Privacy Policy

Thank you for your interest in our online presence. The protection and security of your personal data is our highest priority. Personal data includes all types of data with which you can be identified as a person. Therefore, we strictly adhere to the legal provisions of the Federal Data Protection Act (BDSG-neu), the EU-General Data Protection Regulation (GDPR) and the Telemedia Act (TMG).

We would like to point out that Internet-based data transmission (e.g. communication by e-mail) can be subject to security vulnerabilities and that it is therefore impossible to provide complete data protection against access by third parties. It is therefore advisable to use the postal service when sending very sensitive data or information.

In the following, we will inform you transparently and in comprehensible language about the data collection and its scope, for what your data is used and what rights you have. If you have any questions about data protection, please contact us. You will find the contact details under point 1 of this data protection declaration.

1. Responsible in the sense of the data protection law
Atiqullah Ahmaddy
Im Schuhmachergewann 10 / 1
69123 Heidelberg
Germany

Telefon: 0049 - 6221 - 7056695
Fax: 0049 - 6221 - 7056931
E-Mail: info@ahmaddy.de

2. Collection of general information
When you access our website, information of a general nature is automatically collected. This information (server log files) includes

Browser type and version,
used operating system,
Website from which you visit us (referrer URL),
Web page you are visiting (URLs viewed),
Date and time of your access,
Your Internet Protocol (IP) address,
the Internet service provider of the accessing computer.

This anonymous data is stored separately from any personal data you may have entered and thus does not allow any conclusions to be drawn about a specific person.
This information is technically necessary and must be provided when using the Internet. This information is required in order to (1) correctly deliver the content of our website, (2) optimise the content of our website and the advertising for it, (3) ensure the long-term operability of our information technology systems and the technology of our website and (4) provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.
Anonymously collected data of this type is statistically evaluated by us with the aim of optimising our Internet presence and the technology behind it as well as increasing data protection and data security in order to ensure an optimum level of protection for the personal data processed by us.
The anonymous data of the server log files are stored separately from all specified personal data.

3. Registration on our website
3.1 Opening a customer account
If you open a customer account on our website, this is done voluntarily. Registration is not a prerequisite for concluding a contract. Data will only be collected to the necessary minimum, the mandatory data can be recognized by the correspondingly marked input fields.
We only use your data for the purpose for which you have registered or for contract processing. During registration for the use of our personalized services, the following personal data is collected:

First name and surname,
Address,
Phone number,
E-mail address,
if applicable different delivery address, DHL postal number, DHL branch address, DHL Packstation.

If you are registered with us, you can access content and services that we only offer to registered users. With your registration on our site, we will also store your IP address and the date and time of your registration. In the event that a third party misuses your data and registers with this data on our site without your knowledge, this serves as a safeguard on our part.
A passing on to third parties does not take place in principle, provided that no legal obligation exists to the passing on or the passing on serves the criminal prosecution. A comparison of the data collected in this way with data that may be collected by other components of our site does not take place.
Registered users have the possibility, if required, to change or delete the data provided during registration at any time and free of charge. After deletion of your customer account, the data will be blocked and finally deleted after expiry of tax and commercial retention periods, unless you have agreed to further use of your data.

Naturally, we will provide you with information on the personal data we have stored about you at any time upon request. We will also be happy to correct or delete them at your request, unless there are legal obligations to retain them.

To contact us in this context, please use the contact details given under point 1.

3.2 Newsletter subscription
If you subscribe to our free newsletter, data from the registration mask will be transmitted to us. The mandatory data can be recognized by the correspondingly marked input fields and is limited to the required minimum (e-mail address). The data will be used exclusively for sending newsletters. Consent is obtained for the processing of your data during the registration process and reference is made to this data protection declaration. The legal basis for data processing is Art. 6 para. 1 lit. a of the General Data Protection Regulation (GDPR), which enables us to process the data if you have consented to the processing.
 
The subscription to the newsletter (your consent) can be contradicted at any time for the future. In order to revoke your consent, there is a link in every newsletter to unsubscribe from the newsletter. Optionally, the unsubscription can also be done directly via our website. The wish to unsubscribe from the newsletter can of course also be directed to the person responsible for data processing. This person is named under point 1 of this data protection declaration. It is possible to unsubscribe from our newsletter system without incurring any costs other than the transmission costs according to the basic rates.

After cancellation of the newsletter subscription, the data will be deleted, unless you have agreed to a further use, or we reserve the right to a further use (as explained below under 3.3), which is legally permitted.

3.3 E-mail advertising to our existing customers without registering for the newsletter
If you have purchased goods or services on our website and have entered your e-mail address, we may use this to send you a newsletter, unless you have objected to this. In such a case, the newsletter will only be used to send direct advertising for similar goods or services from our range. The legal basis for sending the newsletter as a result of the sale of goods or services is § 7 para. 3 UWG. The legal basis for data processing is Art. 6 Para. 1 lit. f of the General Data Protection Regulation (GDPR), which enables us to process the data in case of a legitimate interest. Our legitimate interest in this case is to send you personalised advertising.
 
You can object to this use of your e-mail address at any time by sending a message to the contact option described under point 1 or via a link provided for this purpose in the advertising mail, without incurring any costs other than the transmission costs according to the basic rates.

4. Cookies
Our website uses so-called cookies. Cookies are text files that are stored on your computer by the Internet browser or the Internet browser itself.

Some elements of our website require that the calling browser can be identified even after a page change. For example, to store and transmit the items in your shopping cart or your login information. The cookies we use are technically necessary cookies which are automatically deleted when the browser is closed. Some cookies remain stored on your device and enable recognition the next time you visit the site. The legal basis for data processing is Art. 6 para. 1 lit. f of the General Data Protection Regulation (GDPR), which enables us to process data in case of a legitimate interest. In this case, our legitimate interest is to offer you a technically error-free and functionally optimized website.

You can set your browser to inform you when cookies are set and to allow these cookies only in individual cases. You can also generally exclude the acceptance of cookies or accept them only in certain cases. You can also set your browser so that cookies are deleted after closing the browser window. Each browser differs in the way it manages the cookie settings. These are described in the help menu of each browser, which explains how you can change your cookie settings.

Please note that if you do not accept cookies, our website will not function properly.

4.1 Technically necessary cookies that are set by our website
The cookie MODsid is a so-called session cookie. This cookie contains as anonymous user information a unique ID, which is used to assign the user to the page called up in order to guarantee the basic functionality of the store, for example the shopping cart function. The session cookie is usually deleted when the browser is closed.
The cookie MODtest is a test cookie to determine whether the browser allows cookies.
The cookie MODtrack is set by the cookie banner and stores the visitor's decision to set cookies.

5. Data security
In order to protect the security of your data during transmission, we use state-of-the-art encryption procedures via SSL or TLS. This applies both to messages via our contact function and to data relating to your order and payment transactions.

Through encryption, your sensitive personal data cannot be intercepted and viewed by unauthorized third parties. You can recognize an encrypted connection by the fact that the address line of the browser begins with "https://" and the lock symbol in the browser line.

The data stored in the systems of our website are protected by passwords and cannot be accessed by unauthorized third parties.

6. Contact form and use of our e-mail address
If you contact us by e-mail or contact form, the information you provide will be used and stored for the purpose of processing your inquiry and for possible follow-up questions. The mandatory data in the mask of the contact form can be recognized by the correspondingly marked input fields. Your data will be deleted after completion of the processing. Your data will not be passed on to third parties. A comparison of the data collected in this way with data that may be collected by other components of our site does not take place.

7. Deletion or blocking of the data
We adhere to the principles of data avoidance and data economy. We therefore only store your personal data for as long as is necessary to achieve the purposes stated here or as provided for by the storage and storage periods stipulated by commercial and tax law.

After the respective purpose has ceased to exist or these periods have expired, the corresponding data will be routinely blocked or deleted in accordance with the statutory provisions, provided that they are no longer required for the performance of the contract or the initiation of the contract.

8. Web Analytics
We do not use tools for web analysis.

9. Social Media Plugins
No social media plugins are used on our websites. If we set links to our social media channels, we only link to our general profile without any function. This profile is publicly accessible without the need for registration or login. We do not transmit any personal data to the social media service in question.

10. Transfer of data to third parties
For payment transactions, the delivery of goods and for the sending of our newsletter, we pass on personal data to the necessary minimum to service providers (third parties).

10.1 Data transmission to shipping service providers
If we pass on your data to our shipping service provider (DHL or UPS), the legal basis for this is Art. 6 para. 1 lit. b of the General Data Protection Regulation (GDPR), which allows us to process the data if this is necessary for the fulfilment of a contract with you or to carry out a pre-contractual measure.

10.2 Transmission of data to payment service providers
If we pass on your data to our payment service providers, the legal basis for this is Art. 6 para. 1 lit. b of the General Data Protection Regulation (GDPR), which allows us to process the data if this is necessary for the fulfilment of a contract with you or to carry out a pre-contractual measure.

10.2.1 PayPal
If you decide to pay with the online payment service PayPal within the framework of your order process, your contact data will be transmitted to PayPal within the framework of the order triggered in this way. PayPal is an offer of PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. PayPal assumes the function of an online payment service provider as well as a trustee and offers buyer protection services.

The personal data transmitted to PayPal is usually first name, surname, address, telephone number, IP address, e-mail address, or other data necessary for the order processing, as well as data related to the order, such as number of items, item number, invoice amount and taxes in percent, billing information, etc.

This transmission is necessary for the processing of your order with the payment method selected by you, in particular for the confirmation of your identity, for the administration of your payment and the customer relationship.

Please note: Personal data can also be passed on by PayPal to service providers, subcontractors or other associated companies, insofar as this is necessary to fulfill the contractual obligations arising from your order or the personal data is to be processed on behalf.
Depending on the payment method selected via PayPal, e.g. invoice or direct debit, the personal data transmitted to PayPal is transmitted by PayPal to credit agencies. This transmission serves the identity and credit check in relation to the order made by you. To find out which credit agencies are involved and which data is generally collected, processed, stored and passed on by PayPal, please refer to PayPal's privacy policy at https://www.paypal.com/uk/webapps/mpp/ua/privacy-full

10.2.2 secupay
The person responsible for processing has integrated the components prepayment/bank transfer, secupay.direct debit, secupay.invoice purchase and secupay.credit card as well as IMMEDIATELY via secupay of secupay AG (hereinafter "secupay"), Goethestr. 6, 01896 Pulsnitz, into this Internet site. secupay is a payment institution within the meaning of the Payment Services Supervision Act (Zahlungsdiensteaufsichtsgesetz, ZAG) and is registered with the Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht, BaFin), Graurheindorfer Str. 108, 53117 Bonn (registration number: 126737) and enables cashless payment of products and services on the Internet.

secupay depicts a procedure by which the purchase price claim is assigned to secupay. This enables a merchant to deliver goods, services or downloads to the customer immediately after the order is placed.

If you, as the person concerned, select "Prepayment / Bank Transfer", "Direct Debit", "Invoice Purchase", "Credit Card", "IMMEDIATE" as the payment option during the ordering process in our online shop, your data will be automatically transmitted to secupay. By selecting this payment option, you consent to the transmission of personal data required for the processing of payments.

In the case of payment processing with "direct debit", "purchase on account" or "credit card", you as the buyer transmit the payment data to secupay. secupay then carries out a technical check of the payment default risk. The online merchant is then automatically informed of the transaction result.

The personal data exchanged with secupay is first name, surname, address, e-mail address, IP address, telephone number or other data necessary for the processing of payments. The data is transmitted for the purpose of payment processing and fraud prevention. The person responsible for processing will also transmit other personal data to secupay if there is a justified interest in the transmission. The personal data exchanged between secupay and the person responsible for processing may be transmitted by secupay to credit agencies. The purpose of this transmission is to check identity and creditworthiness. The identity and creditworthiness check does not take place when payment is made by advance payment / bank transfer.

If necessary, secupay passes on the personal data to affiliated companies and service providers or subcontractors, insofar as this is necessary to fulfil the contractual obligations or the data is to be processed by order.

You have the option of withdrawing your consent to secupay to handle personal data at any time. A revocation does not affect personal data that must be processed, used or transmitted for (contractual) payment processing.

The applicable data protection regulations of secupay can be found under https://www.secupay.com/de/datenschutz.

When paying with Sofort via secupay, the online payment system of SOFORT GmbH, Theresienhöhe 12, D-80339 Munich, the data you entered during the order process will be entered into the digital transfer form provided by SOFORT GmbH and will be transmitted encrypted together with your online banking data (PIN and TAN) by SOFORT GmbH to your bank for the execution of the transfer. Your online banking data will not be stored by the person responsible for processing, secupay, nor by SOFORT GmbH. SOFORT GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden). Please click on the following link for the data protection declaration: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy.

10.3 Data transmission for sending the newsletter
We send our newsletter with the newsletter service Cleverreach GmbH & Co KG, Mühlenstr. 43, 26180 Rastede, Germany. Cleverreach is a member of the Certified Senders Alliance and was selected according to the requirements of the General Data Protection Regulation and the Federal Data Protection Act. We transmit your e-mail address to CleverReach only for the purpose of sending you our newsletter. CleverReach is prohibited from selling your data and using it for any other purpose than sending newsletters. Your data is stored by CleverReach in such a way that other CleverReach customers or third parties cannot access this data. For further information, please refer to the CleverReach privacy policy: https://www.cleverreach.com/en/privacy-policy/.

11. Your rights against the person responsible for the data processing
Below we list the rights you have under the General Data Protection Regulation vis-à-vis the person responsible for data processing. The person responsible is named under point 1 of this data protection declaration. If we process personal data from you, you are a "data subject" within the meaning of the General Data Protection Regulation. If you, as a data subject, wish to exercise your rights, you can contact the person responsible mentioned under point 1 at any time.

11.1 Right to information
Any person concerned by the processing of personal data shall have the right to obtain at any time from the controller, free of charge, information concerning the personal data relating to him which have been stored and a copy of that information. You may also obtain information on the following information:

the processing purposes,
the categories of personal data that will be processed,
the recipients or categories of recipients with whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations,
if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration,
the existence of a right to rectify or erase personal data concerning him or her or to have the processing restricted by the controller or to object to such processing,
the existence of a right of appeal to a supervisory authority (responsible is the data protection officer of the federal state in which we are based; addresses and links can be found here, in german language only),
if the personal data are not collected from the data subject: all available information on the origin of the data,
the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) of the DS Block Exemption Regulation and, at least in these cases, meaningful information on the logic involved and the scope and intended impact of such processing on the data subject.

The data subject also has the right to know whether personal data have been transferred to a third country or to an international organisation. If this is the case, the data subject shall also have the right to obtain information on the appropriate safeguards in connection with the transfer.

11.2 Right to rectification
Any person data subject to the processing of personal data has the right to obtain the rectification without delay of inaccurate personal data concerning him or her. Furthermore, the data subject shall have the right, having regard to the purposes of the processing, to request the completion of incomplete personal data, including by means of a supplementary statement.

11.3 Right to deletion (right to be forgotten)
Any data subject shall have the right to obtain from the controller the immediate erasure of personal data relating to him or her for any of the following reasons and in so far as the processing is not necessary:

The personal data were collected for such purposes or processed in other ways for which they are no longer necessary.
The data subject withdraws his consent on which the processing was based pursuant to Art. 6 para. 1 letter a GDPR or Art. 9 para. 2 letter a GDPR and there is no other legal basis for the processing.
The data subject objects to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate reasons for the processing or the data subject objects to the processing pursuant to Art. 21 para. 2 GDPR.
Personal data have been processed unlawfully.
The deletion of personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the data controller is subject. The personal data were collected in relation to information society services offered pursuant to Art. 8 para. 1 GDPR.

If one of the above-mentioned reasons applies and a person concerned wishes to have personal data stored by us deleted, he or she can contact the responsible person mentioned under point 1 at any time. The request for deletion will be complied with immediately.

11.3.1 Information to third parties
If the data controller has made the personal data concerning you public and is obliged to delete them in accordance with Art. 17 para. 1 GDPR, he shall take appropriate measures, also of a technical nature, taking into account the available technology and the implementation costs, to inform the data controllers processing the personal data that you, as the data subject, have requested them to delete all links to this personal data or copies or replications of this personal data. The responsible person mentioned under point 1 will take the necessary steps in individual cases.

11.3.2 Exceptions
The right to deletion does not exist if the processing is necessary

on the exercise of freedom of expression and of information;
to fulfil a legal obligation which the processing requires under the law of the Union or of the Member States to which the controller is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit. and i and Art. 9 para. 3 GDPR
for archive purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the aforementioned law presumably makes the realisation of the objectives of such processing impossible or seriously impairs them, or
for the assertion, exercise or defence of legal claims.

11.4 Right to restrict processing
Any person concerned by the processing of personal data has the right to obtain from the controller the limitation of the processing, if one of the following conditions is met:

The accuracy of the personal data is disputed by the data subject for a period of time which allows the data controller to verify the accuracy of the personal data.
The processing is unlawful, the data subject refuses the deletion of the personal data and demands instead the restriction of the use of the personal data.
The data controller no longer needs the personal data for the purposes of processing, but the data subject needs them for the assertion, exercise or defence of legal claims.
The data subject has lodged an objection to the processing pursuant to Art. 21 (1) GDPR and it is not yet clear whether the legitimate reasons of the data controller outweigh those of the data subject.

If one of the above-mentioned conditions is met and a person concerned wishes to request the restriction of personal data stored by us, he or she can contact the responsible person named under point 1 at any time. He will initiate the restriction of the processing.

11.5 Right to information
If you have exercised the right to rectify, cancel or limit the processing of your personal data, the data controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification, cancellation or limitation of processing, unless this proves to be impossible or involves a disproportionate effort.
You have the right vis-à-vis the person responsible to be informed of these recipients.

11.6 Right to data transferability
Any data subject involved in the processing of personal data has the right to obtain personal data concerning him or her which have been provided by the data subject to a controller in a structured, common and machine-readable format. It shall also have the right to communicate such data to another controller without interference from the controller to whom the personal data have been provided, provided that the processing is based on consent pursuant to Art. 6 para. 1 letter a GDPR or Art. 9 para. 2 letter a GDPR or on a contract pursuant to Art. 6 para. 1 letter b GDPR and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task in the public interest or in the exercise of official authority entrusted to the controller.

Furthermore, when exercising his right to data transferability pursuant to Art. 20 para. 1 GDPR, the data subject shall have the right to obtain that the personal data be transferred directly from one responsible party to another responsible party, insofar as this is technically feasible and insofar as this does not impair the rights and freedoms of other persons.

11.7 Right of opposition
Any person concerned by the processing of personal data has the right to object at any time and with future effect to the processing of personal data concerning him or her carried out on the basis of Article 6(1)(e) or (f) of the Data Protection Regulation for reasons relating to his or her particular situation. This also applies to profiling based on these provisions.
In the event of objection, we will no longer process the personal data unless we can prove compelling grounds for processing worthy of protection which outweigh the interests, rights and freedoms of the person concerned or the processing serves the assertion, exercise or defence of legal claims.
If we process personal data in order to conduct direct advertising, the person concerned has the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling in so far as it is connected with such direct advertising. If the data subject objects to our processing for the purposes of direct marketing, we will no longer process the personal data for these purposes.
The data subject shall be free to exercise his right of objection in relation to the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures involving the use of technical specifications.

11.8 Automated decisions in individual cases including profiling
Any person data subject to the processing of personal data shall have the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects upon him or her or significantly affects him or her in a similar manner, unless the decision (1) is necessary for the conclusion or performance of a contract between the data subject and the controller, or (2) is authorised by legislation of the Union or of the Member States to which the data controller is subject and which provides for adequate measures to safeguard the rights and freedoms and the legitimate interests of the data subject or (3) is taken with the express consent of the data subject.

If the decision (1) is necessary for the conclusion or performance of a contract between the data subject and the data controller, or (2) is made with the express consent of the data subject, we shall take reasonable steps to safeguard the rights and freedoms and the legitimate interests of the data subject, including at least the right to have the data subject intervene, to state his or her point of view and to contest the decision.

11.9 Right to revoke the data protection consent
Any person concerned by the processing of personal data has the right to withdraw consent to the processing of personal data at any time. The revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until revoked.

11.10 Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State where you are staying, at your place of work or at the place where the alleged infringement is alleged, if you consider that the processing of your personal data is contrary to the GDPR.

The supervisory authority with which the complaint was lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 of the Basic Regulation on Data Protection.

12. Existence of automated decision making including profiling
As a responsible company, we refrain from automatic decision-making or profiling.

13. Necessity for the provision of personal data
We will inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary for a contract to be concluded that you make personal data available to us, which must then be processed by us.
For example, you are obliged to provide us with personal data when we enter into a contract with you. Failure to provide personal data would mean that the contract could not be concluded with you. The person responsible can inform you on a case-by-case basis whether the provision of personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what consequences the non-availability of the personal data would have. Please contact the responsible person mentioned under point 1.

14. Legal basis for the processing
Art. 6 para. 1 lit. a GDPR serves as a legal basis for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of other services or consideration, the processing is based on Art. 6 para. 1 lit. b GDPR. The same shall apply to such processing operations which are necessary for the implementation of pre-contractual measures, for example in cases of inquiries regarding our products or services.

If our company is subject to a legal obligation which requires the processing of personal data, for example to fulfil tax obligations, the processing is based on Art. 6 para. 1 lit. c GDPR. In rare cases, the processing of personal data may become necessary in order to protect the vital interests of the person concerned or another natural person. This would be the case, for example, if a visitor to our business were injured and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 para. 1 lit. d GDPR.

Ultimately, processing operations could be based on Art. 6(1)(f) GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to safeguard our legitimate interests or those of a third party, provided that the interests, fundamental rights and fundamental freedoms of the data subject do not predominate. Such processing operations are permitted to us in particular because they have been specifically mentioned by the European legislator. In this respect, it was of the opinion that a legitimate interest could be assumed if the data subject is a customer of the data controller (recital 47 sentence 2 GDPR).

15. Change of our data security regulations
We reserve the right to amend this data protection declaration as necessary to ensure that it always complies with current legal requirements or to implement changes to our services in the data protection declaration, e.g. when introducing new services. Your renewed visit will then be subject to the new data protection declaration.