Data protection notices and information pursuant to Art. 13 GDPR for this website
General information
This data protection information applies to the brand portal of Ecclesia Holding GmbH. You can find the homepage of our group of companies at https://www.ecclesia.com.
Name and contact details of the person responsible for this website
Ecclesia Holding GmbH
Ecclesiastrasse 1 - 4
32758 Detmold
Phone +49 5231 603-0
Fax +49 5231 603-197
e-mail info@ecclesia-gruppe.de
Contact details of the data protection officer
Ecclesia Holding GmbH
Data Protection Officer
Ecclesiastrasse 1 - 4
32758 Detmold
Telephone +49 5231 603-6129
e-mail dsb(at)ecclesia-group(dot)de
The purposes for which the personal data are processed and the legal basis of the processing:
| Purposes of the processing | Legal basis |
|---|---|
| Operation and optimization of the web store, including storage, processing and synchronization of orders and customer data records. | Legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR |
| Processing the data of registered users (login area/s) | Art. 6 para. 1 lit. b GDPR (necessary for the performance of the contract) Art. 6 para. 1 lit. f GDPR (overriding legitimate interests of the controller) |
| Webshop functions (in particular ordering options and/or shopping cart) | Art. 6 para. 1 lit. f GDPR (legitimate interest of the controller, insofar as it concerns website visitors who do not enter into a pre-contractual or contractual relationship with the controller). Art. 6 para. 1 lit. b GDPR (processing necessary for the performance of a contract or in order to take steps prior to entering into a contract, insofar as it concerns website visitors who enter into a pre-contractual or contractual relationship with the controller). |
| Communicating with customers and processing contact requests, in particular via the contact form. | Legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR |
| Encrypted storage of access data for technical administration and ensuring the IT security of the website and connected systems. | Legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR |
The respective legitimate interests of the controller pursuant to Art. 6 para. 1 lit. f GDPR are as follows
- to enable employees of the Ecclesia Group to order and receive products and services from the brand portal,
- communicate with customers and interested parties of the brand portal as well as other users of the portal,
- to permanently analyze and improve the website and to optimize its user-friendliness.
The provision of your personal data is necessary so that the requested services can be provided.
Recipients of your personal data
Your personal data will only be passed on to third parties with your consent or on the basis of a legal authorization. Your personal data will only be transferred to state institutions and authorities entitled to receive information within the framework of the relevant laws or if we are obliged to do so by a court decision. Our employees are obliged to maintain confidentiality and to comply with the provisions of data protection legislation. We have commissioned appropriate companies to process your personal data on our behalf for the technical implementation of the services provided. These are
| Contractor | Service provided |
|---|---|
| Hetzner Online GmbH Industriestr. 24 91710 Gunzenhausen | Hosting of the website |
| livewelt GmbH & Co. KG Berliner Strasse 133 33330 Gütersloh | Technical services in the operation of the website, as well as in parts the processing of orders |
| Microsoft One Microsoft Way Redmond, WA 98052-6399 USA | Login via Microsoft 365 If individual data is processed outside the EU, Microsoft ensures data protection compliance by agreeing the EU standard contractual clauses. Microsoft also undertakes to comply with the applicable data protection regulations, including the security measures pursuant to Art. 32 GDPR. Further information on data processing by Microsoft can be found in the Microsoft Trust Center and in the Microsoft Privacy Notice. |
| Automattic Inc. 60 29th Street, San Francisco, CA 94110 / USA Aut O'Mattic A8C Ireland Ltd. Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86 WooCommerce, Inc. 60 29th Street, San Francisco, CA 94110 / USA WooCommerce Ireland Ltd. Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86) | Sub-processors of livewelt GmbH & Co. KG, whose services are implemented to process orders. |
Categories of personal data processed when using this website
When using our website, the following data is processed for organizational and technical reasons:
- IP addresses of visitors
- Host name of the accessing computer
- Name of the pages accessed
- Date and time of access
- Browser type and browser version
- Operating system used
- Name of the search engine or external link, referrer URL
- Time of login
- Data on the orders placed (product, number, time)
If you send us data via our online forms, the personal data you provide will be processed to fulfill the respective purpose.
Use of Automattic services (Woocommerce / WordPress)
We use services from the following companies on our website, which are used as subcontractors to process orders placed by logged-in users:
- Automattic Inc.
- Aut O'Mattic A8C Ireland Ltd.
- WooCommerce, Inc.
- WooCommerce Ireland Ltd.
The services of the aforementioned companies (collectively "Automattic" / for the registered office see the section "Recipients of your personal data") are implemented in connection with the use of the cookies used, about which you can read in the section "Cookies and local storage" be informed in detail.
An order processing contract has been concluded with the aforementioned service providers in accordance with Art. 28 GDPR.
Automattic" as a service provider provides information about the processing of the personal data of the data subjects under the following link: https://automattic.com/privacy/.
If personal data is transferred to bodies in the USA in the context of the use of the services of "Automattic", the data transfer is based on the standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR and on the basis of the adequacy decision of the European Commission pursuant to Art. 45 para. 3 GDPR, which is also known as the EU-U.S. Data Privacy Framework (EU-U.S. DPF).
Processing the data of registered users
On our website we have a section "Login", which is only accessible to registered users.
As part of the registration process, we process the following personal data for the following purposes:
E-mail address: for unambiguous identification of the user and for communication
Password: is used for authentication (stored exclusively in encrypted form)
Purpose of the processing:
Provision of a personalized login area, administration of the user account and access to protected content and functions.
Legal basis:
Processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR (fulfillment of the contract or implementation of pre-contractual measures).
If we process your data on the basis of our overriding legitimate interest, our legitimate interest is described in the section "Purposes for which the personal data are processed and the legal basis for processing".
There is no contractual / legal obligation to provide your data as part of the registration / use of the area requiring registration.
Please refer to the section "Purposes for which the personal data is processed and the legal basis for processing" for the legal basis for processing your data in connection with the use of the area requiring registration.
As a registered user, you can log in to our website with your access data and, after successfully logging in, gain access to the content of the area requiring registration.
Cookies and local storage
We use cookies on our website to make our internet presence more user-friendly and functional. Some cookies remain stored on your end device.
These are small text files that are sent from our web server to your browser and stored on your computer's hard disk. No personal data is stored, only an individual pseudonym. This information is used, for example, to recognize you when you navigate our website and to make navigation easier for you.
Depending on their purpose and function, cookies are regularly divided into the following categories:
- Technically necessary cookies to ensure the technical operation and basic functions of our website. This type of cookie is used, for example, to maintain your settings while you navigate the website; or they can ensure that important information is retained throughout the session (e.g. login, shopping cart),
- Statistics cookies to understand how users interact with our website by collecting and analyzing information anonymously only. This provides us with valuable insights to optimize both the website and our products and services,
- Marketing cookies to set targeted advertising activities for users on our website.
The legal basis for the use of technically necessary cookies is based on our legitimate interest in the technically flawless operation and smooth functionality of our website in accordance with Art. 6 para. 1 lit. f GDPR. In addition, the legitimate interests consist of permanently analysing and improving the website, optimizing user-friendliness and detecting and preventing misuse. It is not necessary to obtain consent for these cookies in accordance with Section 25 (2) No. 2 TDDDG, as the use of these cookies is necessary to provide important functions of the website.
Statistics and marketing cookies are not used on our website.
Alternatively, you can also view this website without cookies. You can preset this in your respective browser. Please note that some functions of the website may then no longer be available in full or in part.
Further information about the cookies we actually use (in particular about their purpose and storage duration) can be found in this privacy policy (see below).
We also use local storage functions (also known as "local storage") on our website. This means that data is stored locally in your browser's cache and can continue to exist and be read even after you close the browser - unless you delete the cache or it is session storage.
Third parties cannot access the data stored in Local Storage.
If you do not want data to be saved in local storage, you can control this in the settings of your respective browser. We would like to point out that this may result in functional restrictions.
Below you will find an overview of all cookies used and data stored in the local storage.
| Name | Category | Purpose | Expiry time of cookies | Provider |
|---|---|---|---|---|
| woocommerce_cart_hash | Technically necessary | Assignment of the user's shopping cart | Session cookie | Automattic (see above) |
| woocommerce_item_in_cart | Technically necessary | Saving items in the user's shopping cart | Session cookie | Automattic (see above) |
| wp_woocommerce_session_* | Technically necessary | Saving the user's shopping cart and uncompleted orders | 2 days | Automattic (see above) |
| wordpress_logged_in_* | Technically necessary | Saves whether a user is logged in | Session cookie | Automattic (see above) |
| wordpress_sec_* | Technically necessary | Cookie to protect against hackers, storage of account data. | Session cookie | Automattic (see above) |
| wordpress_test_cookie | Technically necessary | WordPress sets this cookie when you navigate to the login page, it is a check whether cookies work technically, otherwise the login process will fail. | Session cookie | Automattic (see above) |
| wp-setting-* | Technically necessary | Cookie for saving user settings. | 12 months | Automattic (see above) |
| wc_cart_cash | Technically necessary | This local storage entry is used to store products in the shopping cart and ensure that they are not lost when navigating the website. | Until the browser cache is deleted by the user | WooCommerce |
| projects personal_interests |
Technically necessary | Is used to save the user's project-related favorites locally and display them when they visit the site again. | Until the browser cache is deleted by the user | liveworld |
Links to other websites
Our website contains links to other websites. We have no influence on whether their operators comply with data protection regulations. Despite careful checking of the content, we accept no liability for the content of external links. The operators of the linked sites are solely responsible for their content.
Your security
We use technical and organizational measures to protect your data from unauthorized access, loss, manipulation or destruction. Our security measures are constantly updated in line with technological developments.
Duration of storage
The personal data that you have made available to us will be automatically deleted if the purposes of the processing no longer apply. The following storage periods apply in detail:
| Categories of stored data | Deletion period |
|---|---|
| Technical data and protocols to ensure the operation of the website | 12 months |
| Content that you send us via the contact form. | The storage periods for this content depend on the type of information transmitted and the applicable statutory retention periods. |
| Session cookies (session cookies) | Session cookies are deleted when the browser is closed by the user. |
Rights of data subjects/right to lodge a complaint
In accordance with Art. 15 GDPR, you have the right to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data processed by you, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of the rights to rectification, erasure, restriction of processing or objection, the existence of a right of appeal to a supervisory authority, the origin of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information on its details.
In accordance with Art. 16 GDPR, you have the right to demand the immediate correction of incorrect or the completion of your personal data stored by us.
In accordance with Art. 17 GDPR, you have the right to request the deletion of your personal data stored by us, unless there is a legal basis that entitles or obliges us to continue storing the data.
In accordance with Art. 18 GDPR, you have the right to request the restriction of the processing of your personal data if
-the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data,
-the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead,
-we no longer need the personal data for the purposes of the processing, but you require the data for the establishment, exercise or defense of legal claims,
-you have objected to processing pursuant to Article 21 (1) GDPR pending the verification whether our legitimate grounds override your grounds.
In accordance with Art. 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller.
In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of personal data concerning you is in breach of the GDPR.