Privacy Policy

The protection of your data as well as their security and confidential treatment are of the utmost importance to us. In this Privacy Policy, we explain how we collect and process your personal data when you use our website or our online offerings at www.luebbe.de. Personal data are all data that make you identifiable, e.g. name, address, e-mail address and user behavior.

A. General information

  1. Controller
  2. Data Protection Officer
  3. Data security
  4. Principles relating to the storage and erasure of personal data

B. Visits to our website

  1. Provision of our website
  2. Cookies
  3. Web analysis
  4. Use of plug-ins

C. Use of services

  1. Contact options
  2. Newsletter

D. Rights of data subjects

E. Contact

A. General information

1. Controller

The controller within the meaning of Art. 4(7) of the General Data Protection Regulation (GDPR) is

  • as regards the entire online offering at www.luebbe.de: Bastei Lübbe AG, Schanzenstraße 6 – 20, 51063 Cologne, Germany, Tel.: 0221 - 8200 0, E-mail: datenschutz@luebbe.de

Please refer to our Legal Notice at www.luebbe.de for further particulars, contact details and additional legal information.

2. Data Protection Officer

You can contact Bastei Lübbe AG’s Data Protection Officer at:

  • Bastei Lübbe, Data Protection, Schanzenstraße 6 – 20, 51063 Cologne, Tel.: 0221 - 8200 0, E-mail: datenschutz@luebbe.de

3. Data security

We secure our website and other systems by taking technical and organizational measures against loss, destruction, access, alteration and dissemination of your data by unauthorized parties.

In connection with attacks on our website, data which could be used to identify you (e.g. IP address) are stored on our servers temporarily, but, as a rule, no longer than 30 days, for the purposes of data and system security. The processing of potentially personal data for the purposes of data and system security is carried out on the basis of Art. 6(1)(f) of the GDPR and on the basis of our legitimate interest in safeguarding our systems and preventing abuse.

4. Principles relating to the storage and erasure of personal data

The processing of personal data only takes place during the period required for achieving the respective purpose of the storage or for as long as we are required to do so by laws or regulations, e.g. commercial or tax law which requires the retention of documents. Where the reason for storage ceases to apply (e.g. if you unsubscribe to our newsletter service) or if the period of retention prescribed by law expires, the personal data concerned will as a matter of routine be erased in accordance with the statutory provisions or processing will be restricted, e.g. processing will be limited to what is required by commercial or tax law retention duties.

The processing of personal data in order to comply with a legal obligation, namely the fulfillment of statutory retention duties is based on Art. 6(1)(c) of the GDPR. Where personal data are processed pursuant to Art. 6(1)(f) of the GDPR for the purpose of preserving evidence, this processing purpose will cease to exist when the statutory limitation periods expire; the usual statutory limitation period is three years.

For further details of specific storage and erasure deadlines, please refer to the individual service descriptions or information in this Privacy Policy.

B. Visits to our website

If you visit our website just for informational purposes, but do not register or make a purchase in the online shop or otherwise disclose personal information to us, we will only collect the personal data that your browser sends to our server. We use tracking technologies to the extent described below for the purposes of web analysis and online marketing.

1. Provision of our website

When you visit our website, we collect the data set out below. These data are needed for technical reasons so that we can display our website and safeguard the stability and security of our online offering:

  • Your IP address
  • Date and time of the query
  • Time difference to Greenwich Mean Time (GMT)
  • Content of the query (specific page)
  • Access status/HTTP status code
  • Volume of data transmitted in each case
  • Website from which access is initiated
  • Browser
  • Operating system and its interface
  • Language and version of browser software

Art. 6(1)(f) of the GDPR provides the legal basis for collecting and processing such data. We have a legitimate interest in providing a functional website and in maintaining our system security. Furthermore, we use the above data in anonymous form for statistical purposes and to improve our online offering.

2. Cookies

Our website uses cookies. Cookies are small text files, which your browser receives and saves on your computer.

Many websites and servers use cookies. Cookies often have what is known as a cookie ID. Such an ID is a unique identifier of the cookie and consists of a randomly generated string of characters. It allows the websites and servers to identify the specific Internet browser which received and saved this particular cookie. Such cookies make it possible to distinguish your specific browser from all the other Internet browsers that receive other cookies. The unique cookie ID makes it possible to recognize and identify a specific Internet browser when it returns.

By using cookies, we can offer you user-friendly services that would be either not possible at all or only possible to a limited extent. In other words, cookies enable us to recognize users who return to our website. By recognizing users when they return to our website, we can make our online offerings easier to use. As a simple example of a function requiring the support of a cookie, consider the functionality of a shopping basket in an online shop. The online shop needs to use a cookie to enable it to “note” the items that the user puts in his or her shopping basket during a session. Art. 6(1)(f) of the GDPR provides the legal basis for the use of cookies. Our legitimate interest arises in connection with our provision and optimization of a functional and convenient online offering.

Where we use cookies in connection with web analysis or tracking services, we use a “cookie banner” and so obtain the user’s informed consent (cf. Art. 6(1)(a) of the GDPR).

By changing the settings of your Internet browser, you can, at any time, configure it to always reject cookies. Furthermore, you can use your Internet browser or another program to delete any cookies that have already been saved on your system. Please understand, however, that in the event that you configure your browser to reject cookies, you may not be able to use all of the functionality of our or other online offerings.

Please take particular note of the notices regarding web analysis and the use of third-party cookies, when you consider the use of specific cookies discussed below.

3. Web analysis

We use various web analysis services to improve the user-friendliness of our online offering and to make it more attractive. Where personal data is processed by web analysis services, this is carried out on the basis of Art. 6(1)(f) of the GDPR. In this context, the design of a user-friendly and attractive website offering is a legitimate interest on our part.

eTracker

Our website uses technologies from etracker GmbH (https://www.etracker.com) to collect and store data for marketing and optimization purposes. It enables us to create user profiles using pseudonyms. Cookies may be used for this purpose. Cookies are small text files, which are stored locally in an intermediate memory (cache) of the Internet browser used when you visit a website. The cookies make it possible to recognize your Internet browser. The data collected using etracker technologies are not used to personally identify website visitors without their express consent, nor are they used to associate personal data with the person to whom the pseudonym refers. You may, at any time, revoke your consent to the collection and storage of your data with future effect.

Please exclude me from eTracker’s data collection.

http://www.etracker.de/privacy?et=USEaEg

We use eTracker to analyze the use of our website and so as to be able to make continual improvements to it. The statistics obtained enable us to enhance our offerings and make them more attractive for you as the user. The data collected are permanently stored and analyzed in pseudonymized form. Art. 6(1)(f) of the GDPR provides the legal basis for using eTracker.

Third-party provider’s information: etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg; https://www.etracker.com/en/data-privacy/ Art. 6(1)(f) of the GDPR provides the legal basis for using eTracker.

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies, which are text files placed on your computer, to help the website analyze how you use the site. The information generated by the cookie about your use of the website will, as a rule, be transmitted to and stored by Google on servers in the United States. If you activate the IP anonymization feature on the website, Google will however shorten your IP address in the Member States of the European Union and other States that are contracting parties to the Agreement on the European Economic Area before transmitting it to the United States. Your full IP address will only be transmitted to a server belonging to Google in the United States in exceptional cases and then shortened there. At the website operator’s request, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and Internet usage for the website operator. Google will not associate any other data held by Google with the IP address obtained from your browser using Google Analytics.

You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of this website. Furthermore, by downloading and installing the following browser plug-in (https://tools.google.com/dlpage/gaoptout?hl=en), you can prevent information generated by cookies about your use of the website (including your IP address) being sent to and processed by Google.

This website uses Google Analytics with the extension “_anonymizeIp()”. As a result, your IP address is shortened before data are sent to Google and your IP address cannot be used to identify you personally. If data that makes you personally identifiable are collected, this personal data will be immediately excluded and deleted.

We use Google Analytics to analyze the use of our website so as to be able to make continual improvements to it. The statistics obtained enable us to enhance our offerings and make them more attractive for you as the user. In those cases where, by way of exception, personal data are transmitted to the USA, Google has committed to comply with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. Art. 6(1)(f) of the GDPR provides the legal basis for using Google Analytics.

Information about the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.

Terms of Services: https://marketingplatform.google.com/about/analytics/terms/us/

Overview of data: http://www.google.com/intl/de/analytics/learn/privacy.html

Privacy Policy: https://policies.google.com/privacy?hl=en-US

4. Use of plug-ins

Our website contains AddThis plug-ins. These plug-ins allow you to set bookmarks or share interesting content with other users. We offer you the opportunity to interact with social networks and other users through plug-ins so that we can improve our offerings and make them more attractive for you as the user. Art. 6(1)(f) of the GDPR provides the legal basis for using plug-ins.

Via this plug-in, your Internet browser connects directly to AddThis’s servers and possibly to the selected social network or bookmarking service. The recipient receives the information that you have visited the corresponding page of our website. This information is processed by AddThis’s servers in the USA. If you send content from our website to social networks or bookmarking services, your visit to our website can be linked with your user profile at the relevant network. We have no control over the data collected or the plug-in provider’s data processing activities. Nor are we aware of the extent to which data are collected, the purpose of such collection or how long the data are stored. In addition, we have no information regarding the erasure of data collected by plug-in providers.

Plug-in providers store the data they collect about you to create a user profile, which they then use for advertising, market analysis and/or to tailor their websites to the market. This kind of analysis is carried out, in particular (including in respect of users who are not logged in) for the purposes of presenting advertising tailored to the market and to inform other social network users about your activities on our website. You have the right to object to the creation of this user profile. However, to exercise this right, you need to contact the respective plug-in provider.

If you do not wish to have your data collected and stored in this way, you may at any time opt out of this with effect for the future by going to: http://www.addthis.com/privacy/opt-out. Alternatively, you can configure your browser settings so that it does not allow cookies to be stored.

More information about the purpose and scope of data collection and processing by plug-in providers as well as additional information about your privacy rights and settings to protect your privacy can be found at: AddThis LLC, 1595 Spring Hill Road, Sweet 300, Vienna, VA 22182, USA, www.addthis.com/privacy.

You will find further information about any social networks or bookmarking services which you may have selected via the AddThis-Plug-ins in these providers’ Privacy Policies. These are set out below and also include information about your privacy rights and settings to protect your privacy.

Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php and http://www.facebook.com/about/privacy. Facebook has committed to comply with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://policies.google.com/technologies/partner-sites?hl=en. Google has committed to comply with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter has committed to comply with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

C. Use of services

We collect and process your personal data when you order goods at our online shop, use our newsletter service or participate in competitions.

1. Contact options

We provide you with various ways of getting in touch and sending us messages on our website. You can use e-mail, phone or the contact form provided to reach out to us. When you contact us, any data provided (your e-mail address or your name and telephone number) are stored by us and processed in order to reply to your enquiry. The legal bases for this are Art. 6(1)(b) and (f) of the GDPR. We have a legitimate interest in collecting and processing customer enquiries efficiently and in an organized way. After storage of your data has become no longer necessary, we erase same or, where we are required by law to retain such data, we restrict their processing.

2. Newsletter

When you visit our website, you will be offered the option of subscribing to our free newsletter. The newsletter provides information about current offers, new products, special promotions and exclusive savings advantages in respect of goods and services from the Bastei Lübbe program. Our data processing for providing and optimizing our newsletter service is based on your consent pursuant to Art. 6(1)(a) of the GDPR.

In order to register for our newsletter, you only need to provide your e-mail address. If you would like to be addressed personally, you may provide us voluntarily with your first name and last name as well as your date of birth.

After sending us the registration form, you will receive a confirmation e-mail from us (double opt-in e-mail). Your registration first becomes valid after you have clicked on the link in the confirmation e-mail. If you do not click on the link in the confirmation e-mail, the registration process will not be completed.

If you do not confirm your registration, the information provided in your registration will be blocked and automatically deleted. We would moreover like to remind you that we store the IP address provided and the time and date of registration and confirmation. The purpose of this process is to enable us to show that you registered and to be able to investigate any abuse of your personal data. Art. 6(1)(f) of the GDPR provides the legal basis for processing such data.

You may withdraw your consent to our newsletter service and unsubscribe to the newsletter at any time with effect for the future. To unsubscribe, you can use the link provided for this purpose at the end of every e-mail or contact us using the e-mail address which you used when you registered for the newsletter. To do this, simply contact us at the address provided in this Privacy Policy or in our Legal Notice at www.luebbe.de. Your e-mail address will then be removed from our newsletter list. Withdrawal of your consent will not affect the lawfulness of our processing based on your consent prior to withdrawal.

D. Rights of data subjects

We are pleased to explain to you your rights as a “data subject” pursuant to the GDPR. According to the Regulation, as a data subject you are entitled to the following rights:

  • Right of access (Art. 15(1) and (2) of the GDPR)
  • Right to rectification (Art. 16 of the GDPR) and erasure (Art. 17 of the GDPR)
  • Right to restrict processing (Art. 18 of the GDPR)
  • Right to data portability (Art. 19 of the GDPR)
  • Right to object to processing (Art. 21 of the GDPR)
  • Rights to withdraw consent (Art. 7(3) of the GDPR)
  • Right to lodge a complaint with a supervisory authority (Art. 77 of the GDPR)

To supplement the above, we summaries the key aspects of data subject rights under the Regulation. However, the description below does not purport to be complete, but simply to address the main elements of data subject rights under the Regulation.

Right of access (including the right to obtain confirmation and to be provided with a copy of data)

The data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed.

The data subject has the right to access his or her personal data and the following information:

  • the purposes of processing;
  • the categories of personal data concerned;
  • the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  • the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
  • the right to lodge complaints with a supervisory authority;
  • where the personal data are not collected from the data subject, any available information as to their source;
  • the existence of automated decision-making, including profiling, referred to in Art. 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject;
  • where personal data are transferred to a third country or to an international organization, the right to be informed of the appropriate safeguards pursuant to Art. 46 relating to the transfer.

The data subject has the right to be provided with a copy of the personal data undergoing processing.

Right to rectification

The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to restrict processing

The data subject has the right to obtain from the controller restriction of processing where one of the following applies:

  • the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
  • the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  • the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims;
  • the data subject has objected to processing pursuant to Art. 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

Right to erasure (“right to be forgotten”)

The data subject has in principle and except where processing is required by law (see the exceptions in Art. 17(3) of the GDPR) the right to obtain from the controller the erasure of personal data concerning him or her without undue delay where one of the following grounds applies:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • the data subject withdraws consent on which the processing is based according to Article 6(1)(a) of the GDPR, or Article 9(2)(a) of the GDPR, and where there is no other legal ground for the processing;
  • the data subject objects to the processing pursuant to Art. 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21(2) of the GDPR;
  • the personal data have been unlawfully processed;
  • the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
  • the personal data have been collected in relation to the offer of information society services referred to in Art. 8(1) of the GDPR.

Right to data portability

The data subject has the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where: the basis for processing the personal data is consent or a contract pursuant to Art. 6(1)(b) of the GDPR and the processing is carried out by automated means.

In exercising his or her right to data portability, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible.

Right of withdrawal

The data subject has the right to withdraw his or her consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent prior to withdrawal.

Right to lodge a complaint with a supervisory authority

Every data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation.

The competent data protection authority for Bastei Lübbe AG is: State Commissioner for Data Protection and Freedom of Information in North Rhine Westphalia, P.O. Box 200444, 40102 Düsseldorf, Tel: 0211-384240, Fax: 0211-3842410 E-mail: poststelle@ldi.nrw.de, www.ldi.nrw.de

The competent data protection authority for DigitalStores GmbH is: Hamburg Commissioner for Data Protection and Freedom of Information, Klosterwall 6 (Block C), 20095 Hamburg.

######################

Special notice regarding the right to object pursuant to Art. 21(1) and (2) of the GDPR

You have the right to object, on grounds relating to your particular situation, at any time, to processing of personal data concerning you which is based on Art. 6(1)(e) or (f) of the GDPR, including profiling based on those provisions. Where you exercise your right to object, we will then cease to process your personal data unless we can demonstrate compelling legitimate reasons for such processing that outweigh your interests, rights and freedoms, or where such processing serves to establish, exercise or defend legal claims.

If personal data are processed for direct marketing purposes, you may, at any time, object to such processing; the same also applies to any profiling related to such direct marketing activities.

######################

E. Contact

If you wish to exercise your rights as a data subject or generally have any questions about data protection, you may contact us or our Data Protection Officer at any time:

  • The responsible party for the entire online offering at www.luebbe.de is: Bastei Lübbe AG, Schanzenstraße 6 – 20, 51063 Cologne, Germany, Tel.: 0221 - 8200 0, E-mail: datenschutz@luebbe.de
  • You can contact Bastei Lübbe AG’s Data Protection Officer at: Bastei Lübbe, Data Protection, Schanzenstraße 6 – 20, 51063 Cologne, Tel.: 0221 - 8200 0, E-mail: datenschutz@luebbe.de

Please refer to our Legal Notice at www.luebbe.de for further particulars, contact details and additional legal information.