We are very pleased about your interest in our company. The protection of your data is very important to us. Below we inform you in detail about the handling of your data.
The use of the website of Landario UG (haftungsbeschränkt) is possible without any indication of personal data. If there is no legal basis for the processing of your personal data, we generally always obtain your consent. However, when using special services on our company's website, the processing of personal data may become necessary.
Personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be processed in line with the General Data Protection Regulation and in accordance with the data protection regulations of the Landario UG (haftungsbeschränkt). By means of this data protection declaration, data subjects are informed of their rights and the public is informed of the purpose, nature and scope of the personal data we collect, use and process.
As the controller, the Landario UG (haftungsbeschränkt) has implemented numerous technical and organisational measures to ensure the most complete protection of personal data transmitted via our website. However, Internet-based data transmissions can always have security gaps. Absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means. Alternative ways may be the transmission of data by telephone or by post.
Landario expressly points out that minors should not transmit personal data to us without the consent of their legal guardians.
Our data protection declaration is based on the terms used by the European Directive and Regulation Maker when enacting the General Data Protection Regulation (DSGVO). In order to provide our customers, business partners and the public with a comprehensible and easy-to-read data protection statement, we define the terms used in advance. The following terms are used in our data protection declaration:
1.) Personal Data:
Personal data means any information relating to an identifiable natural person ("data subject"). An identifiable person is a natural person who can be identified directly or indirectly by the assignment to an identifier (e.g. name, identification number, location data, online identifier or special characteristics). Special characteristics are characteristics which are expressions of the physical, physiological, genetic, psychological, economic, cultural and/or social identity of the person concerned.
2.) Data subject:
Data subjects are all identifiable and identified natural persons whose personal data are processed by the controller.
Processing means any operation performed upon personal data, whether or not by automated means. Operations include collecting, recording, organising, arranging, storing, adapting, modifying, retrieving, consulting, using, disclosing, transmitting, comparing, linking, restricting, erasing and destroying personal data.
4.) Restriction of processing:
Restriction of processing involves marking stored personal data with the aim of restricting its future processing.
Profiling is any type of automated processing of personal data which consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.
Pseudonymisation is the processing of personal data in such a way that no specific data subject can be identified without the addition of further information.
7.) Controller or person responsible for processing:
The controller of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
Processors are all legal or natural persons who process personal data on behalf of the controller.
Recipients are all natural or legal persons to whom personal data are disclosed, whether or not. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients.
10.) Third party:
A third party is any natural or legal person who, in addition to the controller, processors are authorised to process personal data. The authority is given by the controller or by processors.
Consent is any freely given indication by the data subject that he or she agrees to the processing of his or her personal data. Consent includes all voluntarily given expressions of will in the form of declarations or other unambiguous actions.
Name and address of the controller
The controller within the meaning of the GDPR and other applicable legal provisions of a data protection nature is:
Landario UG (haftungsbeschränkt)
Fachsenfelder Str. 2
Tel: 0049 7366 704 00 38
Represented by the managing director Dominik Maier
Cookies are small data files that are transferred to your computer when you surf our site and have agreed to their use. Cookies only contain information that we send to your computer, personal data is not included. It is not possible to read out private data with cookies. Only pseudonymous information is stored in the cookies. With the help of cookies, Landario can identify your computer. The most common browsers accept cookies by default. This setting can be adjusted in the respective security settings. Landario only stores cookies on your computer after you have consented to this. If you refuse the storage of cookies, certain functions on our website may not be available or content may not be displayed correctly. Cookies are used at Landario for the following purposes:
- For the use of your personal shopping cart
- Data for recognition on a return visit, so that we can load your settings in the shopping cart (delivery type, country, payment method).
- Data in connection with our social plugins
All data transmitted to Landario is encrypted using SSL (Secure Sockets Layer) encryption technology. The data is sent to us as securely as possible and protected from access by third parties. In addition, we operate other security measures to protect your data and our website from unauthorised third parties, damage or destruction.
Collection of general data
Our homepage collects a series of general data and information each time a data subject or other system calls up the website, which is stored in the server's log files. The following general data may be collected:
- Internet browser used including version
- Operating system used
- The website from which the data subject accessed our homepage
- Date and time of access
- The IP address
- The internet service provider
- Other information that serves to avert danger to our IT systems.
No data subjects are identified when using this general data. This data is used for
- the correct provision of the contents of our website
- the optimisation of our website;
- ensuring the continued functionality of our website and IT systems; and
- providing information to law enforcement authorities in case of cyber attacks;
required. This data is statistically analysed anonymously in order to improve the user experience of the website as well as data protection.
For the use of the servers and services of our web hoster (velogrid GmbH, Franzstraße 51, 52064 Aachen, Germany), we have concluded a contract for commissioned data processing and implement this strictly in accordance with the requirements of the DSGVO and the German data protection authorities.
We offer our users the possibility to subscribe to our newsletter on our website. The personal data that is sent to the controller when ordering the newsletter results from the input mask, or, if a customer account exists, from the personal data stored in the customer account.
Customers and interested parties are informed about innovations in the product range of Landario UG (haftungsbeschränkt) via the newsletter at irregular intervals. The newsletter is only sent to data subjects with a valid e-mail address and with the consent of the data subject.
The personal data collected in the context of the newsletter order will only be used for the purpose of sending our newsletter and for the notification of changes concerning the newsletter. No personal data collected as part of the newsletter service will be passed on to third parties. The subscription to our newsletter can be cancelled by the data subject at any time and without giving reasons. The consent to the storage of personal data for the newsletter dispatch can be revoked by the data subject at any time and without giving reasons. A link for the revocation can be found in each newsletter.
The newsletter service is carried out by Landario UG (haftungsbeschränkt) itself, so that no commissioned data processing takes place at this point.
Legal basis of the processing
Art. 6 I lit. a DS-GVO serves our company as the legal basis for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of another service or consideration, the processing is based on Art. 6 I lit. b DS-GVO. The same applies to processing operations that are necessary for the implementation of pre-contractual measures, for example in the case of enquiries about our products or services. If our company is subject to a legal obligation by which the processing of personal data becomes necessary, such as for the fulfilment of tax obligations, the processing is based on Art. 6 I lit. c DS-GVO. In rare cases, the processing of personal data might become necessary in order to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were to be injured on our premises and as a result his or her name, age, health insurance details or other vital information had to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 I lit. d DS-GVO. Finally, processing operations could be based on Art. 6 I lit. f DS-GVO. Processing operations which are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overridden. Such processing operations are permitted to us in particular because they were specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47, sentence 2 of the GDPR).
Legal or contractual requirements to provide the personal data; necessity for the conclusion of the contract; obligation of the data subjects to provide the personal data; possible consequences of not providing the personal data.
At this point we would like to inform you that the provision of personal data is required for certain activities. These requirements are based in part on legal foundations (e.g. tax regulations) or on contractual regulations (e.g. information on the contractual partner). For a contract to be concluded, it is therefore necessary for data subjects to provide us with personal data. This personal data must be processed by us in the course of fulfilling the contract. In order to conclude a contract with our company, the data subject is therefore obliged to provide us with personal data. Failure to provide personal data would result in no contract being concluded. For further information on the provision of personal data and whether provision is necessary in individual cases, the data subject can enquire with the data controller. Please send your enquiries by e-mail to firstname.lastname@example.org or by post.
Storage period of personal data
We store personal data in accordance with the statutory retention periods. After expiry of these periods, the corresponding data is routinely deleted. Exceptions to routine deletion are personal data that are still required for the fulfilment or initiation of a contract.
Routine deletion and blocking of personal data
The data is stored within the legal time limits, or only for the period of time required to achieve the purpose of storage. Personal data that you provide to us for the processing of purchase and/or order transactions may be stored for up to ten years for reasons of commercial and tax law. After expiry of the periods, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.
Disclosure of information to third parties
Landario only shares data for necessary business activities, such as shipping and payment processing. Trading with personal data of data subjects is explicitly not part of our business. When passing on data, we take extreme care to ensure that the transmitted data is protected and not misused. Data is only passed on to third parties in the following cases:
- Partner companies: We interact in business processes with some other companies. These business processes include, but are not limited to, shipping and processing payments. These companies need customer information to perform our services or the services they provide. These companies are obliged to treat the information in accordance with German data protection laws. (PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany; Amazon Payments Europe S.C.A., 5 Rue Plaetis, L-2338 Luxembourg); Smartsupp.com, s.r.o., Company reg. no.: 03668681, VAT ID: CZ03668681, Šumavská 31, 602 00 Brno, Czech Republic.
- For protection reasons: If we are required to do so by law, to enforce our Terms and Conditions, or to protect the rights of third parties, we may disclose information to government agencies, companies or the like. This is only done to protect rights and to protect against abuse and violations of the law, but not for economic reasons.
Existence of automatic decision making
Landario UG (haftungsbeschränkt) does not use automatic decision-making or profiling.
Rights of the data subjects
1.) Right to confirmation
As a data subject, you have the right under the GDPR to obtain confirmation from the controller at any time as to whether personal data are being processed. If you as a data subject would like to exercise this right, an employee of the controller is available to you for this purpose at any time. Inform us of your wish by email to email@example.com or by post.
2.) Right to information
As a data subject, you have the right under the GDPR to obtain free information from the controller at any time about the personal data stored about you and a copy of this information. This information contains information about
- The purposes of processing
- The categories of personal data that are processed
- The recipients to whom the personal data have been disclosed
- The envisaged duration for which personal data will be stored, if this is possible.
- The available data on the origin of the personal data
In addition, you as a data subject have the right to be informed whether personal data have been transferred to a third country or to an international organisation, as well as which data have been transferred. If you, as a data subject, would like to make use of this right, an employee of the company responsible for the processing is available to you at any time. Inform us of your wish by email to firstname.lastname@example.org or by post.
3.) Right to rectification
As a data subject, you have the right under the GDPR to request the immediate correction and/or completion of incorrect and/or incomplete personal data relating to you. If you as a data subject would like to exercise this right, an employee of the company responsible for the processing is available to you at any time. Inform us of your request by email to email@example.com or by post.
4.) Right to erasure (right to be forgotten)
As a data subject, you have the right under the GDPR to request from the controller that the personal data concerning you be erased without delay, provided that one of the following reasons applies and thus processing is not necessary:
- The data are no longer needed for the purpose for which they were collected
- The data subject withdraws consent and there is no other legal basis for the processing.
- The data subject objects pursuant to Article 21(1) DSGVO and there are no overriding legitimate grounds for the processing.
- The data subject objects pursuant to Art. 21(2) DSGVO
- The personal data are processed unlawfully
- The erasure of the personal data is necessary for compliance with a legal obligation under EU law or the law of the Member States to which the controller is subject
- The personal data was collected in relation to information society services offered pursuant to Article 8(1) of the GDPR
If one of the aforementioned points applies and you would like to exercise this right as a data subject, an employee of the controller is available to you for this purpose at any time. Inform us of your wish by email to firstname.lastname@example.org or by post.
5.) Right to restriction of processing
As a data subject, you have the right under the GDPR to request the controller to restrict the processing of your personal data if one of the following conditions is met:
- The accuracy of the personal data is contested by the data subject. Restrict the processing for a period enabling the controller to verify the accuracy of the personal data.
- The processing is unlawful, the data subject objects to the erasure of the personal data.
- The controller no longer needs the personal data for processing, but the data subject needs them for the assertion, defence or exercise of legal claims.
- The data subject has objected to the processing pursuant to Article 21(1) of the GDPR and it is not yet clear whether the legitimate grounds of the controller override those of the data subject.
If one of the aforementioned points applies and you would like to exercise this right as a data subject, an employee of the controller is available to you at any time. Inform us of your wish by email to email@example.com or by post.
6.) Right to data portability
As a data subject, you have the right under the GDPR to receive personal data concerning you, which has been provided by the data subject to a controller, in a structured, commonly used and machine-readable format. He or she also has the right to transmit this data to another controller without hindrance by the controller to whom the personal data have been provided, provided that the processing is based on consent pursuant to Article 6(1)(a) DSGVO or Article 9(2)(a) DSGVO or on a contract pursuant to Article 6(1)(b) DSGVO and the processing is carried out with the aid of automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. Furthermore, when exercising the right to data portability pursuant to Article 20(1) of the GDPR, the data subject has the right to obtain that the personal data be transferred directly from one controller to another controller, to the extent that this is technically feasible and provided that this does not adversely affect the rights and freedoms of other persons. If you, as the data subject, would like to exercise this right, an employee of the controller is available to you at any time. Inform us of your wish by email to firstname.lastname@example.org or by post.
7.) Right to object
As a data subject, you have the right under the GDPR to object to the processing of personal data collected under Article 6(1)(e) or (f) of the GDPR. This also applies to profiling based on these points. In the event of an objection, the processing of this data will be stopped immediately, unless there are compelling legitimate grounds for processing which override the interests, rights and freedoms of the data subject, or the processing serves the purpose of asserting, exercising or defending legal claims. Furthermore, as a data subject, you have the right to object on legitimate grounds to processing of personal data concerning you which is carried out for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the Data Protection Regulation, unless such processing is necessary for the performance of a task carried out in the public interest. If you, as the data subject, wish to exercise this right, an employee of the controller is available to you at any time. Inform us of your wish by e-mail to email@example.com or by post. The data subject is also free to exercise his/her right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.
8.) Automated decision-making in individual cases, including profiling
As a data subject, you have the right under the GDPR not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects concerning him or her or similarly significantly affects him or her, unless the decision (1) is necessary for the conclusion or performance of a contract between the data subject and the controller, or (2) is permitted by Union or Member State law to which the data controller is subject, and that law contains suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, or (3) is made with the data subject's explicit consent. If the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and the controller, or (2) it is made with the data subject's explicit consent, the controller shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, including at least the right to obtain the data subject's involvement, to express his or her point of view and to contest the decision. If you, as a data subject, wish to exercise any rights concerning automated decisions, you may, at any time, contact any employee of the controller. Inform us of your wish by email to firstname.lastname@example.org or by post.
9.) Right to revoke consent under data protection law
As a data subject, you have the right under the GDPR to withdraw consent to the processing of personal data at any time. If you as a data subject would like to exercise this right, an employee of the company responsible for the processing is available to you at any time. Inform us of your wish by email to email@example.com or by post.
10.) Right to complain to a supervisory authority
As a data subject, you have the right, without prejudice to any other administrative or judicial remedy, to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if the data subject considers that the processing of personal data concerning him or her infringes this Regulation. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of judicial remedy.
Landario ships orders with DHL (DHL Paket GmbH, Sträßchensweg 10; D-53113 Bonn). In order to be able to deliver orders, your address data will be transmitted to DHL. Your e-mail address will also be transmitted to DHL in the course of tracking your shipment so that DHL can notify you of your shipment. If you have stored a telephone number in your customer account, this will be transmitted to DHL for contacting you in case of problems. For further information on data protection and privacy, please refer to the DHL data protection information which can be found at https://www.dhl.de/de/toolbar/footer/datenschutz.html.
We have concluded a contract for commissioned data processing for the use of SmartSupp LiveChat and implement this strictly in accordance with the requirements of the DSGVO and the European data protection authorities.
To be able to provide you with an individualized shopping experience, Landario uses the services of a third-party company called Styleriser (Styleriser Inc, 12709 Knights Bridge Pl, 93312 Bakersfield, California, USA). Their product, StyleIQ, creates a unique shopping experience by highlighting items that match the shoppers’ colors. To use this service you need to provide us with a picture of yourself. The legal basis for processing your data is your consent, which you give us when uploading the photo in accordance with Article 6, paragraph 1, letter a) GDPR. You can revoke this consent at any time by sending us an email at firstname.lastname@example.org . You can also find our email address in this data protection declaration. Your data will be stored with us until you revoke it and will automatically be deleted after 30 days. We have concluded a data protection order processing contract with our service provider in order to ensure the protection of your data.
Trackingtools (Google Analytics)
We respect your privacy and use the anonymisation option when collecting data with Google Analytics. The last octet of the IP address is not transmitted. This means that it is no longer possible to clearly assign the data to a person. In this way, we also meet the requirements of data protection.
With the help of Google Analytics, insights are collected that enable us to improve the website. This also makes searching and shopping easier for you and optimises use. If you still do not want to support us with the anonymised data, you can also install a plug-in freely provided by Google for the following browsers and thus completely prevent the tracking of Google Analytics. You can find the plug-in at http://tools.google.com/dlpage/gaoptout
Further information and the applicable data protection regulations of Google can be found at https://www.google.de/intl/de/policies/privacy/ and at https://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail at https://www.google.com/intl/de_de/analytics/.
For the use of Google Analytics, we have concluded a contract for commissioned data processing anatd implement this strictly in accordance with the requirements of the DSGVO and the European data protection authorities.
Status of the data protection declaration: July 2021