Privacy Policy

General information concerning the gathering of personal data

In the following data protection declaration, we will explain how we handle personal data which is provided to us when using our Internet presence and services.

The controller in accordance with the GDPR and other national data protection laws of the Member States and other provisions under data protection legislation is:

 

Mr Konstantin Lobbes

Via San Raffaele 1

Milan 20121

 

Email: info@lobbes.com

 

Data security

In order to protect the transfer of personal data and other confidential content, the Internet presence uses SSL and TLS encryption.

We also secure our Internet presence against the loss, destruction, access, alteration or distribution of your data by unauthorised persons by taking technical and organisational measures.

 

Data recording when visiting our Internet presence

In case of using the Internet presence merely for research or information purposes, ie should you not place an order or register, we only gather the data which is transferred to our server when you submit the request (so-called “request headers”). Should you access our website, we gather the following data which we require in order to display the website to you:

  • Name of the requested data
  • Date and time of access
  • Quantity of data transferred
  • Source from which you request originates
  • Internet browser used
  • Operating system used
  • Your current IP address

The purpose of the data processing is to ensure a disruption-free operation of the site and to improve our service. These purposes also represent our legitimate interest in the data processing in accordance with Article 6 Paragraph 1 Letter f) GDPR. The data is deleted, once it is no longer in order to attain the purpose for which it was gathered.

The recording of the data in order to provide the website and save the data in logfiles is absolutely necessary in order to operate the Internet site. As a rule, the user does not have a right of objection.

 

Hosting

Shopify

Our Internet presence is hosted by the service provider Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, Ireland. Should you place an order via our Internet presence, you are declaring your agreement to the saving and processing of your personal data by Shopify. For this purpose, your personal data will be passed on to Shopify in the United States and processed. This saving and processing of the data takes place for support purposes and to process your orders, to verify your identity, to carry out the payment process and to improve the services of Shopify. More detailed information concerning the terms of use and data protection of Shopify can be found via the following link: http://www.shopify.com/legal/privacy. Shopify, which is headquartered in the USA, has been certified under the EU-US “Privacy Shield” data protection treaty which guarantees compliance with the level of data protection which applies in the EU. The legal basis for the data processing is Article 6 Paragraph 1 Letter f) GDPR.

 

CloudFare

 We also use a so-called content delivery network (“CDN”) of the technology provider Cloudflare Inc, 101 Townsend St. San Francisco, CA 94107, USA. A content delivery network is an online services, with whose assistance large media files (such as graphics, page content or scripts) can be delivered by means of a network of regional distributors and via Internet connected servers in particular. The use of the content delivery network of Cloudfare assists us in optimising the loading speed of our website. The processing takes place in accordance with Article 6 Paragraph 1 Letter f) GDPR on the basis of our legitimate interest in a secure and efficient provision of our website, as well as improving stability and functionality. More detailed information concerning the terms and conditions of use and data protection of Cloudfare can be found via the following link: https://www.cloudflare.com/privacypolicy/. Cloudfare, which is headquartered in the USA, has been certified under the EU-US “Privacy Shield” data protection treaty which guarantees compliance with the level of data protection which applies in the EU. The legal basis for the data processing is Article 6 Paragraph 1 Letter f) GDPR.

Google Apis / jQuery

On this site, we use Ajax and jQuery technologies, by means of which the loading speeds can be optimised. In this respect, program libraries are accessed by Google servers. The CDN of Google is used. Should you have previously used jQuery on another Google site, your browser will access the copy which is stored in the cache. Should this not be applicable, a download is required, by means of which data will be passed on by your browser to Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland. Your data will be transferred to the USA. More detailed information can be found on the Internet sites of the providers. More precise information concerning the terms and conditions of use and data protection of Google can be found via the following link: https:// policies.google.com/privacy Google, which is headquartered in the USA has been certified under the EU-US “Privacy Shield” data protection treaty which guarantees compliance with the level of data protection which applies in the EU. More detailed information can be found in the data protection declaration of Google. The legal basis for the data processing is Article 6 Paragraph 1 Letter f) GDPR.

Vimeo

Plugins of the video portal Vimeo of Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA are integrated into our website. When accessing a site which contains one or more Vimeo video clips, a direct connection is established between your browser and a server of Vimeo in the USA. During this process, information concerning your visit and your IP address are saved there. By interacting with the video plugins (for example by clicking on the start button), this information is also transferred to Vimeo and saved there.

Should you hold a Vimeo user account and not wish for Vimeo to collect data relating to you via this website and to connect this with your member data saved by Vimeo, you need to log out of Vimeo before visiting this website.

The data protection declaration of Vimeo and more detailed information concerning the gathering and use of your data by Vimeo can be obtained via the following link: http://vimeo.com/privacy.

Via an iFrame in which the video is accessed, Vimeo also accesses the Google Analytics tracker which is operated by Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland. This is a tracking service which belongs to Vimeo to which we do not have access. You can prevent the tracking by Google Analytics by using the de-activation tools which Google provides for certain Internet browsers. In addition, the users can prevent the recording by Google of the data generated by Google Analytics which relates to their use of the website (including IP address), as well as the processing of this data by Google by downloading and installing the browser plugin which can be obtained via the following link: http://tools.google.com/ dlpage/gaoptout?hl=de. Vimeo, which is headquartered in the USA, has been certified under the EU-US “Privacy Shield” data protection treaty which guarantees compliance with the level of data protection which applies in the EU. More detailed information can be found in the data protection declaration of Vimeo.

 

Code Black Belt

Our Internet presence uses scripts which are hosted by the service provider Code Black Belt, Calle Coso, 35, Zaragoza, Aragon ES. In order to deliver the files, Code Black Belt uses Cloudfare as a service provider. According to its data protection declaration, Code Black Belt does not save any personal data (https:// docs.codeblackbelt.com/article/1105-is-my-customer-data-protected-what-about-gdpr). Should you have any further queries, you can contact Code Black Belt support: support@codeblackbelt.com

 

Use of the online shop

Should you place an order in our shop, you must provide personal data during the ordering process. Should personal data be gathered, this can be viewed in the respective entry fields, whereby the optional fields are labelled.

The purpose of the provision of your personal data is to fulfil and handle an order which has been placed by you. The legal basis is Article 6 Paragraph 1 Sentence 1 Letter b) GDPR.

You have the option of setting up a customer account for the purpose of using your personal data for subsequent, follow up orders, where the data which has been provided you will be saved and processed until revocation takes place. The legal basis is Article 6 Paragraph 1 Sentence 1 Letter b) GDPR.

Due to regulations under commercial law and tax laws, we are obliged to save your address, payment and order data for a period of ten years. Therefore, your data will not be fully deleted from the system,

even if the saving for the contract which has been concluded is no longer necessary. However, the processing will be limited to the minimum which is necessary. The legal basis is Article 6 Paragraph 1 Sentence 1 Letter c) GDPR.

The data which you have provided to us in the course of your order will only be used to process this. In order to process the order, we use the external service providers named below.

For the delivery of the goods, it is necessary for us to pass on your address data to our shipping companies. The shipping companies are obliged to treat your data confidentially and to only save and process this for the purpose of the delivery and must delete the data once the delivery has taken place. The legal basis for passing on of the data is Article 6 Paragraph 1 Letter b) GDPR.

For the processing of payments, your payment data will be passed on to the bank used by us and/or the respective selected payment service providers. The legal basis for passing on of the data is Article 6 Paragraph Sentence 1 Letter b) GDPR.

Your payment data will be passed on to the relevant payment service provider, depending on the payment method which you have selected. The payment service provider is responsible for your payment data. Information concerning the controller of the payment service providers and the categories of personal data which are processed by the payment service providers can be obtained via the Internet addresses provided below:

 Klarna

When selecting a Klarna payment service, the payment is handled via g Klarna Bank AB (publ) [https://www.klarna.com/de], Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter”Klarna“). In order to process the payment, your personal data (first name and surname, road, house number, postcode, town/city, gender, email address, telephone number and IP address) and data which is connected to the order (for example invoice sum, item, type of delivery) will be passed on to Klarna for the purpose of checking your identity and your creditworthiness states, provided that you have expressly agreed to service within the framework of the ordering process in accordance with Article 6 Paragraph 1 Letter a) GDPR. You can find information here concerning the credit agencies to which your data is passed on during this process: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/ credit_rating_agencies The creditworthiness information can contain probability values (so-called score values). Should score values be included in the result of the creditworthiness information, the basis of these is a scientifically recognised mathematical statistical procedure. When calculating the score values, address data is included, but not exclusively. The information concerning the statistical likelihood of failure to make payment is used by Klarna to take a balanced decision concerning entering into, performing or terminating the contractual relationship. You can revoke your consent at any time by sending a message to the person responsible for the data processing or to Klarna. However, Klarna may remain entitled to process your personal data, should this be necessary to handle the payment process in accordance with the contract. Your personal data will be handled in accordance with the applicable data processing provisions and the details provided in the data protection provisions of Klarna for data subjects located in Germany (https://cdn.klarna.com/1.0/shared/content/legal/terms/0/ de_de/privacy ) and for data subjects located in Austria (https://cdn.klarna.com/ 1.0/shared/content/legal/terms/0/de_at/privacy).

PayPal

In case of payment via PayPal, credit card via PayPal, direct debit via PayPal or “payment on invoicing” or “payment by instalments” via PayPal (where offered), we pass your payment details on to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as "PayPal") in the course of the payment process. The passing on of your payment details takes place in accordance with Section 6 Paragraph 1 Letter b) GDPR and only to the extent that is necessary in order to process the payment. For the payment methods credit card via PayPal, direct debit via PayPal or “payment on invoicing” or “payment by instalments” via PayPal (where offered), PayPal reserves the right to obtain a creditworthiness report. For this purpose, you payment data may be passed on to credit agencies by PayPal in order to verify your payment capability in accordance with its legitimate interest under Article 6 Paragraph 1 Letter f) GDPR. The results of the creditworthiness check in relation to the statistical likelihood of you failing to make payment are used by PayPal in order to take a decision concerning the provision of the respective payment method. The creditworthiness information can contain probability values (so-called score values). Should score values be included in the result of the creditworthiness information, the basis of these is a scientifically recognised mathematical statistical procedure. When calculating the score values, address data is included, but not exclusively. Further data protection legislation related information, in particular the credit agencies which are used, can be found in the data protection declaration of PayPal: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

 You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may remain entitled to process your personal data, should this be necessary to handle the payment process in accordance with the contract.

 

SOFORT

Should you select the “SOFORT” payment method, the payment is handled by the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter ”SOFORT”), to whom we will pass on the information provided during the ordering process and the information relating to your order in accordance with Article 6 Paragraph 1 Letter b) GDPR.  Sofort GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). The disclosure of your data takes place exclusively in order to process the payment with the payment service provider SOFORT and only to the extent which is necessary for this purpose. Via the following link, you can obtain further information concerning the data protection provisions of SOFORT: https:// www.klarna.com/sofort/datenschutz.

 

Amazon Pay

Should you select the “Amazon Pay” payment method, the payment is handled by the payment service provider Amazon Payments Europe s.c.a., 5 Rue Plaetis, L-2338 Luxembourg (hereinafter referred to as “Amazon Payments") to whom we will pass on the information provided during the ordering process and the information relating to your order in accordance with Article 6 Paragraph 1 Letter b) GDPR.  The disclosure of your data takes place exclusively in order to process the payment with the payment service provider Amazon Payments and only to the extent which is necessary for this purpose. Via the following link, you can find further information

concerning the data protection provisions of Amazon Payments: https:// pay.amazon.com/de/help/201751600

 

Getting in touch by email and contact form

In the course of you getting in touch by email or via the contact form in our Internet presence, personal data will be gathered and saved by us.

Our Internet site contains a contact form, which can be used to get in touch with us electronically. Should you make use of this option, the data entered in the entry mask is transferred to us and saved. This data includes:

  • First name
  • Surname
  • Telephone number
  • Address
  • Email address

At the time of sending the message, the following data is also saved:

  • IP address
  • Date and time of getting in touch

No data is passed on to third parties during this process. The data is only used in order to process the conversation. The legal basis for the processing of the data which is transferred in the course of the contact initiation via the form is Article 6 Paragraph 1 Letter f) GDPR.

Should the purpose of the contact initiation be the conclusion of a contract, the additional legal basis for the processing is Article 6 Paragraph 1 Letter b) GDPR. The sole purpose of the processing of the personal data from the entry mask is to allow us to process the contact with you.

The purpose of the other personal data which is processed during the sending process is to prevent misuse of the contact form and to ensure the security of our IT systems. The data is deleted, once it is no longer in order to attain the purpose for which it was gathered.

For the personal data from the entry mask of the contact form, this is then the case once the conversation with you has come to an end. The conversation is at an end when it is clear from the circumstances that the matter at hand has been fully and finally clarified.

The additional personal data which is gathered during the sending process is deleted after a maximum period of seven days.

 

Newsletter

Should you have ordered a newsletter or agreed to the sending of the newsletter, you will be sent product offers and information. By registering for the newsletter, you are declaring your agreement that you purchasing behaviour on the Internet site will be evaluated, so that we can send you information which is tailored to your needs. For this purpose, your personal data will be passed on to Omnisend Limited, Unit a3, Gateway Tower, 32 Western Gateway, London E16 1YL. Should you no longer wish to receive the newsletter, you can

object to the receipt at any time with effect for the future. For this purpose, you can click on the link contained in the newsletter or send your objection to us by email to the following address: info@lobbes.com

 

Cookies

We use cookies on our site. These are small files which are automatically generated by your browser and which are saved on your end device (laptop, tablet, smartphone etc) when you visit our site. Cookies do not cause any damage to your end device and do not contain any viruses, trojan horses or other malicious software.

Information which is connected to the end device which is being specifically used is stored in the cookie. However, this does not mean that we obtain direct knowledge of your identity as a result.

On the one hand, the purpose of the use of cookies is to make the use of our service more pleasant for you. Therefore, we use so-called session cookies in order to recognise that you have already visited individual pages of our website. These are automatically deleted when you leave our site.

 In order to optimise user friendliness, we also use temporary cookies, which are saved on your end device for a specified period of time. Should you visit our site again in order to use our services, it is automatically recognised that you have already visited us and what entries you made and what settings you chose, which means that you do not need to enter these once again.

On the other hand, we use cookies to statistically record the use of our website and to optimise our service for you, as well as to carry out evaluations. These cookies enable us to automatically recognise that you have already visited us, next time you access our site. These cookies are automatically deleted after a defined period of time.

The data which is processed by the cookies is necessary for the named purposes of safeguarding our legitimate interests and those of third parties in accordance with Article 6 Paragraph 1 Sentence 1 Letter f GDPR.

Most browsers automatically accept cookies. However, you can configure your browser in such a way that no cookies are saved on your computer or a notice appears before a new cookies is set. However, should you fully de-activate cookies, this may mean that you cannot use all of the functions of our website.

 

 

Duration of the saving of cookies:

Cookies are saved on the computer of the user and transferred from here to our site. Therefore, you as the user have full control over the use of cookies. By changing the settings in your Internet browser, you can de-activate or restrict the sending of cookies. Cookies which have already been saved can be deleted at any time. This can also take place automatically. Should cookies be de-activated for our website, it is possible that you will no longer be able to fully use all of the functions of the website.

Rights of data subjects

Right of information

You have the right to request information concerning your personal data which is processed by us. In particular, you can request information concerning the purposes of the processing, the category of personal data, the category of recipients to whom you data has been or is being disclosed, the planned saving duration, the existence of a right of rectification or erasure, the right to have the processing restricted or to raise an objection, the existence of a right to make a complaint, the origin of your data (should this not have been gathered by us) and the right to be informed of automated decision making (including profiling) and, where applicable, the right to request detailed information concerning the specifics (Article 15 GDPR). In case of disproportionately high expense, we reserve the right to request ID from you, as well as payment of the actual costs which are incurred.

  • The right to request the correction of incomplete personal data relating to you which is saved by us and the right to have this data completed (Article 16 GDPR).
  • The right to request the erasure of your personal data which is saved by us, unless the processing is necessary to claim the right of information and freedom to express an opinion, to fulfil a legal obligation, for reasons connected to the public interest or in order to assert, exercise or defend legal claims (Article 17 GDPR).
  • The right to request that the processing of your personal data be restricted, should the correctness of the data be disputed by you, should the processing be unlawful but you reject its erasure and we no longer require the data, however you require it in order to assert, exercise or defend legal claims or you have raised an objection against the processing in accordance with Article 21 GDPR (Article 18 GDPR).
  • The right to request receipt of your personal data which you have provided to us in a structured, up-to-date and machine readable format or to request transfer to another controller (Article 20 GDPR).
  • The right to revoke at any time the consent which you have issued to us. This will mean that we may not continue the data processing on which this consent was based in the future (Article 7 Paragraph 3 GDPR).
  • The right to complain to a supervisory authority (Article 77 GDPR). Regardless of other legal remedies under administrative laws or before a court, you have the right to complain to a supervisory authority, in particular in the Member State of your place of residence, place of employment or location of the alleged breach, should you be of the opinion that the processing of the personal data relating to you breaches the GDPR. The supervisory authority to which the complaint was sent will inform the complainant of the status and result of the complaint, including the option of legal redress before a court in accordance with Article 78 GDPR.

Should you wish to claim your right of revocation or objection, it suffices to send an e-mail to info@lobbes.com

Right to complain to a supervisory authority in accordance with Article 77 Paragraph 1 GDPR

Should you suspect that your data is being processed unlawfully on our site,

it goes without saying that you can have the matter clarified by a court.

You also have all other legal options open to you.

Regardless of the above, you have the option of contacting a supervisory authority in accordance with Article 77 Paragraph 1 GDPR.

The right to complain in accordance with Article 77 GDPR is open to you in the EU Member State of your place of residence, place of employment and/or the location of the alleged breach.

This means, you can choose to contact the supervisory authority for the locations named above.

The supervisory authority to which the complaint was sent will then inform you of the status and result of the complaint, including the option of legal redress before a court in accordance with Article 78 GDPR.

 

Adjustments to the data protection declaration

This declaration will be updated from time to time.

 We endeavour to incorporate all changes to the data processing into the data protection declaration as quickly as possible, so as to provide you with up-to-date information concerning the processing of your data.