Data privacy: Your rights – our obligations
You can rely on the privacy, protection and security of your personal data in our hands. At KLOTZ AIS we take protection of your privacy and your rights concerning personal data processing very seriously, and have integrated it into all our business processes.
How do we use your data?
KLOTZ AIS collects, processes and uses all personal data resulting from your visits to our website exclusively and solely in accordance with the applicable regulations governing personal data privacy.
Responsibility under the General Data Protection Regulation (GDPR) is held by:
KLOTZ AIS GmbH
85591 Vaterstetten / Munich, Germany
Data protection officer
You may contact our Data Protection Officer at any time for further information:
What kind of information do we collect?
You can use virtually all areas of our website without needing to submit personal data. A small number of our offers and services on our website require personal data to be submitted before they can be used.
Provision of website
When you visit our website, our Internet servers (Web servers) automatically record and evaluate technical access data (browser type, browser version, operating system used, referrer URL, host name, time of server request, IP address). However, these data cannot be associated with a specific individual; individual users remain completely anonymous. The access data are never combined with other data. The lawful basis for this processing of your data is given by Art. 6 1 f GDPR (legitimate interest with the purpose of ensuring fault-free technical display and optimization of the website). The data are only stored for the period required by the specified purpose.
Explanations of the commonest types of cookies for your information:
When you are active on a website, a session cookie containing a session ID is temporarily saved on your computer. This allows you to move to different webpages without needing to repeat the login procedure. Session cookies are automatically deleted when you log out and become invalid if your visit automatically times out.
Permanent or protocol cookies
A permanent or protocol cookie stores a file on your computer for the duration defined by the file’s expiration date. These cookies enable websites to remember your information and settings the next time you visit them. This speeds up your access and improves convenience; for example, you do not need to adjust your language settings for our website every time. Once the expiration date of the cookie is reached, the cookie is automatically deleted when you visit the website that generated the cookie.
Third party cookies
Third party cookies originate from providers who are not the operator of the website. They can be used to collect information for purposes such as advertising, user-defined content and web statistics.
Information on cookies used on our website:
|Name||Use||Duration of storage||Cookie type|
|_grid||This cookie is used by Google Analytics to distinguish users.||1 day||Third party cookie|
|_gat||This cookie is used by Google Analytics to limit the demand rate.||1 day||Third party cookie|
|_ga||Registers a unique ID used to generate statistical data about||2 years||Third party cookie|
The following cookies are used if you visit our online shop:
|Name||Use||Duration of storage||Cookie type|
|_utma||This cookie stores the main information for the purpose of tracking visitors. It contains a unique visitor ID, the date and time of the user’s first visit, the time at which the active visit starts and the number of visits made by a unique visitor to the website.||3 years||Third party cookie|
|_utmb||This cookie is used by Google Analytics to detect whether a visit has expired and the page depth of the visit. It stores the number of page views and start time of the user’s current visit.||30 minutes||Third party cookie|
|_utmc||This cookie is no longer used by Google Analytics. However, it is still used for backward compatibility of sites that still use the urchin.js tracking code. It expires when the browser is closed. It can be ignored for debugging purposes or when the new ga.js tracking code is used.||Deleted when session is closed||Third party cookie|
|_utmt||This cookie is used to reduce query rates.||30 minutes||Third party cookie|
|_utmx||This cookie is only set during correct use and implementation of the Google Website Optimizer. If the GWO code is correctly executed the cookie stores the details of the page variations or site elements that were opened by the respective user.||2 years||Third party cookie|
|_utmz||Visitor source cookie. It contains all visitor source information for the current visit, including information transferred from campaign tracking parameters. The cookie also stores information about whether the visitor source of the last visit was different from the current source. If no visitor source information is available the cookie is not changed. The cookie enables Google Analytics to assign visitor information such as conversions or eCommerce transactions to a visitor source. The cookie does not contain historical information about past visitor sources.||6 months||Third party cookie|
|Name||Use||Duration of storage||Cookie type|
|CATEGORY_INFO||Saves the category information of the site and allows pages to load faster.||1 hour||Protocol cookie|
|COMPARE||Elements added to comparison list.||1hour||Protocol cookie|
|CURRENCY||Your preferred currency option||1 hour||Protocol cookie|
|CUSTOMER||Encrypted version of your shop customer ID.||1 hour||Protocol cookie|
|CUSTOMER_AUTH||Indicates you are signed into the shop.||1 hour||Protocol cookie|
|CUSTOMER_INFO||Encrypted version of your customer group.||1 hour||Protocol cookie|
|CUSTOMER_SEGMENT_IDS||Saves your customer segment ID.||1 hour||Protocol cookie|
|EXTERNAL_NO_CACHE||Signals whether caching is deactivated.||1 hour||Protocol cookie|
|FRONTEND||Your session ID on the server.||1 hour||Protocol cookie|
|GUEST-VIEW||Allows guest orders to be processed.||1 hour||Protocol cookie|
|LAST_CATEGORY||Most recently visited category.||1 hour||Protocol cookie|
|LAST_PRODUCT||Product you have just viewed.||1 hour||Protocol cookie|
|NEWMESSAGE||Displays newly received messages||1 hour||Protocol cookie|
|NO_CACHE||Shows whether caching is allowed or not.||1 hour||Protocol cookie|
|PERSISTENT_SHOPPING_CART||Link that displays the current and previous contents of your shopping cart.||1 hour||Protocol cookie|
|POLL||Gives information about which surveys you have responded to.||1 hour||Protocol cookie|
|POLLN||ID of all surveys to which you responded recently.||1 hour||Protocol cookie|
|RECENTLYCOMPARED||Displays recently compared products.||1 hour||Protocol cookie|
|STF||Product information that has been forwarded to friends.||1 hour||Protocol cookie|
|STORE||Your selected shop view or language.||1 hour||Protocol cookie|
|VIEWED_PRODUCT_IDS||Most recently viewed products.||1 hour||Protocol cookie|
|WISHLIST||Encrypted product list added to your wishlist||1 hour||Protocol cookie|
|WISHLIST_CNT||Number of items in your wishlist.||1 hour||Protocol cookie|
Submission of further information is voluntary. As an alternative, the company may be contacted using the email address given. We process the data in your request in order to reply to you. The lawful basis of this data processing is Art. 6 (1) b GDPR, with processing of your enquiry as the purpose. The stored data will be deleted when the purpose of processing no longer applies and when no further statutory or contractual obligations of retention apply. As a general rule, data from your enquiry is stored for 12 months unless no further purpose of processing (e.g. order, quotation) results from your enquiry.
If you use the services of our Web shop, the following personal data are requested and stored upon conclusion of a contract:
- Company / VAT ID and/or
- Name and/or position
- Billing and delivery address
- Tel / fax numbers
- Payment method
The lawful basis of this data processing is Art. 6 (1) b GDPR, The purpose of processing the data is the initiation or fulfilment of a contract. The stored data will be deleted when the purpose of processing no longer applies and when no further statutory or contractual obligations of retention apply. The statutory period of retention in this case is 6 years.
Our website offers the option of subscribing to a newsletter. The following data are collected and stored for the purpose of mailing the newsletter and traceability:
- Email address
- Date and time of registration
- Date and time of confirmation mail (double opt-in method)
You can withdraw your consent to receive our newsletter at any time with prospective (future) effect. Your data are then deleted immediately unless statutory or contractual obligations of retention apply.
Further processing activities
Inclusion of services and content from third parties
The website may also offer you the opportunity to share information on or to follow KLOTZ AIS, its website or the products and/or services available from it, in the form of a social network function (e.g. “share this”, “like” or “follow” buttons).
We offer this function to create interest in the website among members of your social networks and to give you the opportunity to share opinions, news and recommendations from the website with your contacts and follow them. However, please note that where personal data are submitted in a social network, these data may be recorded by the social network provider and made publicly accessible by means of Internet search engines.
On the lawful basis of Art. 6 (1) f GDPR, we use content from the following third party providers:
Our website uses plugins from YouTube, which is operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
If you visit one of our pages featuring a YouTube plugin, a connection to the YouTube servers is established. The YouTube server is thus informed about which of our pages you have visited.
If you are logged in to your YouTube account, YouTube allows you to associate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account.
The use of YouTube is done in the interest of enhancing the attractive presentation of our website. This constitutes a justified interest pursuant to Art. 6 (1) f GDPR.
This site uses plugins from ORBITVU Sp. z o.o. to display 3D product images. IP addresses are transferred to ORBITVU as part of this process.
The use of Orbit VU is done in the interest of enhancing the attractive presentation of our website. This constitutes a justified interest pursuant to Art. 6 (1) f GDPR.
This site uses the Google Maps map service via an API. The service is provided by Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.
This website uses visitor analysis processes to gain information about the behaviour of visitors to the website and thus improve their user experience.
This website uses Google Analytics, a web analysis service by Google Inc. (“Google”). Google Analytics uses “cookies”, text files that are stored on your computer and allow your use of the website to be analysed. The information about your visit collected by the cookie is transferred to a Google server and stored there. The IP address used for your visit to the website is only stored in anonymized form (by means of a non-reversible truncation of the IP address). You can also prevent Google Analytics from recording, transmitting to Google and processing the data related to your website visit (including your IP address) generated by the cookies by downloading and installing the browser plugin from the following link: http://tools.google.com/dlpage/gaoptout?hl=en
The lawful basis of this data processing is Art. 6 (1) f GDPR (legitimate interest for the purpose of statistical analysis and optimizing our service). An agreement with Google Inc. concerning contract data processing is in place in accordance with Art. 28 GDPR. Google Inc. is certified under the Privacy Shield framework.
Sharing personal data with third parties
On the lawful basis of Art. 6 (1) f GDPR, personal data is shared with the following third party providers:
Our website contains a plugin for the social network site Facebook, an Internet service operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. In the EU this service is operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (both referred to hereinafter as “Facebook”).
Facebook is certified under the EU-US Privacy Shield
and thus guarantees that its data processing operations in the USA comply with EU data privacy regulations.
The lawful basis is Art. 6 (1) f GDPR. Our legitimate interest comprises improvement to the quality of our website.
For more information about possible plugins and their functions, visit Facebook at
Where a plugin is embedded on a page of our website you have visited, your Web browser downloads the content of the plugin from Facebook’s servers in the USA: For technical reasons, this procedure requires Facebook to process your IP address. We also record the date and time of your visit to our website.
If you are logged into Facebook while you visit one of our web pages with embedded plugin, the information about your visit is collected by the plugin and can be read by Facebook. Facebook may assign the information thus collected to your personal Facebook account. This means that if you use the Facebook “Like” button, this information is stored in your Facebook user account and may be published on the Facebook platform. To prevent this, log out of Facebook before visiting our website or install an add-on for your Web browser that prevents the Facebook plugin from loading.
For more details about collection and use of your data and your rights and protection options in this respect, visit the following Facebook pages:
- Responsibilities related to processing insight data in accordance with Art. 26 (1) 2 GDPR https://www.facebook.com/legal/terms/page_controller_addendum
- Facebook opt-out: Your ad preferences http://www.youronlinechoices.com
- Facebook Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
Facebook data protection officer: https://www.facebook.com/help/contact/540977946302970
Data privacy statement for use of Instagram
Our website incorporates functions of Instagram, an Internet service provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA. If you are logged into your Instagram account, you can link content from our site to your Instagram profile by clicking the Instagram button on the page. Instagram can thus assign your site visit to your user account. Please note that as providers of our website, we have no knowledge or influence over the content of the data transferred or its use by Instagram.
External service providers are only commissioned to provide services if they contractually commit to compliance with Art. 28 GDPR.
Sharing personal data for the purpose of fulfilling an order
As part of fulfilling the sales contract arising from your order, the personal details we collect are passed to the shipping company commissioned to deliver your order if this is necessary to deliver the goods. This data sharing is limited to data required for the purpose of delivering your goods.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If the SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Encrypted payment transactions on this website
If, after the conclusion of a chargeable purchase contract, there is an obligation to provide us with your payment data (e.g. account number for direct debit authorization), this data is required for payment processing.
The payment transactions via the usual means of payment (Visa/MasterCard, direct debit) are carried out exclusively via an encrypted SSL or TLS connection.
You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. In the case of encrypted communication, your payment data that you transmit to us cannot be read by third parties.
If you decide for a mode of payment of the Paymentdienstleisters PAYONE, the payment completion takes place over the Paymentdienstleister BS PAYONE GmbH, Lyoner Strasse 9, 60528 Frankfurt/Main, to whom we pass on the information you provide during the ordering process together with the information about your order in accordance with Art. 6 Para. 1 lit. b DSGVO. The passing on of your data takes place exclusively for the purpose of payment processing with the payment service provider PAYONE and only insofar as it is necessary for this purpose.
– SOFORT (IMMEDIATE bank transfer)
If you select the payment method “IMMEDIATELY”, the payment processing is carried out by the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter “IMMEDIATELY”), to whom we pass on your information provided during the ordering process together with the information about your order in accordance with Art. 6 Para. 1 lit. b DSGVO. Sofort GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). The passing on of your data takes place exclusively for the purpose of payment processing with the payment service provider IMMEDIATELY and only to the extent necessary. At the following Internet address you will receive further information about the data protection regulations of SOFORT: https://www.klarna.com/uk/privacy-notice/
On our website we offer payment via giropay, among others. The provider of this payment service is giropay GmbH, An der Welle 4, 60322 Frankfurt/Main, Germany (hereinafter “giropay”).
If you make payment via giropay, giropay collects various transaction data and forwards these to the bank with which you are registered with giropay. In addition to the data required for the payment, giropay also collects further data within the framework of the transaction processing, if necessary, such as delivery address or individual items in the shopping cart.
Giropay then authenticates the transaction using the authentication procedure deposited with the bank for this purpose. The payment amount is then transferred from your account to our account. Neither we nor third parties have access to your account data. www.giropay.de
Details on payment with giropay can be found in the General Terms and Conditions and the data protection regulations of giropay under https://www.giropay.de/en/legal/private-policy/
On our website we offer payment via Paydirekt, among others. The provider of this payment service is Paydirekt GmbH, Hamburger Allee 26-28, 60486 Frankfurt am Main, Germany (hereinafter “Paydirekt”).
If you make payment via Paydirekt, Paydirekt collects various transaction data and forwards them to the bank with which you are registered with Paydirekt. In addition to the data required for payment, Paydirekt may also collect additional data such as delivery address or individual items in the shopping cart as part of the transaction processing.
Paydirekt then authenticates the transaction with the help of the authentication procedure deposited with the bank. The payment amount is then transferred from your account to our account. Neither we nor third parties have access to your account data.
Privacy protection of minors aged under 16 on the Internet
KLOTZ AIS never knowingly collects or uses personal data of minors (aged under 16) in any way. The age of visitors to our website is not generally disclosed. However, we have not taken any specific actions to provide special protection of such data. Individuals aged under 16 may not transfer personal data without the express permission of their parents or guardians.
Your rights concerning processing of your personal data
Right of access: The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and where that is the case, access to the personal data and the following information as listed in Article 15 GDPR.
Right to rectification: The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her and, where applicable, to have incomplete personal data completed (Article 16 GDPR).
Right to erasure: The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay where one of the grounds listed in Article 17 GDPR applies, e.g. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed (right of erasure, ‘right to be forgotten’).
Right to restriction of processing: The data subject shall have the right to obtain from the controller restriction of processing where one of the grounds listed in Article 18 GDPR applies, e.g. where the data subject objects to the processing; said restriction shall apply for a period enabling the controller to verify the accuracy of the personal data.
Notification obligation: The data subject has the right to be informed of the recipients of his or her personal data. The data controller will communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Articles 16, 17(1) and 18 GDPR to each recipient to whom the personal data have been disclosed unless such notification proves impossible or involves disproportionate effort (Art. 19 DSGVO).
Right to data portability: A data subject has the right to receive his or her personal data which the subject has provided to a controller, in a structured, commonly used and machine-readable format. The subject further has the right to request transmission of those data to another controller in accordance with Article 20 GDPR, where technically feasible.
Right to object: The data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or where the processing serves for the establishment, exercise or defence of legal claims (Article 21 GDPR).
Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data relating to him or her infringes the GDPR (Article 77 GDPR). The data subject may exercise this right in the Member State of his or her habitual residence, place of work or place of the alleged infringement. In Bavaria the responsible supervisory authority is:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA) (Bavarian State Data Protection Authority)
91522 Ansbach, Germany
How do we ensure the security of your data?
The data you provide to KLOTZ AIS are protected by appropriate technical and organizational measures designed to safeguard the data against accidental or deliberate manipulation, loss, destruction, access by unauthorized individuals or unauthorized disclosure to third parties. We monitor and improve our security measures on an ongoing basis in line with technological developments and organizational possibilities.