To contact our customer service, please use our offered contact options.

Data Protection at light11

Download data protection notice as pdf
Download Adobe Reader free of charge

Data protection is a matter of trust and your trust is of utmost importance to us. The processing of data by light11.de GmbH, represented by Thomas Unger (hereinafter also referred to as "we" or "us") as the responsible person within the meaning of Article 4(7) of the GDPR, is of course based on the statutory provisions.

For your information

The following notes on data usage inform visitors and customers who conclude contracts on our website about data collection, processing and use during visits, registration and conclusion of contracts as well as about objection, withdrawal and other rights to which you as the person affected by data collection and use are entitled.

1. What do we do with your personal data?1.1 What is personal data?
1.2 Data usage for the purpose of contract processing1.3 Data storage, customer account1.4 Contacting1.5 Use of data for advertising and market research1.6 Revocation and right to object to advertising1.7 Deletion and blocking1.8 Comments on our websites1.9 Trusted Shops buyer protection1.10 Product recalls and product warnings for purchased products

2. Data collection when visiting our websites
2.1 Technical information and cookies
2.2 Profiling of user profiles
2.3 Details on web analytics and advertising

3. How do we protect your personal data?
3.1 General protective measures
3.2 Protection of your payment details
3.3 Privacy statement of our factoring partner payolution

4. Identity and credit assessment and scoring
4.1 Internal assessment
4.2 Identity and credit assessment conducted by third party credit bureaus
4.3 Legal basis
4.4 Credit bureaus we work with
4.5 Data usage by providers of payment services

5. What are my rights?
5.1 Right to confirmation and information
5.2 Right to rectification
5.3 Right to object
5.4 Right to erasure (right to be forgotten)
5.5 Right to restriction of processing
5.6 Right to data portability
5.7 Enforcement of your rights

6. Which consents have I given?

1. What do we do with your personal data?

1.1 What is personal data

Personal data means any information relating to an identified or identifiable natural person (hereinafter 'data subject'). Identifiability does not necessarily require a name. An indirect identifiability is sufficient, e.g. by assignment to an identification number, to location data, to an online identification or to one or more special characteristics. So it is a matter of your identity. This includes, for instance, your name, but also your telephone number, your address and other data that you provide to us.

Many legal bases for our data processing can be found in the General Data Protection Regulation (GDPR) (EU), the text and recitals of which can be found here. In the following information we refer to corresponding regulations as the respective legal basis of our processing.

1.2 Data usage for the purpose of contract processing

If you make an inquiry with us or conclude a contract with us, we require and process certain data, such as the details of the intended or placed order, your address, e-mail address and payment processing data for the pre-contractual check, contract processing and any subsequent warranty or guarantee processing (see as a base Article 6(1) point (b) GDPR). Within the context of order and payment processing, the service providers used by us (e.g. logistics companies, payment intermediaries) receive the necessary data on your person or order. We also carry out credit assessments (see IV. Identity and credit assessment below). Without this accurate information, we cannot accept orders or offer you certain payment options.
In addition, commercial and tax law requires us to archive data of concluded transactions for the length of statutory retention periods. The legal basis for this use of data is to be found in Article 6(1) point (c) of the GDPR.

1.3 Data storage, customer account

Your detailed order data will be stored with us. You can register with us (e-mail address and password). With the registration you get access to your personal data stored with us about your person and about your orders.

If you would like to close your account, please use one of the contact options below.

Please note that your data will continue to be stored and used for the stated purposes (such as order processing, but also for the purpose of promotional information) even in the event of closure. (For your right to object to the use of data for advertising purposes, see I. 6.)

Social Login

We offer you the opportunity to register and login to the light11.eu customer account with an existing profile from the social networks listed below. An additional registration is therefore not necessary.

To register, you will be redirected to the corresponding page of the social network, where you can login with your user data. This will link your profile from the social network with our service. There is no link that goes beyond the authentication process.

Through the link, your e-mail address with which you are registered at the social network is transmitted to us.

We have no influence on the purpose of the data collection, extent of the data collection and on the further processing of the data by the respective provider. For further information you can read the data protection notices of the respective social network here:

Facebook Inc. ("Facebook"), 1601 S California Ave, Palo Alto, California 94304, USA; Facebook Privacy Policy

Google Ireland Limited ("Google"), a company incorporated and operated under Irish law (registration number: 368047) with registered offices at Gordon House, Barrow Street, Dublin 4, Ireland; Google Privacy Policy

1.4 Contacting

If you contact us via our contact options (e.g. via email or the contact form), we will save your name and contact details as well as your message. This data is used to process your enquiry and to communicate with you. We use your email adress to reply to you by email (legal basis Article 6(1) point (a) and (b) GDPR). In case of questions about orders or if you would like a personal meeting, your full name is required. In case of other questions, you can also use a pseudonym. If your problem has been solved and there are no further storage obligations, we will delete the data.

1.5 Use of data for advertising and market research

We are interested in maintaining the customer relation with you, acquiring new customers, winning back former customers and providing our customers with information and offers. In order to safeguard these legitimate interests, we process your data (also with the help of service providers) on the basis of Article 6(1) point (f) of the GDPR in order to send you information and personalised offers from us, and to improve our information and offers.

We use the following data on the basis of the aforementioned legal basis without asking you separately for your consent.

Advertising mails

We use your first and last name, your postal address and - if we have received this additional information from you - your title, academic degree, date of birth and your job, industry or business name to send you offers and information about our company and our services and products by post if we believe that this information is in your interest.

The following uses are only made after we have asked for your consent outside of this declaration. Article 6(1) point (a) serves our company as the legal basis for processing operations for which we ask for consent for a specific processing purpose. (Accepting this declaration does not automatically constitute your consent to the corresponding use of your data for advertising purposes!)

Advertising emails with separate consent

If you have separately subscribed to our newsletter, your email address and any other personal data that you have provided voluntarily during the subscription (e.g. your name to be addressed with) will be used for our own advertising purposes and, if applicable, for offers of our advertising partners contained in the newsletter.

We evaluate statistically, when such an email is opened and, if applicable, which information offers meet with interest and with which intensity (e.g. when a calling up a link). The evaluation is done to improve the email's time of delivery and to optimise the content of our offers and advertising information.

Review reminder of Trusted Shops

If you have given us your explicit consent during or after your order, we will forward your email address to Trusted Shops GmbH, Subbelrather Str. 15c, 50823 Cologne, Germany (https://www.trustedshops.eu/) to enable them to remind you by email of the possibility of submitting a rating of your order. This consent can be revoked at any time by sending a message to the point of contact described below or directly to Trusted Shops.

Usage of your data when visiting our websites

If we collect data, or have data collected, with the help of web analysis tools and use web advertising tools, we will inform you in detail under 2. Data collection when visiting our websites. There you will also learn how you can use your right to object and which technical possibilities are available to you to counter data collection.

1.6 Revocation and right to object to advertising

Of course, you can withdraw your consent to or object to the use of your data for advertising purposes (specified in 1.5. ) at any time - even if this use is permitted by law - by sending us an informal message. A withdrawal of consent as well as an objection cause the termination of a future use in each case. Any use prior to the assertion of your rights remains unaffected. Of course, we do not charge any separate costs for an objection or withdrawal. (In particular, if you send the message by email, you will not incur any further costs, apart from the possible transmission costs according to the basis rates of your Internet provider). Simply send your message of objection or withdrawal to one of the contact options listed at the end of this notice. In our advertising mails and our newsletter you will each receive a note with an address or link for a simple unsubscription from these types of advertising information. Please note that in individual cases you can still receive advertisements despite your objection or withdrawal. Not in all cases commissioned advertising can be stopped with justifiable effort before the next dispatch or other similar measure.

Your right to object may also extend to the creation of user profiles and the use of data collected in the context of data collection for direct marketing purposes when you visit our websites. We explain to you in detail the technical possibilities to exercise the right of objection and to prevent the collection of data under 2.3. Details on web analytics and advertising. As long as you exercise your right to object, we no longer use the collected data for these purposes.
Further information on your rights can be found under 5. What are my rights?

1.7 Deletion and blocking

Your personal data will be stored until the specified purposes are met or as long as we have a legitimate interest in storing it.

The data is then deleted unless otherwise agreed with you or statutory archiving obligations (e.g. due to commercial or tax law) exist. If archiving is legally induced, the data is blocked from other access. After the legal retention periods have expired, the data is deleted and destroyed in accordance with data protection regulations as part of regular actions.

If you have consented to the collection, processing and use of your data, we will store and use your data for an indefinite period until the purpose for which you have consented is revoked or ceases to apply. Thereafter, the consent and processing data are archived until the statute of limitations (usually three years) for legal defence purposes (legal basis Article 17(3) point (e) GDPR).

If you no longer wish to receive advertising from us, we will use your name, address and, if applicable, your email address for blocking purposes in corresponding lists with which we compare our advertising measures so that you no longer receive any further advertising. So deletion in this sense means that your data will be blocked in particular for advertising and marketing activities in our systems (legal basis Article 6(1) point (f) GDPR). Where necessary, the data will continue to be processed for purposes other than advertising, for instance within the context of contract processing and, where applicable, warranty as well as commercial law and tax law documentation (legal basis Article 6(1) point (b) and (c) GDPR).

1.8 Comments on our websites

We offer our users the possibility to leave individual comments on our services and content or comments of other users. These comments can in turn be rated "helpful" (yes/no) by other users. If you make use of this function, we store the data at the time of entry and publish it together with the selected user name and, if applicable, the specified location and comment as well as the date of entry. Furthermore, a note may be displayed that states how many reviewers found your review helpful (in the following manner: "37 out of 43 customers found the following review helpful").

We also collect the IP address in order to be able to draw conclusions on the person making the comment in the case of interferences with our systems or in the case of infringement of rights of third parties. Such data is passed on to authorities or upon court order to persons whose rights may have been infringed, if required to do so by law.

You accept the corresponding use of data by accepting the terms of use when submitting your review.

1.9 Trusted Shops buyer protection

Integration of the Trusted Shops Trustbadge®

The Trusted Shops Trustbadge® is integrated into our website in order to display our Trusted Shops seal of approval and, if applicable, collected reviews as well as to offer Trusted Shops products to buyers after an order. This serves the safeguarding of our legitimate interests in an optimal marketing of our offer, which predominate in the context of a balancing of interests. The Trustbadge® and the services advertised with it are an offer of Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, Germany.
When the Trustbadge® is called up, the web server automatically saves a so-called server log file, which contains e.g. your IP address, date and time of the call, transferred data volume and the requesting Internet provider (access data), documenting the call. This access data is not evaluated and is automatically overwritten at the latest seven days after the end of your visit to the website.
Further personal data are only forwarded to Trusted Shops if you decide to use Trusted Shops products after completing an order or if you have already registered for use. In this case, the contractual agreement between you and Trusted Shops applies.

Trusted Shops buyer protection

If you use the Trusted Shops buyer protection, you use a service of the Trusted Shops GmbH Subbelrather Str. 15C, 50823 Cologne, Germany. Trusted Shops informs you about data collection and use under https://www.trustedshops.eu/imprint/ (scroll down to "User Privacy Notice" and "Membership registration").

In the event of a registration, Trusted Shops will receive the following data from us: The name of our shop in which you ordered, the order date, the order number, the customer number, the order amount, the currency, if applicable the expected delivery date, the payment method and your email address.

If you want to submit a review, Trusted Shops uses the following data, which we make available to Trusted Shops, in order to secure your buyer status and, with it, your authorisation to submit a review as well as to identify the object to be reviewed when reviewing a product:

Your email address, the order number and, for product evaluations, the URL of the product and the product image, the product designation as well as other identifiers (SKU, GTIN and MPN) and the name of the manufacturer.

The legal basis for this is Article 6(1) point (b) of the GDPR.

1.10 Product recalls and product warnings for purchased products

In rare cases, our manufacturers may issue a product recall or product warning. For the sake of preventive consumer protection and on the legal basis pursuant to Art. 6 para. 1 lit. c, d of the General Data Protection Regulation (fulfilment of a legal obligation to protect the vital interests of the data subject or another natural person), we may pass on your specific data (dispatch date, order/invoice number, name, address, telephone number and e-mail address) to the relevant manufacturer in each respective case.

2. Data collection when visiting our websites

2.1 Technical information and cookies

You may visit our website without making any entries about your person. If you visit our websites, even if this happens, for instance, via a link in our newsletter or an advertisement, certain data is nevertheless collected and stored in so-called log files. Only access data without direct personal reference is collected, even if the visit takes place via newsletter links or advertisement links on the Internet. This data includes

the website from where we are visited
the website that is called up or the name of the requested file
type and version of your browser,
time and date of the visit
the operating system on which the browser is installed
the name of your Internet service provider
the Internet address of the visitor (IP address)
products and content in which the visitor is interested and the degree of interest, such as duration, frequency, interaction with forms, navigation elements and links.

A conclusion on your person is not possible on the basis of this data and will not be made without your separate consent. Where we learn a date which theoretically allows conclusions to be drawn about your person, e.g. with regard to the IP address, we have made it more difficult or almost impossible to refer back to you by making appropriate reductions.

If we integrate third-party content (e.g. embedded films or other information) into our websites, they receive your IP address for this purpose alone, as otherwise the content cannot be delivered to your browser.

Cookies

We use Cookies on our website. Cookies are small files which are stored on your terminal device and that store certain settings and data for exchange with our system or the systems of service providers via your browser. This storage helps us to design the website accordingly for you and makes it easier for you to use it, for example by saving certain entries made by you in such a way that you do not have to repeat them constantly. For this purpose, cookies usually contain a unique identifier. This enables users and/or browsers (software for displaying Internet content) to be identified and differentiated from other users and browsers and recognized again during visits.

Many cookies are automatically deleted from your hard drive after each browser session (end of the session) and are hence named session cookies. However, there are also cookies that remain stored permanently on your terminal device. For your convenience, their expiry time is usually set to a point in the far future. So the next time you visit our website, it is automatically recognized that you have already been there before and which entries and settings you prefer. (persistent cookies) Also some of these cookies serve the purpose of displaying information specifically tailored to your interests on our website or the website of our partners.

(cookies that do not require consent)

Cookies, which allow functions without which you could not use this website as intended, are only used by us and their contents are not made accessible to third parties. These cookies that do not require your consent are used by us on the basis of Article 6(1) point (b) of the GDPR.

(other cookies)

For those cookies that, according to the will of the legislator, may not be set without your consent, a reference to this data protection information is already made even if you only visit our website.

We use offers from third parties, e.g. to integrate videos or other content with the purpose of providing you with interesting content. These third parties may also use cookies. These third-party cookies are used by partners interested in informing you about offers that are in your presumed interest. You can inform yourself about their usage of cookies on the websites of those third parties. If you block cookies, not all content and functions can be made available to you. For an unrestricted usage you have to give your consent again and remove corresponding blockades. aden aufheben.

Here we have listed an overview of the cookies used by us. Please also note the following general information on your technical possibilities of objection and our supplementary notes on special usages of cookies under 2.3.

Your technical possibilities of objection

Regardless of the set expiry date, you can manually delete cookies in your browser. In some browser settings, the acceptance of cookies is pre-set without restrictions. You can enable or disable temporary and stored cookies independently of each other in the privacy and security settings of your browser. Apart from browser settings that generally deactivate the automatic setting of cookies, you can also deactivate cookies by setting your browser so that cookies are blocked by a certain domain, e.g. "googleadservices.com". This setting prevents the execution of corresponding services that set cookies from this domain.

Some web services have an opt-out option. In this case, you set a generic cookie (hereinafter referred to as "block cookie") that informs, e.g. a web analysis service that you do not wish your activities to be tracked. Possibilities to set a blocking cookie are listed separately under the list of web services we use, which is to be found under 2.3. If you use the option in your browser to delete all cookies, please remember that you may have to make the appropriate settings or set blocking cookies again! werden muss!

Google allows e.g. corresponding settings under https://myaccount.google.com/intro . Possibilities of making advertising settings for numerous other networks can be found under http://www.youronlinechoices.com/uk/your-ad-choices . Under http://optout.aboutads.info/ and or http://optout.networkadvertising.org you can inform yourself about many advertising measures and also disable them.

If you are using a mobile device, you can enable the "No Ad Tracking" (iOS) or "Disable personalised advertising" (Android) setting on the device with the corresponding operating system. This is to prevent the Advertising-ID (a non-personal device ID) from being used to provide interest-driven advertising.

If you use the option in your browser to delete all cookies, please remember that you may have to make the appropriate settings or set blocking cookies again!

Accepting cookies is not a prerequisite for visiting our website. However, if you do not accept cookies or deactivate them, certain options on our website (such as services, buying, saving a shopping cart for later or certain information) may not be available to you and some websites may not be displayed correctly.

If you wish to conclude contracts with us, you have to accept certain cookies. If you do not want to this, a contract cannot be concluded.

You can find further information on the usage of cookies on the websites of the EU’s independent data protection authority https://edps.europa.eu/edps-homepage_en?lang=en

If you do not wish the setting of cookies that require your consent, you can exercise your right by technical means, which we have described under 2.1. "Your technical possibilities of objection". Or if you want to know more about the use of special cookies, see our notes under 2.3.

Accept all cookies

Only the technically necessary cookies

All trackings active

Here you will find an overview of the cookies used on our domain:

Category	Name	Domain	Purpose	Period of validity	Type
Necessary	flippingbook-flash_version_checked	light11.eu	Ensures that the Flash version installed by the user is compatible with the display software for the online catalogue.	13 days	HTTP
Necessary	k_share	light11.eu	Session information for shop-internal systems.	2 months	HTTP
Necessary	language	light11.eu	Saves the user's language settings on light11.eu	Session	HTTP
Necessary	PHPSESSID	light11.eu	Identifier used to assign users' associated requests to a session.	Session	HTTP
Necessary	sbuid	light11.eu	Shopping cart reference for shop-internal systems	2 months	HTTP
Necessary	sid	light11.eu	Identifier used to assign users' associated requests to a session.	Session	HTTP
Necessary	sid_key	light11.eu	Identifier used to assign users' associated requests to a session.	Session	HTTP
Comfort functions	_uslk_test	light11.eu	Internal test variable by Userlike.	Session	HTTP
Comfort functions	uslk_e	light11.eu	Contains user information for the Userlike customer chat widget. Required for the widget to recognize users.	12 months	HTTP
Comfort functions	uslk_in_service_time	light11.eu	Contains information, whether the Userlike widget was called up during service hours.	n/a	HTML
Comfort functions	uslk_s	light11.eu	Contains information about the current user's session. Required for the Userlike widget.	Session	HTTP
Statistics	_dc_gtm_UA-#	light11.eu	Controls the loading of the Google Analytics script.	1 day	HTTP
Statistics	_ga	light11.eu	Saves a unique Google Analytics user ID to anonymously collect statistical data about the use of the website.	2 years	HTTP
Statistics	_gali	light11.eu	Is required for an improved collection of called-up links by Google Analytics.	1 day	HTTP
Statistics	_gat	light11.eu	Limits the frequency of Google Analytics requests.	1 day	HTTP
Statistics	_gid	light11.eu	Saves a unique Google Analytics user ID to anonymously collect statistical data about the use of the website.	1 day	HTTP
Statistics	_pk_id#	light11.eu	Saves a unique Piwik user ID to anonymously collect statistical information about the use of the website.	12 months	HTTP
Statistics	_pk_ses#	light11.eu	Piwik identifier for users to assign their related requests to a session.	1 day	HTTP
Statistics	collect	google-analytics.com	Sends information about the device and the behaviour of the user to Google Analytics.	Session	Pixel
Statistics	sb_ab_t	light11.eu	Randomly assigns the user to a user group for test purposes.	36 days	HTTP
Marketing	_gcl_au	light11.eu	Used to increase the efficiency of experimental Google AdSense advertising features.	3 months	HTTP
Marketing	ads/ga-audiences	google.com	Used by Google Ads to identify users who completed a purchase as a result of the re-display of ads.	Session	Pixel
Marketing	DIE	doubleclick.net	Used by Google DoubleClick to evaluate the effectiveness of targeted advertisements that a user has clicked.	12 months	HTTP
Marketing	NID	google.com	Serves to identify the devices of returning users.	6 months	HTTP
Marketing	r/collect	doubleclick.net	Sends information about the device used and user behavior to Google Analytics across multiple devices and marketing channels.	Session	Pixel
Marketing	test_cookie	doubleclick.net	Checks whether the user's browser supports cookies.	1 day	HTTP

2.2 Profiling of user profiles

The law defines the creation of automated data collections for a person under the term profiling. According to Article 4(4) GDPR, any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements is called profiling.

We create pseudonymised user profiles of a statistical nature, i.e. profiles that are separated from any information that would allow conclusions on your person, in order to be able to draw conclusions about interests in our content and offers through evaluation and to coordinate corresponding information and offers with users of corresponding interests. In addition, we use this information to improve data security, to counter attacks on our systems and, if necessary, to support law enforcement authorities in event of attacks on our systems or other criminal activities.

We make use of corresponding web analysis tools to analyse user behaviour. For more information, see "Details on web analytics and advertising" below.

You may also object to the creation of profiles as well as the further use of your profile data for advertising purposes and revoke your consent to this, if applicable (see 1.6.). Due to the nature of the matter, the possibility of objecting to the formation of a profile through web analysis and advertising measures is regularly exercised through technical measures, which we explain to you under 2.3. for each case.

2.3 Details on web analytics and advertising

Web analysis tools

This website uses Google Analytics for the purpose of web analysis This is a service provided by Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA ("Google"). Google Analytics uses cookies. The information generated by the cookie about your use of our website (including your IP address) will be transmitted to Google and stored on their servers. It cannot be ruled out that data processing may take place outside the scope of EU law. Google has joined Privacy Shield, which ensures that Google complies with the data protection requirements based on EU law. (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

For your privacy protection, we have made settings whereby Google shortens the last part of the IP addresses of visitors to our website who have IP addresses from the EU or one of the signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Furthermore, we have concluded an order processing contract with Google.

By means of identification, for example when logging in to Google services, the data mentioned above can also be collected and used across devices. In this way, it can be traced e.g., that you have started your visit to our website on your desktop computer and continued it on a mobile device. Thus, the data of both devices can be linked.

Google will use this information to evaluate your use of the website on our behalf, to compile reports on website activities for us, to form target groups based on interests and to provide us with other services associated with website usage and web usage. Google may also forward this information to third parties if mandated by law or if third parties process these data on behalf of Google. Google will not associate your IP address with other data collected by Google. The expiration time of Analytics data is set to 50 months. The time is based on our interest in being able to make time comparisons with statistical data.

You may prevent the setting of cookies by means of a corresponding option in your browser settings; however, please note that if you do this you may not be able to use the full functionality of this website and the services we request.

Your technical possibilities of objection

Google offers the "Demographic Reports" function, which allows for compilations of age, gender and interests of page visitors. Google takes these data from interest-related advertising and from visitor data supplied by third-party providers. These data are anonymised and are not associated with a specific person.

Your technical possibilities of objection

If you do not wish information about your visit to the website to be transmitted to Google Analytics, you have the option of installing a "deactivation add-on" for your browser. You can download this add-on here. In our website optimised for mobile browsers, we have provided a special opt-out option.

If you do not wish to receive interest-based advertisements, you can disable Google's use of cookies for these purposes by visiting https://myaccount.google.com/intro. You can also disable the use of cookies by Google by downloading and installing the plug-in to be found under the following link: https://support.google.com/ads/answer/7395996

As alternative, or when using browsers on mobile devices, you can object to the use of Google Analytics by using the link at the end of this section. By clicking the link, an opt-out cookie is set in order to prevent the collection of data by Google Analytics when browsing our websites. Please note that this opt-out cookie only works in this browser and only for this domain. Once you delete your cookies in this browser, you will have to click this link again: Disable Google Analytics

3. How do we protect your personal data?

3.1 General protective measures

The law requires companies to create an adequate level of data protection. In doing so, the companies shall take into account the risks of varying likelihood and severity for rights and freedoms of natural persons posed by the processing, the state of the art and the costs of processing. We have implemented corresponding technical and organisational measures to meet the legal requirements and to ensure the protection of your data. If you have any concerns about entering your data or have other questions or suggestions, simply contact our customer service or our commissioner for data protection. You will find further contact details at the end of this notice.

Your personal data is securely encrypted when you place an order as well as when you log in to your personal account. To do so, we make use of the cryptographic protocol SSL (Secure Socket Layer). We protect our website and other systems by means of technical and organisational measures against loss, destruction, alteration, unauthorised disclosure of, or access to, your personal data. You should always keep your access information confidential and close the browser window when you have finished communicating with us, especially if you share the computer with others.

3.2 Protection of your payment details

Protection of card data

The payment form which our customers fill in with their card data is hosted in the secure computer centre of our payment service provider. This not only ensures that no employee has access to your card data, but also that the data protection standards of the card organisations are observed.

Secure data transmission

With use the TLS protocol to transmit the data entered in the payment form (card number, expiry date, verification number etc.) in encrypted form to our payment service provider. ;

Access to your card number

The card number is only stored as an encrypted strings of characters at our payment service providers. The card number is generally never displayed or made accessible in unencrypted form. The card number is only decrypted within the network of international card organisations. The card number is used, inter alia, for authorisations, transactions and credit notes.

Other payment data

If you give us your bank details, we store these data in encrypted form on our servers. Also your account number or IBAN are generally not displayed in full. Only those employees who process your payments or refunds have access.

If you pay with PayPal, we do not receive any bank details or credit card data. You have stored these with PayPal. We only receive your PayPal email address. In all other respects, the data input with PayPal takes place according to their safety regulations.

When using the Sofortüberweisung payment method provided by Sofort GmbH, your data will be transmitted via an SSL-encrypted connection. Using your PIN and TAN, you authorise your transfer, which is then effected by your bank. PIN and TAN are not stored by us. Your bank statement data will also not be stored by us, but will be sent directly and in encrypted form from the transfer form to the bank by the provider.

3.3 Privacy statement of our factoring partner Payolution

If you choose the payment method "payment by invoice" or "payment by instalments", we commission the payment service provider payolution (payolution GmbH, Am Euro Platz 2, 1120 Wien, Austria) with the processing. Regarding thereto, please not the privacy policy of payolution.

4. Identity and credit assessment and scoring

4.1 Internal assessment

If we make advance payments (in the case of "payment by invoice"), we check, based on our interest in protecting ourselves against payment defaults and protecting our customers against identity misuse, your current and previous payment behaviour and, if applicable, atypical ordering behaviour (e.g. near-term orders under different customer accounts with the same delivery address) on the basis of our data. For this purpose, we use your address data and date of birth for identification. The creditworthiness data that is taken into account includes open payments, dunning procedures, information on insolvency, debt counselling, forbearance agreements due to payment defaults. In conjunction with data from the areas of address, age, ordered assortment, ordering method and selected payment options, our partner payolution GmbH calculates a statistical probability of default by means of order processing and on the basis of recognised mathematically statistical methods.

4.2 Identity and credit assessment conducted by third party credit bureaus

Also on the basis of our interests described above, we perform a validation of your person and address by forwarding your address data and birth date to the companies mentioned in IV.4., who provide us with creditworthiness information on the basis of recognized mathematically statistical methods.

We use the statistical probability values received for a possible default of payment, which also include your address data for the automated decision on the desired payment and delivery options, which we may restrict. You can request that we manually check the automated decision e.g., for rejection of the desired payment method and that you get the opportunity to present your own point of view as well as exercise your right of objection (for this, see the contact information below).

In the event of payment problems, we reserve the right to transmit data on non-contractual conduct (e.g. payment defaults) to the credit bureau within the scope of legal requirements and possibilities and, if applicable, to commission this or other companies with the collection of debt. The credit bureaus use these data for giving credit worthiness information in justified cases.

4.3 Legal basis

The legal basis for the aforementioned assessments is Article 6(1) point (b) and (f) of the GDPR. The rights to which you are entitled can be found in the following information under 5.

4.4 Credit bureaus we work with

We obtain our information from creditPass, c/o TeleGo GmbH, Mehlbeerenstraße 4, 82024 Taufkirchen, Germany.

This in turn uses the following companies:

accumio finance service GmbH, Eppelheimer Str. 13 , 69115 Heidelberg, Germany;
CRIF Bürgel GmbH, Friesenweg 4, Haus 12, 22763 Hamburg, Germany;
Verband der Vereine Creditreform e.V., Hellersbergstraße 12, 41460 Neuss, Germany;
Bisnode Deutschland GmbH, Robert-Bosch-Straße 11, 64293 Darmstadt, Germany;
Deutsche Post Direkt GmbH, Junkersring 57, 53844 Troisdorf, Germany;
infoscore Consumer Data GmbH, Rheinstraße 99, 76532 Baden-Baden, Germany;
SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, Germany. .

4.5 Data usage by providers of payment services

Computop
If you decide to pay by credit card, Computop Wirtschaftsinformatik GmbH, Schwarzenbergstr. 4, 96050 Bamberg, Germany, will take care of the rest. light11.de GmbH itself does not process any payment information such as account information or credit card data on its own systems. Computop is certified according to the "Payment Card Industry Data Security Standard" for credit card companies and is the leading service provider for secure payment transactions. Your data will only be passed on for the purpose of payment processing and only to the extent necessary for this purpose. You can obtain further information about Computop's data protection regulations at the following Internet address: https://www.computop.com/uk/data-protection

Payolution
Payment service providers provide you with payment options on our site that carry out identity and credit checks based on the interest in protecting themselves from payment defaults and customers from identity abuse.

1. When buying on account or paying by instalments, your consent regarding data protection is obtained during the ordering process. The following is a repetition of these provisions, which are for information purposes only.

2. When selecting purchase on account or payment by instalments, personal data (first name, last name, address, email, telephone number, date of birth, IP address, gender) together with data required for transaction processing (article, invoice amount, interest, instalments, due dates, total amount, invoice number, taxes, currency, order date and order time) are transmitted to payolution for the processing of these payment methods. payolution has a legitimate interest in these data and requires or uses these to carry out risk checks.

3. In order to verify the identity or creditworthiness of the customer, inquiries and information are made to publicly accessible databases and credit bureaus. Information and, if necessary, credit information can be obtained from the following providers on the basis of mathematical-statistical procedures, which also include your address data:

CRIF GmbH, Diefenbachgasse 35-39, 1150 Wien, Austria
CRIF AG, Hagenholzstrasse 81, 8050 Zürich, Switzerland
CRIF Bürgel GmbH, Friesenweg 4, Haus 12, 22763 Hamburg, Germany
SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, Germany
KSV1870 Information GmbH, Wagenseilgasse 7, 1120 Wien, Austria
Creditreform Boniversum GmbH, Hellersbergstr. 11, 41460 Neuss, Germany
infoscore Consumer Data GmbH, Rheinstraße 99, 76532 Baden-Baden, Germany
ProfileAddress Direktmarketing GmbH, Altmannsdorfer Strasse 311, 1230 Wien, Austria
payolution GmbH, Am Euro Platz 2, 1120 Wien, Austria

payolution will transmit your bank details (especially bank code and account number) to SCHUFA Holding AG for the purpose of account number verification. SCHUFA first uses this data to check whether the bank details you have provided are plausible. SCHUFA checks whether the data used for the check is stored in your data stock and then transmits the result of the check back to payolution. Further data exchange, such as the disclosure of creditworthiness information or a transfer of differing bank connection data as well as storage of your data in the SCHUFA database, does not take place within the scope of the account number check. For reasons of proof, only the fact of checking the bank account data is stored with SCHUFA.

payolution is also entitled to store, process, use and transmit data on possible non-contractual behaviour (e.g. undisputed outstanding claims) to the above-mentioned credit bureaus.

4. Companies that provide financial assistance are already legally obliged to check your creditworthiness in accordance with the provisions of the German Civil Code on financial assistance between companies and consumers.

5. In the case of a purchase on account or purchase on instalments, data about the acceptance (of your person, purchase price, term of the instalment transaction, start of instalment payments) and processing as agreed (e.g. early repayment, extension of term, repayments made) of this instalment transaction are transmitted to payolution GmbH. After assignment of the purchase price claim, the bank accepting the claim will carry out the aforementioned data transfers. We or the bank to which the purchase price claim is assigned will also report data due to non-contractual processing (e.g. termination of the instalment transaction, enforcement measures) to payolution GmbH. According to the data protection regulations, these reports may only be made if this is necessary to protect the legitimate interests of contractual partners of payolution GmbH or the general public and your interests worthy of protection are not affected by this. payolution GmbH stores the data in order to be able to give its contractual partners, who give commercial instalment payments and other credit transactions to consumers, information for the assessment of the creditworthiness of customers. For the purpose of debtor determination, address data can be transmitted to companies that commercially collect receivables and are contractually affiliated to payolution GmbH. payolution GmbH only makes these data available to its contractual partners if they can convincingly demonstrate a justified interest in the data transmission. payolution GmbH only transmits objective data without stating the bank; subjective value judgements as well as personal income and financial circumstances are not included in the information provided by payolution GmbH.

6. The consent to the forwarding of data, which you have given during the order process, can be revoked with us at any time without stating reasons. However, the above-mentioned legal obligations to check your creditworthiness remain unaffected by any revocation. You are obliged to provide only truthful information to us.

7. If you wish to receive information about the collection, use, processing or transmission of personal data concerning you or if you wish to receive information or correct, block or delete this data, you can contact the person responsible for data protection at payolution:

Data Protection Officer
datenschutz@payolution.com
payolution GmbH
Am Euro Platz 2
1120 Wien, Austria
DVR: 4008655

8. In order to be able to offer you Klarna’s payment options, we will pass to Klarna certain aspects of your personal information, such as contact and order details, in order for Klarna to assess whether you qualify for their payment options and to tailor the payment options for you. General information on Klarna you can find here . Your personal data is handled in accordance with applicable data protection law and in accordance with the information in Klarnas privacy statement.

5. What are my rights?

As a person affected by data processing, you can assert certain statutory rights.

5.1 Right to confirmation and information

According to Article 15 of the GDPR, you have the right to obtain a confirmation from us whether personal data concerning you is being processed. In the case that we process such data, you have the right to get free-of-charge information on your stored data. This information includes details on

the purposes of the processing;
the categories of personal data concerned;
the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
the right to lodge a complaint with a supervisory authority;
where the personal data are not collected from the data subject, any available information as to their source;
the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

In addition, the person which is subject to data processing has the right to obtain information on whether personal data are transferred to a third country or to an international organisation. If this is the case, the person has the right to be informed of the appropriate safeguards relating to the transfer. If you have any questions regarding the collection, processing or use of personal data, if you wish to obtain information, or if you wish any other assertion of your rights, please contact us using the contact data listed at the end of this notice.

5.2 Right to rectification

You have the right to request rectification and/or completion from the person responsible if the processed personal data concerning you is inaccurate or incomplete. The person responsible shall make the rectification without delay.

5.3 Right to object

You have the right to object to the processing of personal data concerning you according to Article 6(1) point (e) or (f) of the GDPR; this also applies to profiling based on those provisions.

When objecting to the processing of data for direct marketing purposes (Article 21(2) GDPR), this processing is stopped as soon as possible after receipt of the objection (for further details, see 1.6.).

An objection to other processing of data on the basis of Article 6(1) point (e) or (f) of the GDPR (e.g. identity and credit assessment) can only be made on grounds relating to your particular situation, unless we demonstrate legitimate grounds for continuing processing which override the interests, rights and freedoms of you as the person affected by data processing (legal basis Article 21(1) GDPR).

Consent given can be revoked (see contact details below). You will not incur extra costs (except transmission costs according to the basic rates of your provider).

Objection and revocation of consents given are effective for the future. The lawfulness of data processing in the past remains unaffected.

Your objection to the identity and credit assessment may have the consequence that we can generally only offer you limited payment options or refuse to conclude a contract.

5.4 Right to erasure (right to be forgotten)

a) Conditions for erasure

You have the right to request the erasure of personal data concerning you. Please note that a right to immediate erasure (Article 17 GDPR 'right to be forgotten') only applies if one of the following reasons applies:

The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
You withdraw consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing.
You object to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2).
The personal data have been unlawfully processed.
The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the person responsible is subject.
The personal data have been collected in relation to the offer of information society services referred to in Article 8(1).

b) Further rights in conjunction with the right to be forgotten

Where we have made the personal data public and are obliged pursuant to paragraph 1 to erase the personal data, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform those responsible which are processing the personal data that you have requested the erasure by those responsible of any links to, or copy or replication of, those personal data.

c) Exceptions to erasure

In addition to the above requirements, please note that the following exceptions may justify a rejection of your deletion request:

The right to erasure does not apply if the processing is necessary

for exercising the right of freedom of expression and information;
for compliance with a legal obligation which requires processing by Union or Member State law to which the person responsible is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the person responsible;
for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) GDPR;
for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
for the establishment, exercise or defence of legal claims.

5.5 Right to restriction of processing

You have the right to the restriction of processing if you contest the accuracy of the personal data for a period of time enabling us to verify the accuracy of the personal data, or, in the case of unlawful processing, if you oppose the erasure of the personal data and requests the restriction of their use instead. You also have this right if we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims. You can eventually assert this right if you have objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the person responsible override those of you.

Where processing has been restricted, such personal data shall only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. This does not apply to the possibility of continuing storage. If the processing has been restricted according to the conditions stated above, you will be informed by us before the restriction of processing is lifted.

5.6 Right to data portability

You have the right to data portability in a structured, commonly used and machine-readable format of data which you have provided to us and which we have processed on the basis of an effective consent, or the processing of which was necessary for the conclusion of, or performance of, a valid contract. You also have the right to have the personal data transmitted directly to another person responsible, where technically feasible.

This right only applies if it does not adversely affect the rights and freedoms of others.

5.7 Enforcement of your rights

If you have any questions or if you wish to assert your rights, please contact our customer service (see contact details below).

You may also contact our data protection commissioner. The latter is responsible in cases of complaints. You can reach our data protection commissioner via the following email address: datenschutz@light11.de. In addition, you have the right to appeal to the supervisory authority responsible for data protection, in particular in the Member State of your residence, work place or location of the alleged infringement.

6. Which consents have I given?

You may have given us your consent for advertising contacting or certain data uses (for example, for a newsletter or services as part of a customer login, etc.). If you have given us your consent, the consent texts are stored with us and can be accessed. For accessing this data, please send an email to datenschutz@light11.de. We will then send you the requested information by email.

Your light11.de GmbH, Thomas Unger

light11.de GmbH
Bozener Str. 13
44229 Dortmund, Germany

Managing director: Thomas Unger
Commercial register: Dortmund district court
Commercial register No. HRB 22504
VAT ID DE231749333
WEEE-Reg.-No. DE 94743417

Phone: +49 (0) 2306-759 58 0
Fax: +49 (0) 2306-759 58 45
Email: service@light11.eu

Service hours customer service
Mon. - Fri. 9 a.m. - 6 p.m.

www.light11.eu

This data protection notice also constitutes copyrighted intellectual property. Use by third parties - also in extracts - for commercial purposes is not permitted. Violations will be prosecuted. WIENKE & BECKER does not assume any liability towards third parties for the completeness and topicality of the above information.

© 2018 WIENKE & BECKER – KÖLN Solicitors.
http://www.kanzlei-wbk.de/