Data Protection Statement
The protection of your private sphere is for us of great importance. In what follows we inform you in detail about the handling of your data.
1. Name and Contact Data of the Processing Controller and of the Works Data Protection Officer
This data protection information applies to the data processing by
Rammstein Merchandising oHG (hereinafter: Rammstein)
2. Collection and Storage of Personal Data and the Nature and Purpose of its Use
a) During a Visit to the Website
On calling up our website shop.rammstein.de information is automatically sent to the server of our website by the browser used by your terminal device. This information is temporarily stored in a so-called log file. The following information is thereby recorded without your involvement and is stored until its automatic deletion:
- the IP address of the visiting computer
- the date and time of access
- the name and URL of the file called up
- the website from which the access took place (referrer URL)
- the browser used and, sometimes, the operating system of your computer and the name of your access provider.
The data mentioned is processed by us for the following purposes:
- to ensure smooth connecting to the website
- to ensure comfortable use of our website
- for evaluation of the system's security and stability
- for further administrative purposes.
The legal basis for the data processing is article 6, paragraph 1, sentence 1, letter f of DSGVO [GDPR]. Our legitimate interest arises from the above-listed purposes of data acquisition. In no case do we use the data collected for purposes of drawing inferences to your person. In addition to this, during visits to our website we employ cookies and analytic services. More detailed explanations on this can be found under points 4 and 5 of this data-protection statement.
b) Online Shop
We process inventory data (e.g. names, addresses and contact data of users), contract data (e.g. services used, names of contact persons, payment information) for purpose of satisfying our contractual obligations and service offers in accordance with article 6, paragraph 1, letter b of DSGVO [GDPR].
You can optionally open a user account in which you can, in particular, view your orders. In the context of the registration, you are informed of the required disclosures. The user accounts are not public and cannot be indexed by search engines. If you have cancelled your user account, its data relating to the user account is deleted, unless this data must be kept for commercial-law or tax-law reasons, in accordance with article 6, paragraph 1, letter c of DSGVO [GDPR]. In cases of cancellation, you are responsible for securing your data before the end of the contract. We are entitled to irrevocably delete all data stored during the period of the contract.
In the context of registration and renewed log-ons, as well as during utilization of our online services, the IP address and the time of the respective user activity are stored. The storage is undertaken on the basis of our legitimate interests, as well as on that of the user to protection against misuse and other unauthorized utilization. On principle, no passing-on of this data to a third party takes place, except for cases in which this is necessary for the pursuit of our claims, or if there is a statutory obligation in accordance with article 6, paragraph 1, letter c of DSGVO [GDPR].
We process utilization data (e.g. the web pages of our online offer visited, interest in our products) and data content (e.g. disclosures made in the contact form or user profile) for advertising purposes in a user profile in order, for example, to slot in product information based on your previously interest shown.
c) Bei Anmeldung für unseren Newsletter
If, in keeping with article 6, paragraph 1, sentence 1, letter a. of DSGVO [GDPR], you have explicitly consented to this, we will make use of your e-mail address for purposes of regularly sending you our newsletter. Our interest is directed towards deploying a user-friendly and secure newsletter systems that both serves our business interests and corresponds to the expectations of the users. For receipt of the newsletter disclosure of an e-mail address is sufficient. Optionally, we ask you to give your name and your country, for purposes of addressing you personally, as well as country-specific information, in the newsletter.
Double-Opt-In and Keeping Records. Registration for our newsletter makes use of a so-called double-opt-in procedure, i.e. after the registration you are sent an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that nobody can log-on with someone else's e-mail address. The log-ons to the newsletter are recorded in order to be able to verify the registration process in keeping with the legal requirements. This includes storage of the times of registration and confirmation, as well as of the IP address. The changes in your data stored with the dispatch service are also recorded.
Dispatch Service. The dispatch of the newsletter is undertaken by "MailChimp", a newsletter-dispatch platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can read the data-protection provisions of the dispatch service here: https://mailchimp.com/legal/privacy/. The e-mail addresses of our newsletter recipients, as well as their further data described in the context of this information, are stored on the servers of MailChimp in the USA. MailChimp uses this information to dispatch and to evaluate the newsletter on our behalf. Furthermore, according to its own information MailChimp can use this data for optimization or improvement of its own services, e.g. for technical optimization of the dispatch service and for presentation of the newsletter, or for economic purposes, to determine from which countries the recipients come. MailChimp does not, however, use the data of our newsletter recipients to contact them itself, nor does it pass on the data to a third party. We trust in MailChimp's reliability and in its IT and data security. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield agreement and hereby provides a guarantee that the European level of data protection will be complied with (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active).
Cancellation is possible at any time, e.g. via a link at the end of each newsletter. Alternatively, you can send your cancellation by e-mail to email@example.com, again at any time.>
d) On Using Our Contact Form
With enquiries of whatever sort we offer you the possibility of contacting us via a form provided on the website. Here the disclosure of a valid e-mail address is necessary, so that we know where the enquiry came from and are able to send a reply. Further disclosures can be made voluntarily.
The data processing for purposes of establishing contact with us is undertaken in keeping with article 6, paragraph 1, sentence 1, letter a of DSGVO [GDPR] on the basis of your freely given consent.
The personal data collected by us for use of the contact form is automatically deleted after conclusion of your enquiry.
3. Passing-On of Personal Data
No transfer of your personal data to a third party for purposes other than those listed below takes place.
We only give your personal data to a third party if
- you have given your explicit consent to this in keeping with article 6, paragraph 1, sentence 1, letter a of DSGVO [GDPR]
- the passing-on is necessary, in keeping with article 6, paragraph 1, sentence 1, letter f of DSGVO [GDPR], for purposes of assertion, exercising or defence of legal claims and there is no reason to suspect that you have a predominant legitimate interest in your data not being passed on
- a statutory obligation exists for the transfer, in keeping with article 6, paragraph 1, sentence 1, letter c of DSGVO [GDPR]
- this is legally permissible and, in keeping with article 6, paragraph 1, sentence 1, letter b of DSGVO [GDPR], is necessary for the processing of contractual relationships with you.
Information that in each case has to do with the specific terminal device deployed is stored in the cookie. This does not mean, however, that we thereby have direct knowledge of your identity.
In addition to this, we also make use of temporary cookies, which are stored on your terminal device for a certain fixed period and serve to optimize user-friendliness. When you visit our site again in order to make use of our services it is automatically recognized that you have previously visited us, and which input and settings you then made use of, i.e. you need not enter these again.
We also employ cookies to statistically record and evaluate the use made of our website, and for purposes of optimizing of our offer for you. These cookies make it possible for us to automatically recognize, on a renewed visit to our site, that you have previously visited us. These cookies are automatically deleted, in each case, after a specified period.
The data processed by cookies is necessary for the specified purposes and for safeguarding our legitimate interests and those of third parties, in keeping with article 6, paragraph 1, sentence 1, letter f of DSGVO [GDPR].
Most browsers automatically accept cookies. You can, however, configure your browser such that no cookies are stored on your computer, or that an indication is always given before a new cookie is deployed. The full deactivation of cookies can, however, result in your being unable to make use of all of the functions of our website.
5. Creation of Pseudonymized User Profiles for Web Analysis
a) Tracking Tools
The tracking measures listed below and deployed by us are implemented on the basis of article 6, paragraph 1, sentence 1, letter f of DSGVO [GDPR]. With the tracking measures used we want to ensure a needs-oriented design and the progressive optimization of our website. We also employ tracking measures to statistically record the use made of our website and to evaluate it, for purposes of optimizing of our offer for you. These interests are to be seen as legitimate in the sense of the above-mentioned regulation.
Explanations of the respective purposes of the data processing, as well as data categories, can be found in the corresponding tracking tools.
b) Google Analytics
For purposes of a needs-oriented design and continuous optimization of our pages we use Google Analytics, a web-analysis service of Google Inc. (https://www.google.de/intl/de/about) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter referred to as "Google"). In this connection, pseudonymized user profiles are created and cookies (see under point 4) are used. The information created by the cookie about your use of this website, such as
- browser type/version
- operating system used
- referrer URL (the site previously visited)
- host name of the accessing computer (IP address)
- time of server enquiry
is transferred to a Google server in the USA and is stored there. The information is utilized to evaluate the use made of the website, to compile reports on the website activities and to produce further services associated with the use made of the website and of the Internet, for purposes of market research and needs-oriented design of these Internet pages. Where appropriate, this information is also passed on to third parties, provided this is legally prescribed, or to the extent that third parties process this data on commission. In no case will your IP address be used in connection with other Google data.
You can prevent the installation of the cookies by adjusting the browser-software settings appropriately. In this case, however, we draw your attention to the fact that not all of the functions of this website may then be fully available.
You can also prevent the acquisition of the data generated by the cookie and relating to your use of the website (incl. your IP address) and the processing of this data by Google in that you download and install the browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).
As an alternative to the browser add-on, particularly in cases of browsers on mobile terminal devices you can also prevent recording by Google Analytics in that you click this link. This sets an opt-out cookie that prevents future recording of your data during your visit to this website: The opt-out cookie applies only in this browser and only for our website. It is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.
You can find further information on data protection in connection with Google Analytics in the Google Analytics help (https://support.google.com/analytics/answer/6004245?hl=de).
On this website Google Analytics has been extended by the code "gat._anonymizeIp();", to ensure that IP addresses are only recorded anonymized, to prevent direct person-specific allocation (so-called IP masking).
c) Google Marketing and Remarketing Services
We make use, on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer in the sense of article 6, paragraph 1, letter f of DSGVO [GDPR]), of the marketing and remarketing services (in short, "Google Marketing Services") of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").Google is certified under the Privacy Shield agreement and hereby offers a guarantee of complying with the European data-protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
The Google marketing services allow us to show targeted advertisements for and on our website, thereby presenting users only advertisements that potentially appeal to their interests. If, for example, a user is shown advertisements for products for which he or she has shown an interest on other websites, one then speaks of "remarketing". To this end, on calling up our and other websites on which Google marketing services are active, a code from Google is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also referred to as "web beacons") are integrated in the website. With their help an individual cookie, i.e. a small file, is stored on the user's device (instead of cookies, comparable technologies can also be used). The cookies can be set by various domains, amongst others by google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com and googleadservices.com. In this file it is noted which web pages were visited by the user, in which content he or she showed an interest, and which offers were clicked, as well as technical information on the browser and the operating system, referring websites, the time of the visit and further details on the utilization of the online offer. The user's IP address is also recorded, whereby we state, in the context of Google Analytics, that within the member states of the European Union and in other states contracting to the agreement on the European Economic Area the IP address is shortened and is only transferred un-shortened to a server of Google in the USA, and shortened there, in exceptional cases. The IP address is not brought together with data of the user within other offers from Google. The aforementioned information can also be brought together with such information from other sources by Google. If the user subsequently visits other websites, he or she can be shown advertisements adapted to him/her, corresponding to his/her interests.
In the context of Google marketing services, the user's data is processed pseudonymized, i.e. Google stores and processes, for example, not the name or e-mail addresses of the users, but processes the relevant data, with respect to the cookie, within pseudonymized user profiles. In other words, from Google's viewpoint the advertisements are not administrated for and shown to a specific, identified person, but for the cookie owner, regardless of whom this cookie owner is. This does not apply if a user has explicitly permitted Google to process the data without this use of pseudonyms. The information collected by Google marketing services on the users is transferred to Google and stored on Google's servers in the USA.
One of the Google marketing services made use of by us is the online advertising program "Google AdWords". In the case of Google AdWords, each AdWords customer receives a different "conversion cookie". Cookies cannot therefore be subsequently tracked over the websites of Adwords customers. The information collected with the help of the cookies serves in the preparation of conversion statistics for Adwords customers that have opted for conversion tracking. The Adwords customers are told the total number of users who have clicked their advertisement and have been forwarded to a page containing a conversion-tracking tag. No information is contained, however, which allows users to be personally identified.
We can also make use of the service "Google Optimizer". Google Optimizer allows us to understand, in the context of so-called "A/B testings", what effects various changes to a website (e.g. changes in the input fields, in the design, etc.) can have. For these testing purposes cookies are stored in the users' devices. Only pseudonymized user data is thereby processed.
We can, moreover, make use of "Google Tag Manager", in order to integrate and to manage the Google analysis and marketing services on our website. Further information on the use of data by Google for marketing purposes can be found on the overview page: https://www.google.com/policies/technologies/ads, Google's data-protection statement being accessible under https://www.google.com/policies/privacy.
If you want to object to the interest-specific advertising undertaken by Google marketing services you can use the settings and opt-out options made available by Google: http://www.google.com/ads/preferences.
6. Facebook Custom Audiences and Facebook Marketing Services
Within our online offer use is made, on the basis of our legitimate interests in analysis, optimization and economic operation of our online offer and for this purpose the so-called "Facebook Pixel" of the social-network company Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are resident in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").
Facebook is certified under the Privacy Shield agreement and hereby offers a guarantee of complying with the European data-protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
With the help of Facebook Pixels, Facebook is able to target the visitors to our online offer for the presentation of advertisements (so-called "Facebook ads"). Accordingly we make use of Facebook Pixels to limit the use of Facebook ads placed by us to Facebook users who have also shown an interest in our online offer, or who have certain characteristics (e.g. interest in certain topics or products, as determined on the basis of the web pages visited), which we transmit to Facebook (so-called "custom audiences"). With the help of Facebook Pixels we would also like to ensure that our Facebook ads appeal to potentially interested users and do not pester them. With the help of Facebook Pixels we can furthermore anticipate the effectiveness of the Facebook advertisements for statistical and market-research purposes, in that we can see whether users, after clicking a Facebook advertisement on our website, are passed on (so-called "conversion").
When you access our web pages Facebook Pixels is directly integrated by Facebook and can store a so-called cookie, i.e. a small file, on your device. When you subsequently log on with Facebook, or visit Facebook in logged-on status, the visit to our online offer is noted in your profile. The data collected on you is, for us, anonymous, i.e. it offers us no inferences to the identity of the user. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and could be used by Facebook and for one's own market-research and advertising purposes. If we transmit data to Facebook for purposes of comparison, this is locally encrypted in the browser and is then sent to Facebook via a secured https connection. This is undertaken solely for the purpose of comparison with data similarly encrypted by Facebook.
With the use of Facebook Pixels we also use the additional function "extended comparison". Here user data (such as telephone numbers, e-mail addresses and Facebook IDs) is transferred (encrypted) to Facebook for creation of target groups ("custom audiences" or "look-alike audiences"). For further information on "extended comparison": https://www.facebook.com/business/help/611774685654668).
The processing of the data by Facebook is undertaken within the framework of Facebook's data-usage guidelines. Accordingly, you can find general information on the presentation of Facebook ads in the Facebook data-usage guidelines: https://www.facebook.com/policy.php. Special information and details about Facebook Pixels and its functioning can be found in the Facebook help area: https://www.facebook.com/business/help/651294705016616.
You can object to the recording and use of your data by Facebook Pixels for presentation of Facebook ads. To set which types of advertisements you will be shown within Facebook, you can call up the pages arranged by Facebook and follow the information given there on the settings of usage-based advertising: https://www.facebook.com/settings?tab=ads. The settings are platform-independent, i.e. they are used for all devices, such as desk-top computers or mobile devices.
To prevent the recording of your data on our website by means of Facebook Pixels, please click the following link: opt-out. Note: if you click the link an opt-out cookie will be stored on your device. If you delete the cookies in this browser you must then click the link again. Furthermore, the opt-out applies only to the browser used by you and only within the web domain of ours in which the link was clicked.
7. Integration of Services and Contents of Third Parties
In our online offer we make use, on the basis of our legitimate interests (i.e. interests in the analysis, optimization and economic operation of our online offer in the sense of article 6, paragraph 1, letter f of DSGVO [GDPR]), of the content and service offers of third-party suppliers to integrate their contents and services, e.g. videos or fonts (hereinafter uniformly referred to as “content”). This always presupposes that the third-party supplier of this content recognizes the user's IP address, since without the IP address the content cannot be sent to their browsers. The IP address is therefore necessary for the presentation of these contents. We try to make use of only such content that the respective providers of the IP address make use of solely for dispatch of the content. Third-party suppliers can furthermore use so-called pixel tags (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes. With the "pixel tags" information such as the visitor traffic on the pages of this website can be evaluated. The pseudonymized information can furthermore be stored in cookies on the user's device, along with other technical information on the browser and operating system, referring web pages, time of the visit and further details on the use made of our online offer, and can also be linked to such information from other sources.
The following presentation offers an overview of third-party suppliers, as well as their content, and links to their data protection statements, which contain further information on the processing of data and, as partially referred to here, possibilities for objecting (the so-called opt-out).
- If our customers make use of the payment services of third parties (e.g. PayPal, VISA, Amex, Klarna), the terms of business and the data-protection information provided by the respective third-party supplier apply. These can be accessed within the respective web pages or transaction applications.
- External fonts from Google, Inc., https://www.google.com/fonts ("Google fonts"). The integration of Google fonts is undertaken by a server call-up by Google (usually in the USA). Data Protection Statement: https://www.google.com/policies/privacy/. Opt-out: https://www.google.com/settings/ads/.
- Maps of the service "Google Maps" from the service provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data Protection Statement: https://www.google.com/policies/privacy/. Opt-out: https://www.google.com/settings/ads/.
- Videos of the platform "YouTube" from the service provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data Protection Statement: https://www.google.com/policies/privacy/. Opt-out: https://www.google.com/settings/ads/.
8. Rights of Data Subjects
You have the right
- in accordance with article 15 of DSGVO [GDPR], to demand information on personal data of yours processed by us. In particular, you can demand information on the purposes of the processing, the category of the personal data, the categories of recipients with respect to whom or which your data has been or will be disclosed, the planned period of storage, the existence of a right to correction, deletion, limitation of the processing or to objection, the existence of a right to lodge a complaint, the origins of your data, if this has not been collected by us, and on the existence of an automated decision-making process including profiling and, where applicable, sound information on the related details;
- in accordance with article 16 of DSGVO [GDPR], to demand the immediate correction of incorrect data, or to have any incomplete personal data of yours, that is stored by us, completed;
- in accordance with article 17 of DSGVO [GDPR], to demand the deletion of your personal data stored by us, provided the processing is not necessary for the exercising of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons that are in the public interest, or for assertion, exercising or defence of legal entitlements;
- in accordance with article 18 of DSGVO [GDPR], to demand limitations on the processing of your personal data, if the correctness of the data is contested by you, if the processing is unlawful but you reject the deletion of the data and we no longer require it, though you need it for assertion, exercising or defence of legal entitlements, or if you have protested against its processing, in accordance with article 21 of DSGVO [GDPR];
- in accordance with art. 20 of DSGVO [GDPR], to demand to be sent your personal data, that you have provided us with, in a structured, standard and machine-readable format, or to demand its transfer to another controller;
- in accordance with article 7, paragraph 3 of DSGVO [GDPR], to revoke your previously given consent, with respect to us, at any time. This has the consequence that, from then on, we will no longer be entitled to undertake data processing dependent on this consent;
- in accordance with article 77 of DSGVO [GDPR], to lodge a complaint with a supervisory authority. As a rule you can choose, for this purpose, the supervisory authority at your customary place of residence or workplace, or that at the place of the registered address of our business.
9. Right of Objection
If your personal data is processed, on the basis of legitimate interests in accordance with article 6, paragraph 1, sentence 1, letter f of DSGVO [GDPR], you have the right, in accordance with article 21 of DSGVO [GDPR], to object to the processing of your personal data, provided there are reasons for doing so that arise from your special situation, or the objection is aimed at direct advertising. In the latter case you have a general right of objection that will be implemented by us without the need for details referring to a special situation.
If you wish to make use of your right of objection, it is sufficient that you send an e-mail to firstname.lastname@example.org.
10. Data Security
During the visit to the website we make use of the much used SSL (secure socket layer) procedure in conjunction with the respective highest encryption level that is supported by your browser. This is normally a 256-bit encryption. If your browser does not support a 256-bit encryption, we resort instead to 128-bit v3 technology. You can see whether a single page of our Internet presentation can be transferred encrypted from the closed depiction of the key or lock symbol in the lower status bar of your browser.
We otherwise make use of appropriate technical and organizational security measures to protect your data against accidental or deliberate manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in accordance with technological developments.
11. Current Validity of and Amendments to this Data Protection Statement
This data-protection statement is currently valid as in May 2018.
Due to the further development of our website and the offers presented in it, or due to changes in statutory or official specifications, it may prove necessary to alter this data-protection statement. The current data-protection statement in each case can always be found on the website under https://www.rammsteinshop.us/en/catalog/privacy.html, can be called up by you and can be printed out.