Privacy Policy and Cookie restriction

1. An overview of data protection
2. Hosting and Web Application Firewall (WAF)
3. General information and mandatory information
4. Data collection on our website
5. Analytics
6. Payment service providers
7. Newsletter

 

Privacy Policy

1. An overview of data protection

General

The following gives a simple overview of what happens to your personal information when you visit our website. Personal information is any data with which you could be personally identified. Detailed information on the subject of data protection can be found in our privacy policy found below.

Data collection on our website

Who is responsible for the data collection on this website?

The data collected on this website are processed by the website operator. The operator's contact details can be found in the website's required legal notice.

How do we collect your data?

Some data are collected when you provide it to us. This could, for example, be data you enter on a contact form.

Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website.

What do we use your data for?

Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyze how visitors use the site.

What rights do you have regarding your data?

You always have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to request that it be corrected, blocked, or deleted. You can contact us at any time using the address given in the legal notice if you have further questions about the issue of privacy and data protection. You may also, of course, file a complaint with the competent regulatory authorities.

Analytics and third-party tools

When visiting our website, statistical analyses may be made of your surfing behavior. This happens primarily using cookies and analytics. The analysis of your surfing behavior is usually anonymous, i.e. we will not be able to identify you from this data. You can object to this analysis or prevent it by not using certain tools. Detailed information can be found in the following privacy policy.

You can object to this analysis. We will inform you below about how to exercise your options in this regard.

2. Hosting and Web Application Firewall (WAF)

We are hosting the content of our website at the following provider:

External Hosting

This website is hosted externally. Personal data collected on this website are stored on the servers of the host. These may include, but are not limited to, IP addresses, contact requests, metadata and communications, contract information, contact information, names, web page access, and other data generated through a web site.

The external hosting serves the purpose of fulfilling the contract with our potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of secure, fast, and efficient provision of our online services by a professional provider (Art. 6(1)(f) GDPR). If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6 (1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user's end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.

Our host(s) will only process your data to the extent necessary to fulfil its performance obligations and to follow our instructions with respect to such data.

We are using the following host(s):

Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen
Deutschland

Data processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

Cloudflare

We use the “Cloudflare” service provided by Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA. (hereinafter referred to as “Cloudflare”).

Cloudflare offers a content delivery network with DNS that is available worldwide. As a result, the information transfer that occurs between your browser and our website is technically routed via Cloudflare’s network. This enables Cloudflare to analyze data transactions between your browser and our website and to work as a filter between our servers and potentially malicious data traffic from the Internet. 

The use of Cloudflare is based on our legitimate interest in a provision of our website offerings that is as error free and secure as possible (Art. 6(1)(f) GDPR).

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.cloudflare.com/privacypolicy/.

For more information on Cloudflare’s security precautions and data privacy policies, please follow this link: https://www.cloudflare.com/privacypolicy/.

Data processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

3. General information and mandatory information

Data protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data protection regulations and this privacy policy.

If you use this website, various pieces of personal data will be collected. Personal information is any data with which you could be personally identified. This privacy policy explains what information we collect and what we use it for. It also explains how and for what purpose this happens.

Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.

Notice concerning the party responsible for this website

The party responsible for processing data on this website is:

Thomas Hoof
Thomas Hoof Produktgesellschaft mbH & Co. KG
Bahnhofstraße 3
59348 Lüdinghausen

Telephone: +49 (2591) 25 90-210
Email: [email protected]

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, email addresses, etc.).

Revocation of your consent to the processing of your data

Many data processing operations are only possible with your express consent. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

Right to file complaints with regulatory authorities

If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German state in which our company is headquartered. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Right to data portability

You have the right to have data which we process based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon is displayed in your browser's address bar.

If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.

Encrypted payments on this website

If you enter into a contract which requires you to send us your payment information (e.g. account number for direct debits), we will require this data to process your payment.

Payment transactions using common means of payment (Visa/MasterCard, direct debit) are only made via encrypted SSL or TLS connections. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon in your browser line is visible.

In the case of encrypted communication, any payment details you submit to us cannot be read by third parties.

Information, blocking, deletion

As permitted by law, you have the right to be provided at any time with information free of charge about any of your personal data that is stored as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have this data corrected, blocked or deleted. You can contact us at any time using the address given in our legal notice if you have further questions on the topic of personal data.

Opposition to promotional emails

We hereby expressly prohibit the use of contact data published in the context of website legal notice requirements with regard to sending promotional and informational materials not expressly requested. The website operator reserves the right to take specific legal action if unsolicited advertising material, such as email spam, is received.

4. Data collection on our website

Cookies

Some of our web pages use cookies. Cookies do not harm your computer and do not contain any viruses. Cookies help make our website more user-friendly, efficient, and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called "session cookies." They are automatically deleted after your visit. Other cookies remain in your device's memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.

You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website.

Cookies which are necessary to allow electronic communications or to provide certain functions you wish to use (such as the shopping cart) are stored pursuant to Art. 6 paragraph 1, letter f of DSGVO. The website operator has a legitimate interest in the storage of cookies to ensure an optimized service provided free of technical errors. If other cookies (such as those used to analyze your surfing behavior) are also stored, they will be treated separately in this privacy policy.

Server log files

The website provider automatically collects and stores information that your browser automatically transmits to us in "server log files". These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

These data will not be combined with data from other sources.

The basis for data processing is Art. 6 (1) (f) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.

Contact form

Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. We do not share this information without your permission.

We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1)(a) DSGVO. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.

Registration on this website

You can register on our website in order to access additional functions offered here. The input data will only be used for the purpose of using the respective site or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject your registration.

To inform you about important changes such as those within the scope of our site or technical changes, we will use the email address specified during registration.

We will process the data provided during registration only based on your consent per Art. 6 (1)(a) DSGVO. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

We will continue to store the data collected during registration for as long as you remain registered on our website. Statutory retention periods remain unaffected.

Processing of data (customer and contract data)

We collect, process, and use personal data only insofar as it is necessary to establish, or modify legal relationships with us (master data). This is done based on Art. 6 (1) (b) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract. We collect, process and use your personal data when accessing our website (usage data) only to the extent required to enable you to access our service or to bill you for the same.

Collected customer data shall be deleted after completion of the order or termination of the business relationship. Legal retention periods remain unaffected.

Data transmitted when entering into a contract with online shops, retailers, and mail order

We transmit personally identifiable data to third parties only to the extent required to fulfill the terms of your contract, for example, to companies entrusted to deliver goods to your location or banks entrusted to process your payments. Your data will not be transmitted for any other purpose unless you have given your express permission to do so. Your data will not be disclosed to third parties for advertising purposes without your express consent.

The basis for data processing is Art. 6 (1) (b) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.

5. Analytics

Matomo (formerly Piwik)

This website uses the open source web analytics service Matomo. Matomo uses technologies that enable cross-page recognition of the user to analyze user behavior (e.g. cookies or device fingerprinting). The information collected by Matomo about the use of this website is stored on our server. The IP address is anonymized before storage.

With the help of Matomo, we are able to collect and analyze data about the use of our website by website visitors. This allows us to find out, among other things, when which page views were made and from which region they come. We also collect various log files (e.g. IP address, referrer, browsers and operating systems used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.).

The use of this analysis tool is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the anonymized analysis of user behavior in order to optimize both its website and its advertising. If a corresponding consent was requested (e.g. consent to store cookies), the processing is based exclusively on Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.

 

IP anonymization

We use IP anonymization for the analysis with Matomo. In this case, your IP address is shortened before analysis so that it can no longer be clearly assigned to you.

 

Conclusion of an order processing contract

We have concluded an order processing contract with these third-party providers, which ensures that the data collected with Matomo is processed exclusively according to our instructions and in compliance with the DSGVO.

 

6. Payment service providers

PayPal

Our website accepts payments via PayPal. The provider of this service is PayPal (Europe) S.à.r.l & Cie, S.C.A. (22-24 Boulevard Royal, L-2449 Luxembourg.

If you select payment via PayPal, the payment data you provide will be supplied to PayPal based on Art. 6 (1) (a) (Consent) and Art. 6 (1) (b) DSGVO (Processing for contract purposes). You have the option to revoke your consent at any time with future effect. It does not affect the processing of data previously collected.

7. Newsletter

Newsletter data

If you register for our newsletter (info letter), we will use the e-mail address you provide for this purpose to send you our e-mail newsletter on a regular basis based on your consent pursuant to Art. 6 (1) p. 1 lit. a DSGVO.

If we receive your e-mail address in connection with the sale of a product and you have not objected to this, we reserve the right, on the basis of Section 7 (3) of the German Unfair Competition Act (UWG), to regularly send you offers by e-mail for similar products to those you have already purchased from our range. This serves to protect our legitimate interests in addressing our customers in an advertising manner in accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO.

We use the so-called double-opt-in procedure to register for our newsletter. This means that after you have provided your e-mail address, we will send you a confirmation e-mail to the e-mail address you have provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm this, your registration will be automatically deleted. If you confirm your wish to receive the newsletter, we will store your e-mail address until you unsubscribe. The storage serves the sole purpose of being able to send you the newsletter. Furthermore, we store your IP addresses and the times of registration and confirmation in order to prevent misuse of your personal data.

You can revoke your consent to receive the newsletter at any time. You can declare the revocation by clicking on the link provided in every newsletter e-mail, by e-mail to [email protected] or by sending a message to the contact details given in the Imprint. In doing so, you will not incur any costs other than the transmission costs according to the basic rates.

We use a newsletter service provider to handle the newsletters, which is described below.

Inxmail

This website uses Inxmail to send newsletters. The provider is Inxmail GmbH, Wetzinger Straße 17, 79106 Freiburg (hereinafter referred to as Inxmail). Inxmail is a service with which, among other things, the sending of newsletters can be organised and analysed. The data you enter for the purpose of receiving newsletters is processed on Inxmail's servers.

Data analysis by Inxmail

Inxmail enables us to analyse our newsletter campaigns. For example, we can see whether a newsletter message has been opened and which links, if any, have been clicked on. In this way, we can determine, among other things, which links were clicked on particularly often. We can also see whether certain previously defined actions were carried out after opening / clicking (conversion rate). For example, we can see whether you have made a purchase after clicking on the newsletter.

You can find Inxmail's data protection declaration at: https://www.inxmail.de/datenschutz.

Anonymised tracking

We use Inxmail's anonymised tracking, which does not allow us to identify you personally if you have expressly consented to this in advance.

Legal basis

The data processing is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time for the future.

Storage period

The data you provide us with for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter or after the purpose has ceased to exist. We reserve the right to delete or block e-mail addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest pursuant to Art. 6 (1) lit. f DSGVO. Data that has been stored by us for other purposes remains unaffected by this.

After you have unsubscribed from the newsletter distribution list, your email address will be stored by us or the newsletter service provider in a blacklist if necessary to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

Data processing agreement

We have signed a data processing agreement (DPA) with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

Website Cookies

The table below lists the cookies we collect and what information they store. All cookies are technically necessary and are used to ensure the technical performance of the website.

Cookie Name Host(s) Expiration Cookie Description

FORM_KEY

Form_key

thpg.de

.thpg.de

Session

1 hour

Stores randomly generated key used to prevent forged requests.
PHPSESSID thpg.de Session Your session ID on the server.
MAGE MESSAGES thpg.de 1 hour Facilitates caching of content on the browser to make pages load faster.
login_redirect thpg.de Session Preserves the destination page that was loading before the customer was directed to log in. Is only set when required.
      Facilitates caching of content on the browser to make pages load faster.
MAGE-CACHE-STORAGE thpg.de 1 hour Facilitates caching of content on the browser to make pages load faster.
MAGE-CACHE-STORAGE-SECTION-INVALIDATION thpg.de depending on the browser's local storage settings Facilitates caching of content on the browser to make pages load faster.
SECTION_DATA_CLEAN thpg.de 1 hour Facilitates caching of content on the browser to make pages load faster.
SECTION-DATA-IDS thpg.de 1 hour Facilitates caching of content on the browser to make pages load faster.
PRIVATE_CONTENT_VERSION thpg.de 1 day Facilitates caching of content on the browser to make pages load faster.
X-Magento-Vary thpg.de 1 hour This cookie is used to deliver the correct custom views of the shop from the cache.
MATOMO_SESSID stats.thpg.de 2 Weeks Used to save Matomo opt-out status.

THPG-Newsletter:

Stay up to date about new assortments, new products and special promotions. This newsletter will be sent to you at most once a month. Promised.

Your consent to the dispatch is revocable at any time (by e-mail to [email protected] or to the contact details provided in the imprint). The newsletter is sent in accordance with our privacy policy.

Search engine powered by ElasticSuite Copyright © THPG • Thomas Hoof Produktgesellschaft mbH & Co. KG. All rights reserved. All prices shown on this page are inclusive of VAT and exclusive of shipping costs.