Privacy policy

Data protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and according to the legal data protection regulations as well as this data privacy policy. The following information will inform you about what happens to your personal data when you visit our website. Personal data are all data that can be assigned to you as an identified or identifiable person. 

This privacy policy explains what personal data we collect and what we use it for. It also explains how and for what purpose this is done.

1. Data collection on our website

Who is responsible for data collection on this website?

The person responsible for data processing on this website is:

Thomas GmbH + Co. Sitz- und Liegemöbel KG

Walkmühlenstraße 93

27432 Bremervörde

phone: +49 (0)4761 97 90 

E-mail: info@lattoflex.com

You can reach our company data protection officer by using the above contact details and adding "The data protection officer" by letter or by e-mail at datenschutz@thomas.de.

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If the SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.

Encrypted payment transactions on this website

If there is an obligation to transmit your payment data to us (e.g. account number for direct debit authorisation) after the conclusion of a fee-based contract, this data is required for payment processing.

The payment transactions via the usual means of payment (Visa/MasterCard, direct debiting system) are carried out exclusively via an encrypted SSL or TLS connection. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

In the case of encrypted communication, your payment data that you transmit to us cannot be read by third parties.

PayPal

In the event of payment via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" via PayPal, we will pass on your payment data to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal") within the scope of the payment processing. PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" via PayPal. The result of the credit check with regard to the statistical probability of non-payment shall be used by PayPal for the purpose of deciding on the provision of the respective payment method. The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Among other things, address data is included in the calculation of the score values. Further information on data protection, including information on the credit agencies used, can be found in PayPal's data privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

2. Cookies

The Internet pages partly use so-called cookies. Cookies do not damage your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, more effective and safer. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called "session cookies". They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognize your browser on your next visit.

You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.

Cookies that are required to carry out the electronic communication process or to provide certain functions that you have requested (e.g. shopping basket function) are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimised provision of his services. Insofar as other cookies (e.g. cookies for analysing your surfing behaviour) are stored, these are treated separately in this data privacy policy.

3. Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • browser type and browser version
  • operating system used
  • referrer URL
  • host name of the accessing computer
  • time of the server request
  • IP address

This data is not merged with other data sources. The basis for data processing is Art. 6 para. 1 lit. f GDPR, whereby our legitimate interest lies in the technical optimisation of our Internet pages and the underlying technologies and, in addition, in the elimination of errors and faults and the optimisation of security as well as the prosecution of any cases of misuse.

4. Contact form

If you send us enquiries via the contact form, your details from the enquiry form, including the contact data you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We will not pass on this data without your consent.

The processing of the data entered in the contact form is therefore exclusively based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. For this purpose, an informal notification by e-mail to us is sufficient. The legality of the data processing procedures carried out up to the time of revocation remains unaffected by the revocation.

The data entered by you in the contact form will remain with us until you request us to delete it, revoke your consent for storage or the purpose for which the data was stored ceases to apply (e.g. after your request has been processed). Mandatory legal provisions - in particular retention periods - remain unaffected.

5. Registration on this website

You can register on our website to use additional features on the site. We will use the relevant data entered only for the purpose of using the respective offer or service for which you have registered. The mandatory data requested during registration must be provided in full. Otherwise we will refuse the registration.

In the event of important changes, such as changes to the scope of the offer or technically necessary changes, we will use the e-mail address provided during registration to inform you in this way.

The processing of the data entered during registration is based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke any consent you have given at any time. For this purpose, an informal notification by e-mail to us is sufficient. The legality of the data processing already carried out remains unaffected by the revocation.

The data collected during registration is stored by us for as long as you are registered on our website and is then deleted. Legal retention periods remain unaffected.

6. Orders / fulfilment of contract

We process personal data for the implementation, initiation and processing of contractual relationships or contract-like obligations. This is done on the basis of Art. 6 Para. 1 lit. b GDPR.

For orders placed on our website, we collect and use your personal data only to the extent necessary to fulfil and process your order and to process your inquiries. The provision of the data is necessary for the conclusion of the contract. Failure to provide the data means that no contract can be concluded. The processing is based on Art. 6 (1) lit. b GDPR  and is necessary for the fulfilment of a contract with you. Your data will not be forwarded to third parties without your consent. The only exceptions to this are our service partners, who we need to process the contractual relationship, or service providers that we use for processing orders. In addition to the recipients named in the respective clauses of this data privacy policy, these include recipients of the following categories: Shipping service providers, payment service providers, merchandise management service providers, service providers for order processing, web hosts, IT service providers and merchants who make direct deliveries to the customer on our behalf.

7. Social media

The legal basis for the integration of social media and the processing of personal data in this context is Art. 6 para. 1 lit. f GDPR, whereby our legitimate interest lies in providing interesting content, enabling interaction with social networks, increasing the reach of the content provided on our Internet pages and in designing the content of our Internet pages to meet your needs.

a) Facebook plugins (like & share button)

Our pages integrate plugins from the social network Facebook, provider Facebook Inc. 1 Hacker Way, Menlo Park, California 94025, USA. You can recognize the Facebook plugins by the Facebook logo or the "like button" ("Like") on our page.

You can find an overview of the Facebook plugins here: https://developers.facebook.com/docs/plugins/.

When you visit our pages, the plugin establishes a direct connection between your browser and the Facebook server. Facebook thereby receives the information that you have visited our site with your IP address. If you click the Facebook "like button" while you are logged into your Facebook account, you can link the contents of our pages to your Facebook profile. This allows Facebook to associate your visit to our pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Facebook.

You can find further information on this in the Facebook privacy policy at: https://de-de.facebook.com/policy.php.

If you do not want Facebook to be able to assign visits to our pages to your Facebook user account, please log out of your Facebook user account.

b) Use of YouTube

We use on our website the function for embedding YouTube videos from YouTube LLC. (901 Cherry Ave., San Bruno, CA 94066, USA; "YouTube"). YouTube is a service associated with Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). The feature displays videos stored on YouTube in an iFrame on the website. The option "Advanced Privacy Mode" is activated. This means that YouTube does not store any information about visitors to the website. Only when you watch a video, information about it is sent to YouTube and stored there.

For more information about YouTube's and Google's collection and use of this data, your respective rights and ways to protect your privacy, please see the YouTube privacy policy ( https://www.youtube.com/t/privacy )

c) LinkedIn Plugin

Our website uses features of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.

Each time you access one of our pages that contains LinkedIn features, a connection to LinkedIn's servers is established. LinkedIn is notified that you have visited our sites using your IP address. When you click on the LinkedIn "recommend" button and are logged into your LinkedIn account, LinkedIn is able to associate your visit to our site with you and your account. We would like to point out that we, as the provider of these pages, have no knowledge of the content of the transmitted data or its use by LinkedIn.

For further information, please see the LinkedIn privacy policy at: https://www.linkedin.com/legal/privacy-policy.

8. Analysis tools and advertising

a) Google Analytics

This website uses features of the web analysis service Google Analytics. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses so-called "cookies". These are text files which are stored on your computer and which enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there.

The storage of Google Analytics cookies is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the analysis of user behaviour in order to optimise both its website and its advertising.

IP Anonymisation

We have activated the IP anonymization function on this website. As a result, your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before it is transmitted to the USA. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on the website activities and to provide further services to the website operator linked with the use of the website and the of the Internet. The IP address transmitted by your browser within the scope of Google Analytics is not merged with other Google data.

Browser Plugin

You can prevent the storage of cookies by setting your browser software accordingly, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

We have concluded a contract with Google for commissioned data processing and fully implement the strict requirements of the data protection authorities when using Google Analytics.

Demographic characteristics in Google Analytics

This website uses the "demographic features" function of Google Analytics. This allows us to generate reports that contain information about the age, gender and interests of the site visitors. This data is derived from interest-based advertising by Google as well as from visitor data from third parties. This data cannot be assigned to a specific person.

You can disable this feature at any time in the ad settings in your Google Account or generally prohibit Google Analytics from collecting your data as described in the "Objection to data collection" paragraph.

Objection to data collection

You can prevent Google Analytics from collecting your data by clicking on the following link. An opt-out cookie is set to prevent the collection of your information on future visits to this site: Disable Google Analytics.

For more information about how Google Analytics treats user information, please see the Google privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

b) Google reCAPTCHA

We use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on our websites. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

The purpose of reCAPTCHA is to check whether the data input on our websites (e.g. in a contact form) is made by a human being or by an automated program. For this purpose, reCAPTCHA analyses the behaviour of the website visitor on the basis of various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For analysis purposes, reCAPTCHA evaluates various information (e.g. IP address, time spent on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place.

Data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its web offers from abusive automated spying and from SPAM.

For further information on Google reCAPTCHA and Google's privacy policy, please refer to the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.

c) Use of Google's remarketing or "similar target groups" feature

We use Google's remarketing or "similar target groups" feature on our website (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; "Google").

This feature serves the purpose of analysing visitor behaviour and visitor interests. Google uses cookies to perform the website usage analysis, which forms the basis for the creation of interest-based advertisements. Cookies are used to record visits to the website and anonymous data on the use of the website. There is no storage of personal data of the visitors of the website. If you subsequently visit another website in the Google Display Network, you will see ads that most likely include previously viewed product and information areas. Your data may also be transferred to the USA.

Data transfers are subject to an adequacy finding by the European Commission. The processing is carried out on the basis of Art. 6 (1) lit. f DSGVO out of a legitimate interest in targeting visitors to the website with targeted advertising by displaying personalised, interest-based advertisements for visitors to the provider's website when they visit other websites in the Google Display Network.

You have the right to object at any time, for reasons arising from your particular situation, to this processing of personal data relating to you, which is based on Art. 6 (1) f GDPR.

You can permanently deactivate Google's use of cookies by following the link below and downloading and installing the plug-in provided there: https://support.google.com/ads/answer/7395996?hl=de

Alternatively, you may opt-out of third party cookie use by visiting the Network Advertising Initiative's opt-out page at https://www.networkadvertising.org/choices/ and following the opt-out information provided there.

For more information about Google Remarketing and the relevant privacy policy, please visit: https://www.google.com/privacy/ads/ or https://google.com/policies/technologies/ads

d) Use of Google Adwords conversion tracking

We use the online advertising program "Google AdWords" on our website and, in this context, conversion tracking (analysis of visits). Google Conversion Tracking is an analytics service of Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; "Google").

When you click on an ad placed by Google, a conversion tracking cookie is placed on your computer. These cookies have a limited validity, do not contain any personal data and are therefore not used for personal identification. If you visit certain pages on our site and the cookie hasn't expired, we and Google can tell that you clicked on the ad and were redirected to that page.

Each Google AdWords customer receives a different cookie. This means that there is no way that cookies can be tracked across the websites of AdWords customers. The information collected using the conversion cookie is used to compile conversion statistics. This tells us the total number of users who have clicked on one of our ads and been redirected to a page with a conversion tracking tag. However, we do not receive information that personally identifies users.

The processing is carried out on the basis of Art. 6 (1) lit. f GDPR from the legitimate interest in targeted advertising and the analysis of the impact and efficiency of this advertising.

You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data on the basis of Art. 6 (1) f of the GDPR. For this purpose, you can prevent the storage of cookies by selecting the appropriate technical settings in your browser software. However, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent. You will then not be included in the conversion tracking statistics. Furthermore, you can deactivate personalised advertising for you in the advertising settings on Google. You can find instructions for this at https://support.google.com/ads/answer/2662922?hl=de.

In addition, you may opt-out of third party cookie use by visiting the Network Advertising Initiative opt-out page at https://www.networkadvertising.org/choices/ and following the opt-out information provided there.

For more information and Google's privacy policy, please visit: https://www.google.de/policies/privacy/

e) Use of Facebook Remarketing

On our website we use the remarketing function "Custom Audiences" of Facebook Inc. (1601 S.California Ave, Palo Alto, CA 94304, USA; "Facebook").

This function serves the purpose of targeting website visitors with interest-based advertising on the social network Facebook. For this purpose, the Facebook remarketing tag was implemented on the website. Through this tag a direct connection to the Facebook servers is established when visiting the website. This tells the Facebook server which of our pages you have visited. Facebook assigns this information to your personal Facebook user account. When you visit the social network Facebook, you will then see personalized, interest-based Facebook ads. The processing is based on Art. 6 (1) lit. f GDPR from the legitimate interest in the above-mentioned purpose.

Below, you can also deactivate the remarketing function "Custom Audiences" in the advertising settings section. To do so, you must be logged in to Facebook:

https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen

If you do not have a Facebook account, you can disable usage-based advertising from Facebook on the European Interactive Digital Advertising Alliance website: https://www.youronlinechoices.com/uk/your-ad-choices.

You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data, based on art. 6 (1) f GDPR.

You can find more information on the collection and use of data by Facebook, your rights in this regard and ways to protect your privacy in the Facebook privacy policy at: https://www.facebook.com/about/privacy/.

f) Use of the Facebook Pixel

Our website uses the visitor action pixel of Facebook, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook") to measure conversion.

This allows us to track the behavior of site visitors after they have clicked on a Facebook ad to be directed to the provider's website. This allows the effectiveness of the Facebook Ads to be evaluated for statistical and market research purposes and to optimize future advertising efforts.

The collected data is anonymous for us as the operator of this website, we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook Data Usage Policy. This allows Facebook to enable the placement of advertisements on Facebook pages and outside of Facebook. This use of the data cannot be influenced by us as a site operator.

You can find further information on the protection of your privacy in the Facebook privacy policy: https://www.facebook.com/about/privacy/.

g) Pingdom

This website uses the Pingdom monitoring service, which is operated by the Swedish company Pingdom AB, Kopparbergsvägen 8, 722 13, Västerås, Sweden. Pingdom uses so-called "cookies", namely small text files stored locally in the cache of the visitor's Internet browser. These cookies are used to recognize the browser again and thus enable an analysis of your access, as well as the loading behavior ("performance") and the availability of our website, in order to improve the loading behavior and the presentation of the contents on the website.

Insofar as personal data is also processed by the cookies, this is done in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in continuous optimisation of the content and technical aspects of our online presence.

In order to generally deactivate the use of cookies on your computer, you can set your Internet browser so that no more cookies can be stored on your computer in the future or that cookies already stored are deleted. However, switching off all cookies may mean that some functions on our Internet pages can no longer be executed. You can find Pingdom's privacy policy at https://www.pingdom.com/legal/privacy-policy/

9. Use of the e-mail address to send direct mail advertising

We use your e-mail address, which we have received in the course of the sale of a good or service, for the electronic transmission of advertising for our own goods or services similar to those you have already purchased from us, unless you have objected to this use. The provision of the e-mail address is necessary for the conclusion of the contract. Failure to provide it will result in no contract being concluded. The processing is based on Art. 6 (1) lit. f GDPR from the legitimate interest in direct mail advertising.

The legal basis for the use of your e-mail address for the advertising of our own similar products is § 7 (3) German Act against Unfair Competition (UWG). You can object to the use of your e-mail address at any time by sending a message to our above-mentioned contact data or by using the unsubscribe function provided by us in every advertising e-mail.

This will not incur any costs other than the transmission costs according to the basic tariffs of the means of communication used by you.

10. Plugins and tools

a) YouTube

Our website uses plugins from the Google operated site YouTube. The site is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

When you visit one of our pages equipped with a YouTube plugin, a connection to the servers of YouTube is established. This tells the YouTube server which of our pages you have visited.

If you are logged in to your YouTube account, you allow YouTube to associate your surfing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account.

YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

Further information on the handling of user data can be found in the YouTube privacy policy at: https://www.google.de/intl/de/policies/privacy.

b) Google web fonts

This page uses so-called web fonts, which are provided by Google, for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display text and fonts correctly.

To do this, the browser you are using must connect to Google's servers. This enables Google to know that our website has been accessed via your IP address. The use of Google web fonts is in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

If your browser does not support web fonts, a standard font will be used by your computer.

Further information on Google web fonts can be found at https://developers.google.com/fonts/faq and in the Google privacy policy: https://www.google.com/policies/privacy/.

c) Google Maps

This site uses the map service Google Maps via an API. Provider is Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)

To use the functions of Google Maps it is necessary to store your IP address. This information is usually transferred to a Google server and stored there. The provider of this site has no influence on this data transfer.

The use of Google Maps is in the interest of an appealing presentation of our online offers and an easy findability of the places we indicate on the website. This represents a legitimate interest in the sense of Art. 6 para. 1 lit. f GDPR.

More information on the handling of user data can be found in the Google privacy policy: https://www.google.de/intl/de/policies/privacy/.

d) Hubspot

We use the HubSpot service for our online marketing activities. This is an integrated software solution that supports us in various aspects of our online marketing.

This concerns among others:

  • social media publishing & reporting
  • e-mail marketing
  • reporting (e.g. conversion tracking, accesses, etc. ...)
  • contact management
  • contact forms
  • landing pages

Our website offering provides visitors to our website the opportunity to find out about our company, download content and provide personal information via contact forms. This information and the content of our website is stored on servers of the service provider HubSpot. This allows us to get in touch with visitors to our website and determine which services and products are of interest to you. Any information we collect is subject to this privacy policy. All information collected is used solely for the purpose of optimizing our marketing activities, in which our legitimate interest within the meaning of Art. 6 paragraph 1 lit. f) is also the legal basis for the processing. HubSpot is a service company from the USA with a European branch in Ireland.

Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, telephone: +353 1 5187500.

HubSpot is certified under the "EU - U.S. Privacy Shield Framework" and is subject to TRUSTe's Privacy Seal and the "U.S. - Swiss Safe Harbor" framework.

Click here for more information about HubSpot's privacy policy 

Here you can find more information from HubSpot regarding the EU data protection regulations.

Here and here you can find more information about the cookies used by HubSpot.

If you generally do not want Hubspot to collect your data, you can prevent the storage of cookies by changing your browser settings accordingly.

11. Newsletter

a) Newsletter data

If you would like to receive the newsletter offered on the website, we need an e-mail address from you as well as information that allow us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data will not be collected or only on a voluntary basis. We use these data exclusively for sending the requested information and will not pass them on to third parties without your consent. The processing and sending is carried out by the Hubspot service (see n. 10 above). We use the data you provide to subscribe to our newsletter exclusively for sending the requested information and offers.

The data entered in the newsletter registration form will be processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent to the storage of the data, the e-mail address and its use for sending the newsletter at any time, for instance by clicking on the "unsubscribe" link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

The data you have provided us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and deleted after you unsubscribe to the newsletter. Data that has been stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected.

Hubspot is used as newsletter software. Your data will be transmitted to Hubspot Inc. Hubspot is prohibited from selling or using your information for any purpose other than sending newsletters.

b) Newsletter Tracking

Our newsletters contain so-called tracking pixels. A tracking pixel is a thumbnail image embedded in such e-mails sent in HTML format to allow log file recording and analysis. This allows a statistical evaluation of the success or failure of newsletter campaigns. By means of the embedded tracking pixel, we can see whether and when an e-mail was opened by a person affected and which links in the e-mail were called up by the relevant person.

Such personal data collected via the embedded tracking pixels in the newsletters are stored and evaluated by the data controller in order to optimise the newsletter sending and to adapt the content of future newsletters even better to the interests of the relevant person. We automatically interpret an unsubscription to the newsletter as a revocation. After a revocation, these personal data are deleted by the data controller.

12. online meetings, conference calls and webinars

Data protection information for online meetings, telephone conferences and webinars via "Zoom" of Thomas GmbH + Co. Sitz- und Liegemöbel KG

We would like to inform you in the following about the processing of personal data in connection with the use of "Zoom".

a) Purpose of processing

We use the "Zoom" tool to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter: "Online Meetings"). "Zoom" is a service of Zoom Video Communications, Inc. which is based in the USA.

Responsible person

The person responsible for data processing which is directly connected with the holding of "online meetings" is Thomas GmbH + Co. Sitz- und Liegemöbel KG.

Note: If you call up the "Zoom" website, the provider of "Zoom" is responsible for data processing. However, calling up the Internet site is only necessary for the use of "Zoom" in order to download the software for the use of "Zoom".

You can also use "Zoom" if you enter the respective meeting ID and, if necessary, other access data for the meeting directly in the "Zoom" app.

If you do not want to or cannot use the "Zoom" app, the basic functions can also be used via a browser version, which you can also find on the "Zoom" website.

b) Which data is processed?

Various types of data are processed when using "Zoom". The scope of the data also depends on the data you provide before or during participation in an "online meeting".

The following personal data are processed:

 

  • User details: first name, last name, telephone (optional), e-mail address, password (if "Single-Sign-On" is not used),
  • Profile picture (optional),
  • Department (optional)
  • Meeting metadata: Topic, description (optional), participant IP addresses, device/hardware information
  • For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of online meeting chat.
  • When dialing in by phone: information on incoming and outgoing phone number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be saved.

 

Text, audio and video data: You may be able to use the chat, question or survey functions in an "online meeting". To this extent, the text entries you make are processed in order to display and, if necessary, log them in the "online meeting". In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device are processed for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time using the "Zoom" applications.

In order to participate in an "online meeting" or to enter the "meeting room", you must at least provide information about your name.

c) Scope of processing

We use "zoom" to conduct "online meetings". If we want to record "online meetings", we will inform you transparently in advance and - if necessary - ask for your consent. The fact of the recording will also be displayed in the "Zoom" app.

If it is necessary for the purpose of recording the results of an online meeting, we will log the chat content. However, this will usually not be the case.

In the case of webinars, we may also process questions asked by webinar participants for the purposes of recording and follow-up webinars.

If you are registered as a user at "Zoom", reports on "online meetings" (meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars) can be stored for up to one month at "Zoom".

The possibility of software-based "attention tracking" in "online meeting" tools such as "Zoom" is deactivated.

Automated decision making in the sense of Art. 22 DSGVO is not used.

d) Legal basis of the data processing

As far as personal data of employees of Thomas GmbH + Co. Sitz- und Liegemöbel KG are processed, § 26 BDSG is the legal basis for data processing. If, in connection with the use of "Zoom", personal data are not required for the establishment, execution or termination of the employment relationship, but are nevertheless an elementary component in the use of "Zoom", Art. 6 para. 1 lit. f) DSGVO is the legal basis for the data processing. In these cases, we are interested in the effective conduct of "online meetings".

In addition, the legal basis for data processing in connection with "online meetings" is Art. 6 Para. 1 lit. b) DSGVO, insofar as the meetings are held within the framework of contractual relationships.

If no contractual relationship exists, the legal basis is Art. 6 para. 1 lit. f) DSGVO. Here too, we are interested in the effective implementation of "online meetings".

e) Recipient / passing on of data

Personal data processed in connection with participation in "online meetings" are generally not passed on to third parties, unless they are specifically intended to be passed on. Please note that content from "online meetings", as well as in personal meetings, often serves precisely to communicate information with customers, interested parties or third parties and is therefore intended for disclosure.

Other recipients: The provider of "Zoom" necessarily obtains knowledge of the above-mentioned data, insofar as this is provided for in our contract processing agreement with "Zoom".

Data processing outside the European Union

Zoom is a service provided by a provider from the USA. Processing of personal data therefore also takes place in a third country. We have concluded an order processing contract with the provider of "Zoom" which meets the requirements of Art. 28 DSGVO.

An adequate level of data protection is guaranteed on the one hand by the "Privacy Shield" certification of Zoom Video Communications, Inc. but also by the conclusion of the so-called EU standard contract clauses.

Further information on data protection and security can be found here:

https://zoom.us/docs/en-us/privacy-and-security.html

13. Data protection for applications and in the recruitment process

The data controller collects and processes the personal data of applicants for the purpose of processing the recruitment procedure. The processing may also be carried out by electronic means. This is particularly the case if an applicant submits relevant application documents to the controller electronically, for example by e-mail or via a web form on the website. If the data controller concludes an employment contract with an applicant, the transmitted data is stored for the purpose of processing the employment relationship in accordance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents are automatically deleted three months after notification of the rejection decision, provided that no other legitimate interests of the controller conflict with deletion. Other legitimate interests in this sense include, for example, an obligation to provide evidence in proceedings under the German General Equal Treatment Act (AGG).

13. YOUR RIGHTS

Rights of data subjects

You have the following rights towards us in relation to your personal data:

  • Right of access,
  • Right of correction or deletion,
  • Right to restrict processing,
  • Right to object to the processing,
  • Right to data portability.

You also have the right to complain to a data protection supervisory authority about our processing of your personal data.

Right of withdrawal

If you have given your consent to process your data, you can revoke it at any time. Such a revocation influences the permissibility of processing your personal data after you have granted it to us.

Insofar as we base the processing of your personal data on the balancing of interests, you may object to the processing. This is the case if the processing is in particular not necessary for the fulfilment of a contract with you, which is described by us in the following description of the functions. In the event of such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either stop or adapt the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing.

Of course, you can object to the processing of your personal data for the purposes of advertising and data analysis at any time. You can inform us about your objection to the processing of your personal data for advertising purposes at the contact details given above.

As of: 31 March 2020

 

 

Functional

Functional cookies are absolutely necessary for the functionality of the webshop. These cookies assign a unique random ID to your browser so that your unhindered shopping experience can be guaranteed over several page views.

Session Cookie:
The session cookie stores your shopping data across multiple page views and is therefore essential for your personal shopping experience.
Wish list:
The cookie enables a wish list to be made available to the user across sessions. This means that the notepad remains available across several browser sessions.
Device Assignment:
The device assignment helps the shop to ensure the best possible display for the currently active display size.
CSRF token:
The CSRF token cookie contributes to your security. It strengthens the protection of forms against unwanted hacking attacks.
Login token:
The login token is used to recognise users across sessions. The cookie does not contain any personal data, but enables personalisation across multiple browser sessions.
Cache exception:
The cache exception cookie allows users to read individual content independently of the cache memory.
Cookies active check:
The cookie is used by the website to find out whether cookies are allowed by the site user's browser.
Cookie settings:
The cookie is used to store the site user's cookie settings over multiple browser sessions.
Hubspot chat:
This cookie is used to recognise visitors who chat with via the Messages tool. If visitors leave the website before they have been added as a contact, this cookie remains associated with their browser. If there is already a chat history with the visitor and the visitor later returns to the website using the same browser (with the same cookies set), their conversation history will be loaded into the Messages tool.
Store locator consent:
Serves to provide the dealer search on the basis of Google Maps
Payments by PayPal:
Enables payments via the payment provider PayPal
Chrome AddOn:
Chrome Addon ImTranslator, language adaptation
Chrome AddOn:
Chrome Addon ImTranslator, language adaptation
Anzeige Monitor:
Needed to determine the number of monitors that make up the desktop.
Bluecoat Network:
This cookie is associated with Bluecoat's proxy server technology. It is generally not actually set by the website visited, but as a result of accessing the website via a network (such as a corporate network) using Bluecoat technology. This cookie is therefore not a function of the website you are on, but set from a Bluecoat-enabled network.
User's origin page:
The cookie saves the user's page of origin and the first page visited for further use.
Auto refresh position:
This is a browser-based cookie used to store the user's position on a page as they move between pages on the website.
Activated cookies:
Saves which cookies have already been accepted by the user for the first time.
Payments by PayPal:
Enables payments via the payment provider PayPal
Session ID:
Session cookies therefore store information about the current session.
CSRF token:
Serves the security of the site and ensures the function
Marketing

Marketing cookies are used to serve advertisements on the website in a targeted and individualized manner across multiple page views and browser sessions.

Hubspot tracking:
This cookie is used to record the identity of a visitor This cookie is passed to the HubSpot software when a form is submitted and is used when contacts are de-duplicated.
Hubspot Tracking:
The main cookie for visitor tracking. It contains the domain, the user token (utk), the first timestamp (of the first visit), the last timestamp (of the last visit), the current timestamp (for this visit) and the session number (increases with each subsequent session).
Hubspot tracking:
This cookie tracks sessions. It is used to determine if the HubSpot software needs to increment the session count and timestamps in the __hstc cookie. It contains the domain, the number of page views (viewCount, increases with each page view [pageView] in a session) and the session start timestamp
Google AdSense:
The cookie is used by Google AdSense to promote advertising efficiency on the website.
Hubspot visitor preferences:
This cookie is used to record the categories a visitor consented to. It contains data on the consented categories.
Tracking

Tracking cookies help the store operator to collect and evaluate information about the behaviour of users on their website.

Script tag:
Collects statistical data on user website visits, such as the number of visits, average time spent on the website and which pages were loaded. The purpose is to segment website users by factors such as demographics and geographic location so that media and marketing agencies can structure and understand their audiences to enable tailored online advertising.
Script tag:
Collects statistical data on user website visits, such as the number of visits, average time spent on the website and which pages were loaded. The purpose is to segment website users by factors such as demographics and geographic location so that media and marketing agencies can structure and understand their audiences to enable tailored online advertising.
Script tag:
Collects statistical data on user website visits, such as the number of visits, average time spent on the website and which pages were loaded. The purpose is to segment website users by factors such as demographics and geographic location so that media and marketing agencies can structure and understand their audiences to enable tailored online advertising.
Partner programme:
Partner programme cookies
Analytics Etracker
This website uses cookies.
We would like to offer you interesting and up-to-date information about our products and services and your sleep. With your permission, we will learn more about your use of our pages through cookies (link/menu function with information, especially about the usage time). We will not identify you by name. We also share information about your use of our website with our social media, advertising and analytics partners. Our partners may combine this information with other information you have provided to them or that they have collected as part of your use of the services.
Without your permission, we only use functional cookies that are necessary for the function of this site.
Please set the cookies to ACTIVE where you would like to consent to the use of cookies . Or continue without any further cookies by clicking on Accept only functional cookies
More information