General information on data protection
You may wonder what the term “personal data” actually means. This is information that can be traced back to a specific person. It includes, for example, the following components:
- E-mail address
- Phone number
- Websites visited etc.
Atelier ÉQLA GmbH processes such data when permitted by law. The legal basis for this is Art. 6 GDPR. This in turn presupposes that either the data subject has consented to the processing of their personal data (this may apply for one or more specific purposes), that this is necessary to fulfil a contract or to carry out pre-contractual measures, or that it is necessary to safeguard the legitimate interests of the data controller or of a third party. Nevertheless, the main objective is to safeguard the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.
Where do we get your data? Usually it’s quite simple: you share it with us. Maybe you enter it during the transaction or in a contact form. You are fundamentally free to choose whether to enter personal or business data (e-mail addresses, names, addresses) on our website. Other purely technical data is automatically collected by our IT systems as soon as you access our website. This includes, for example, the time you visit the site or the Internet browser used.
Purposes of data processing
We aim to improve our service for you. That is why we use your data for more than just processing your specific purchase from Atelier ÈQLA. We also seek to analyse your user behaviour on the basis of your input. This is the only way we can optimally design and continuously improve our website for you.
Duration of data storage
Atelier ÉQLA only stores information for a certain period of time. Did you order something from us? Then the tax and commercial law retention periods apply: we must legally store order-related data and the associated addresses for 10 years. Your data that we have stored for marketing purposes will be deleted if you request us to do so, if you revoke your consent to storage or if the purpose for data storage no longer applies.
Your data protection rights
By law, you are always in control of your data. This means specifically:
– You can request information about your data.
– You can have your data rectified or erased.
– You can restrict the processing and portability of your data.
– You can object to the storage and use of your data.
– If you have given your consent under data protection law, you can revoke it.
– You can lodge a complaint with the relevant regulatory authority.
What does this mean in detail?
Right to be informed
Would you like to know whether we process your personal data and what that data is? We are obliged to provide you with information free of charge, and of course we are happy to do so. You can even get a copy of the data. You are also entitled to the following information:
- The purposes of the processing.
- The categories of personal data processed.
- The recipients or categories of recipients to whom the personal data have been or will be disclosed. This applies in particular to recipients in third countries or at international organisations.
- If possible, the intended duration of the storage of your personal data. If this information is not available, we will tell you the criteria by which this duration will be determined.
- If the personal data is not collected from you, we will inform you – wherever possible – of the source of the data.
- The existence of automated decision-making, including profiling, referred to in Art. 22 (1) and (4) GDPR, and – at least in those cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
If personal data is transferred to a third country, you can request suitable guarantees in accordance with Art. 46 GDPR.
Right to rectification
You have the right to request that we rectify your personal information without undue delay if it is inaccurate. Depending on the purpose of the processing, you may request that we complete your personal data, including by means of a supplementary statement.
Right to erasure (“right to be forgotten”)
Art. 17 para. 1 GDPR gives you the right to request that we erase your personal data without undue delay. We are obliged to comply with this in the following cases:
- The personal data is no longer necessary for the purpose which you originally collected or processed it for.
- You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 point 1 a) GDPR or Art. 9 para. 2 a) GDPR and there is no other legal basis for the processing.
- You object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing pursuant to Art. 21 para. 2 GDPR.
- The personal data have been unlawfully processed.
- The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which we are subject.
- The personal data have been collected in relation to the offer of information society services referred to in Art. 8 para. 1 GDPR.
But what happens if we have made the personal data public and are obliged pursuant to Art. 17 para. 1 to erase the personal data? In this case we inform the data controllers who are processing the personal data that you have requested the deletion of any links to, or copy or replication of, those personal data. To this end, we take reasonable steps, including technical measures, taking account of available technology and appropriate costs of implementation.
Right to restriction of processing
You have the right to obtain from us restriction of processing where one of the following applies:
- The accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data.
- The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead.
- We no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims.
- You have objected to processing pursuant to Art. 21 para. 1 GDPR pending the verification whether the legitimate grounds of our company override yours.
Right to data portability
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from us, so long as:
- the processing is based on consent pursuant to Art. 6 para. 1 point 1 a) GDPR or Art. 9 para. 2 a) GDPR or on a contract pursuant to Art. 6 para. 1 point 1 b) GDPR and
- the processing is carried out by automated means.
In exercising your right to data portability pursuant to Art. 20 para. 1, you shall have the right to have us transmit the personal data directly to another controller, where technically feasible.
Right to object
You shall have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 para. 1 point 1 e) or f) GDPR, including profiling based on those provisions. We shall no longer process the personal data, except under the following two exceptions:
- We demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms.
- The processing serves the establishment, exercise or defence of legal claims.
Where we process personal data for direct marketing purposes, you have the right to object to this at any time. This includes profiling related to such direct marketing.
You can also lodge an objection if the data processing is carried out for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR. There is one exception here as well: when the processing necessary for the performance of a task carried out for reasons of public interest.
Right to withdraw consent under data protection law
You have the right to withdraw your consent to the processing of personal data at any time. The data processing remains lawful until the time consent is withdrawn.
Right to lodge a complaint with a supervisory authority
If you believe that the processing of your personal data is unlawful, please contact the relevant supervisory authority. You can contact the data protection supervisory authority of the German federal state of your habitual residence or the authority of the federal state in which CHRIST Juweliere und Uhrmacher seit 1863 GmbH has its headquarters. This is in North Rhine-Westphalia.
Procedure for obtaining information
Would you like to know what personal data Atelier ÉQLA has stored about you and which data have been transmitted to whom? Atelier ÉQLA GmbH will be happy to inform you. Just submit a “subject access request” to us free of charge. Please note, however, that Atelier ÈQLA is not allowed to provide any information by telephone for data protection reasons. After all, it is not possible to conclusively identify you over the phone. To avoid any misuse by third parties, Atelier ÉQLA needs the following information from you: your surname (and maiden name, if applicable), first name(s), date of birth and current address (street, house number, postcode and city).
All rights under articles 15 to 18 GDPR may be exercised in relation to Atelier ÉQLA at the following address:
CHRIST Juweliere und Uhrmacher seit 1863 GmbH
Kabeler Str. 4
The company data protection officer of CHRIST Juweliere und Uhrmacher seit 1863 GmbH can also be contacted at the following address or by e-mail:
CHRIST Juweliere und Uhrmacher seit 1863 GmbH
Kabeler Str. 4
Data collection on our website
Your orders, your personal data such as your name, your address and credit card details are protected by modern security systems. The transmission of this data is encrypted using the Secure Socket Layer (SSL) standard, which is supported by most web browsers. This makes the data unreadable to other parties. Our website www.ateliereqla.com takes all necessary precautions to protect your personal data. You can actively support us in this by
- never disclosing your password to anyone else and
- using a web browser that supports SSL encryption whenever we offer this (e.g. during the ordering process).
In this way, together we ensure that your online purchases are truly secure.
We will never pass on your data to third parties without your express consent. The only exceptions are our service partners, who we must involve in the processing of the contractual relationship, e.g. delivery and payment processing. In these cases, too, we of course strictly observe the requirements of the Federal Data Protection Act. In addition, we transmit only the most necessary data in terms of scope.
Visiting the Atelier Èqla website
When you visit our website, the following data are sent automatically and without any action on your part to the server of our website:
- The IP address of the requesting internet-enabled device
- The date and time of access
- The name and URL of the viewed file
- The website/application from which access was made (referrer URL)
- The browser you are using and, if applicable, the operating system of your internet-enabled computer, as well as the name of your access provider
. A so-called log file stores these data temporarily for the following purposes:
- To ensure a smooth connection,
- To ensure that our website/application is easy to use
- To evaluate system security and stability.
If you have consented in your browser or in the operating system or other setting in your device to geolocalisation, we use this feature to offer you individualized services related to your current location (e.g. the location of the nearest store). We process your location data exclusively for this purpose. The legal basis for processing the IP address is Art. 6 para. 1 f) GDPR. Our legitimate interest arises from the purposes of data processing listed above. If the presentation is necessary for the preparation of a contract, the legal basis for the data processing is Art. 6 para. 1 b) GDPR.
Use and deactivation of cookies
To make our website attractive to visitors and to make certain functions usable, we use so-called cookies on various pages. These are small text files that are stored on your device. They serve on the one hand to make surfing more convenient and on the other hand market research and advertising purposes as well as the collection of usage statistics. In addition, we utilise cookies within the framework of web tracking and use these as the basis for personalised content. No personal data are stored in the cookies we use. Some of the cookies we use (so-called session cookies) are deleted as soon as you close your browser. Other cookies (permanent cookies) remain on your device and allow us or our partner companies to recognize your browser the next time you visit. These must be actively deleted by the user. You can either set your browser so that it can accept our cookies or use our website without cookie functionality. If your browser does not accept cookies, we will not be able to present you with content that is personally tailored to you. If you have not deactivated the cookie function of your web browser, we assume that its use is in your interest. If CHRIST processes personal data when using cookies and cookie-like technologies to make this website available, this is done on the basis of Art. 6 para. 1 f) GDPR. Our legitimate interest is to be able to offer our website securely and according to requirements.
If you access our websites from a partner’s website via a link as part of the partner program, we set a cookie for billing with this partner. It is not possible to draw any conclusions about your personal data from this cookie.
Ordering as a guest and using a personal customer account
In order to process a sale, we require your title, first name, surname, address and an e-mail address. Data is processed on the basis of Art. 6 para. 1 b) GDPR. We only process the personal data from the input mask in order to complete the purchase contract. We also offer you the option of creating a personal customer account. With a personal account the order process is accelerated the next time you place an order. To create an account, you enter your personal data via an input mask. They are then transmitted to us and stored, but never passed on to third parties. The data is processed on the basis of Art. 6 para. 1 a) GDPR (consent). You can withdraw your consent at any time. However, data processing operations that have already been performed up to that point shall remain effective in the event of revocation. Your personal data are stored on a specially protected server. Encryption protects them from misuse during transmission and processing. We do not store your credit card details in your personal account.
On our website you can pay via PayPal. The payment service provider is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. If you use this option, the payment data entered by you will be transmitted to PayPal. This takes place on the basis of Art. 6 para. 1 a) GDPR (consent) and Art. 6 para. 1 b) GDPR (processing to fulfil a contract). You can revoke your consent at any time. However, data processing operations performed in the past shall remain effective.
Newsletter registration and product recommendations by e-mail
Use of e-mail address data for sending newsletters
Independently of the contract execution, we use your e-mail address exclusively for our own marketing purposes for sending newsletters. The data is processed on the basis of Art. 6 para. 1 a) GDPR (consent). Your declaration of consent to this effect is as follows: “Register now”. You can object to this use of your e-mail address at any time. To do so, simply send a message to the contact named under “Contact details”, use the link provided in the promotional e-mail or click on the following link (LINK TO NEWSLETTER UNSUBSCRIPTION). The only costs you will incur are the usual transmission costs at the basic rates. Data processing operations performed in the past shall remain effective if you revoke your consent.
Use of the e-mail marketing provider Episerver
We send the Atelier ÉQLA newsletter using the e-mail marketing software Episerver Campaign (Episerver GmbH, Wallstraße 16, 10179 Berlin). The data provided are stored on the servers of Episerver GmbH in data centres in Germany and are subject to the German Data Protection Act. Episerver Campaign uses this information solely for the purpose of sending and evaluating newsletters on our behalf. Episerver Campaign does not use the data for its own correspondence and does not pass them on to third parties.
When the newsletter is opened, technical information such as your browser or operating system as well as your IP address and the time of access are collected via a tracking pixel. In addition, the following personal tracking data are collected to improve the newsletter offer:
- Recipient has received a mailing.
- Recipient has opened a mailing.
- Recipient has clicked a link in a mailing.
- Recipient has made a purchase.
Web analytics tools and advertising
Tools used on the website
This website uses Universal Analytics, a web analysis service provided by Google Inc. (“Google”). Universal Analytics uses so-called “cookies”. These are small text files that are stored on your computer and allow an analysis of the use of the website. The information generated by the cookie about your behaviour on this website is generally transmitted to a Google server in the USA and stored there. However, if IP anonymisation is enabled on this website, your IP address will first be truncated by Google within the member states of the European Union or other states party to the agreement on the European Economic Area. The full IP address will be sent to a Google server in the USA and truncated there only in exceptional cases. Google will use this information on behalf of the operator of this website for the following purposes:
- To evaluate your use of the website.
- To compile reports on website activity.
- To provide other services regarding website activity and internet usage for the website operator.
The IP address provided by your browser as part of Google Analytics will not be combined with other data from Google. You can prevent cookies from being stored by selecting the appropriate settings in your browser. You can also prevent the data generated by cookies concerning your use of the website (incl. your IP address) from being passed to Google, and the processing of this data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB.
As an alternative to the browser plug-in, or in browsers on mobile devices, please click the following link to prevent the collection of your data by Google Analytics on this website in the future: <a id=”optout-ga” href=””>Google Analytics deaktivieren</a> This sets an opt-out-cookie on your device. If you delete your cookies, you will have to click this link again.
You can find further information on conditions of use and data protection at https://policies.google.com/privacy?hl=en-GB. Please note that this website uses Google Analytics with the extension “anonymizeIp” in order to ensure the anonymous collection of IP addresses (so-called IP masking). This measure is designed to prevent Google from merging IP addresses with personal information.
Remarketing or “Similar target groups“ function of Google Inc.
On our website, we use the Remarketing or “Similar target groups” function of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). This function is used to analyse visitor behaviour and interests. It is also intended to provide visitors to the site with interest-based advertisements as part of the Google advertising network. The website visitor’s browser stores so-called cookies. These are small text files that are stored on your computer and allow the visitor to be recognised when they visit a website that is part of Google’s advertising network. These pages can then be used to present targeted advertisements to the visitor. These refer to content that the visitor has previously viewed on a website that uses Google’s remarketing function. According to its own information, Google does not collect any personal data during this process.
However, if you would prefer not to use Google’s Remarketing feature, you can always disable it. To do this, select the appropriate settings at https://www.google.com/settings/ads.
Our pages include pixels from Facebook, Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA (“Facebook”). These allow us to track the actions of users after they have been redirected to a provider website by clicking on a Facebook advertisement. In this way, we are able to record the effectiveness of Facebook advertisements for statistical purposes.
If we transmit data to Facebook for comparison purposes, this data is encrypted locally on your browser and only then sent to Facebook via a secure http connection. This is done solely for the purpose of comparing it with Facebook’s data, which is likewise encrypted.
Visitors to this website can object to this data collection and storage at any time via the following link: <a id=”optout-facebook” href=””>Deactivate Facebook Pixel</a> In this case, an opt-out cookie is stored on your device. If you delete your cookies, you will have to click this link again.
Use of Facebook plug-ins and the “f” button
This website uses plug-ins from the social network www.facebook.com, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”).
If you visit a page on our website equipped with such a plug-in, the plug-in only becomes active after you have clicked on the “Activate Facebook” button. Only then is a connection to the Facebook servers established. The plug-in will now appear on the website via a notification to your browser (by clicking on the activated “f” button). This tells the Facebook server which of our websites you have visited. If you are already logged into Facebook as a member, Facebook associates this information with your personal Facebook user account. When using the plug-in functions (e.g. clicking the “Like” button, posting a comment), this information is also associated with your Facebook account, which you can only prevent by logging out before using the plug-in. By clicking on the “Deactivate Facebook” button, you can deactivate the function at any time.
Use of Google plug-ins and the “g+“ button
This website uses the “+1” button of the Google Plus social network of Google Inc., 1600 Amphitheatre Parkway, Mountain View, California, 94043 USA (“Google”).
If you visit a page on our website equipped with the “g+” button, the plug-in only becomes active after you have clicked on the “Activate Google+” button. Only then is a connection established to the Google servers in the USA. The plug-in will now appear on the website via a notification to your browser (by clicking on the activated “g+” button). In this process, both your IP address and information on which of our websites you have visited are transmitted to the Google servers.
If you are also a member of Google Plus and are logged into Google Plus while using the plug-in, the data collected about your visit to the site will be associated with your Google Plus account and shared with other users. Similarly, in the case of interactions that are possible with the various Google plug-ins, the relevant information about you is collected and transmitted to Google and stored.
If you have made your profile publicly available in your Google Plus preferences, Google may display your “g+” along with your profile name and photo as indicators in Google services, such as search results, or your Google profile, or elsewhere on web pages and ads on the web. By clicking on the button “Deactivate Google+” you can deactivate the function at any time.
You can prevent the Google plug-ins from loading by installing appropriate add-ons in your browser.
Use of Pinterest plug-ins
This website uses plug-ins of the social network Pinterest, which is operated by Pinterest Inc., 635 High Street, Palo Alto, CA 94301, USA (“Pinterest”). We use the “P” button on our website.
If you visit a page on our website equipped with such a plug-in, a link between your computer and the servers of Pinterest will only be established after you have activated this plug-in by clicking on the “Activate Pinterest” button. The plug-in will now appear on the website via a notification to your browser. In this process, both your IP address and information about which of our websites you have visited are transmitted to the Pinterest servers in the USA. If you are also a member of Pinterest and are logged into Pinterest while using the plug-in, the information collected about your website visit will be associated with your Pinterest account and shared with other users. Similarly, in the case of interactions that are possible with the various Pinterest plug-ins, the relevant information about you is collected and transmitted to Pinterest and stored. By clicking on the “Deactivate Pinterest” button you can deactivate the function at any time.
Further information on the collection and use of data by Pinterest can be found at https://policy.pinterest.com/en/privacy-policy.
Use of Instagram plug-ins
Our website uses social plug-ins (“plug-ins”) of Instagram, operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). The plug-ins are marked with an Instagram logo, for example in the form of an “Instagram camera”.
If you visit a page on our website that contains such a plug-in, your browser will establish a direct connection to Instagram’s servers. Instagram sends the content of the plug-in directly to your browser and integrates it into the web page. This integration provides Instagram with the information that your browser has accessed the respective page of our website, even if you do not have an Instagram profile or are not currently logged into Instagram. This information (including your IP address) is transferred directly from your browser to an Instagram server in the USA and stored there.
If you are logged into Instagram, Instagram can directly associate your visit to our website with your Instagram account. If you interact with the plug-ins, for example by pressing the “Instagram” button, this information is also transmitted directly to an Instagram server and stored there. The information will also be published to your Instagram account and displayed to your contacts.
If you do not want Instagram to associate the data collected through our website directly with your Instagram account, you must log out of Instagram before visiting our website. You can also completely prevent the Instagram plug-ins from loading by using add-ons for your browser, e.g. the script blocker “NoScript” (https://noscript.net/).
Atelier ÉQLA GmbH constantly checks and updates the information on its websites. Despite all due care, the data may have changed in the meantime. We therefore cannot assume any liability or guarantee that the information provided is up-to-date, correct and complete. The same applies to all other websites referenced by hyperlink.
Atelier ÉQLA is not responsible for the content of websites reached via such links. We expressly distance ourselves from any kind of content on the linked pages. We expressly declare that we have no influence whatsoever on the design and content of pages outside our domain and that we are therefore not responsible for their maintenance.
Furthermore, Atelier ÈQLA reserves the right to change or supplement the information provided. The content and structure of the Atelier ÉQLA websites are protected by copyright. The reproduction of information or data, in particular the use of texts, parts of texts or images, requires the prior consent of Atelier ÉQLA.