The contact details of the company:
S&R Eisenmann GmbH
Phone: +49 7150 9574-0
Fax: +49 7150 9574-120
Managing Director: Marcel Brinkwirth
Data protection officer:
We are very pleased about your interest in our company. Data protection is of a particularly high priority for the management of S&R Eisenmann GmbH. The use of the Internet pages of the S&R Eisenmann GmbH is possible without any indication of personal data. However, if a data subject wants to use special services of our enterprise via our website, processing of personal data could become necessary. If processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain the consent of the data subject.
The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the country-specific data protection regulations applicable to the S&R Eisenmann GmbH. By means of this data protection declaration, our company would like to inform the public about the nature, scope and purpose of the personal data collected, used and processed by us. Furthermore, data subjects are informed of their rights by means of this data protection declaration.
As the data controller, the S&R Eisenmann GmbH has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, Internet-based data transmissions can in principle exhibit security vulnerabilities, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.
- Information about us as data controller
- Information on data processing
- Your rights as a data subject
The data protection declaration of the S&R Eisenmann GmbH is based on the terms used by the European Directive and Ordinance when issuing the Data Protection Regulation (GDPR). Our data protection declaration should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.
- a) personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- b) data subject
Data subject means any identified or identifiable natural person whose personal data are processed by the data controller.
- c) Processing
Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.
- e) Profiling
Profiling is any type of automated processing of personal data that consists of using such personal data to evaluate certain personal aspects relating to a natural person / data subject, in particular to analyze or predict aspects relating to that natural person's job performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.
- f) Pseudonymization
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separate and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person / data subject.
- g) Accountability or data controller
The controller or data processor is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the data controller or the specific criteria for its designation may be provided for under Union or Member State law.
- h) Data processor
Data processor is a natural person / legal entity, public authority, agency or other body that processes personal data on behalf of the data controller.
- i) Recipient
Recipient means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigation mandate under Union or Member State law shall not be considered as recipients.
- j) Third
Third party means a natural or legal person, public authority, agency or other body other than the data subject, the data controller, the data processor and the persons authorized to process the personal data under the direct accountability of the data controller or the data processor.
- k) Consent
Consent shall mean any freely given indication of the data subject's wishes for a specific case in an informed and unambiguous manner, in the form of a declaration or any other unambiguous affirmative act by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.
2. Information about us as data controller
a) Name and address of the data controller
The data controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:
S&R Eisenmann GmbH
Phone: +49 7150 9574-0
Fax: +49 7150 9574-120
b) Name and address of the data protection officer
The data protection officer of the data controller is:
Any data subject may contact our data protection officer directly at any time with any questions or suggestions regarding data protection.
3. Data processing information
a) Session cookies / session cookies
You can set your browser so that you are informed about the setting of cookies and decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general.
The Telecommunications Telemedia Data Protection Act (TTDSG) only permits the storage of information on a user's terminal device if this is technically necessary or if the consent of the website visitor has otherwise been obtained (cf. §25 TTDSG).
Technically necessary cookies are used, for example, to maintain the selected language on multilingual websites, to provide a shopping cart function in online stores, or to store information about whether a user has consented to the setting of cookies.
The legal basis for the setting of functional cookies is Art. 6 para. 1 lit. f) GDPR: Our legitimate interest lies in the improvement of the functionality of our website or in the fact that we can offer you the desired service at all.
Session cookies are deleted again when the browser is closed.
b) Third-party cookies
If you give us your consent via the Consent Management Tool used, we use further services through which a processing of your personal data takes place. This also allows technically unnecessary cookies to be stored and read in your browser.
The legal basis in this case is Art. 6 para. 1 lit. a) GDPR.
If cookies are used by third-party providers with whom we cooperate for the purpose of advertising, analysis or the functionalities of our website, we will inform you below about the respective data processing.
You can prevent the setting of cookies by our website at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all common internet browsers.
Collection of general data and information (server log files)
The website of the S&R Eisenmann GmbH collects a series of general data and information with each call-up of the website by a data subject or automated system. This general data and information is stored in the log files of the server. The following data may be collected: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-websites that are accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) other similar data and information that serve to avert danger in the event of attacks on our information technology systems.
This is necessary to display our website and to ensure stability and security. This corresponds to our legitimate interest within the meaning of Art. 6 para. 1 p. 1 lit. f GDPR.
We use the following hoster for the provision of our website.
Mittwald CM Service GmbH & Co KG
Königsberger Street 4-6
This is the recipient of your personal data and acts as a data processor for us. The server is located in Germany and therefore also falls under the law of the GDPR.
You have the right to object to the processing. Whether the objection is successful is to be determined in the context of a balancing of interests.
The data will be deleted after 14 days.
The processing of the data provided under this section is not required by law or contract. The functionality of the website is not guaranteed without the processing.
When using these general data and information, the S&R Eisenmann GmbH does not draw any conclusions about the data subject. Rather, this information is needed (1) to deliver the content of our website correctly, (2) to optimize the content of our website and the advertising for it, (3) to ensure the long-term functionality of our information technology systems and the technology of our website, and (4) to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack. Therefore, the S&R Eisenmann GmbH analyzes anonymously collected data and information on one hand, and on the other hand, with the aim of increasing the data protection and data security of our enterprise so that we can ultimately ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from any personal data submitted by a data subject.
Contact option via the website (contact form)
On the website of S&R Eisenmann GmbH, we provide a contact form that allows you to easily contact us. If you contact us via this contact form or by other means, e.g. by e-mail, the personal data transmitted to us will be stored automatically. Such personal data transmitted by you on a voluntary basis will be stored for the purpose of processing or contacting the data subject.
In the contact form, we only collect the most necessary information such as name, e-mail address and your request in order to process your request and contact you. This personal data is not passed on to third parties.
The legal basis for this processing is Art. 6 para. 1 lit. b) GDPR.
Your data will be deleted if your inquiry has been answered conclusively and the erasure does not conflict with any legal obligations to retain data, e.g. in the case of subsequent contract processing.
Linking social media via graphic or text link
We also promote presences on the social networks listed below on our website. The integration takes place via a linked graphic of the respective network. The use of this linked graphic prevents a connection to the respective server of the social network from being automatically established when a website with a social media advertisement is called up in order to display a graphic of the respective network itself. Only by clicking on the corresponding graphic will the user be redirected to the service of the respective social network.
After the user has been forwarded, information about the user is collected by the respective network. It cannot be ruled out that the data collected in this way is processed in the USA.
This is initially data such as IP address, date, time and page visited. If the user is logged into his user account of the respective network during this time, the network operator may be able to assign the collected information of the specific visit of the user to the personal account of the user. If the user interacts via a "Share" button of the respective network, this information can be stored in the user's personal user account and may be published. If the user wants to prevent the collected information from being directly assigned to his user account, he must log out before clicking on the graphic. In addition, it is possible to configure the respective user account accordingly.
The following social networks are integrated into our site by linking:
Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA.
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA
Please note that Instagram is a product of Meta Platforms Ireland Ltd. For ease of reading and understanding, the brand "Instagram" is always referred to below when Meta is meant as a co-responsible party.
Meta Platforms Ireland Ltd.
4 Grand Canal Square
To assert data subject rights against Instagram, users follow this link: https://help.instagram.com/contact/1845713985721890
Plugins and tools
Open Street Map
For directions, we use OpenStreetMap, a service of the OpenStreetMap Foundation, St John's Innovation Centre, Cowley Road, Cambridge, CB 4 0 WS, United Kingdom, hereinafter referred to only as "OpenStreetMap".
When you call up one of our web pages in which the OpenStreetMap service is integrated, OpenStreetMap stores a cookie on your end device via your Internet browser. This processes your user settings and user data for the purpose of displaying the page or to ensure the functionality of the OpenStreetMap service. Through this processing, OpenStreetMap can recognize from which Internet page your request was sent and to which IP address the display of the directions should be transmitted.
The legal basis is Art. 6 para. 1 lit. a) GDPR. You consent to the processing by giving your consent to the cookies.
If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your Internet browser.
OpenStreetMap offers under
for further information on the collection and use of data and on your rights and options for protecting your privacy.
An adequacy decision exists for the transfer of data to the United Kingdom.
We operate our online store via the self-hosted e-commerce platform Shopware. There are no transfers of personal data to the provider of the platform, Shopware AG.
When you add products to the shopping cart and place an order, we collect personal data from you. The purpose of processing your data is the operation of the online store, the processing of your orders and requests and ensuring the security of our online store.
Legal basis: Art. 6 para. 1 letter b GDPR.
The following categories of data are processed:
- Master data
- Contact details
- Username and password
- Contract data
- Content data
- Connection data
- Payment data
When registering a customer account, we save your data so that you do not have to enter them again when ordering again and only have to log in.
Recipients of the data: Payment service provider, trading partner if applicable, IT service provider in the context of hosting and maintenance of the systems.
In some countries we can only offer you our products through exclusive dealers. If you provide a delivery address in one of these countries, we will inform you during the order process about the possibility to forward your request to our respective exclusive dealer in your country.
We would like to point out that the forwarding of your shopping cart results in the transfer of personal data to a third country, in which the protection of your data and your rights as a data subject according to the GDPR cannot be guaranteed. By your active transmission, you consent to the forwarding. In this case, the legal basis is your express consent (Art. 6 para. 1 letter a GDPR. ). If you do not wish to consent to this data transmission, you can cancel the order.
Payment service provider
We offer the option to process the payment transaction via the payment service provider PayPal (PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg). This is in line with our legitimate interest in offering an efficient and secure payment method (Art. 6 para. 1 lit. f GDPR). In this context, we share the following data with PayPal to the extent necessary for the performance of a contract (Art. 6 para. 1 lit. b. GDPR).
- First name
- Last name
- E-mail address
- Phone number
The processing of the data provided under this section is not required by law or contract. Without the transmission of your personal data, we cannot carry out a payment via PayPal. It is possible for you to choose another payment method.
PayPal conducts a credit check for various services such as payment by direct debit in order to ensure your willingness and ability to pay. This corresponds to the legitimate interest of PayPal (according to Art. 6 para. 1 lit. f GDPR) and serves the execution of the contract (according to Art. 6 para. 1 lit. b GDPR). For this purpose, your data (name, address and date of birth, bank account details) will be passed on to credit agencies. We have no influence on this process and only receive the result whether the payment has been made or rejected or a check is pending.
You can find more information on objection and removal options vis-à-vis PayPal at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Your data will be stored until the completion of the payment processing. This also includes the period required for the processing of refunds, claims management and fraud prevention.
Checking creditworthiness and scoring
Insofar as we offer you the principle option of payment by invoice within the scope of our range of goods and you make use of this option, we reserve the right to obtain a credit report from a credit agency (such as Creditreform, Schufa, Bürgel or infoscore) on the basis of mathematical-statistical procedures. For this purpose, your data, insofar as they are relevant to the contract, such as your name and address, will be forwarded to the credit agency. We use the subsequent information about the statistical probability of non-payment for our decision whether to offer you payment by invoice.
The legal basis for this processing is our legitimate interest in the default security of the claim against you pursuant to Art. 6 para. 1 lit. f) GDPR.
Integration of the Trusted Shops trustbadge / other widgets
Trusted Shops widgets are integrated on this website to display Trusted Shops services (e.g. seal of approval, collected ratings) and to offer Trusted Shops products to buyers after they have placed an order.
This serves to protect our legitimate interests in optimal marketing by enabling secure shopping in accordance with Art. 6 (1) p. 1 lit. f GDPR, which prevail in the context of a balancing of interests. The Trustbadge and the services advertised with it are an offer of Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, Germany, with whom we are jointly the data controller pursuant to Art. 26 GDPR. Within the scope of this data protection notice, we inform you in the following about the essential contractual contents according to Art. 26 para. 2 GDPR.
When the Trustbadge is called up, the web server automatically saves a so-called server log file, which also contains your IP address, the date and time of the call-up, the amount of data transferred and the requesting provider (access data) and documents the call-up. The IP address is anonymized immediately after collection so that the stored data cannot be assigned to your person. The anonymized data is used in particular for statistical purposes and for error analysis.
After order completion, your email address, which is hashed by cryptological one-way function, is transmitted to Trusted Shops GmbH. The legal basis is Art. 6 para. 1 p. 1 lit. f GDPR. This serves to check whether you are already registered for services with Trusted Shops GmbH and is therefore necessary for the fulfillment of our and Trusted Shops' overriding legitimate interests in the provision of the buyer protection linked to the specific order in each case and the transactional evaluation services pursuant to Art. 6 (1) p. 1 lit. f GDPR. If this is the case, further processing will be carried out in accordance with the contractual agreement between you and Trusted Shops. If you have not yet registered for the services, you will be given the opportunity to do so for the first time. Further processing after registration also depends on the contractual agreement with Trusted Shops GmbH. If you do not register, all transmitted data will be automatically deleted by Trusted Shops GmbH and a personal reference is then no longer possible.
Trusted Shops uses service providers in the areas of hosting, monitoring and logging. The legal basis is Art. 6 para. 1 lit. f GDPR for the purpose of ensuring trouble-free operation. Processing may take place in third countries (USA and Israel). An adequate level of data protection is ensured in the case of the USA by standard data protection clauses and further contractual measures, and in the case of Israel by an adequacy decision.
Within the scope of the joint accountability between us and Trusted Shops GmbH, you should preferably contact Trusted Shops GmbH with data protection questions and to assert your rights, using the contact options provided in the data protection information linked above. Irrespective of this, however, you can always contact the data controller of your choice. Your inquiry will then, if necessary, be passed on to the other data controller for a response.
Routine erasure and blocking of personal data
The data controller shall process and store personal data of the data subject only for the time necessary to achieve the purpose of storage or where provided for by the European Directive and Regulation or other legislator in laws or regulations to which the data controller is subject.
If the purpose of storage no longer applies or if a storage period prescribed by the European Directive and Regulation or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.
4. Your rights as a data subject
With regard to the data processing described above, users and data subjects have the right to
- to confirmation as to whether data concerning them is being processed, to information about the data being processed, to further information about the data processing and to copies of the data (cf. also Art. 15 GDPR);
- to correct or complete incorrect or incomplete data (cf. also Art. 16 GDPR);
- to erasure of the data concerning them without delay (cf. also Art. 17 GDPR), or, alternatively, insofar as further processing is required pursuant to Art. 17 (3) GDPR, to restriction of processing in accordance with Art. 18 GDPR;
- to receive the data concerning them and provided by them and to transfer this data to other providers/controllers (cf. also Art. 20 GDPR);
- to lodge a complaint with the supervisor authority if they are of the opinion that the data concerning them is being processed by the provider in breach of data protection provisions (cf. also Art. 77 GDPR).
In addition, the Provider is obliged to inform all recipients to whom data has been disclosed by the Provider about any correction or erasure of data or restriction of processing that takes place on the basis of Articles 16, 17 (1), 18 GDPR. However, this obligation does not exist insofar as this notification is impossible or involves a disproportionate effort. Notwithstanding the above, the user has a right of access to these recipients.
Likewise, users and data subjects have the right to object to the future processing of data concerning them in accordance with Article 21 of the GDPR, provided that the data is processed by the provider in accordance with Article 6 (1) (f) of the GDPR. In particular, an objection to data processing for the purpose of direct marketing is admissible. Please note that an objection only affects the data processed in the future.
Duration for which the personal data are stored
The criterion for the duration of storage of personal data is the respective statutory retention period or, in the case of storage based on your consent, the duration until your revocation. After expiry of the period, the corresponding data is routinely deleted, provided that it is no longer required for the performance of a contract or the initiation of a contract.
Legal or contractual requirements to provide the personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of non-provision
We would like to inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner). Sometimes, in order to conclude a contract, it may be necessary for a data subject to provide us with personal data that must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with him or her. Failure to provide the personal data would mean that the contract with the data subject could not be concluded. Before providing personal data by the data subject, the data subject must contact one of our employees. Our employee will explain to the data subject on a case-by-case basis whether the provision of the personal data is required by law or by contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data, and what the consequences of not providing the personal data would be.
Existence of automated decision making
As a responsible company, we do not use automatic decision-making or profiling.