Privacy Policy

(Version: 01.09.2019)

You can in principle use our Website www.djuma.de and www.djuma.net (hereinafter “the Website”) without providing any personal data. If any of your personal data is processed, you are the “data subject” within the meaning of the General Data Protection Regulation (= GDPR). If a user or a data subject wishes to use services via our Website the processing of personal data may become necessary. If the processing of personal data is required and there is no legal basis for such processing, then we obtain the consent of the data subject. The processing of personal data (for example, the name, address, e-mail address of an data subject) is always in accordance with the Basic Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations that apply to us.

With the following privacy policy, we would like to inform you about the nature, extent and purpose of the personal data collected, used and processed by us. Likewise, as a user or data subject, you are informed of your rights under this privacy policy. As the controller for the processing, we have implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through our Website. However, data transmissions over the Internet can generally contain security holes. Thus, no complete protection can be guaranteed. Therefore, of course, each data subject may alternatively also, for example, by telephone, transfer personal data. The following information also applies to this type of data collection and processing.

I. Name and address of the controller

The controller within the meaning of the GDPR and other national data protection laws of the member states as well as other data protection regulations and the following explanations and information is the:

Djuma GmbH
Wagnerstrasse 8
80802 Munich
Phone: +49.89.238861-0
info@djuma.de

Managing Director: Peter Wartelsteiner
Commercial Register: AG Munich HRB 133814

II. Definitions

This Privacy Policy makes use of the definitions used by the European Regulatory Authority when adopting the GDPR. These can be found in Art. 4 GDPR.

III. General information about data processing

1. Scope of processing of personal data

In principle, we process personal data of our users only to the extent necessary to provide a functioning Website and our services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies to cases in which prior consent is not possible for reasons of fact and the processing of the data is permitted by law.

2. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 (1) lit. a EU General Data Protection Regulation (GDPR) is the legal basis.

In the processing of personal data necessary for the performance of a contract of which the data subject is a party, Art. 6 (1) lit. b GDPR is the legal basis. This also applies to processing operations required to carry out pre-contractual measures.

Insofar as the processing of personal data is required to fulfil a legal obligation that our company is subject to, Art. 6 (1) lit. c GDPR is the legal basis.

In the event that vital interests of the data subject tor another natural person require the processing of personal data, Art. 6 (1) lit. d GDPR is the legal basis.

If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interest, fundamental rights and fundamental freedoms of the data subject do not outweigh the former interest, Art. 6 (1) lit. f GDPR is the legal basis for processing.

3. Data deletion and storage duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage is deleted. In addition, it may be stored if provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. A blocking or deletion of the data takes place even if a storage period prescribed by the mentioned standards expires, unless there is a need for further storage of the data for a conclusion of contract or a fulfilment of the contract.

IV. Provision of the Website and creation of logfiles

1. Description and scope of data processing

You can basically use our Website without disclosing your identity. However, every time our Website is accessed, our system automatically collects data and information from the computer system of the calling computer. The following data are usually collected without their intervention:

(1) Information about the browser type and version used
(2) The operating system of the user
(3) The Internet service provider of the user
(4) The IP address of the user
(5) Date and time of access
(6) Websites from which the user’s system accesses our Website
(7) Websites accessed by the user’s system through our Website

The data is stored in the log files of our system. Not concerned by this are the IP addresses of the user or other data that allow the assignment of the data to a user. A storage of this data together with other personal data of the user does not take place.

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 (1) lit. f GDPR.

3. Purpose of the data processing

The temporary storage of the IP address by the system is necessary to allow delivery of the Website to the computer of the user. To do this, the user’s IP address must be kept for the duration of the session.

Storage in log files is done to ensure the functionality of the Website. In addition, the data is used to optimize the Website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

The above stated purposes are also our legitimate interest in the processing of data according to Art. 6 (1) lit. f GDPR. In no case will we use the data collected for the purpose of drawing conclusions about the data subject.

4. Duration of storage

The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. In the case of collecting the data for providing the Website, this is the case when the respective session is completed.

In the case of storing the data in log files, this is the case after seven days. An additional storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.

5. Objection and removal options

The collection of the data for the provision of the Website and the storage of the data in log files is essential for the operation of the Website. There is consequently no option of contradiction on the part of the user.

V. Use of cookies

1. Description and scope of data processing

Our Website does not create cookies in the public domain, we do not identify users on the site and we do not conduct tracking. However, our Website uses cookies to control access to a password-protected area, if existing. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When a user visits our Website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the Website is reopened.

In the case of a login in a password-protected area only temporarily valid session cookies are used in the main memory of the browser, which are lost again after closing the browser. These session cookies do not contain an IP address, so tracing or identifying the visitors via these temporary session cookies is not possible.

To register in a password-protected area, if existing, we need your name, first name and your e-mail address. The user data is stored on the web server. Access to the data is exclusively encrypted via https. After registration, you will be asked to confirm the registration by e-mail to the specified e-mail address. You can then go to the password-protected area for further information retrieve.

2. Legal basis for data processing

The legal basis for the processing of personal data using cookies is Art. 6 (1) lit. f GDPR.

3. Purpose of the data processing

The setting of the cookie is necessary so that we can ensure that only authorized persons have access to the password-protected area, without us knowing which persons are accessing exactly. We need your data in order to check whether you are entitled to access the protected area, in particular, this area is intended only for commercial customers, especially for existing customers but also for interested parties.

For these purposes, our legitimate interest in the processing of personal data pursuant to Art. 6 (1) lit. f GDPR.

4. Duration of storage, objection and removal options

Cookies are stored on the computer of the user and transmitted by this to our side. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our Website, it may not be possible to use all the functions of the Website to the full. Incidentally, with the session cookies used here, the deletion is done by closing the browser.

Your data provided at registration will be deleted once the purpose has been achieved. This is the case if we assume that you no longer want to access a protected area.

Access to a protected area can be terminated by the user concerned at any time. Please contact us for this under the contact details given in the imprint or under Section I. This also allows a revocation of the consent of the storage of the personal data collected during the registration process.

VI. Newsletter

1. Description and scope of data processing

aa) On our Website you can, if applicable, subscribe to a free newsletter. When you sign up for the newsletter, the data from the input mask are sent to us, namely

(1) Salutation, first name, last name, company
(2) A valid e-mail address
(3) Address
(4) Telephone number (landline and /or mobile)

In addition, the following data is collected at the time of registration, namely:

(1) IP address of the calling computer
(2) Date and time of registration

For the processing of the data, your consent is obtained during the registration process and reference is made to this privacy policy.

bb) If you purchase goods via our Website and deposit your e-mail address here, this can subsequently be used by us for sending a newsletter. In such a case, the newsletter will only send direct mail for own similar goods or services.

cc) In connection with the processing of data for the sending of newsletters, there is no disclosure of the data to third parties. These data are used exclusively for sending the newsletter.

2. Legal basis for data processing

aa) Legal basis for the processing of the data after the user has registered for the newsletter is the consent of the user Art. 6 (1) lit. a GDPR.

bb) The legal basis for sending the newsletter as a result of the sale of goods or services is § 7 (3) UWG (= Law against unfair competition)

3. Purpose of the data processing

The collection of the user’s e-mail address serves to deliver the newsletter. The collection of other personal data as part of the registration process is intended to prevent misuse of the services or the e-mail address used.

4. Duration of storage

aa) The data will be deleted as soon as they are no longer necessary for the purpose of their collection. The user’s e-mail address will be saved as long as the subscription to the newsletter is active.

bb) If the newsletter is sent on the Website due to the user’s registration, the following also applies: The other personal data collected during the registration process are usually deleted after a period of seven days.

5. Objection and removal options

aa) Subscription to the newsletter may be terminated at any time by the user concerned. For this purpose, there is a corresponding link in each newsletter about the termination or deactivation.

bb) If the newsletter is sent on the basis of the user’s registration on the Website or on the basis of the use of a contact form, a revocation of the consent of the storage of the personal data collected during the registration process is also made possible.

VII. Registration

1. Description and scope of data processing

On our Website, we offer users, if applicable, the option of registering for a business partner area. Your data will in such a case be entered in a form on the Website and sent to us online and then stored. Disclosure of the data to third parties will only take place exceptionally (see Sections IX and X).

The following data may be collected in individual cases during the registration process:

(1) Title
(2) First name, last name, company
(3) A valid email address
(4) Address
(5) Telephone number (landline and/or mobile)

At the time of registration, the following data is also stored:

(1) The IP address of the user
(2) Date and time of registration

As part of the registration process, the consent of the user to process the data is obtained.

2. Legal basis for data processing

aa) Legal basis for the processing of the data is in the presence of the consent of the user Art. 6 (1) lit. a GDPR.

bb) If the registration serves to fulfil a contract of which the user is a party or if it serves the purpose of implementing pre-contractual measures, an additional legal basis for the processing of the data is Art. 6 (1) lit. b GDPR.

3. Purpose of data processing at registration

aa) A registration of the user’s data may be required for the provision of certain content and services on our Website, for example in order to identify the user during subsequent visits to the Website and to submit personalized offers to him.

bb) The registration may also be required to fulfil a contract with the user or to carry out pre-contractual measures. The collection of these data is then carried out in particular

(1) to identify you as our customer;
(2) to process, fulfil and process your order;
(3) to be able to communicate with you;
(4) for billing purposes;
(5) to settle possible liability claims, as well as the assertion of any claims against you;
(6) to ensure the technical administration of our Website;
(7) to manage our customer data
(8) for the purpose of direct mail

4. Duration of storage

The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection.

If the registration does not conclude a contract with the user, then this is the case for the data collected during the registration process, if the registration on our Website is cancelled or changed.

If the registration serves to conclude a contract with the user, then this is the case for the data collected during the registration process for the execution of a contract or for the performance of pre-contractual measures, when the data is no longer necessary for the execution of the contract. Even after the conclusion of the contract, there may be a need to store personal data of the contracting party in order to be able to fulfil contractual or legal obligations. Continuing obligations require the storage of personal data during the contract period. For purchase contracts, warranty periods must be observed. In addition, the storage of data also serves for tax purposes. The retention periods to be adhered to here can not be determined on a flat-rate basis, but must be determined on a case-by-case basis for the respective contracts and contractual parties.

5. Objection and removal options

As a user, you have the option of cancelling the registration at any time. The personal data stored about you can be changed at any time. Follow the instructions on the Website during the deletion process.

If the registration is used to conclude a contract with the user and if the data is required to fulfil a contract or to carry out pre-contractual measures, the data can only be deleted prematurely, provided that there are no contractual or legal obligations to cancel the deletion.

VIII. Contact form and e-mail contact

1. Description and scope of data processing

An email address will be provided on our Website and a contact form is available. Both can be used for electronic contact.

If a user realizes this possibility, the data entered in the input form of the contact form will be transmitted to us and saved. These data are:

(1) Salutation, first name, last name, company
(2) a valid email address,
(3) Address
(4) telephone number (landline and / or mobile)

At the time of sending the message, the following data is also stored:

(1) The IP address of the user
(2) Date and time of registration

For the processing of the data, your consent is obtained during the sending process and reference is made to this privacy policy.

If the user contacts us via the provided e-mail address, the user’s personal data transmitted by e-mail will be stored.

There is no disclosure of data to third parties in this context. The data is used exclusively for processing the conversation.

2. Legal basis for data processing

Legal basis for the processing of the data is in the presence of the consent of the user Art. 6 (1) lit. a GDPR.

The legal basis for the processing of the data transmitted in the course of sending an e-mail is Art. 6 (1) lit. f GDPR. If the e-mail contact aims to conclude a contract, then additional legal basis for the processing is Art. 6 (1) lit. b GDPR.

3. Purpose of the data processing

The processing of the personal data from the input mask serves us only to process the contact. In the case of contact via e-mail, this also includes the necessary legitimate interest in the processing of the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of storage

The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. For the personal data from the input form of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation ends when it can be inferred from the circumstances that the facts are finally clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days.

5. Objection and removal options

The user has the opportunity to withdraw his consent to the processing of personal data at any time.

If the user contacts us by e-mail, he may object to the storage of his personal data at any time. In such a case, the conversation can not continue.

In the event of a waithdrawal or an objection, follow the instructions on the Website.

IX. Transfer of data to Payment Services

A transfer of your personal data from us to third parties is made to Payment Services commissioned in the context of the contract with the payment matter. In this case, the disclosure of your personal data is limited to the required minimum. The legal basis for the transfer is Art. 6 (1) sentence 1 lit. b GDPR.

If you choose a payment via PayPal, credit card, EC card, Sofortüberweisung (instant transfer) etc., we will pass on your payment data as part of the payment process to the payment service.

PayPal reserves the right to conduct a credit check for payment methods via credit card via PayPal, direct debit via PayPal or "purchase on account" via PayPal. The result of the credit check for the statistical probability of default is used by PayPal for the purpose of deciding on the provision of the respective payment method. The credit information can contain probability values ​​(so-called score values). Insofar as score values ​​are included in the results of the credit rating, they are based on a scientifically recognized mathematical-statistical procedure. In the calculation of the score values, inter alia, address data is incorporated. Further data protection information can be found in the PayPal Privacy Policy: https://www.paypal.com/en/webapps/mpp/ua/privacy-full

A transfer of your personal data to a payment service for a purpose other than the fulfilment of their liabilities does not take place.

X. Disclosure of personal data to third parties

Except in the cases mentioned above (registration for a member area, registration for a newsletter, etc.), we only pass on your personal data to third parties if:

– You, pursuant to Art. 6 (1) lit. a GDPR have given your express consent to this

– This, pursuant to Art. 6 (1) lit. b GDPR is required for the performance of a contract with you,

– in the event that disclosure pursuant to Art. 6 (1) lit. c GDPR a legal obligation

– A transfer of personal data to a third country (outside the EU) or an international organization is excluded.

XI. Social plugins

We use social plugins (plugins) from various social networks. These plugins are recognizable by the respective logos.

If you call up a Website of our Internet presence with corresponding social plugins, your browser establishes a direct connection with the servers of the respective operator of the logo (eg "facebook.com", "instagram.com", "pinterest.com", twitter.com "). The content of the plugin is transmitted by the service provider directly to your browser and integrated by the provider in the Website. Please note that data processing by the social network operators may take place outside the European Union. In addition, we have no influence on the extent of the data, which are collected through the use of social plugins and therefore inform you according to our knowledge: By integrating social plugins, the providers receive the information that you have accessed the corresponding Website of our Website. If you are logged in to a social network such as Facebook, Instagram, etc., this provider can assign the visit to your user account. If you log out, the assignment to the user account is prevented. If you interact with the plugin, e.g. press the Facebook "Like-Button" or leave a comment, the corresponding information is transmitted directly from your browser to the respective service provider and stored there. If you are not a member of a social network, there is still the possibility that the provider learns and stores your IP address. Purpose and scope of the data collection by the further processing and use of the data by the service provider and your related rights, please refer to the privacy policy of each operator, for example:

–  https://www.facebook.com/policy.php

–  https://help.instagram.com/519522125107875

–  https://twitter.com/de/privacy

–  https://policy.pinterest.com/de/privacy-policy

XII. Rights of the data subject

If any of your personal data is processed, you are the data subject within the meaning of the GDPR and you have the rights described above and below towards the controller.

You as the data subject can exercise your rights via the contact details shown in Section I.

1. Right to information

You shall have the right to obtain from the controller (see Section I) confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the following information:

(1) the purposes of the processing;

(2) the categories of personal data concerned;

(3) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;

(4) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

(5) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;

(6) the right to lodge a complaint with a supervisory authority;

(7) where the personal data are not collected from the data subject, any available information as to their source;

(8) the existence of automated decision-making, including profiling, referred to in Art. 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer.

2. Right to rectification

You shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

3. Right to restriction of processing

You shall have the right to obtain from the controller restriction of processing where one of the following applies:

(1) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;

(2) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;

(3) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;

(4) the data subject has objected to processing pursuant to Art. 21 (1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

Where processing has been restricted under Art. 18 (1) GDPR, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

 A data subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction of processing is lifted.

4. Right to erasure

a) Obligation of erasure

You shall have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

(1) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

 (2) the data subject withdraws consent on which the processing is based according to point (a) of Art. 6 (1) GDPR, or point (a) of Art. 9 (2) GDPR, and where there is no other legal ground for the processing;

 (3) the data subject objects to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21 (2) GDPR;

(4) the personal data have been unlawfully processed;

(5) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;

 (6) the personal data have been collected in relation to the offer of information society services referred to in Art. 8 (1) GDPR.

b) Information to third parties

Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

c) Exceptions

The right to erasure does not exist if the processing is necessary

(1) for exercising the right of freedom of expression and information;

(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Art. 9 (2) GDPR as well as Art. 9 (3) GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) GDPR in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

(5) for the establishment, exercise or defence of legal claims.

5. Right to information

If you have the right of rectification, erasure or restriction of the processing to the controller, he / she is obliged to notify all recipients to whom the personal data concerning you have been corrected or deleted or processing restricted, unless: this proves to be impossible or involves a disproportionate effort.

You have the right to be informed about these recipients.

6. Right to Data Portability

You shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

(1) the processing is based on consent pursuant to point (a) of Art. 6 (1) GDPR or point (a) of Art. 9 (2) GDPR or on a contract pursuant to point (b) of Art. 6 (1) GDPR; and

(2) the processing is carried out by automated means.

In exercising your right to data portability pursuant to Art. 20 (1) GDPR, you shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.

The right referred to in Art. 20 (1) GDPR shall not adversely affect the rights and freedoms of others.

7. Right to object

You shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Art. 6(1), including profiling based on those provisions.

The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise his or her right to object by automated means using technical specifications.

8. Right to withdraw the consent to data processing

You shall have the right to withdraw your consent to data processing at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

9. Automated individual decision-making, including profiling

You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision:

(1) is necessary for entering into, or performance of, a contract between you and a data controller;

(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or

(3) is based on the data subject’s explicit consent.

The Decisions referred to shall not be based on special categories of personal data referred to in Art. 9 (1) GDPR, unless point (a) or (g) of Art. 9 (2) GDPR applies and suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests are in place.

In the cases referred to in points (1) and (3) above the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

10. Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

This website uses cookies. By using this website, you agree to the use of cookies. Privacy Information