Privacy Statement

V 05/2018

Protecting your privacy is very important to us. For BUYXESS is guarding the information and data entrusted to us part of our corporate responsibility. We adhere strictly to the statutory provisions when processing your personal data, and provide you detailed information about how we handle your data.

1   Who is responsible for processing your data?

Responsible for data processing during your visit to this website, for contractual performance and services is BUYXESS, Administration, Eisenstraße 23, 50825 Köln. You can contact our Data Protection Officer by post at the address stated above, attn.: Data Protection Officer.

2   When do we collect data about you?

To a limited extend, we collect data in order to accept and process your orders and to send you offers that reflect your needs. The provider of the website automatically collects and stores information in so called server-log-files, that your browser automatically transmits to us These are:

  • browser type and browser version
  • used operating system
  • referrer URL
  • host name of accessing system
  • Time of Server inquiry
  • IP Adress

These data will not be combined with data from other sources. The basis for data processing is Art. 6 (1) (f) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.

You can visit our web pages without providing personal details. We save technical access data in server log files, e.g. the name of the requested file, the data and time of access, the data volume transferred and the Internet service provider. This data is used exclusively to ensure smooth operation of the website and to improve our offering.

We collect personal information in particular on this website

  • when you use our contact and service enquiry form
  • when you contact us by email
  • when you place an order
  • when you register a personal customer account

The individual input forms state which information is collected. We use the data you provide for contractual performance, to provide the services and to process your enquiries.

3 How do we use the data?

3.1     For the performance of contractual obligations (Art. 6 Paragraph 1 Point b GDPR): In doing so we treat your data responsibly. In particular, BUYXESS uses your data to

  • process your service enquiry
  • fulfil your inquiries and orders

Where it is necessary for the delivery of ordered products, we will pass on your data to the transport company entrusted with shipping for the purpose of contractual performance. Depending on the payment service provider you select in the order process, we will pass on the payment data collected for the fulfilment of payment to the banking institution authorised for payment or to the payment service provider, i. e. the payment service, commissioned by us. In some cases the selected payment service providers will collect this data themselves when you register an account with them. In this case you will be requested to log in to the payment services provider during the order process. The Privacy Policy of the particular payment service provider will apply in these cases.

3.2     Through balancing of legitimate interests (Art. 6 Paragraph 1 Point f GDPR): We are also entitled to use your data where it is necessary for the purposes of our legitimate, usually commercial, interests or the legitimate interests of third parties, whereby we will process the data in a pseudonymised or anonymised form where possible. This takes place for the following purposes:

  • to monitor and improve the efficiency and legal compliance of business processes
  • to monitor, optimise and enhance services and products
  • to check creditworthiness
  • to conduct advertising, as well as for market and opinion research
  • to guarantee the security and operability of our IT systems
  • to detect, prevent and clarify criminal acts
  • to exercise legal claims and for defence in legal disputes

3.3     Based on your consent (Art. 6 Paragraph 1 Point a GDPR): Where you have given consent to the processing of your data, processing shall be lawful on the basis of consent in each case. This applies in particular to any consent you provide to contact for advertising purposes by telephone or email.

You are entitled to revoke your consent at any time, effective for the future.

3.4     For the fulfilment of legal obligations (Art. 6 Paragraph 1 Point c GDPR): We are required to comply with a number of legal obligations, e. g. statutory retention periods for business records and provisions under export law.

4   Transfer of your data

Where it is necessary to commission the services of external providers (hosting providers, shipping services, etc.) for the operation of this website or for performances, the respective enterprise will only receive your data in the scope that is necessary for the fulfilment of their task and function.

Where this service provider process your data outside of the European Union, your data may be transferred to a country that does not uphold the same data protection standards as the European Union. We ensure in these cases that the recipient of your data is required by contract or by other means to adhere to a data protection standard equivalent to that of the European Union.

5   How do we use your data for postal advertising?

Insofar as it is permitted by law, we reserve the right to process your data for the purpose of direct postal advertising, even without your consent. This includes the analysis of your data (e.g. master data, order data, access data) to identify your potential interest in our products and services. Analysis is conducted using statistical methods based on current customer data and generally available insight into our customers. The results are used to contact you in a targeted manner to reflect your needs and to send you relevant offerings.

You are entitled to object to the processing of your data for this form of advertising at any time. This applies also to profiling insofar as it is associated with this form of direct advertising. You may send your objection to the contact details above.

6   When does BUYXESS conduct creditworthiness and score checks?

Where BUYXESS incurs costs in advance, e. g. in the case of ordering on account, we reserve the right, for the protection of our legitimate interests, to obtain an identity and creditworthiness check from a specialised services company (credit agencies), i. e. to predicate the agreement to certain terms of payment on the completion of a creditworthiness check. The creditworthiness information may contain probability values (score values) that are calculated according to scientifically substantiated, mathematical and statistical methods and whose calculation may involve the inclusion of other address data. We use the information we receive on the statistical probability of payment default to make a balanced decision on the establishment, execution or termination of the contractual relationship. Your legitimate interests are considered in accordance with the statutory provisions.

7   Why does this website use cookies?

We use cookies on some pages to make your visit to our website more attractive and to enable the use of certain functions. Cookies are small text files that are placed on your device. Some of the cookies we use are deleted at the end of your browser session, so when you close the browser (session cookies). Other cookies remain on your device and allow us to recognise your browser on your next visit (persistent cookies). You can adjust your browser settings to receive an alert when a cookie is placed and to decide individually whether to accept, to accept cookies only in certain cases or to block cookies altogether. You may not be able to use all of the website functions if you block cookies.

Most browsers (refer to the help tab in the browser taskbar) can be adjusted to block new cookies, to send you an alert when a new cookie is placed or to disable all cookies you have received. Refer to the operating instructions of your smartphone, tablet and other mobile or stationary devices to learn more about adjusting your settings.

We advise you nevertheless to accept the cookie function completely, as we are only able to improve our web pages to suit your needs through the use of cookies. Our cookies do not store sensitive data like passwords, credit card data or similar. They do not damage your device and do not contain viruses.

Cookies that are necessary for the purpose of electronic communication or to provide certain functions requested by you are placed on your device on the basis of Art. 6 Paragraph 1 Point f GDPR. The website operator has a legitimate interest in placing cookies on your device for the purpose of error-free and optimised provision of its services. Where other cookies (e. g. cookies to analyse your Internet habits) are placed on your device, they are dealt with separately in this Privacy Policy.

8  Which web analysis services do we use, and why?

This website uses Google (Universal) Analytics, a web analytics service provided by Google, Inc. (www.google.de). Google (Universal) Analytics uses “cookies”, which are text files placed on your computer, and other methods to help the website analyse how you use the site. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States. In case IP anonymisation is activated on this website, your IP address will be truncated by Google within the area of Member States of the European Union or in other countries which are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the United States and truncated there. The IP address transferred by your browser during the use of Google Analytics will not be associated with any other data held by Google. You can prevent the collection of data generated by the cookie and related to the usage of the website (including your IP address) and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de

In addition to the browser plug-in, you can also opt out from being tracked by Google Analytics in future by this link:

https://adssettings.google.com

By doing so, an opt-out cookie will be placed on your device. You must click on the link again to delete your cookies.

Google Analytics cookies are placed on your device on the basis of Art. 6 Paragraph 1 Point f GDPR. We have a legitimate interest in the analysis of user habits in order to optimise our web services and our advertising content.

9   Which Social Plugin are we using?

On our website we offer you the possibility of using “Social-Media-Buttons”. These buttons are only included on the website as a graphic with a link to the corresponding website of the button provider. By clicking on the icon you will be directed to the services of the relevant provider. Only then will your data be sent to the respective providers. If you do not click on the icon, there is no exchange between you and the providers of the social media buttons. Information about the collection and use of your data in the social networks can be found in the terms of use of the respective providers. We have integrated the social media buttons of the following companies on our website:

Facebook Inc. (1601 S. California Ave – Palo Alto – CA 94304 – USA)

Twitter Inc. (795 Folsom St. – Suite 600 – San Francisco – CA 94107 – USA)

Google Plus/Google Inc. (1600 Amphitheatre Parkway – Mountain View – CA 94043 – USA)

10 When is your data erased?

Your data is blocked for further use after complete performance of the contract or deletion of your customer account; the data is erased after the end of the retention period required under fiscal or commercial law, except where you have provided explicit consent for the continued use of your data or we have reserved the right to continue using your data in a lawful manner and have informed you in this Privacy Policy. You may delete your customer account at any time, either by sending a message to the contact address above or by using the relevant function in your customer account.

11 Which data protection rights do you have?

In your dealings with BUYXESS, you have a right, provided the legal requirements are satisfied in each case, to information (Art. 15 GDPR), rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction of processing (Art. 18 GDPR) and data portability (Art. 20 GDPR). You also have the right to lodge a complaint with a supervisory authority responsible for data protection (Art. 77 GDPR).

Where you have grated consent to BUYXESS, you may revoke this consent at any time, effective for the future, by contact form, email or letter. For the contact details see e. g. 1 or imprint.

Where BUYXESS processes your data based on the balancing of legitimate interests, you are entitled to object to the processing. Once you have raised your objection, your data will no longer be processed, unless we can prove that processing is based on compelling legitimate reasons that override your interests, rights or freedoms, or the processing is necessary for the establishment, exercise or defence of legal claims.