Privacy Policy

Privacy policy of Ambientshop.com
Updated: 23.05.2018
As part of our legal obligations and corporate responsibility for the careful handling and protection of the personal data entrusted to us by our customers, employees and business partners, we want to use this data protection information to provide the best possible transparency regarding data processing and data security as part of the use of our digital services Ambientshop.com offer.
The following data protection instructions are in line with the General Data Protection Regulation ("DSGVO"), which has been in force since 25 May 2018 in the EU as well as in Switzerland.

1. Responsible body
Name of the responsible body:
Ambientshop.com

Managing Director:
Jörn Kreienbringck

2. Data protection officer:
For your privacy concerns, please contact our Privacy Officer only in writing for confidentiality and verification purposes.
Mr. Jörn Kreienbringck
datenschutz@ambientshop.com

Address of the responsible body:
Ambientshop.com
Osdorfer Landstr. 11
22607 Hamburg

3. Collection, use and processing of personal data
3.1 General

The following privacy policy informs you about the nature and extent of the processing of so-called personal data by Ambientshop.com Personal data is information that can be directly or indirectly attributed to your person or can be assigned.

Purposes and extent of processing of personal data
Your data and information provided to us are used for the purpose of processing orders, delivering goods and providing services, processing payments, repurchasing orders, customer service or promotional purposes. Of course, we also use this information to better assist you when shopping at Ambientshop.com. If you so desire, we may also use your information to speak to you about orders, products, services and marketing offers, as well as to provide your information about your user account. We also use your information to constantly improve our catalog and online shop.

Legal basis for the processing of personal data
The legal basis for the processing of personal data arises either from various laws, in particular the GDPR and the Telemedia Act, or from consent (Article 6 (1) (a) GDPR). In the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b DSGVO as legal basis. This also applies to processing operations required to carry out pre-contractual actions. Insofar as processing of personal data is required to fulfill a legal obligation that is subject to our company, Art. 6 para. 1 lit. c DSGVO as legal basis. If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest, Art. 6 para. 1 lit. f DSGVO as legal basis for processing.

Data erasure and storage duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage is deleted. In addition, such storage may take place if provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for conclusion of a contract or fulfillment of the contract. As far as we do not use your contact data for advertising purposes, we store the data collected for the execution of the contract until expiry of the statutory or possible contractual warranty and guarantee rights. After expiry of this period, we retain the information required by commercial and tax law of the contractual relationship for the statutory periods. For this period (regularly ten years from the conclusion of the contract), the data will be reprocessed solely in the case of a review by the tax authorities, for economic and tax audit purposes and to investigate possible offenses.

3.2 Provision of the Website
When you visit our website / application, the browser used on your device automatically sends information to the server of our website / application and temporarily stores it in a so-called log file. We have no influence on this. The following information will also be collected without your intervention and stored until automated deletion:
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the requirement (concrete page)
- Access status / HTTP status code
- each transmitted amount of data
- Website from which the request comes
- Browser
- Operating system and its interface
- Language and version of the browser software.
The legal basis for processing the IP address is Article 6 (1) (f) GDPR. Our legitimate interest follows from the purposes of data collection listed below. At this point, the note that we are from the data collected no direct conclusions about your identity are possible and are not pulled by us. The IP address of your device and the other data listed above are used by us for the following purposes:

- Ensuring a smooth connection setup,
-   Ensuring a comfortable use of our website / application,
-   Evaluation of system security and stability.

We also use cookies, tracking tools, targeting methods and social media plugins for our website / application. The exact procedures that are used and how their data are used for this purpose are described in Section 3.5 below. explained in more detail.
If you have consented to the so-called geolocation in your browser or in the operating system or other settings of your device, we use this function to offer you individualized services (for example, the location of the nearest branch) related to your current location. We process your processed location data exclusively for this function. Stop the use of the data will be deleted.

3.2.1 Log files
In our server log files we store information that your browser automatically sends to us for technical reasons. These are:

   - Browser type / version
   - used operating system
   - Referrer URL (the previously visited page)
- Host name of the accessing device (IP address, anonymized)
   - Date and time of the server request
- IP address
For smartphones, tablets and other mobile devices, if applicable Manufacturer / type designation A personal storage of this data does not take place. Also, a merge of this data with other data sources is not made.

The legal basis for the processing of your IP address is Art. 6 para. 1 lit. f) EU GDPR. Our legitimate interest follows for the purposes of processing listed below:

Ensuring a smooth connection setup,
Ensuring comfortable use of our website / application, evaluation of system security and stability. We generally store your IP address anonymously, but there is no personal evaluation. A complete storage of the IP address is only for the traceability of technical errors and hacker attacks and for the recording of consent, eg. Eg in the newsletter subscription.

3.3 Customer account
In order to provide you with the greatest possible comfort during your purchase, we offer you the permanent storage of your personal data in a password-protected customer account. The investment of the customer account is voluntary and takes place on the basis of your consent within the meaning of Article 6 paragraph 1 letter a) GDPR. After setting up a customer account, no re-entry is required. In addition, you can view and change the data stored in your customer account at any time. In addition to the data requested during an order, you must provide a self-selected password to set up a customer account. This serves together with your e-mail address for access to your customer account. Please treat your personal access data confidentially and in particular do not make it accessible to unauthorized third parties. We can not accept liability for misused passwords unless we are responsible for the abuse. Please note that even after leaving our website, you will automatically be logged in, unless you actively log out. You have the option to delete your customer account at any time. Please note, however, that this does not mean that the data in the customer account can be deleted.

3.4 Order processing
For the completion, execution or termination of your orders, we require personal information from you. These include, for example: • first name, last name • billing and delivery address • e-mail address • billing and payment data • if applicable, date of birth • telephone number if necessary The processing of the order processing includes i.a. the sending of orders, the processing of your payment, the sending of electronic order confirmations and invoices as well as the repayment of the purchase or supporting customer service.
As far as we do not use your contact data for advertising purposes, we store the data collected for the execution of the contract until expiry of the statutory or possible contractual warranty and guarantee rights. After expiry of this period, we retain the information required by commercial and tax law of the contractual relationship for the statutory periods. For this period (regularly ten years from the conclusion of the contract), the data will be reprocessed solely in the case of a review by the tax authorities, for economic and tax audit purposes and to investigate possible offenses.

3.4.1 When you contact us by e-mail or through a contact form, we will store the information you provide (your e-mail address, name and telephone number) to answer your questions. We delete the data arising in this context after the storage for this purpose is no longer necessary. If statutory retention periods exist, the data will not be deleted, but processing will be restricted accordingly.
3.4.2 If we use contracted service providers for individual functions of our offer or if you wish to use your data for advertising purposes, we will inform you below about the respective procedures and storage duration. Before using your data for advertising purposes, you will be asked separately for your consent.
3.4.3 If you buy goods or services from us, we will in the future send you emails for similar goods or services of our company. These emails are only sent after an order has been placed and using the so-called double-opt-in procedure. This means that we will only send you the e-mails if you first confirm your registration by sending a confirmation e-mail with the link contained therein. You can always request that we no longer receive such emails. Please contact us via e-mail to Newsletter@ambientshop.com or to the responsible persons mentioned above. You will incur no other than the transmission costs according to the basic rates.

4. References to your rights
4.1 You have the following rights with respect to the personal data concerning you and their processing:
- right to information,
- right to rectification or erasure,
- right to restriction of processing,
- right to object to the processing,
- Right to data portability.

4.2 You also have the right to complain to us about the processing of your personal data by a data protection supervisory authority.

4.3 Cookies - Social Media Plugins - Targeting - Tracking
4.3.1 Cookies
We use so-called cookies on our website. Insofar as these cookies are personal data, they are used on the basis of Article 6 (1) (f) GDPR. Our interest in optimizing our website is considered to be justified in the sense of the aforementioned provision. Cookies are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not harm your device, do not contain viruses, Trojans or other malicious software. In the cookie information is stored, each resulting in connection with the specific terminal used. However, this does not mean that we are immediately aware of your identity.
On the one hand, the use of cookies serves to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages on our website or that you have already logged in to your customer account. These are automatically deleted after leaving our page. In addition, for the sake of usability, we also use temporary cookies that are stored on your device for a specific period of time. If you visit our site again to take advantage of our services, it will automatically recognize that you have already been with us and what inputs and settings you have made, so you do not have to re-enter them. On the other hand, we use cookies in order to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer and to display information tailored to your specific needs. These cookies allow us to automatically recognize when you visit our site again that you have already been with us. These cookies are automatically deleted after a defined time. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a note always appears before a new cookie is created. However, disabling cookies completely may mean that you can not use all features of our website. The storage period of cookies depends on their purpose and not the same for everyone.

4.4 Marketing / Advertising
The following statements refer to the processing of personal data for marketing and advertising purposes. DSGVO declares such data processing on the basis of Article 6 (1) (f) as fundamentally conceivable and as a legitimate interest. The duration of data storage for advertising purposes does not follow any rigid principles and is based on the question of whether the storage is required for the promotional approach.
As far as you have concluded a contract with us, we will keep you as an existing customer. In this case, we will process your postal contact details outside the scope of a specific consent in order to provide you with information about new products and services in this way.

4.4.1 Newsletter
4.4.2 With your consent, you can subscribe to our newsletter, which will inform you about our current interesting offers. The advertised goods and services are named in the declaration of consent.
4.4.3 To register for our newsletter, we use the so-called double opt-in procedure. After your registration we will send you an e-mail to the given e-mail address, in which we ask you for confirmation that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and times of registration and confirmation. The purpose of the procedure is to prove your registration and, if necessary, to inform you about possible misuse of your personal data.
4.4.4 Mandatory information for sending the newsletter is your e-mail address alone. The specification of additional, separately marked data is voluntary and will be used to address you personally. After your confirmation, we will save your e-mail address for the purpose of sending you the newsletter. The legal basis is Article 6 (1) (1) (a) of the GDPR.
4.4.5 You can revoke your consent to the newsletter at any time and for no reason and unsubscribe from the newsletter. You can declare the cancellation by clicking on the link provided in each newsletter e-mail, by e-mail to [Newsletter@ambientshop.com] or by sending a message to the above-mentioned person in charge.

4.5 vouchers
As a customer you benefit from different coupon and discount offers.
We process your data as part of your voucher redemption. If you redeem personalized voucher codes or voucher codes in your customer account in the web shop, the data will be merged with your personal data. Please note: A personal coupon code may not be published or used commercially in any other way.

5. Your rights
According to the GDPR you have the following (affected) rights towards us:

5.1 Information
On the one hand, you can request a confirmation as to whether personal data concerning you is being processed by us. If such processing is available, you can request information via the following information:

1) the purposes for which the personal data are processed
2) the categories of personal data that are processed
3) the recipients or the categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed
4) the planned duration of storage of your personal data or, if specific information is not available, criteria for determining the duration of storage
5) the right of rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing
6) the existence of a right of appeal to a supervisory authority
7) all available information on the source of the data, if the personal data are not collected from the data subject
(8) the existence of automated decision-making including profiling under Article 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved and the scope and intended impact of such processing on the data subject.

5.2 Correction, restriction
You have the right to correct and / or complete your processed personal information if it is incorrect or incomplete. You can view, edit and delete the data in your customer account at any time in the "My Account" area.
You may request the limitation of the processing of your personal data under the following conditions: (1) if you deny the accuracy of your personal information for a period of time that enables us to verify the accuracy of your personal data; (2) the processing is unlawful and you refuse the deletion of your data and instead request the restriction of the use of your personal data; (3) we no longer need the personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims, or (4) you have objected to processing and it is not yet clear whether the legitimate reasons exist of the company outweigh your reasons.

5.3 Transferability of your data
Furthermore, you have the right to have your data provided to us or a third party at any time. The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the controller. Please note that we can only transfer data based on a consent or a contract.

5.4 Revocation of consent / contradiction
If you have given us your consent (s) to process your personal information, you can revoke it at any time by sending a short notice. Please contact us in writing to customer service@ambientshop.com
You may object to or revoke your consent to the use of your data for promotional purposes at any time by sending a brief written notice to kundenservice@ambientshop.com without incurring any costs other than the base rate transmission costs. To unsubscribe from the newsletter, there is a link at the end of the newsletter. Alternatively, registered users can unsubscribe from the newsletter under "My Account" at www.bulbs-unlimited.com/webshop.

5.5 Automated decision on a case-by-case basis, including profiling
You have the right not to be subjected to a decision based solely on automated processing - including profiling - that will have legal effect or similarly affect you in a similar manner. This does not apply if the decision
- is required for the conclusion or performance of a contract between you and the controller,
- is permitted by Union or Member State legislation to which the controller is subject, and where such legislation contains appropriate measures to safeguard your rights and freedoms and legitimate interests, or
- with your express consent.

5.6 Deletion / blocking
You may request that the personal data concerning you be deleted immediately, and the controller is obliged to delete that data without undue delay if one of the following reasons applies:
- Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
- You revoke your consent, to which the processing acc. Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. DSGVO and there is no other legal basis for processing.
- You lay gem. Art. 21 para. 1 DSGVO objection to the processing and there are no prior justifiable reasons for the processing, or you lay gem. Art. 21 para. 2 DSGVO Opposition to processing.
- Your personal data has been processed unlawfully. § The deletion of personal data concerning you is required to fulfill a legal obligation under EU or national law, to which the controller is subject.
- The personal data concerning you were collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.
Essentially, the right to erasure does not exist as far as the processing is necessary § to exercise the right to freedom of expression and information; § to fulfill a legal obligation or perform a task that is in the public interest or in the exercise of public authority that has been assigned to us; § for the assertion, exercise or defense of legal claims.

6. Revocability of consent
If you have given your consent to the processing of your data, you can revoke them at any time and for no reason to the above-mentioned person responsible. Such revocation of your consent will affect the admissibility of further processing of your personal information after you have explained it to us.
6.1 Opposition to data processing in case of balance of interests
6.2 Our data processing may also be based on a balance of interests pursuant to Article 6 paragraph 1 sentence 1 letter f of the GDPR. This is the case if, in particular, the processing is not required to fulfill a contract with you, which we present in each case when describing the functions with which data are collected or otherwise processed. Insofar as we base the processing of your personal data on such a balance of interests, you may object to the processing. In the event of such a disagreement, we ask you to explain the reasons why we should not process your personal data as we have done. In case of disagreement we will check the situation and will either discontinue or adapt the data processing or show you our compelling legitimate reasons for continuing our processing.
6.3 We would like to take into account that an informational offer of a website without additional functions, where the data are processed in accordance with Article 6 paragraph 1 sentence 1 letter f of the GDPR, does not create an objection to the processing of your personal data. For any other data processing operation that is based on balance of interests (eg the analysis of the data for advertising purposes), a contradiction is possible in principle.
6.4 Please direct an objection to the above responsible person.
6. 5 Opposition to direct marketing
Of course, you may object to the processing of your personal data for the purpose of advertising and data analysis, especially direct mail marketing, at any time and for no reason. Please direct your advertisement to the person named above.

7. Data Security - Confidentiality

Data transmission with SSL
We are aware that data security when shopping on the Internet is an important topic for you. For this reason we use the so-called SSL technology (Secure Socket Layer) for transferring your personal data (address, customer number, order data ...) from all areas. Ambientshop.com treats your data according to the highest standards of data protection. Your data is protected against unauthorized access.

What is SSL?
Technically, SSL - translated with Secure Socket Layers - is an encryption technology. Your order will be sent to a secret code encrypted over the internet. Only the central Ambientshop.com computer can decrypt this order and process the order. Ambientshop.com, for its part, treats your information to the highest standards of data protection. Your order can therefore not be read by any unauthorized person, only the Ambientshop.com computer has the "key" to decrypt your order. Further information: www.ssl.de

How do you recognize a secure order via SSL?
In a secure order, when an SSL-protected operation is invoked, it will usually appear that your computer enters SSL security mode. (You may have to confirm the safety notice with "O.K."). More information: Your web browser has detailed help and security explanation and encryption explanations. Also pay attention to the "s" in the URL - this is an indication that your order is safe on the internet.

Updated: 23.05.2018