Privacy Policy

Data privacy statement

In the following we inform about the collection of personal data when using our website. Personal data are all data that are personally identifiable to you, e.g. your name, address, e-mail addresses, user behavior.

I. Name and address of the person responsible 

The person responsible within the meaning of the Basic Data Protection  Regulation and other national data protection laws of the member states as well as other data protection regulations is: 

KOINOR Polstermöbel GmbH & Co. KG 

Landwehrstraße 14 
96247 Michelau Germany 
Phone.: +49 9571 892-0 
Fax: +49 9571 83310

info@koinor.de
www.koinor.com

 

II. Name and address of the data protection officer 

You can reach our data protection officer at:

Gerald Fischer
Diplom Bankbetriebswirt (BA)
Datenschutzbeauftragter DSB-TÜV

Mobile: +49 0160 367 1668
E-Mail: gerald.fischer@dsb-fischer.de

 

III. General information on data processing

1. Scope of processing of personal data 
We only process the personal data of our users if this is necessary to provide a functional website as well as our contents and services. The regular processing of the personal data of our users only takes place after the user has granted consent. An exception applies in those cases where prior consent cannot be obtained for legal or factual reasons and the processing of the data is permitted by law. 

2. Lawfulness of processing personal data 
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a General Data Protection Regulation (GDPR) serves as the legal basis. In the processing of personal data required for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures. 
Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis. In the event that the vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) GDPR serves as the legal basis. 
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for processing.

3. Data deletion and storage time 
The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, storage of data may take place if this has been provided for by European or national legislators in the form of EU regulations, laws, or other provisions to which the responsible party (data controller) is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned legal norms lapses, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

IV. Provision of the website and creation of log files 

1. Description and scope of data processing 
Every time you visit our website, our system automatically collects data and information from the computer system of the accessing computer. 

Log files store, among other things, the IP address, the browser used, the time and date, and the system used by a visitor to the website. On our website, only anonymized IP addresses of visitors are stored. At the web server level, this is done by default in such a way that, instead of the actual IP address (e.g., 123.123.123.123), an anonymized IP address such as 123.123.123.XXX is stored in the log file, where XXX is a random value between 1 and 254. It is therefore no longer possible to establish a personal reference.

2. Legal basis for data processing 
The legal basis for the temporary storage of data and log files is Art. 6(1)(f) GDPR. 

3. Purpose of data processing 
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this the IP address of the user must remain stored for the duration of the session. The data is stored in log files to ensure the functionality of the website. In addition, the data helps us to optimize the website and ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. Our legitimate interest in data processing also pertains to these purposes under Art. 6(1)(f) GDPR. 

4. Duration of storage 
Mail server logs: Retention period is 14 days.
Apache logs: Retained for 14 days and then deleted.
Backups: Stored in encrypted form for 14 days.

5. Options for objection and removal 
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user. 

6. What data is collected by AWStats and Report Magic

The two statistics programs evaluate the log files. The statistics are generated using already anonymized data. It is not possible to establish a personal reference. Both programs run on our own server/web account.

The following data is evaluated:

  • the type and version of the browser used (if transmitted by the user),
  • the operating system,
  • date and time of the server request,
  • number of visits,
  • duration of stay on the website,
  • the previously visited website (if transmitted by the user),
  • the user's IP address is anonymized before being stored.

When using this general data and information, we do not draw any conclusions about the data subject. Rather, this information is needed to (1) correctly deliver the content of our website, (2) optimize the content of our website as well as advertising for it, (3) ensure the long-term functionality of our information technology systems and the technology of our website, and (4) provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack.These anonymously collected data and information are therefore evaluated by us both for statistical purposes and with the aim of enhancing data protection and data security within our company, in order to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data from the server log files is stored separately from any personal data provided by a data subject.

V. Use of cookies

a) Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. If a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic character string that enables a unique identification of the browser when the website is accessed again. We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page change. Login information is stored in and transferred into the cookies. We also use cookies on our website which enable an analysis of the user's surfing behavior. In this way, the following data may be transferred: 
- Frequency of page views 
- Use of website functions 

The user data collected in this way is pseudonymized by technical precautions. Therefore, it is no longer possible to assign the data to the accessing user. The data will not be stored together with other personal data of the users. When you visit our website, an information banner informs you about the use of cookies for analytical purposes and refers you to this privacy policy. In this context, there is also a note on how the storage of cookies can be prevented in the browser settings. When accessing our website, the user is informed about the use of cookies for analytical purposes, and his or her consent to the processing of personal data used in this context is obtained. In this context, reference is also made to this privacy policy. 

b) Legal basis for data processing 
The legal basis for the processing of personal data through the use of technically necessary cookies is Article 6(1)(f) GDPR. The legal basis for the processing of personal data through the use of cookies for analytical purposes, provided the user has given consent, is Article 6(1)(a) GDPR. Our legitimate interest in processing personal data for these purposes also lies under Article 6(1)(f) GDPR.

c) Purpose of data processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For this it is necessary for the browser to be recognized even after a page change. We need cookies for the following applications: 
- Login functionalities 
- Detection of language settings The user data collected by technically necessary cookies is not used to create user profiles. The analytical cookies are used to improve the quality of our website and its content. Using the analytical cookies, we learn how the website is used and can thus continuously optimize the web content we offer. For these purposes, our legitimate interest also lies in the processing of personal data in accordance with Art. 6(1)(f) GDPR. 

d) Duration of storage, obptions for objection and removal
Cookies are stored on the user's computer and transferred by that computer to our site. Therefore, you as a user also have full control over the use of cookies. You can deactivate or restrict the transfer of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.

 

e) Adjust Cookie Settings

This website uses cookies. We use cookies to personalize content and ads, to provide social media features, and to analyze traffic to our website. We also share information about your use of our site with our social media, advertising, and analytics partners. Our partners may combine this information with other data that you have provided to them or that they have collected as part of your use of their services.

Cookies are small text files used by websites to make the user experience more efficient.

According to the law, we may store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies, we require your permission.

This site uses different types of cookies. Some cookies are placed by third parties that appear on our pages.

You can modify or withdraw your consent at any time via the Cookie Declaration on our website.

Please refer to our Privacy Policy to learn more about who we are, how to contact us, and how we process personal data.

When contacting us regarding your consent, please provide your consent ID and the date.

Your consent applies to the following domains: www.koinor.com

For more information click on the following link.

VI. Email contact

1. Description and scope of data processing 
Contact can be made via the provided email address. In this case, the personal data of the user transmitted through the email will be stored.
There will be no transfer of data to third parties in this context. The data will be used exclusively for processing the conversation.

2. Legal basis for data processing 
The legal basis for processing the data is Article 6(1)(a) GDPR, provided the user has given consent.
The legal basis for processing the data transmitted through the sending of an email is Article 6(1)(f) GDPR. If the email contact aims at the conclusion of a contract, the additional legal basis for processing is Article 6(1)(b) GDPR. 

3. Purpose of data processing 
The processing of personal data from the email is solely used by us for handling the contact request.

4. Duration of storage 
The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. For the personal data from the email, this will be the case once the respective conversation with the user has ended. The conversation is considered ended when it can be inferred from the circumstances that the matter in question has been finally resolved.

5. Options for objection and removal 
The user has the right to withdraw their consent to the processing of personal data at any time. If the user contacts us via email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. All personal data stored during the contact process will be deleted in this case.

VII. Web analysis through Google Analytics

We use Google Analytics, a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google uses cookies. The information generated by the cookie about the user's use of the online service is usually transmitted to a Google server in the USA and stored there.

Google will use this information on our behalf to evaluate the users' use of our online services, to compile reports on activities within the online service, and to provide us with additional services related to the use of this online service and internet usage. Pseudonymous usage profiles of users may be created from the processed data.

We use Google Analytics only with IP anonymization enabled. This means that the user's IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

The IP address transmitted by the user's browser will not be merged with other data from Google. Users can prevent the storage of cookies by adjusting the settings of their browser software; in addition, users can prevent the collection of data generated by the cookie and related to their use of the online service by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en.

If we ask users for consent (e.g., as part of a cookie consent), the legal basis for this processing is Article 6(1)(a) GDPR. Otherwise, the personal data of users is processed based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online service within the meaning of Article 6(1)(f) GDPR).

To the extent that data is processed in the USA, we would like to point out that Google is certified under the Privacy Shield Agreement, ensuring compliance with European data protection laws (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

For more information on data usage by Google, settings options, and ways to object, please refer to Google's privacy policy (https://policies.google.com/privacy) and the settings for Google ad display (https://adssettings.google.com/authenticated).

The personal data of users will be deleted or anonymized after 14 months.

VIII. Use of Google Maps

To make it easier for you to find us, we have integrated map material from the Google Maps service by Google LLC into our website via an API. In order to display the content in your browser, Google must receive your IP address, as otherwise, Google would not be able to deliver the embedded content to you.

The legal basis for this data processing is Article 6(1)(b) GDPR, as the IP address is required to deliver the content to you. In this processing, our collaboration with Google is based on a contract on joint responsibility under Article 26 GDPR, which can be accessed here.

For more information on data processing by Google, please refer to Google's privacy policy at https://www.google.de/intl/en/policies/privacy/.

IX. Rights of the Data Subject

If personal data is processed about you, you are a data subject within the meaning of the GDPR, and you have the following rights with respect to the data controller:

1. Right of Access
You have the right to obtain confirmation from the data controller as to whether personal data concerning you is being processed. If such processing occurs, you can request the following information from the data controller:
(1) the purposes for which the personal data is being processed;
(2) the categories of personal data being processed;
(3) the recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed;
(4) the intended duration of storage of the personal data concerning you, or, if specific details are not possible, the criteria used to determine the storage period;
(5) the existence of the right to rectification or deletion of the personal data concerning you, the right to restrict processing by the data controller, or the right to object to such processing;
(6) the existence of the right to lodge a complaint with a supervisory authority;
(7) all available information on the source of the data, if the personal data was not obtained from the data subject;
(8) the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) GDPR, and – at least in these cases – meaningful information about the logic involved, as well as the scope and intended consequences of such processing for the data subject. You have the right to request information about whether the personal data concerning you will be transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards in accordance with Article 46 GDPR related to the transfer.

2. Right to Rectification
You have the right to request rectification and/or completion of personal data concerning you from the data controller if the processed personal data is inaccurate or incomplete. The data controller must carry out the rectification without undue delay.

3. Right to Restriction of Processing
You may request the restriction of processing of personal data concerning you under the following circumstances:
(1) if you dispute the accuracy of the personal data concerning you, for a period enabling the data controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you oppose the deletion of the personal data and instead request the restriction of its use;
(3) the data controller no longer needs the personal data for processing purposes, but you require it for the establishment, exercise, or defense of legal claims; or
(4) if you have objected to the processing under Article 21(1) GDPR and it is not yet determined whether the legitimate grounds of the data controller override your reasons.

If the processing of personal data concerning you is restricted, such data – apart from being stored – may only be processed with your consent, for the establishment, exercise, or defense of legal claims, for the protection of the rights of another natural or legal person, or for reasons of substantial public interest of the Union or a member state. If the restriction of processing has been applied under the above conditions, you will be informed by the data controller before the restriction is lifted.

4. Right to Erasure
a) Obligation to Erase
You may request the data controller to erase personal data concerning you without undue delay, and the data controller is obliged to erase such data without undue delay, if one of the following reasons applies:
(1) The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
(2) You withdraw your consent on which the processing is based according to Article 6(1)(a) or Article 9(2)(a) GDPR, and there is no other legal basis for the processing.
(3) You object to the processing according to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing according to Article 21(2) GDPR.
(4) The personal data concerning you has been unlawfully processed.
(5) The erasure of the personal data concerning you is required to fulfill a legal obligation under Union law or the law of the member states to which the data controller is subject.
(6) The personal data concerning you was collected in relation to the offer of information society services according to Article 8(1) GDPR.

b) Information to Third Parties
If the data controller has made the personal data concerning you public and is required to erase it under Article 17(1) GDPR, the controller will take appropriate measures, taking into account the available technology and the costs of implementation, including technical measures, to inform other data controllers who are processing the personal data that you, as the data subject, have requested the deletion of all links to, or copies or replications of, such personal data.

c) Exceptions
The right to erasure does not apply insofar as the processing is necessary:
(1) for the exercise of the right to freedom of expression and information;
(2) for compliance with a legal obligation requiring processing under Union or member state law to which the data controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller;
(3) for reasons of public interest in the area of public health in accordance with Article 9(2)(h) and (i) as well as Article 9(3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Article 89(1) GDPR, insofar as the right under section a) is likely to render impossible or seriously impair the achievement of the objectives of such processing; or
(5) for the establishment, exercise, or defense of legal claims.

5. Right to Notification
If you have exercised your right to rectification, erasure, or restriction of processing with the data controller, the controller is obligated to inform all recipients to whom the personal data concerning you has been disclosed of the rectification or erasure of the data or the restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right to be informed by the data controller about these recipients.

6. Right to Data Portability
You have the right to receive the personal data concerning you that you have provided to the data controller in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another data controller without hindrance from the data controller to whom the personal data was provided, provided that:
(1) the processing is based on your consent under Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, or on a contract under Article 6(1)(b) GDPR; and
(2) the processing is carried out by automated means.
In exercising this right, you also have the right to request that the personal data concerning you be transmitted directly from one controller to another, where technically feasible. The rights and freedoms of other persons must not be affected by this. The right to data portability does not apply to the processing of personal data which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.

7. Right to Object
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you, which is based on Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.
The data controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims. If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for such marketing purposes; this also applies to profiling to the extent it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes. You have the option, in connection with the use of information society services - notwithstanding Directive 2002/58/EC - to exercise your right to object through automated procedures that use technical specifications.

8. Right to Withdraw the Data Protection Consent Declaration
You have the right to withdraw your data protection consent declaration at any time. The withdrawal of consent does not affect the lawfulness of processing based on the consent before its withdrawal.

9. Automated Decision-Making in Individual Cases, Including Profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision is:
(1) necessary for the conclusion or performance of a contract between you and the data controller,
(2) authorized by Union or Member State law to which the controller is subject, and such law contains appropriate safeguards for your rights and freedoms as well as your legitimate interests, or
(3) based on your explicit consent.
However, these decisions must not be based on special categories of personal data under Article 9(1) GDPR, unless Article 9(2)(a) or (g) GDPR applies and appropriate safeguards have been provided for the rights and freedoms as well as your legitimate interests.
With regard to the cases mentioned in (1) and (3), the data controller will implement appropriate measures to safeguard your rights and freedoms, including at least the right to obtain human intervention by the controller, to express your point of view, and to contest the decision.

10. Right to Lodge a Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work, or the place of the alleged infringement, if you believe that the processing of your personal data violates the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant about the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.