Data protection statement

The following data protection provisions apply to the Franz Steiner Verlag shop.

Data protection is of great importance to us. The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject, is always in accordance with the General Data Protection Regulation (“GDPR”) and in compliance with the country-specific data protection regulations applicable to us. In this data protection statement, we inform you about the nature, scope and purpose of the personal data that we collect, use and process. In this data protection statement, data subjects are also informed of the rights to which they are entitled.

As the controller responsible for processing (“Controller”), Franz Steiner Verlag (“Publisher”) has implemented many technical and organisational measures to ensure the most comprehensive protection possible of personal data processed via this website. Transmission of data over the Internet can nevertheless always exhibit security vulnerabilities, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to communicate personal data to us by alternative means, for example by telephone.

1. Terminology

This data protection statement is based on the terms that were used by the EU Directive and Regulation legislature (“EU legislature”) for the adoption of the General Data Protection Regulation (GDPR). This data protection statement is intended to be easily readable and understandable for the public as well as for customers, business partners and users of the Publisher. To ensure this, an explanation of the terms used follows.

This data protection statement makes use of, inter alia, the following terms:

a) Personal data

Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Data subject

Data subject means any identified or identifiable natural person whose personal data are processed by the controller.

c) Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d) Restriction of processing

Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.

e) Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

f) Pseudonymisation

Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

g) Controller

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

h) Processor

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

i) Recipient

Recipient means a natural or legal person, public authority, agency or another body to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

j) Third party

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

k) Consent

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. Name and address of the controller

Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member States of the European Union and other provisions related to data protection is:

Franz Steiner Verlag GmbH
Birkenwaldstrasse 44
70191 Stuttgart

GERMANY

Phone: +49 711 2582-450
Fax: +49 711 2582-390
Email: service@steiner-verlag.de
Website: https://www.steiner-verlag.de/

3. Contact details of the Data Protection Officer

The Publisher has appointed a Data Protection Officer whom every data subject can contact directly at any time with all questions and suggestions regarding data protection. The Data Protection Officer can be contacted by regular mail at the above-mentioned address of the Publisher with the adjunct “Personal – Attn: Data Protection Officer” or by e-mail at datenschutz@dav-medien.de.

4. Cookies

The website uses first-party cookies. Cookies are text files that are stored in a computer system via an Internet browser.

The user’s browser does not make first-party cookies accessible across domains, i.e. they are not passed on to third parties and are used here exclusively in direct connection with DAZ.online. First-party cookies include necessary cookies and functional cookies. DAZ.online uses first party cookies to record visiting times and the frequency of page views in general. The log-in status is also stored using this technology.

Many websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a sequence of characters through which websites and servers the specific Internet browser in which the cookie was stored. This allows visited websites and servers to distinguish the individual browser of the data subject from other Internet browsers that contain other cookies. A specific Internet browser can be recognised and identified via the unique cookie ID.

5. Collection of general data and information

The website collects a range of general data and information each time a data subject or automated system calls up its websites. These general data and information are stored in the server log files. Information collected may be (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrer), (4) the sub-webpages that are called up on our website by an accessing system, (5) the date and time of access to the website, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) any other similar data and information that may be used for hazard prevention purposes in the event of attacks on the Publisher’s information technology systems.

When using these general data and information, the Publisher does not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimise the content of our website as well as its advertising, (3) ensure the long-term functionality of the Publisher’s information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber-attack. The anonymously collected data and information are therefore analysed statistically, with the aim of improving data protection and data security at the Publisher and thereby ultimately ensuring an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

6. Registration and placing orders on the website

Users have the possibility to register on the controller’s website in a process in which they provide personal data. The personal data that are transmitted to the controller are determined by the respective input mask used for registration. The personal data entered are collected and stored exclusively for internal use by the controller and for the controller’s own purposes. The controller may arrange for the data to be passed on to one or more processors. These forwarded personal data will also be used exclusively for an internal use attributable to the controller.

When registering on the controller’s website, the IP address assigned by the data subject’s Internet service provider (ISP), and the date and time of registration are also stored. These data are stored against the background that this is the only way to prevent misuse of the services and, where necessary, to enable investigation of criminal offences. In this respect, the storage of these data is necessary for the protection of the controller. As a matter of principle, these data are not forwarded to third parties unless there is a legal obligation to forward them or the forwarding serves the purpose of criminal prosecution.

The data subject’s registration, including the voluntarily provision of personal data, serves the controller’s purpose of offering the data subject content or services which, due to their nature, can only be offered to registered users. Registered persons are free to change the personal data they provided during registration at any time or to have it erased entirely from the controller’s datasets.

The controller will, upon request, provide any data subject at any time with information about the personal data that are stored in relation to the data subject. Furthermore, the controller will rectify or erase personal data at the request or instruction of the data subject, provided that this does not conflict with any statutory retention obligations. All of the controller’s employees serve as contact persons for the data subject in this respect.

7. Subscription to newsletters with NewBooks

The Publisher avails itself of the German e-mail marketing provider NewBooks Solutions GmbH, Am Malzbüchel 6-8, 50667 Cologne, Germany for sending and for managing the addresses for newsletters about newly published books. The personal data transmitted when ordering the respective newsletter are determined by the input mask used for this purpose.

Customers, business partners and users are informed at regular intervals by means of a newsletter about offers from the Publisher. Newsletters via NewBooks can principally only be received if (1) the data subject has a valid e-mail address and (2) the data subject registers to be sent the newsletter. For legal reasons, a confirmation e-mail is sent in the context of the so-called “double opt-in” procedure to the e-mail address which the data subject specified when initially signing up for the newsletter subscription. This confirmation e-mail serves to verify whether the owner of the e-mail address, as the data subject, has authorised the receipt of the newsletter.

During the registration for the newsletter, NewBooks stores the IP address of the computer system assigned by the Internet service provider (ISP) and used by the data subject at the time of the registration, as well as the date and time of the registration. The collection of these data is necessary in order to be able to reconstruct the (possible) misuse of a data subject’s e-mail address later on, and therefore serves the legal protection of the controller.

The personal data collected in the course of a newsletter registration are used exclusively for sending the newsletter. In addition, newsletter subscribers can also be informed by e-mail, if this is necessary for the operation of the newsletter service or an associated registration, as could be the case in the event of changes to the newsletter offering, or in the event of a change in technical circumstances. No personal data collected in the course of the newsletter service are passed on to third parties. A newsletter subscription can be cancelled at any time. Consent to the storage of personal data that was given for the newsletter subscription can be withdrawn at any time. Each newsletter contains an appropriate link for the purpose of withdrawing consent. The controller may also be contacted directly at any time to unsubscribe.

Further information on the use of NewBooks can be found at the following link: https://www.newbooks-solutions.com/en/footer/data-protection.html

8. Contact possibilities via the websites

Statutory guidelines require that the Publisher’s web pages contain information that enables us to be contacted quickly by electronic means, as well as direct communication with our staff, which also includes a general electronic postal address (e-mail address). If we are contacted by e-mail or via a contact form, the transmitted personal data will be automatically stored. Such personal data transmitted on a voluntary basis are stored for handling purposes or for contacting the data subject. These personal data are not passed on to third parties.

9. Orders and subscriptions

In the case of an order or other contract-related enquiries, personal data are processed for the purpose of handling the order and invoicing (point (b) of the first sentence of Article 6 (1) GDPR). Insofar as data are marked as mandatory, they are required for the performance of the contract or for invoicing.

The data required for the order and any associated documents (e.g. commercial letters, invoices) are stored in accordance with the statutory provisions for at least six years (Section 257 (1) No. 2 of the German Commercial Code (Handelsgesetzbuch, HGB)) or ten years (Section 147 (1) of the German Fiscal Code (Abgabenordnung, AO)) after conclusion of the contract.

10. Advertising

a) Postal advertising and customer analytics

For its own customer analytics and postal advertising, the Publisher processes data from orders, advertisements, subscriptions, competitions and other data collected outside the Internet (point (f) of the first sentence of Article 6 (1) GDPR). The analytics are usually performed in pseudonymised form.

b) Telephone advertising

With the express consent, which can be revoked at any time, the Publisher provides by telephone, for its own market research purposes, information concerning the holding of competitions, the advertising digital and printed products of the Publisher and the benefits of corresponding subscriptions (point (a) of the first sentence of Article 6 (1) GDPR and Section 7 (2) No. 2 of the German Act Against Unfair Competition (Gesetz gegen den unlauteren Wettbewerb, UWG)). The mandatory information provided when consent is given are used for the purpose of personal calls and approaches. If consent was given over the Internet, the IP address is also recorded and stored for documentary purposes. (Article 7 (1) GDPR and point (c) of the first sentence of Article 6 (1) GDPR). Business customers are also informed by telephone about offers.

c) Advertising by e-mail

With the express consent, which can be revoked at any time, the Publisher provides by e-mail, for its own market research purposes, information concerning the holding of competitions and the advertising of digital and printed products of the Publisher (newspapers, magazines and articles) and the benefits of corresponding subscriptions (point (a) of the first sentence of Article 6 (1) GDPR and Section 7 (2) No. 3 UWG). Where an e-mail address was provided in the context of a paid subscription, paid advertisement or paid order, the Publisher will also inform you by e-mail of offers similar to those purchased. This can of course be objected to at any time at basic rates (point (f) of the first sentence of Article 6 (1) GDPR and Section 7 (3) UWG).

d) Competitions / sales promotions

The Publisher and its cooperation partners (e.g. sponsors) process the data collected in the context of the competition or sales promotion measures in order to implement same (point (b) of the first sentence of Article 6 (1) GDPR). The Publisher and, if applicable, the respective cooperation partner process the data for their own customer analytics and their own advertising.

e) Storage period

Data collected for advertising purposes are stored for as long as the advertising purpose exists or until the Publisher receives a withdrawal of consent or an objection to the processing of data for advertising purposes.

11. Routine erasure and blocking of personal data

The controller processes and stores personal data of the data subject only for the period of time necessary to achieve the purpose of the storage or where provided for by the EU legislature or other legislature in laws or regulations to which the controller is subject.

If the storage purpose lapses or if a storage period prescribed by the EU legislature or another competent legislature expires, the personal data will be routinely blocked or erased in accordance with the statutory provisions.

12. Rights of the data subject

a) Right to confirmation

Every data subject has the right, granted by the EU legislature, to obtain confirmation from the controller as to whether personal data concerning him or her are being processed. If a data subject wishes to exercise this right, he or she may contact any employee of the controller at any time.

b) Right of information access

Any person affected by the processing of personal data has the right, granted by the EU legislature, to obtain from the controller, at any time and free of charge, information about the personal data stored about him or her and a copy of that information. In addition, the EU legislature has granted the data subject access to the following information:

  • the purposes of the processing
  • the categories of personal data processed
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
  • where possible, the envisaged period for which the personal data will be stored, or, if this is not possible, the criteria used to determine that period
  • the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
  • the right to lodge a complaint with a supervisory authority
  • where the personal data are not collected from the data subject, any available information as to their source
  • the existence of automated decision-making, including profiling, referred to in Article 22 (1) GDPR and Article (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

c) Right of rectification

Any person affected by the processing of personal data has the right, granted by the EU legislature, to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject also has the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Any data subject who wishes to exercise this right of rectification may contact any employee of the Publisher at any time.

d) Right to erasure (“right to be forgotten”)

Any person affected by the processing of personal data has the right, granted by the EU legislature, to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller provided that one of the following grounds applies and the processing is not necessary:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed
  • the data subject withdraws consent on which the processing is based according to point (a) of the first sentence of Article 6 (1) GDPR, or point (a) of Article 9 (2) GDPR, and where there is no other legal ground for the processing
  • the data subject objects to the processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 (2) GDPR
  • the personal data have been unlawfully processed
  • the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject
  • the personal data have been collected in relation to the offer of information society services referred to in Article 8 (1) GDPR

e) Right to restriction of processing

Any person affected by the processing of personal data has the right, granted by the EU legislature, to obtain from the controller restriction of processing where one of the following applies:

  • the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data
  • the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead
  • the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims
  • the data subject has objected to processing pursuant to Article 21 (1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

f) Right to data portability

Any person affected by the processing of personal data has the right, granted by the EU legislature, to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, provided that:

  • the processing is based on consent pursuant to point (a) of the first sentence of Article 6 (1) GDPR or point (a) of Article 9 (2) GDPR or under a contract pursuant to point (b) of the first sentence of Article 6(1) GDPR and
  • the processing is carried out by automated means
  • the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Moreover, in exercising his or her right to data portability pursuant to Article 20 (1) GDPR, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible, provided that: this does not adversely affect the rights and freedoms of others.

Any data subject who wishes to exercise this right of data portability may contact any employee of the Publisher at any time.

g) Right to object

Any person affected by the processing of personal data has the right, granted by the EU legislature, to object, on grounds relating to his or her particular situation, at any time to the processing of personal data concerning him or her which is based on point (e) or (f) of the first sentence of Article 6 (1) GDPR, including profiling based on those provisions.

In the case of an objection, the Publisher will cease to process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

Where personal data are processed by the Publisher for direct marketing purposes, the data subject has the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to the Publisher processing his or her personal data for direct marketing purposes, the personal data will cease to be processed for such purposes.

Moreover, where personal data are processed by the Publisher for scientific or historical research purposes or statistical purposes pursuant to Article 89 (1) GDPR, the data subject, on grounds relating to his or her particular situation, has the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

Any data subject who wishes to exercise this right of objection may contact any employee of the Publisher at any time. Moreover, in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.

h) Automated individual decision-making, including profiling

Any person affected by the processing of personal data has the right, granted by the EU legislature, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, provided that the decision is not:

  • necessary for entering into, or performance of, a contract between the data subject and the controller or
  • authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests or
  • based on the data subject’s explicit consent.

If the decision is (1) necessary for entering into, or the performance of, a contract between the data subject and the controller, or (2) made with the data subject’s explicit consent, the Publisher will implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

Any data subject who wishes to exercise this right relating to automated decision-making may contact any employee of the Publisher at any time.

It should be noted that no profiling is performed on the website.

i) Right to revoke consent given in the context of data protection law

Any person affected by the processing of personal data has the right, granted by the EU legislature, to withdraw his or her consent to the processing of personal data concerning him or her at any time.

Any data subject who wishes to exercise this right to withdraw consent may contact any employee of the Publisher at any time.

13. Data protection provisions on the use and application of Matomo

The online shop of Franz Steiner Verlag uses the open source web analytics service Matomo, Innocraft. Ltd, 150 Willis St., 6011 Wellington, New Zealand. Matomo uses device fingerprinting to enable users to be recognised across websites. The information required for this is stored exclusively on the Publisher’s servers. Before storage, the IP address is anonymised so that website visitors’ usage behaviour can be recorded and analysed, but no direct conclusions can be drawn about the person behind the anonymised data. With the help of the data thus collected, it is determined which pages are called up by website visitors, but also from which region they come.

This analytic tool is used on the basis on point (f) of the first sentence of Article 6 (1) GDPR. The Publisher has a legitimate interest in the anonymised analysis of user behaviour since these data can be used by the Publisher to continuously enhance its portfolio, but also because the data are needed for the Publisher’s cooperations with advertising partners. With respect to the advertising partners, it should be noted that e.g. the frequency of website visits is a key valorizing factor, as is circulation for print media.

To ensure the best possible data protection, the Publisher operates the analytics system Matomo. No third-party analytics systems are used.

Users have the possibility to prevent anonymised data from being collected via Matomo. While this provides even more protection for their sphere of privacy, it also makes it more difficult to improve the Publisher’s services based on user behaviour.

If users nevertheless wish to prevent the above-mentioned data collection in their case, they can prevent their data from being collected via this checkbox . It should be noted that, when using the opt-out feature, Matomo must be enabled to take this setting into account for future visits; for this purpose, a cookie is set which, in turn, does not, however, collect any personal data.

14. Legal basis for the processing

Point (a) of the first sentence of Article 6 (1) GDPR serves as the legal basis for processing operations in which consent is obtained for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party – as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of another service or return-service – the processing is based on point (b) of the first sentence of Article 6 (1) GDPR. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures – for example in cases of enquiries about products or services. If the Publisher is subject to a legal obligation under which the processing of personal data becomes necessary – such as for the fulfilment of tax obligations – the processing is based on point (c) of the first sentence of Article 6 (1) GDPR. In rare cases, the processing of personal data might become necessary in order to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to the Publisher were to be injured and his or her name, age, health insurance details or other vital information had to be passed on to a doctor, hospital or other third party. The processing would then be based on point (d) of the first sentence of Article 6 (1) GDPR. Finally, processing operations could be based on point (f) of the first sentence of Article 6 (1) GDPR; this is the legal basis for processing operations not covered by any of the aforementioned legal bases, where the processing is necessary to protect a legitimate interest of the Publisher or a third party, provided that these are not overridden by the interests, fundamental rights and freedoms of the data subject. Such processing operations are permitted in particular because they were specifically singled out by the EU legislature. In this respect, the legislature took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (second sentence of Recital 47, GDPR).


15. Legitimate interests in the processing pursued by the controller or a third party

Where the processing of personal data is based on point (f) of the first sentence of Article 6 (1) GDPR, the legitimate interest of the Publisher is the conducting of its business to the benefit of the wellbeing of all its employees and shareholders.

16. Duration of storage of personal data

The criterion for the storage duration for personal data is the respective statutory retention period. After expiry of the period, the data concerned are routinely erased, provided that they are no longer required for the performance or initiation of a contract.

17. Legal or contractual guidelines on providing the personal data; necessity for entering into contract; obligation of the data subject to provide the personal data; possible consequences of not providing the data

The Publisher informs you that personal data sometimes need to be provided by law (for example, tax regulations) or may also arise from contractual provisions (for example, details of contracting partners). Sometimes, in order to enter into a contract, a data subject may have to provide personal data which must subsequently be processed by the controller. The data subject is, for example, obliged to provide personal data if the Publisher enters into a contract with him or her. Failure to provide the personal data would mean that it would not be possible to enter into contract with the data subject. Before providing personal data, the data subject must contact one of the Publisher’s employees. The Publisher’s employees will inform the data subject on a case-by-case basis whether personal data need to be provided by law or contractually or if they are necessary for entering into contract, whether there is an obligation to provide the personal data and what the consequences of not providing the personal data would be.

18. Existence of automated decision-making

As a responsible organisation, the Publisher eschews the use of automated decision-making or profiling.

The data protection statement was prepared along the lines of the data protection generator of Deutsche Gesellschaft für Datenschutz in cooperation with solicitors Wilde Beuger Solmecke.

Date 6th July 2021