With this data protection declaration we fulfill our information obligations for the collection and processing of personal data according to Art. 13 GDPR.
I. Responsible body
Filo Sofya GmbH
Breton Street 43
II. Processing of personal data
Personal data will only be processed insofar as this is necessary for the provision of the website with its functionalities and content and for the processing of the respective contractual relationship or the concerns of the user. The processing of personal data takes place regularly only with the consent of the user. An exception applies in those cases in which prior consent cannot be obtained for practical reasons or the processing of the data is permitted by law.
III. Legal basis
The processing of personal data by us takes place on the following legal basis:
Art. 6 Para. 1 lit. a GDPR:
For processing operations of personal data for which we obtain the consent of the data subject;
Art. 6 para. 1 lit. b GDPR:
The processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures that are carried out at the request of the data subject;
Art. 6 Para. 1 lit. c GDPR:
For the processing of personal data that is necessary to fulfill a legal obligation to which we as the controller are subject;
Art. 6 Paragraph 1 lit.d GDPR:
Processing is necessary to protect the vital interests of the data subject or another natural person;
Art. 6 Paragraph 1 lit. e GDPR:
The processing is necessary for the performance of a task that is in the public interest or is carried out in the exercise of official authority that has been assigned to the person responsible;
Art. 6 para. 1 lit.f GDPR:
Processing is necessary to safeguard the legitimate interests of the person responsible or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, outweigh them, in particular if the data subject is a child .
IV. Data security
Personal data are protected from unauthorized access by third parties using appropriate technical and organizational measures in accordance with the state of the art. We use SSL / TLS encryption on our website according to the current state of the art.
V. Log files when accessing the website
When you visit the website, our system automatically stores the following information in our log files:
- Browser type and the version used - Operating system of the user
- The user's internet service provider
- IP address of the user
- Date and time of access
- Website through which the user accessed our website
- Websites that are accessed by the user's system via our website
A storage together with other personal data of the user does not take place. The legal basis for the temporary storage of the data and the log files is Article 6, Paragraph 1, Letter f GDPR.
When you contact us by email or contact form, the data you provide will be saved by us. The data is stored and used exclusively for the purpose of answering your request or for establishing contact and the associated technical processing. The legal basis for the processing of the data is 6 Para. 1 lit. f GDPR and Art. 6 Para. 1 lit. a GDPR. If the establishment of contact serves to conclude a contract, then another legal basis is Art. 6 Paragraph 1 lit. b GDPR. Your data will be deleted after your request has been processed, provided that there are no statutory retention requirements.
VII. Order process
As part of the ordering process, the data provided by the user will be sent to us
saved. The data is entered by the user in an input mask and transmitted to us and stored. In addition, the user's IP address and the date and time of registration and order are saved. The legal basis for processing the data is Art. 6 Paragraph 1 lit. b GDPR and Art. 6 Paragraph 1 lit. a GDPR. Your data will be deleted after your request has been processed, provided that there are no statutory retention requirements. To fulfill the contract, we pass on your data to the shipping company commissioned with the delivery, insofar as this is necessary for the delivery of the goods ordered. To process payments, we pass on the payment data required for this to the bank commissioned with the payment and, if applicable, to the payment service provider commissioned by us or to the payment service selected by you in the ordering process. The legal basis for the processing is Article 6 (1) lit. b GDPR.
VIII. Registration on the website
Users can register on our website by providing personal data. Users can also order without registering. The data is entered by the user in an input mask and transmitted to us and stored. In addition, the user's IP address and the date and time of registration are saved. Your data will be deleted after final processing, provided that there is no legal legal basis for processing the data, 6 Para. 1 lit. a GDPR. If the registration is used to conclude a contract, the further legal basis is Article 6 (1) (b) GDPR.
To register for the newsletter, you must provide your email address. The indication of title and name is voluntary and serves to address you personally. The data collected from the user will only be used for sending the newsletter and its technical administration. Registration takes place in the "double opt-in" procedure. By activating the confirmation link sent, the user gives us consent to process the personal data. The legal basis for processing is Article 6 (1) (a) GDPR. The user can revoke the consent to the storage of the data and use for sending the newsletter; there is a corresponding link in each newsletter. The user can also use the other communication channels for this. We save when you register for the newsletter
the IP address as well as the date and time of registration in order to be able to understand possible misuse. The legal basis for processing is Article 6 Paragraph 1 lit. a and lit. f GDPR.
XI. Data Subject Rights
If your personal data is processed, you are affected within the meaning of the GDPR and you have the following rights vis-à-vis the person responsible:
1 right to information
You can request confirmation as to whether personal data relating to you is being processed by the person responsible. The details are regulated in Art. 15 GDPR
2 Right to Correction
You have a right to correction and / or completion vis-à-vis the person responsible, provided that the processed personal data concerning you is incorrect or incomplete. The person responsible must make the correction immediately. The details are regulated in Art. 16 GDPR
3 right to cancellation
In accordance with Art. 17 GDPR, you can demand that the person responsible delete your personal data immediately
4 right to restriction of processing
In accordance with Art. 18 GDPR, you can request that the processing of your personal data be restricted
5 Right to be informed
Do you have the right to correction, deletion or restriction of processing
Asserted to the person responsible, he is obliged according to Art. 19 GDPR to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or is with associated with a disproportionate effort. You have the right to be informed about these recipients by the person responsible.
6 Right to data portability
According to Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to the person responsible, in a structured, common and machine-readable format.
7 right of objection
You have the right, for reasons that arise from your particular situation, to object at any time to the processing of your personal data, which is based on Art. 6 Paragraph 1 lit. e or f GDPR. To file an objection. The details are regulated in Art. 21 GDPR.
8 Right to withdraw the declaration of consent under data protection law
You have the right to revoke a given declaration of consent under data protection law at any time. Revoking your consent does not affect the legality of the processing carried out on the basis of your consent up to the point of revocation.
9 Automated decision in individual cases including profiling
You have the right not to be subjected to a decision based solely on automated processing - including profiling - which has legal effects on you or which significantly affects you in a similar manner. The details are regulated in Art. 22 GDPR
10 Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement, if you are of the opinion that the processing of your personal data is against violates the GDPR.
The supervisory authority to which the complaint was submitted informs the complainant of the status and the results of the complaint, including the possibility of a judicial remedy according to Art. 78 GDPR.