Privacy policy

The following information shows how we handle your data:

1. Controller for data processing

Concept-B GmbH
Ludwig-Erhardt-Straße 32
84069 Schierling
Telephone: 09451 9441510
Email: info@biberger.de
If you have any questions about data protection, please feel free to contact us at any time using the above contact details.

2. Data processing on our website

We process your data on the basis of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and all other laws relevant to us under data protection law.

Contract data processing

Concept-B GmbH uses AVS Systemlift AG as a technical service provider (contract data processor).

2.1 General collection of data

When you access our website or retrieve a file, data about this process is stored in a log file on our web server. In detail, the following data may be stored:

• IP address
• Domain name of the website from which you came
• Names of the retrieved files
• Time of retrieval
• Name of your Internet service provider
• and, if applicable, the operating system and browser version of your device
  

We collect this data on the basis of our legitimate interest in accordance with Art. 6 (1) (f) GDPR to ensure the proper functioning of our websites and to detect possible attack scenarios. We reserve the right to check this data retrospectively if we become aware of specific indications of illegal use.
The data is usually deleted after two weeks. In the case of specific errors or suspicious cases, the data is stored until the facts of the case have been clarified. We reserve the right to statistically evaluate anonymized data sets.

2.2 Cookies

Websites sometimes use so-called cookies. Cookies do not harm your computer and do not contain any viruses. Cookies serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.
Most of the cookies we use are so-called “session cookies.” They are automatically deleted after your visit. Other cookies remain stored on your device until you delete them. These cookies enable us to recognize your browser the next time you visit.
You can adjust the settings on your browser so that you are informed when cookies are set and only allow cookies in individual cases, accept cookies in certain cases or generally exclude them and activate the automatic deletion of cookies when you close your browser. If you deactivate cookies, the functionality of this website may be limited.
Cookies that are required for the performance of the electronic communications transaction or to provide certain functions you want to use (e.g. the shopping cart function), are stored on the basis of Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in storing cookies to ensure the technically error free and optimized provision of the operator's services. If other cookies (e.g. cookies for analyzing your surfing behavior) are stored, these are treated separately in this data protection information.

2.3 Contact form

If you send us inquiries using the contact form, your details from the form, including the contact details you provided there, will be stored in order to process the request and in case of follow-up questions.
The data entered in the contact form is processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f DSGVO) or to carry out pre-contractual measures (Art. 6 para. 1 lit. b DSGVO). Without providing data, it is not possible to process your request.
The information you have entered into the contact form shall remain with us until you ask us to eradicate it or the purpose for which it was stored no longer exists (e.g. after we have concluded our response to your inquiry). This shall be without prejudice to any mandatory legal provisions – in particular retention periods.

2.1 Use of the iSenseLabs cookie consent tool

We use the consent management tool GDPR/CCPA + Cookie Management from iSenseLabs on our website.
The tool enables you to give consent to data processing via the website, in particular the setting of cookies, and to exercise your right of withdrawal for consent already given. The purpose of the data processing is to obtain and document the necessary consent for data processing and thus to comply with legal obligations. Cookies may be used for this purpose. The following information, among other things, may be collected and transmitted: date and time of the page view, information about the browser and device you are using, anonymized IP address, opt-in and opt-out data. This data is not passed on to other third parties.
The data processing is carried out to fulfill a legal obligation on the basis of Art. 6 (1) lit. c GDPR.
For more information about iSenseLabs' privacy practices, please see: Privacy Policy - GDPR/CCPA + Cookie Management (isenselabs.com)

2.2 Use of Google advertising and analysis services

We use the following services provided by Google Ireland Limited, based in Ireland, on our website to serve targeted advertising and to analyze our website users and improve our website:

• Google Analytics
• Google TagManager
• Google Adsense
  
• Google AdWords Conversion

Some of these tools can recognize website visitors and also assign user behavior and link it to other information.
When these tools are used, cookies may be used and data connections may be established to Google LLC servers in the United States as an insecure third country. Google is certified under the EU-US Data Privacy Framework to ensure an adequate level of data protection nonetheless.
These tools are used on the basis of Art. 6 Sect. 1 lit. f GDPR. We have a legitimate interest in the analysis of user patterns to optimize both, the advertising offer and the website. If your consent has been requested, the respective tool will be integrated on the basis of Art. 6 Sect. 1 lit. a GDPR. This consent may be revoked at any time.

Options for objecting to data collection (Google Analytics)

You can prevent Google Analytics from collecting your data by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this site: Disable Google Analytics.
For more information about how Google Analytics handles user data, see Google's privacy policy:
https://support.google.com/analytics/answer/6004245?hl=de.
If you have a Google account, you can opt out of personalized advertising at the following link:
https://www.google.com/settings/ads/onweb/.
For more information about how to opt out of Google ads, please visit the following links:
https://policies.google.com/technologies/ads and
https://adssettings.google.com/authenticated.

IP anonymization (Google Analytics)

We have activated the IP anonymization feature on this website. Your IP address will be shortened by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google.

Browser Plugin (Google Analytics)

You can prevent the storage of cookies by a corresponding setting of your browser software; however, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent. You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plugin available at the following link:
https://tools.google.com/dlpage/gaoptout?hl=de.

Demographic characteristics in Google Analytics (Google Analytics)

This website uses the “demographic characteristics” function of Google Analytics. This allows reports to be created that contain information about the age, gender and interests of the site visitors. This data comes from interest-based advertising from Google and from visitor data from third-party providers. This data cannot be assigned to a specific person. You can disable this feature at any time by adjusting the ads settings in your Google account or you can forbid the collection of your data by Google Analytics as described in the section “Refusal of data collection”.

Storage duration (Google Analytics)

Data stored by Google at the user and event level that is linked to cookies, user IDs (e.g. UserID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) is anonymized or deleted after 14 months. For details, please see the following link:
https://support.google.com/analytics/answer/7667196?hl=de.

2.3 Meta Pixel

We use the visitor action pixel from Meta to measure conversion. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. This allows us to track the behavior of site visitors after they have clicked on a Facebook ad and been redirected to the provider's website. This allows the effectiveness of Facebook ads to be evaluated for statistical and market research purposes and future advertising efforts to be optimized. If you subsequently log in to Facebook or are already logged in to Facebook, your website visit will be noted in your profile. The collected user data is anonymous to us and does not allow us to draw any conclusions about the user's identity. However, this data is stored and processed by Facebook, so that it is possible to draw conclusions about the respective user profile.
The legal basis for embedding the pixel and the corresponding cookie is your consent in accordance with Art. 6 (1) a GDPR. You can revoke your consent at any time via the data protection settings.
Please note that we have no influence on further data processing by Facebook and that your data may be transferred to the USA as an unsafe third country. Meta Platforms Inc. is certified according to the EU-US-Data Privacy Framework to ensure an adequate level of data protection.
You can find more information about protecting your privacy in Facebook's data policy: https://de-de.facebook.com/about/privacy
You can also disable the remarketing function “Custom Audiences” in the ad settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged into Facebook.

2.4 Facebook social plugin

We use the Facebook social media plugin from Meta to integrate social media content. This service is provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.
If you subsequently log in to Facebook or are already logged in to Facebook, your visit to our website will be noted in your profile. The user data collected is anonymous to us and does not allow us to draw any conclusions about the user's identity. However, this data is stored and processed by Facebook, so that it is possible to draw conclusions about the respective user profile.
The legal basis for embedding the plug-in and the corresponding cookie is your consent in accordance with Art. 6 (1) a GDPR. You can revoke your consent at any time via the data protection settings.
Please note that we have no influence on further data processing by Facebook and that your data may be transferred to the USA as an unsafe third country. Meta Platforms Inc. is certified according to the EU-US-Data Privacy Framework to ensure an adequate level of data protection.
Please refer to Facebook's privacy policy for more information on protecting your privacy: https://de-de.facebook.com/about/privacy

2.5 CrazyEgg

We integrate the analysis service of Crazy Egg Inc. to record randomly selected individual visits (only with anonymized IP addresses). This tracking tool uses cookies to evaluate how you use the website (e.g. which content you click on). A user profile is displayed visually for this purpose. User profiles are created when pseudonyms are used.
These tools may be used to set cookies and establish data connections to CrazyEgg servers in the United States, which is considered an unsafe third country. The level of data protection there is inadequate. There is a risk that your data may be processed by US authorities without any possibility of legal recourse.
The integration is based on Art. 6 para. 1 lit. a DSGVO. This consent is voluntary and can be revoked at any time.
You can object to the collection, processing and recording of data generated by CrazyEgg at any time by following the instructions at http://www.crazyegg.com/opt-out.
For more information about Crazy Egg's privacy practices, please see their privacy policy at:
https://www.crazyegg.com/privacy/

2.6 Push notifications via Pushowl

We use Pushowl, a service provided by Creatorbox Softwares Private Limited, No 39, 2nd Floor NGEF Lane, Suite no 909 Indiranagar First Stage Bangalore KA 560038 IN, on our website.
We use Pushowl to send web-based push notifications. This means that Pushowl is informed that our website has been accessed via your IP address. This content is used in the interest of providing website visitors with a push service. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR.
Data protection information: https://pushowl.com/privacy
Opt-Out: https://docs.pushowl.com/de/articles/2320429-abbestellen-von-pus-benachrichtigungen

2.7 Integration of external content from Buny.net

In order to integrate external content such as images, fonts, etc., we use the bunny.net service provided by BunnyWay, informacijske storitve d.o.o. When you access a page, your browser loads the required content into your browser cache to display it correctly.
This is done in the interest of a consistent and attractive presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR.
We have concluded a data processing agreement for the use of the above-mentioned service. This is a contract that is required under data protection law and ensures that the personal data of our website visitors is only processed in accordance with our instructions and in compliance with the GDPR.

2.8 Content from our partner Systemlift

We use our partner Systemlift to upload external content such as images to our website. This establishes a connection to the servers of AVS Systemlift AG.
As a result, Systemlift learns that your IP address has accessed our website. This content is used in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.

3. Direct advertising and objection

For advertising purposes, we inform customers (on the basis of our legitimate interest in direct advertising in accordance with Art. 6 para. 1 lit. f DSGVO) about innovations and offers via various communication channels (e.g. e-mail, letter).
You have the right to object to data processing for direct marketing purposes at any time.
The data required for direct marketing will be stored until you object to direct marketing.

4. data processing when visiting our online shop

User account

To shop in our online shop, you must set up a personal user account (hereinafter “user account”). You can store your personal information in the user account. The user account makes it easier to shop conveniently in the online shop. The information can be updated at any time in the personal area of the user account.
After successful registration, the user will automatically receive a confirmation by email. By doing so, the user concludes the contract with us for the provision of the user account.
The legal basis for the associated data processing is in each case Art. 6 (1) (b) GDPR (pre-contractual measures and contract fulfillment).

Payment service providers

If you decide to use a payment service provider to process your payment, you will be redirected to their site during the payment process. We will then not receive any bank account information from you. The payment service providers are responsible for data processing in the context of payment processing.

Use of Paypal

We offer payment via PayPal on this website. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”).
All PayPal transactions are subject to the PayPal Privacy Policy. You can find this at https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Use of Stripe

We use the following provider for this: Stripe Payments Europe, Ltd. based in Ireland. Stripe Payments Europe, Ltd. is a subsidiary of the US-based Stripe, Inc. Stripe Payments Europe, Ltd. is subject to European data protection law. Information on data protection at Stripe can be found here: https://stripe.com/de/legal/ssa. Furthermore, we have placed great emphasis on ensuring that Stripe Payments Europe, Ltd. meets the highest security standards and can at least provide certification according to the Payment Card Industry Data Security Standard (PCI-DSS). The provider meets these requirements according to our review. A description of the security measures at Stripe can be found here: https://docs.stripe.com/security. You can find proof of PCI-DSS certification here: https://www.visa.com/splisting/searchGrsp.do?companyNameCriteria=stripe,%20inc. In addition, we have also contractually bound Stripe in accordance with Art. 28 GDPR.

3. Order processing

Your data will be processed on the basis of Art. 6 (1) (b) DSGVO (contract fulfillment) in order to process your order. Without the indication of personal data, the fulfillment of the contract is not possible. The data is stored in each case for the duration of the corresponding contractual relationship. A deletion takes place after the end of the contractual relationship and/or after expiration of legal retention periods.

4. recipients of personal data

We only pass on your data to third parties if this should be necessary for the fulfillment of the purpose. Furthermore, data may be passed on to authorities on the basis of legal regulations in accordance with Art. 6 Para. 1 lit. c and e GDPR.
In addition, we use contract processors in various cases in accordance with Art. 28 GDPR, who may receive data from us or have access to your data in connection with their services. In this context, data may also be transferred outside the EU. In doing so, we ensure that either the EU has issued an adequacy decision for the destination country in question in accordance with Art. 45 GDPR or we have concluded a contract with the service providers concerned on the basis of the standard data protection clauses in accordance with Art. 46 (2) (c) GDPR. These can be found here: https://commission.europa.eu/publications/standard-contractual-clauses-international-transfers_de

5 Your rights

You have the following rights with respect to the personal data concerning you:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
  
• Right to object to processing (Art. 21 GDPR)
• Right to revoke consent (Art. 7 (3) GDPR)
• Right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR)

6. Data protection officer

We have appointed an external data protection officer:
Stefan Pietsch
Can be contacted via:
Pietsch IT GmbH
Wilhelmshöher Straße 1
34590 Wabern
Telephone: 05683-923440
Email: datenschutz@pietsch-it.de
Internet: www.pietsch-it.de

7. Timeliness and changes to this data protection information

This data protection information is currently valid (see date in the heading). It may be necessary to amend this data protection information due to the further development of our offers or due to changes in legal or official requirements.