1. Name and contact details of the controller responsible for processing and the company data protection officer
This Data Protection Policy applies to data processing by:
Controller: Siccas Guitars GmbH (hereinafter “OhGuitar”)
Roonstr. 31, 76137 Karlsruhe
Phone: +49 (0) 721 66984830
The data protection officer of OhGuitar is contactable at the above address, Attn: Data Protection Department and via firstname.lastname@example.org.
2. Collection and storage of personal data and the nature and purpose of their use
a) When visiting the OhGuitar website
When you visit our OhGuitar website, the browser used on your device automatically sends information to the server on which our website is hosted. This results in the collection of the following data, which is collected without your intervention and is deleted after 20 weeks
– the date and time of access,
– the IP address of the requesting computer,
– the session ID,
– the User Agent,
– the website from which access is made (referrer URL),
– the name and URL of the file being retrieved,
– the browser used and, if applicable, the operating system of your computer and the name of your access provider.
We process the aforementioned data for the following purposes:
– to monitor and ensure system security and stability,
– to ensure the comfortable use of our OhGuitar website and to optimise our platform,
– in order to ensure a problem-free connection to the website,
– for other internal statistical and administrative purposes, and
– to detect and prevent attacks on our website.
As a matter of principle, we do not use the collected data to draw conclusions about your person. However, if our network infrastructure is attacked, your IP address will be evaluated in order to assert or defend legal claims.
We base the collection of data on our legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f DSGVO. Our legitimate interests result from the aforementioned data collection purposes.
b) When registering as a user on our platform
On our OhGuitar platform, buyers and private sellers as well as commercial dealers can create an account. When you create an account, the data mentioned under i), ii) and iii) is mandatory.
The processing of this data is carried out,
– to check the entered data for plausibility,
– to be able to identify you as our contractual partner,
– for the establishment, content design, processing and modification of contractual relationships with you regarding the use of our platform and the services offered on it,
– if necessary, to contact you in case of further questions, and
– if necessary to assert any claims against you.
The processing of the data listed under i), ii) and iii) is carried out at your request and is required in accordance with Art. 6 para. 1 sentence 1 letter b DSGVO for the aforementioned purposes for the use of the platform and thus for the fulfilment of the contract and pre-contractual measures.
Depending on the type of user account, you sometimes have the option of providing voluntary details. We base the processing of such voluntarily provided information on our legitimate interests in accordance with Art. 6 Paragraph 1 S. 1 lit. f DSGVO. These serve the purpose of improving the contact with you and to ensure a quick clarification of possible queries.
After deletion of your user account, your data will be automatically deleted for further use, unless we are obliged to store the data for a longer period of time in accordance with Article 6 Paragraph 1 Sentence 1 lit. c DSGVO due to tax and commercial law storage and documentation obligations (from HGB, StGB or AO) or you have consented to further storage in accordance with Article 6 Paragraph 1 Sentence 1 lit. a DSGVO.
i) OhGuitar user account
To register as a user (buyer) and set up a user account, the following data must be entered:
– a valid e-mail address and
– a freely selectable password.
The data serve as login data for the user account.
You also have the option of providing further voluntary user data:
– Your first and last name,
– A profile picture
– Your address (street, postcode, town, country),
– Your telephone number.
ii) Private sellers
To be able to place sales offers as a private seller, you must first have a user account (see i)). To place a sales offer on the platform, you must enter the following data:
– Your first name and surname,
– Your address (street, postcode, town, country),
– Your telephone number
iii) Commercial dealers
To register as a commercial dealer, the following data must be entered:
– your company,
– a contact person (first and last name),
– Your address (street, postcode, town, country),
– a telephone number,
– a valid e-mail address,
– a freely selectable user name and
– a freely selectable password.
You also have the option of providing further voluntary user information:
– a mobile phone number and
– an Internet address.
Registration for secure payment at OhGuitar via Stripe Connect
In order to receive your payments from buyers as a commercial seller via Stripe Connect, you must open a Stripe account.
When registering for OhGuitar Payment via Stripe Connect, apply to open an account with the payment service of Stripe (https://www.stripe.com/), Stripe, Inc.
510 Townsend Street San Francisco, CA 94103, USA. Payments assigned to you as part of OhGuitar Secure Payment via Stripe Connect will then be posted via this account.
In accordance with the laws to prevent money laundering and the financing of terrorist organisations, Stripe, Inc. is required to identify each Seller on the basis of the documents and information provided.
Therefore, when you register with Stripe, Inc. the following data and documents will be collected from you:
– Surname, first name, e-mail address, date of birth and nationality and country of residence.
– Information about which bank account to use for payments.
– A copy of a valid official identification document:
– German identity card (front and back) for Germans, passport for foreigners resident in Germany or abroad.
– Within the EEA: Passport or national identity card or driving licence. A residence permit for persons from third countries.
– Outside the EEA: Passport or driving licence for the USA and Canada.
c) When using our platform internal news tool
As a registered user, we offer you the opportunity to communicate with us or a dealer/buyer/private seller via a platform-internal news tool provided on the website. Registration is required to use the platform-internal messaging tool (see 2. b) ).
When using our platform internal message tool, your sent messages are automatically and manually scanned and analysed by us. This is done for the purpose of
– the prevention of fraud,
– to detect illegal activities and violations of our general terms and conditions
– and to improve communication and customer service.
We base data processing on our legitimate interests in accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO. Data processing for the above-mentioned purposes is considered a recognised legitimate interest under the DSGVO.
You can manage your sent and received messages yourself and have them deleted by us on request. In the event of an attempt at fraud, an unlawful act or a breach of the General Terms and Conditions of Business, we may continue to store the relevant messages even after your request for deletion, on the basis of our legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f DSGVO, for verification purposes and the assertion, exercise or defence of legal claims.
d) Automatic creation of a customer profile
When using our platform as a registered user/dealer, we create a customer profile for your user account. In order to ensure that you only receive information that is supposedly of interest to you, we categorise and supplement your customer profile with additional information. For this we use:
– Information about your person (e.g. basic data of your customer profile),
– the duration of your membership,
– statistical information (e.g. the type, frequency and intensity of use of the website); and
– the history of the offers, manufacturer brands and suppliers called up.
The listed data is processed by us for the following purposes:
– for statistical evaluations,
– for market research,
– to enable the smooth functioning of the platform and to design our platform to meet the needs of our customers,
– to personalise our services and
– in order to provide you with advertising solely based on your actual or supposed needs and not to bother you with unnecessary advertising.
We base data processing on our legitimate interests in accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO. Data processing for the above-mentioned purposes is considered a recognised legitimate interest in accordance with the DSGVO.
In the event of an objection to the creation of a user profile, evaluation and personalisation of our services and advertising, the processing will be stopped and your user profile will be deleted immediately, unless you have consented to further storage in accordance with Art. 6 para. 1 sentence 1 lit. a DSGVO. You can send your objection at any time by e-mail to email@example.com.
e) Registration for our newsletter
Provided that you have expressly consented in accordance with Art. 6 para. 1 sentence 1 letter a DSGVO, we will use your e-mail address to send you our personalised newsletter on a regular basis. To receive the newsletter, it is sufficient to provide an e-mail address.
For the purpose of personalising the newsletter content, a customer profile can be created about you on the basis of the personal data collected. Personal aspects such as product affinities, interests, purchase decisions, preferred shopping time, etc. resulting from orders are automatically processed and analysed so that offers relevant to you are predicted. Moreover, profiling can also be carried out without consent on the basis of Art. 6 Para. 1 letter f DSGVO on the basis of legitimate interests (see 2.c) below).
Under certain circumstances, we may also use your e-mail address without your express consent to send you information about similar products from our company, provided you are our existing customer and have not objected to the use of your e-mail address. In the case of the acquisition of existing customers, we base the processing on our legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f DSGVO. The processing of your e-mail address for the purpose of direct advertising is deemed to be a legal interest recognised by the DSGVO.
In any case, you can unsubscribe from the newsletter at any time, for example using a link at the end of each newsletter. Alternatively, you can unsubscribe from the newsletter at any time by e-mail by writing to this e-mail address: firstname.lastname@example.org.
For sending our newsletter we use the tool Mailchimp of The Rocket Science Group LLC d/b/a Mailchimp, 675 Ponce de Leon Ave NE, Suite 5000 Atlanta, GA 30308 USA. The company has joined the EU-U.S. Privacy Shield.
For further information on the data processing by the Provider, please visit https://mailchimp.com/legal/privacy/
f) Via our contact form
If you have any questions of any kind, we offer you the possibility to contact us or a dealer/private seller via a form provided on the website. If you wish to address your question to a dealer or private seller, we will forward your contact request to them. In order to use the contact form, the following data is mandatory:
– a valid e-mail address and
– Your specific question or message.
The listed data is processed by us for the following purposes:
– to be able to identify you,
– to answer your question and
– where appropriate, for forwarding to the dealer/private seller concerned.
In addition, you can voluntarily provide your name and telephone number for faster contact.
When using our contact form, your message may be scanned and analysed by us. This is done for the purpose of fraud prevention and generally to improve communication and customer service.
The data processing is carried out at your request and is required in accordance with Art. 6 para. 1 sentence 1 lit. b DSGVO for the aforementioned purposes for the fulfilment of the contract and pre-contractual measures. In addition, the data processing within the framework of the contact request is based on our legitimate interests in accordance with Art. 6 Paragraph 1 Sentence 1 lit. f DSGVO. These also result from the aforementioned purposes.
The personal data collected by us for the use of the contact form will be automatically deleted after the completion of your request.
g) Collection of personal data from third parties
Occasionally, it may happen that users provide us with personal data from third parties (e.g. authorised representatives, contact persons, different account holders). In these cases of personal data not being collected from the person concerned, but exclusively from our users to third parties, our contractual partners are required to provide information only to the extent that the third party concerned is aware of it. This includes in particular knowledge of us as the person responsible and of the data provided and the purposes of a statement. In all other respects, this data protection information applies to the affected third parties accordingly insofar as the information is not only relevant to contractual partners. In particular, this includes information about us as the responsible party and our data protection officer as well as information about the rights of data subjects. Should we exceptionally receive contact data for a third party concerned, we will inform the third party directly. As a rule, however, we do not request contact data from third parties. The information provided by third parties will be used by us exclusively for the purpose intended for the information (e.g. necessary contact, payment processing via the account details provided). The deletion of the data of affected third parties takes place at the latest when the data of the person indicated is deleted or when this person changes or deletes the data concerned. The processing of the data of affected third parties is carried out on the basis of our legitimate interests (Art. 6 Para. 1 S. 1 lit. f DSGVO) to enable our contractual partners to involve third parties in a legitimate way.
3. Transfer of data
We only pass on your personal data to third parties if:
– you have given your express consent in accordance with Art. 6 Para. 1 S. 1 lit. a DSGVO,
– in the event that there is a legal obligation to pass on the data pursuant to Art. 6 para. 1 sentence 1 lit. c DSGVO, and
– the disclosure pursuant to Art. 6 para. 1 sentence 1 letter f DSGVO is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data.
4. Visibility of your data for third parties
a) As users and private sellers
Personal data stored in connection with your user account (see point 2.b) i) and ii) ) cannot be viewed by third parties unless you have published offers on the platform.
b) As a commercial trader
If you are registered as a merchant and publish offers on the platform, registered and non-registered users can view your provider data (in accordance with item 2. b) iii)) on the platform.
The publication of the merchant data is necessary for the fulfilment and execution of the contract between OhGuitar and the merchant in the context of the use of the platform according to article 6 paragraph 1 sentence 1 lit. b DSGVO.
We use “cookies” on our website to record statistics on website use and evaluate these for the purpose of optimising our offer. These enable us to automatically recognise that you have previously visited our website when you return.
Your data will be stored with the aid of cookies for the above-mentioned purposes while safeguarding our legitimate interests and those of third parties in accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO, according to which these interests are to be qualified as legitimate. Cookies are small files that are automatically created by your browser and stored on your end device (laptop, tablet, smartphone or similar) when you visit our site. Cookies do not cause any damage on your terminal device, and do not contain viruses, Trojans or other malware.
Information is stored in the cookie that is related to the specific terminal device used. This does not mean, however, that we obtain direct knowledge of your identity.
In addition, we also use temporary cookies to optimise user-friendliness, which are stored on your end device for a certain specified period of time. If you visit our site again in order to use our services, it will be automatically recognised that you have already been with us and which entries and settings you have made so that you do not have to enter them again.
Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or so that a message always appears before a new cookie is created. However, disabling cookies completely may mean that you will not be able to use all the functions of our website.
Tracking tools The tracking measures listed below and used by us are carried out on the basis of Art. 6 para. 1 sentence 1 letter f DSGVO. With the tracking measures used, we want to ensure that our website is designed to meet the needs of our customers and is continuously optimised. On the other hand, we use the tracking measures to record the use of our website statistically and evaluate it for the purpose of optimising our offer for you. These interests are to be regarded as justified in the sense of the aforementioned regulation. The respective data processing purposes and data categories can be taken from the corresponding tracking tools.
i) Google Analytics
ii) Google Adwords Conversion Tracking
iii) Google reCAPTCHA
7. E-mail sending tool
For the purpose of sending transaction and service e-mails, we will pass on your e-mail address to e-mail dispatch service providers. We use the following service providers: Mailchimp
For sending our newsletter we use the tool Mailchimp from The Rocket Science Group LLC d/b/a Mailchimp, 675 Ponce de Leon Ave NE, Suite 5000 Atlanta, GA 30308 USA. The company has joined the EU-U.S. Privacy Shield.
For further information on data processing by the provider, please visit: https://mailchimp.com/legal/privacy/
Data processing in the context of sending transaction and service e-mails is based on our legitimate interests in accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO. In this way, we want to ensure that communication processes are automated in line with your needs, particularly in the case of actions initiated by you or in order to inform you of security-relevant information as quickly as possible.
8. Rights of data subjects
You have the right:
– in accordance with Art. 7 Para. 3 DSGVO to revoke your consent to us at any time. As a result, we may no longer continue to process the data which was based on this consent in the future;
– in accordance with Art. 15 DSGVO to request information about your personal data processed by us. In particular, you may request information on the purposes of processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right of rectification, erasure, restriction of processing or opposition, the existence of a right of appeal, the origin of your data, if not collected by us, and the existence of automated decision making including profiling and, where applicable, meaningful information on the details of such data;
– in accordance with Art. 16 DSGVO, to demand without delay the correction of incorrect or incomplete personal data stored by us;
– pursuant to Art. 17 DSGVO to demand the deletion of your personal data stored with us, unless processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
– pursuant to Art. 18 DSGVO, to demand the restriction of the processing of your personal data, if the accuracy of the data is disputed by you, if the processing is unlawful but you refuse to delete it and we no longer require the data, but you require it for the assertion, exercise or defence of legal claims or you have lodged an objection to the processing pursuant to Art. 21 DSGVO;
– in accordance with Art. 20 DSGVO, to receive your personal data that you have provided us with in a structured, common and machine-readable format or to request that it be transferred to another responsible party and
– complain to a supervisory authority pursuant to Art. 77 DSGVO. As a rule, you can turn to the supervisory authority at your usual place of residence or workplace or at our registered office.
9. Right of objection
If your personal data are processed on the basis of legitimate interests in accordance with Art. 6 Paragraph 1 S. 1 letter f DSGVO, you have the right, in accordance with Art. 21 DSGVO, to object to the processing of your personal data if there are reasons for doing so arising from your particular situation or if the objection is directed against direct advertising. In the latter case, you have a general right of objection, which will be implemented by us without indicating any special situation.
If you wish to exercise your right of objection, simply send an e-mail to email@example.com.
10. Data security
For our website we use the common TLS (Transport Layer Security) procedure in connection with the highest encryption level supported by your browser. TLS is a secure and proven standard that is also used for online banking, for example. You can recognise a secure TLS connection by, among other things, the attached s at http (i.e. https://..) in the address bar of your browser or by the lock symbol at the bottom of your browser.
We also use suitable technical and organisational security measures to protect your data against accidental or deliberate manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.
If you register with us as a user, access to your user account is only possible after entering your personal password. You should always keep your access information confidential and close the browser window when you have finished communicating with us, especially if you share the computer with others.
We also take the company’s internal data protection very seriously. Our employees and the service companies commissioned by us have been obligated by us to maintain secrecy and to comply with data protection regulations.
11. Topicality and amendment of this data protection declaration