, the information entered during the order process (e.g. address, account number, bank routing number, credit card number (if applicable), invoice amount, currency and transaction number) is used exclusively for the execution and realization of the payment processing and transmitted securely via the "SSL" encryption method. Stripe is certified according to PCI DSS certified. Stripe transfers, processes and stores personal data outside the EU, if applicable. Detailed information about Stripe's privacy policy can be found at this Link.

3.4.2.online payment service PayPal

When paying via PayPal, credit card via PayPal, direct debit via PayPal or "purchase on account" via PayPal, we pass on your payment data to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal") as part of the payment processing. PayPal reserves the right to conduct a credit check for the payment methods credit card via PayPal, direct debit via PayPal or "purchase on account" via PayPal. PayPal uses the result of the credit check with regard to the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they have their basis in a scientifically recognized mathematical-statistical procedure. Among other things, address data is included in the calculation of the score values. Further information on data protection can be found in the PayPal data protection principles: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

3.4.3 Online payment service Klarna - Sofortüberweisung

We also offer payment by Sofortüberweisung. In this case, the data is collected by Sofort GmbH, Theresienhöhe 12, 80339 Munich. Fleurop does not collect and store the data itself. Sofort GmbH requires the IBAN as well as PIN and TAN of your online banking account. During the ordering process, you will be automatically redirected to the secure payment form of Sofort GmbH. Immediately afterwards you will receive the confirmation of the transaction. Thereupon we receive the transfer credit directly. Anyone who has an activated online banking account with PIN/TAN procedure can use Sofortüberweisung as a payment method. Please note that a few banks do not yet support payment by instant bank transfer. You can get more information about this via the following link:

https://www.sofort.com/ger-DE/general/fuer-kaeufer/fragen-und-antworten/

You can obtain more detailed information on the stored data at

https://www.klarna.com/sofort/#cq-0

The legal basis for data processing is Art. 6 (1) b) DSGVO, as the processing of data is necessary for payment by Sofortüberweisung and thus for the performance of the contract.

The transfer of data to processors is based on Art. 28 (1) DSGVO, alternatively on the basis of our legitimate interest in the economic and technical benefits associated with the use of specialized processors, and the fact that your rights and interests in the protection of your personal data do not prevail, Art. 6 (1) f DSGVO.

3.5 Data processing for customer support or customer care.

For the purpose of customer support and customer care, we process your data as follows:

3.5.1. newsletter registration via double opt-in.

On our website we offer you the possibility to register for our newsletter. This serves the purpose of sending our customers current developments, such as special promotions, exciting information and offers from FRABO, etc.. In order to ensure that no mistakes have been made when entering the email address and that it can be assigned to the actual owner, we use the so-called double opt-in procedure: After you have entered your email address in the registration field, we will send you a confirmation link. Only when you click on this confirmation link will your email address be added to our distribution list. You can revoke your consent at any time with effect for the future. To do so, simply send a short note by email to info@frabo.de or click the unsubscribe button in the respective email.

3.5.2 Contact form

For questions of any kind, we offer you the opportunity to contact us via a form provided on our website. In doing so, it is necessary to provide a valid e-mail address so that we know from whom the inquiry originates and so that we can answer it. Further information can be provided voluntarily. It is your free decision whether you want to enter this data in the contact form.

If you decide to submit a contact request to us, we process the following data:

  • transmitted surname and first name,
  • the stated subject of the request,
  • the transmitted e-mail address,
  • telephone number, if applicable,
  • subject,
  • the request you have made,
  • the IP address of the device used,
  • the date and time of the request,

The data processing for the purpose of contacting us is carried out in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO on the basis of your voluntarily given consent.

The personal data collected by us for the use of the contact form will be automatically deleted after completion of the request you have made.

4. cookies

We store so-called "cookies" to provide you with an extensive range of functions and to make the use of our websites more comfortable. "Cookies" are small files that are stored on your computer with the help of your Internet browser. If you do not wish "cookies" to be used, you can prevent them from being stored on your computer by making the appropriate settings in your Internet browser. Please note that the functionality and scope of functions of our offer may be limited as a result.

Specifically, we use the following cookies:

Session cookies: these cookies are required for the technical operation of our website and are automatically deleted after you close your browser.

These cookies cannot identify you as a person. In any case, the use of cookies is justified on the basis of our legitimate interest in a demand-oriented design as well as the statistical evaluation of our website and the fact that your legitimate interests are not overridden, Art. 6 (1) lit. f DSGVO.

5. changes of purpose

Processing of your personal data for purposes other than those described will only be carried out if a legal provision permits this or if you have consented to the changed purpose of the data processing. In the event of further processing for purposes other than those for which the data was originally collected, we will inform you of these other purposes prior to further processing and provide you with all other relevant information.

6 Automated individual decisions or profiling measures.

We do not use any automated processing processes to bring about a decision or profiling.

7. passing on of data

In principle, your personal data will only be passed on without your express prior consent in the following cases:

7.1 If it is necessary for the clarification of an illegal use of our services or for legal prosecution, personal data will be forwarded to law enforcement authorities and, if necessary, to injured third parties. However, this only happens if there are concrete indications of unlawful or abusive behavior. A transfer may also take place if this serves the enforcement of terms of use or other agreements. We are also legally obligated to provide information to certain public authorities upon request. These are law enforcement agencies, authorities that prosecute administrative offenses subject to fines and the tax authorities.

The disclosure of this data is based on our legitimate interest in combating abuse, prosecuting criminal offences and securing, asserting and enforcing claims and that your rights and interests in the protection of your personal data are not overridden, Art. 6 (1) lit. f DSGVO.

7.2 We rely on contractually affiliated third-party companies and external service providers ("order processors") to provide services/process orders. In such cases, personal data is passed on to these order processors to enable them to continue processing. These Order Processors are carefully selected and regularly reviewed by us to ensure that your privacy is protected. The processors may only use the data for the purposes specified by us and are also contractually obligated by us to treat your data exclusively in accordance with this privacy policy and the German data protection laws. We pass on your payment data to the commissioned online payment service as part of the payment processing, insofar as this is necessary for the payment processing. If payment service providers are used, we explicitly inform about this below. The legal basis for the transfer of data is here Art. 6 para. 1 lit. b DSGVO.

In detail, we use the following order processors:

- Webhoster (IONOS).

The transfer of data to processors takes place on the basis of Art. 28 (1) DSGVO, alternatively on the basis of our legitimate interest in the economic and technical benefits associated with the use of specialized processors, and the fact that your rights and interests in the protection of your personal data do not prevail, Art. 6 (1) lit. f DSGVO.

- E-commerce software providers (Shopify) - see in detail under 3.3.

- Payment service providers (Stripe, PayPal, Klarna), see in detail under 3.4.

7.3 We also process data in the case of Instagram, Shopify, PayPal and Stripe in states outside the European Economic Area ("EEA").

In order to ensure the protection of your personal rights also in the context of these data transfers, we make use of the standard contractual clauses of the EU Commission pursuant to Art. 46 (2) lit. c DSGVO when structuring the contractual relationships with the recipients in third countries. These are available at any time at http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:DE:PDF. Alternatively, you can also request these documents from us using the contact details below.

Any disclosure of personal data is justified by the fact that we have a legitimate interest in adapting our corporate form as well as the operation of our website to the economic and legal circumstances as necessary and your rights and interests in the protection of your personal data do not prevail, Art. 6 para. 1 lit. f DSGVO.

8. deletion of your data

We delete or anonymize your personal data as soon as they are no longer necessary for the purposes for which we collected or used them in accordance with the preceding paragraphs. As a rule, we store your personal data for the duration of the usage or contractual relationship via the website plus a period of 7 days, during which we keep backup copies after deletion, unless this data is required for longer for legal reasons or for criminal prosecution or to secure, assert or enforce legal claims.

If data must be retained for legal reasons, it will be blocked. The data will then no longer be available for further use.

9 Your rights as a data subject

9.1 Right to information

You have the right to receive from us at any time, upon request, information about the personal data processed by us that concerns you within the scope of Art. 15 DSGVO. For this purpose, you can submit a request by mail or e-mail to the address given above.

9.2 Right to rectify incorrect data

You have the right to request that we correct the personal data concerning you without delay if it should be incorrect. To do so, please contact us at the contact addresses given above.

9.3 Right to deletion

You have the right, under the conditions described in Art. 17 DSGVO, to demand that we delete the personal data concerning you. These conditions provide in particular for a right to erasure if the personal data is no longer necessary for the purposes for which it was collected or otherwise processed, as well as in cases of unlawful processing, the existence of an objection or the existence of an obligation to erase under Union law or the law of the Member State to which we are subject. For the period of data storage, please also see Section 9 of this Privacy Policy. To exercise your above right, please contact us at the contact addresses provided above.

9.4 Right to restriction of processing

You have the right to demand that we restrict processing in accordance with Article 18 DSGVO. This right exists in particular if the accuracy of the personal data is disputed between the user and us, for the period of time required to verify the accuracy, as well as in the event that the user requests restricted processing instead of erasure in the case of an existing right to erasure; furthermore, in the event that the data is no longer necessary for the purposes pursued by us, but the user requires it for the assertion, exercise or defense of legal claims, as well as if the successful exercise of an objection is still disputed between us and the user. To exercise your above right, please contact us at the contact addresses provided above.

9.5 Right to data portability

You have the right to obtain from us the personal data concerning you that you have provided to us in a structured, commonly used, machine-readable format in accordance with Article 20 DSGVO. To exercise your above right, please contact us at the contact addresses provided above.

9.6 Right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out, inter alia, on the basis of Art. 6(1)(e) or (f) DSGVO, in accordance with Art. 21 DSGVO. We will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

9.7 Right of complaint

You also have the right to contact a supervisory authority in case of complaints. The supervisory authority responsible for the state of Bavaria is:

State Office for Data Protection Supervision
Promenade 27 (Castle)
91522 Ansbach

poststelle@lda.bayern.de

10. data security

Within the website visit we use the widespread SSL procedure (Secure Socket Layer) in connection with the highest encryption level supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is encrypted by the closed key or lock symbol in the lower status bar of your browser.

We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

11. changes to this data protection declaration

The current version of this data protection declaration is always available at https://www.frabo.de/pages/datenschutz/.

Status: February 17, 2022