Welcome to our website!
This data protection declaration explains the type, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our website and external online presences, such as our Social Media Profile (hereinafter referred to as “online offer”). The terms used, e.g. “processing” or “person responsible” are to be considered in accordance with Art. 4 of the Basic Data Protection Regulation (DSGVO) and are defined below.
Carretera Las Dehesas 37
Camino de los Perez
38400 Puerto de la Cruz
Legal notice: https://www.villarosalva.com/impressum
“Personal data” shall mean any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (as referred to in Art. 4 No. 1 FADP).
“Processing” means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is broad and covers practically all data processing (in accordance with Art. 4 No. 2 DSGVO)
The “controller” is the natural or legal person, authority, institution or body which alone or jointly with others determines the purposes and means of processing personal data (Art. 4 No. 7 FADP).
We process personal data of users only in compliance with the relevant data protection regulations. This means that user data will only be processed if legal permission has been granted. This means, in particular, if the data processing is necessary for the provision of our contractual services (e.g. processing of orders) and online services, or is required by law, the consent of the users is present, as well as on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation and security of our online offer within the meaning of Art. 6 para. 1 lit. f. DSGVO, in particular in measuring reach, creating profiles for advertising and marketing purposes as well as collecting access data and using the services of third parties.
We would like to point out that the legal basis of the consent is Art. 6 para. 1 lit. a. and Art. 7 DSGVO, the legal basis for processing for the purpose of fulfilling our services and implementing contractual measures is Art. 6 para. 1 lit. b. DSGVO, the legal basis for processing for the fulfilment of our legal obligations Art. 6 para. 1 lit. c. DSGVO, and the legal basis for processing to safeguard our legitimate interests Art. 6 para. 1 lit. f. DSGVO is.
Rights of the persons concerned
You have the following rights according to the basic data protection regulation:
– Right of access, i.e. the right to know whether and which of your data is being processed and to receive further information (e.g. processing purpose) and to request a copy of your data in accordance with Art. 15 DSGVO
– Right to correct and complete data concerning them in accordance with Art. 16 DSGVO.
– Right to deletion, i.e. the immediate deletion of data concerning you, provided that this does not conflict with any other legal obligations of the person responsible in accordance with Art. 17 DSGVO.
– The right to restrict processing, provided that the conditions laid down in Art. 18 para. 1 DSGVO are met.
– Right to data transferability, i.e. you have the right to obtain the personal data concerning you and/or to request their transfer to other controllers in accordance with Art. 20 DSGVO
Right of appeal to the competent supervisory authority pursuant to Art. 77 DSGVO
Right of revocation and objection
You have the right to revoke any consent you have given with effect for the future. The revocation of consent does not affect the lawfulness of the processing that has already taken place (in accordance with Art. 7 para. 3 DSGVO).
You may at any time object to the future processing of data concerning you in accordance with the requirements of Art. 21 DSGVO.
Deletion of data
The data processed by us will be deleted or restricted in their processing in accordance with articles 17 and 18 of the DSGVO. Unless otherwise stated in this data protection declaration, the data stored by us will be deleted as soon as they are no longer required for the fulfilment of the purpose and the deletion does not conflict with any statutory storage obligations. If the data are not deleted because they are required for other and legally permissible purposes, their processing is restricted. This applies, for example, to data that must be retained for commercial or tax law reasons.
Types of data processed, categories of data subjects and processing purpose
The following types of data are processed on this website:
– inventory data (e.g., names, addresses)
– Contact details (e.g., e-mail, telephone numbers)
– Content data (e.g., text entries, photographs, videos)
– Usage data (e.g., websites visited, interest in content, access times)
– Meta/communication data (e.g., device information, IP addresses)
Visitors and users of the online offer are affected by the processing of the data. The purpose of the processing is on the one hand to make the online offer available, including the functions and contents. In addition, communication with users and answering contact enquiries should be made possible. A further processing purpose is the measurement of reach and processing for marketing purposes.
Cooperation with contract processors and third parties
If, in the course of our processing, we disclose or transfer data to other persons and companies (processors or third parties) or otherwise grant them access to the data, this is done exclusively on the basis of a statutory authorisation norm (e.g. if a transfer to payment service providers takes place (is necessary for the fulfilment of the contract) or, for example, if web hosts are used (based on our legitimate interests)).
If third parties are commissioned with data processing, this is always on the basis of a so-called contract processing agreement in accordance with Art. 28 DSGVO.
Cookies and right of objection for direct advertising
Cookies are information that is transferred from our web servers or web servers of third parties to the web browsers of the users and stored there for later retrieval. Cookies can be small files or other types of information storage. We use “session cookies”, which are only stored for the duration of your current visit to our online presence (e.g. to enable the storage of your login status or the shopping basket function and thus the use of our online offer at all). A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. A cookie also contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted when you have finished using our online services and, for example, log out or close the browser.
The hosting services we use serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating this online service.
In doing so, we or our hosting providers process inventory data, contact data, content data, usage data, meta and communication data of customers, interested parties and visitors to this online service on the basis of our legitimate interests in the efficient and secure provision of this online service in accordance with Art. 6 Para. 1 letter f DSGVO in conjunction with Art. 28 DSGVO (conclusion of contract processing agreement).
Collection of access data and log files
We, or our hosting provider, on the basis of our legitimate interests in the sense of Art. 6 Par. 1 lit. f. DSGVO data about every access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the website previously visited), IP address and the requesting provider.
For security reasons (e.g. to clarify misuse or fraud), log file information is stored for a maximum of 7 days and then deleted. Data whose further storage is required for evidence purposes is excluded from deletion until the respective incident has been finally clarified.
Provision of contractual services
In order to fulfil our contractual obligations and services, we process the above-mentioned categories of data in accordance with Art. 6 Paragraph 1 letter b. DSGVO.
Users have the option of creating a user account, in which they can view their orders in particular. During the registration process, the required mandatory data is provided to the user. The user accounts are not public and cannot be indexed by search engines. If users have terminated their user account, their data relating to the user account will be deleted, subject to their retention is necessary for reasons of commercial or tax law in accordance with Art. 6 Para. 1 lit. c DSGVO. It is the responsibility of the users to back up their data before the end of the contract if they have terminated their user account. We are entitled to irretrievably delete all user data stored during the term of the contract.
Within the scope of registration and renewed applications and use of our online services, we will store the IP address and the time of the respective user action. The storage is based on our legitimate interests as well as the user’s need for protection against misuse and other unauthorised use. This data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with Art. 6 Para. 1 lit. c DSGVO.
We process usage data (e.g., the websites visited by our online offer, interest in our products) and content data (e.g., entries in the contact form or user profile) for advertising purposes in a user profile, in order to show the user, for example, product information based on the services they have used so far.
Google is certified under the Privacy-Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participa t id=a2zt00000000001L5AAI&status=Active). Google will use this information on our behalf to evaluate the use of our website by users, to compile reports on the activities within this website and to provide us with further services associated with the use of this website and the internet. In doing so, pseudonymous user profiles of the users can be created from the processed data.
We use Google Analytics in order to display the advertisements placed within the advertising services of Google and its partners only to those users who have also shown an interest in our online offer or who exhibit certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited), which we transmit to Google (so-called “remarketing” or “Google Analytics Audiences”). With the help of remarketing audiences, we also want to ensure that our advertisements correspond to the potential interest of the users and are not annoying.
We only use Google Analytics with activated IP anonymisation. This means that the IP address of users is shortened by Google within member states of the European Union or in other states which are party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there.
The IP address transmitted by the user’s browser is not combined with other data from Google. Users can prevent the storage of cookies by adjusting their browser software accordingly; users can also prevent the collection of data generated by the cookie and related to their use of the online offer to Google and the processing of this data by Google by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptouthl=de.
Further information on Google’s use of data, setting and objection options can be found on Google’s websites: https://www.google.com/intl/de/policies/privacy/partners (“Use of data by Google when you use websites or apps of our partners”), http://www.google.com/policies/technolies/ads (“Use of data for advertising purposes”), http://www.google.de/settings/ads (“Manage information that Google uses to show you advertising”).
Online presence in social media
We maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply. Unless otherwise stated in our data protection declaration, we process the data of the users if they communicate with us within the social networks and platforms, e.g. write articles on our online presences or send us messages.
Changes to the data protection declaration
We reserve the right to amend the data protection declaration in order to adapt it to changed legal situations or in the event of changes to the service and data processing. However, this only applies with regard to declarations on data processing. Insofar as the consent of the users is required or components of the data protection declaration contain regulations of the contractual relationship with the users, the changes will only be made with the consent of the users.
Users are asked to inform themselves regularly about the content of the data protection declaration.