Protecting your data is both an obligation and a matter of principle
As a rule, we store and process the data of customers and interested parties, whether personal or non-personal, only within the context of our own business activities. We use data in order to provide you with the best possible service, to improve our services, and to remain in touch with you. We never share your data with third parties unless you have explicitely given your permission or it is necessary due to the service agreement. We will never sell or rent out your data. We only store and process data in order to provide you with the established CORETO services and to continuously improve them.
This policy will inform you about what data we collect, how the data is processed, what rights you have, and what data is collected, stored, and processed when using our web pages.
In doing so, we guarantee the observance of and compliance with the applicable legal requirements for data protection, specifically the German Federal Data Protection Act (Bundesdatenschutzgesetz) and the General Data Protection Regulation (GDPR) applicable for Europe. It is important to us that you have a clear overview at all times of what data is collected at which point and how we use it. We have taken the necessary organisational and technical measures in order to ensure that data is processed lawfully and confidentially by us and by any service providers commissioned by us.
Responsible entity for the processing of personal data:
Contact for all Questions and Concerns Related to Your Data
You can also contact us via post:
What Data Do We Collect?
The storage and processing of personal data always serves to provide a requested service and to safeguard our own legitimate business interests in accordance with the GDPR.
In the context of business relationships for order fulfilment and business initiation, we process not only address and account data but also data from the employees of our business partners. Depending on the order and the processing agreement, this may include the name (first and last name), position, address and contact data (e.g. mobile phone number, e-mail addresses), data concerning user permission etc.
If we require further data besides your name and address, this is always provided on voluntary basis and with reference to the purpose of the data acquisition.
Personal Data Only for the Purpose for which it is Intended
Rest assured: We do not sell or rent out your data to third parties.
We guarantee that we collect and process the personal data provided by you only for the purposes communicated to you. We only transfer your personal data to third parties if this is necessary for the fulfilment of the contract, if you have given us your explicit permission, or in the event of a court order.
Your Data – Your Right to Control Your Own Privacy
When handling your data, we ensure that your extensive rights are protected according to the GDPR and that you retain control over the data stored with us. We will support you in your request to exercise your rights:
- You have the right of access (Art. 15 of the GDPR) to your personal data and to information regarding its collection, processing or, if necessary, its disclosure to third parties.
- You have the right to withdraw consent (Art. 7 Para. 3 of the GDPR) in order to revoke any consent given to us for the processing of your data and thus to trigger the deletion of your data, provided there is no legal basis for further processing without consent.
- You have the right to object (Art. 21 of the GDPR) to the processing of your personal data at any time, provided the processing is carried out on the basis of Art. 6 (1e) or (f) of the GDPR.
- You have the right to data portability (Art. 20 of the GDPR), to transmit the personal data that you have provided to us to another party, as far as technically possible.
- You have the right to notification (Art. 19 of the GDPR), whereby we must notify you of all parties to whom we have disclosed your personal data and we must notify said parties of your request to delete your data or to restrict the processing of your data, with the same effect, unless this proves to be impossible or involves disproportionate effort, in which case we are also obligated to inform you of this.
- You have the right to erasure (Art. 17 of the GDPR) in order to have your data deleted, provided that the requirements of Art. 17 of the GDPR are met. You have the right to restrict processing (Art. 18 of the GDPR) in the following cases: to prevent unlawful processing while the controller verifies the accuracy of the data which you have contested; if the processing was unlawful and instead of requesting the deletion of your data you request the restriction of the processing; we no longer need the personal data for the purposes of processing, but the data is required by you for the establishment, exercise or defence of legal claims; if you have lodged an objection due to your particular situation, pending the verification of whether our legitimate grounds take precedence.
- You have the right to rectification (Art. 16 of the GDPR) to correct inaccurate data.
- You have the right to lodge a complaint (Art. 77 of the GDPR) with a supervisory authority, in particular in the Member State of your residence, your place of work or where the alleged breach took place if you believe that the processing of your personal data violates the GDPR.
Should you wish to exercise your right(s), then please contact us with reference to your data protection.
Data Processing for Order Handling
Your data will be processed exclusively for order fulfilment and within the framework of legal requirements. Generally, your data and that of your employees is processed by the corresponding responsible employees of CORETO within the scope of the assigned task. For order fulfilment, as well as in individual cases, it may be necessary to make data available to third parties. These include:
- Shipping providers for the transfer of ordered goods
- Payment service providers for the processing of agreed financial transactions such as payment, refund etc.
- Insurers for trade credit protection and credit agencies for monitoring and securing credit limits for the delivery of goods
- IT service providers as processors in accordance with Art. 28 of the GDPR
- Tax authorities, tax consultants and auditors in the context of legal obligations
- Where necessary, accident insurers / professional associations in the context of legal obligations
- Where necessary, public prosecutors / investigating authorities in the scope of legal obligations
Data transmission to third countries or to international organizations is not intended.
Cooperation with service providers for order fulfilment generally includes the areas of shipping, payment, insurers and credit agencies, as well as, in individual cases, processors. This is done on the basis of Art. 6 Para. 1b of the GDPR. Personal data is transmitted to these service providers in order to ensure order fulfilment. We pass on the personal data collected by us to shipping providers commissioned with the delivery insofar as this is necessary for the delivery of goods. If necessary for payment processing, we pass on your payment details to the commissioned credit institution or, if selected by you, to a payment service provider such as "PayPal". And if you wish to make a purchase with payment later ("purchase on account"), we forward your data for a credit check and clearing to commercial credit insurers and / or credit agencies to include their scoring in the decision (see details below).
Details on the Transfer of Personal Data to Shipping Providers
If the goods ordered by you are to be delivered by one of our logistics partners, such as DHL (Deutsche Post AG, Charles-de-Gaulle-Strasse 20, 53113 Bonn), UPS (United Parcel Service Germany Inc. & Co. OHG, Goerlitzer Strasse 1, 41460 Neuss) or GO! (GO! Express & Logistics (Germany) GmbH, Bruehler Strasse 9, 53119 Bonn), we provide the relevant partner with the name and the delivery address of the recipient for the purpose of shipping in accordance with Art. 6 (1b) of the GDPR, provided this is required for the delivery of goods.
Should the delivery date need to be agreed in advance, or is explicitly requested, then we will provide the logistics partner with your email address in accordance with Art. 6 (1b) of the GDPR, for the sole purpose of agreeing the delivery date or communicating a delivery notification. You may revoke such authorisation at any time with immediate effect by either contacting us or our logistics partner.
Details on the Transfer of Personal Data to Payment Service Providers such as PayPal and Commercial Credit Insurers and Credit Agencies
When paying via PayPal, purchase on account or cash on delivery, we provide your payment information to PayPal (Europe) S.a.r.l et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (in short “PayPal), to Euler Hermes Germany Branch or Euler Hermes SA, Friedensallee 254, D-22763 Hamburg (in short “Euler Hermes), to Verband der Vereine Creditreform e.V. (Federation of Credit Reform Associations, registered association), Hellersbergstrasse 12, D-41460 Neuss (in short “Creditreform) and/or CRIF Bürgel, Leopoldstraße 244, D-81373 Munich (in short “Bürgel) during the payment process. The transfer is made in all cases in accordance with Art. 6 (1f) of the GDPR and only if this is required for the payment process.
For the payment methods purchase on account, cash on delivery and payment via PayPal, we, as well as PayPal itself, reserve the right to secure the individual payment method via a credit check and/or to insure it via a commercial credit insurer such as Euler Hermes. For this purpose, your payment and address data may be provided to commercial credit insurers and credit agencies on the basis of our and PayPal’s legitimate interests in accordance with Art. 6 (1f) of the GDPR. The result of the credit check in form of a statistical probability of non-payment (payment-cancellation-likelihood) is used by us, Euler Hermes and PayPal as a basis for the decision concerning the provision of the respective payment method. Credit reports from Euler Hermes, PayPal, Creditreform and Bürgel usually contain probability values (so-called score values), which are included in the result of the credit rating and are based on a scientifically recognised mathematical-statistical procedure. For this purpose, we generally do not disclose any other data besides the address.
Note on your right to objection: You can object to the processing of your personal data at any time by contacting us by mail
It goes without saying that when you contact us (e.g. via contact form, e-mail or telephone) personal data is transmitted and stored accordingly in order to process your request. Very different data may be required depending on the request. In principle, this data is initially stored and processed only for the purpose of responding to your request, for establishing contact and for the overall organisational and technical administration involved. For us, responding to your request is an integral part of our economic interests and so the data is processed in accordance with Art. 6 Para. 1f of the GDPR. This is supplemented by Art. 6 Para. 1b of the GDPR if your request may result in the conclusion of a contract.
If it should be in our mutual interest to be able to answer or process future or similar requests from you as quickly as possible, your data will also be stored following the final processing. As a rule, your data will be deleted automatically after 24 months at the latest if there has been no further contact, unless a contract has been concluded and/or there are legal obligations requiring further storage.
Data Processing When Opening a Customer Account and for Contract Processing
Personal data is collected and processed in accordance with Art. 6 Para. 1b of the GDPR for the execution of a contract and for the opening of a customer account. We store and use the data provided by you exclusively to fulfil your order and to provide support for the agreed service periods. Nevertheless, it is possible to delete your customer account at any time - even immediately after the order has been completed - and you can achieve this by simply sending us a message. In consideration of tax and commercial retention periods, access to your data will initially be blocked once the contract has been fulfilled and following the request by you to delete your customer account (restriction of processing). Once the statutory periods have expired the data will then be deleted.
In our e-mail newsletter we regularly send you information regarding our offers, useful information concerning general use and general or special information concerning system security. The only mandatory information for the provision of our newsletter is your e-mail address. Further data is in any case voluntary and may be used to address you personally. We use the so-called double opt-in procedure to register for the newsletter. You will therefore only receive a newsletter from us if you have expressly confirmed to us that you agree to receive newsletters. In return, you will receive a separate confirmation e-mail from us after registering for the newsletter, in which you must confirm that you wish to receive our newsletter in future by clicking on an appropriate link. By confirming you wish to receive the newsletter, you consent to the use of your personal data in accordance with Art. 6 Para. 1a of the GDPR for the purpose of receiving our newsletter. The following applies: The data collected for the purpose of receiving our newsletter will be used exclusively for advertising purposes as part of the newsletter. If necessary, your IP address and the date and time of your registration will be stored when you use the double opt-in procedure to check the correctness of the procedure at a later date. Your registration can thus be later traced.
If you would like to unsubscribe from our newsletter, there is a corresponding link available in every newsletter. This can be used to edit the settings for the newsletter directly and also to unsubscribe. Once you have unsubscribed, your e-mail address will be deleted from our newsletter distribution list.
E-Mail Newsletters and Letters to Established Customers
With reference to our justified interest in personalised direct advertising, we reserve the right to store your first and last name, your postal address and - if provided by you - your title and your professional or business name and to use these to send you interesting offers, useful information or information concerning system security for our products by post. If you have provided us with your e-mail address as part of the contractual relationship, we reserve the right to send you interesting offers, useful information or information concerning system security for similar goods or services by e-mail on a regular basis. According to Art. 7 Para. 3 of the Act Against Unfair Competition (Gesetz gegen den unlauteren Wettbewerb, or UWG) we do not need to obtain separate consent from you for this. In this respect, data processing is carried out solely on the basis of our justified interest in personalised direct advertising pursuant to Art. 6 Para. 1f of the GDPR.
In general, you can object to the storage and use of your data for this purpose at any time by sending us a corresponding message. You are also entitled to object to the use of your e-mail address for the aforementioned advertising purposes at any time with effect for the future. For this purpose, a suitable link (e-mail newsletter) or a suitable contact address (postal mailing) is specified in each advertising medium. In each case your objection would immediately lead to the discontinuation of the use of your data for advertising purposes.
Duration of Storage and Criteria for Storage Duration
As a rule, your data will be stored for technical and organisational purposes for as long as is necessary for the specified processing. As soon as your data is no longer required for the fulfilment of the order or the expected initiation of business transactions, it will be deleted immediately or rendered anonymous (anonymous data can no longer be assigned to a person). Exceptions to this may result from special regulations which are legally binding for us, such as those which may result from statutory storage obligations.
For our RECT™ shop with configurator we use SSL or TLS encryption for security and protection when transmitting personal data. You can recognize the encrypted connection by the character string "https" and the "lock" symbol in the browser line.
For technical and organizational reasons, we store data during the use of our web pages. As long as you use these exclusively for informational purposes, i.e. as long as you do not register or send us information via one of our contact forms, we only collect the data transmitted by your browser. This includes: The date and time of your visit, the pages you called up, the browser used, the operating system, the search engine used, access to downloaded files and your IP address (possibly anonymised).
In accordance with Art. 6 Para. 1f of the GDPR, we process this data within the framework of our legitimate interest in improving the functionality, stability and security of our web pages; in principle, we do not further transmit or use this data. We reserve the right to subsequently check the server log files if there are concrete indications of illegal use.
In order to optimise and simplify the comfortable use of our web pages, we use so-called cookies, i.e. small text files which are stored on your end device, particularly in the RECT™ shop with configurator. We use our own cookies as well as cookies from third parties to provide essential basic functions (such as the virtual shopping cart, payment via PayPal etc.) or to recognise you the next time you visit our website and thus make navigation easier for you.
In general, you can restrict or completely prevent the storage of cookies at any time via the settings of your browser.
However, the so-called session cookies are required for the use of our web pages. They enable us to trade the products and individual configurations you have selected in the system of the RECT™ shop and to provide you with selected basic functions. These session cookies are automatically deleted when you close your browser. Should you exclude these session cookies in your browser settings, the functionality of our web pages will be restricted accordingly.
In addition, we also work with advertising partners who help us to constantly optimise our web pages and the content on offer. For this purpose, cookies from these advertising partners are also stored on your end device. The following applies to the use of such cookies and the scope of the information collected in individual cases:
The Use of Google and Google Analytics, Google Adwords and YouTube
For our web pages we use functions and services for web analysis and online marketing operated, offered and supported by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). This includes: Google Analytics, Google Adwords with conversion tracking and YouTube. In all functions and services, Google uses so-called "cookies", small text files which are stored on your computer and which enable an analysis of your use of the web pages. The information generated by the cookies about your use of our web pages is - as far as controllable by us - anonymised, can be prevented by you and is usually transmitted to Google servers in the USA and stored there.
Google LLC, located in the USA, is certified for the "Privacy Shield" agreement between the USA and the EU, which guarantees compliance with the level of data protection applicable in the EU.
- Google Analytics
Our web pages use Google Analytics exclusively with the extension "_anonymizeIp()", to guarantee that the IP address is anonymised. As a result, your IP address is shortened by Google within Member States of the European Union or in other signatory states to the Agreement on the European Economic Area prior to being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to Google servers in the USA and shortened there. These exceptional cases are processed on the basis of Art. 6 Para. 1f of the GDPR to take into account our legitimate interest in the statistical analysis of user behaviour, always for the purpose of continuous improvement and/or for advertising purposes.
Google uses this information on our behalf in order to evaluate the general use of our web pages, to compile reports on activities within the web pages and to provide associated services to us. A link or assignment of the IP address transmitted by your browser to Google Analytics is not merged with other data collected by Google.
- Google AdWords Conversion Tracking
For our web pages we use Google's advertising program "Google AdWords" and "Google AdWords conversion tracking" on the basis of Art. 6 Para. 1f of the GDPR. This enables us to use advertising media (so-called Google Adwords) on other websites to draw attention to our offer and also to determine how successful the individual advertising measures are.
For Google Adwords conversion tracking, a conversion tracking cookie is placed on your device when you click on an ad placed by us in the Google Adwords advertising program. These cookies typically expire after a maximum of 90 days and are not used to personally identify users. If you have visited a specific page on our website (conversion target) and the cookie has not yet expired, we (including Google) can recognise that you have previously clicked on one of our AdWords ads. This information is used in statistics to evaluate the success of an ad by comparing the total number of users of an ad with the number of users with conversion. However, it does not contain any information that could personally identify users.
- Preventing Cookies
- Deactivating Google Analytics at CORETO
You can prevent Google Analytics from tracking your use of our web pages by setting an opt-out cookie via the following link, which prevents your data from being collected in the future when you visit our web pages: Deactivate Google Analytics
- General Objection to Google Analytics
In general, you can prevent Google Analytics from collecting and processing this data by downloading and installing the browser plugin available at the following link.
- Zu Youtube
We also embed "YouTube" videos on our web pages, a service provided by Google.
When you visit one of our web pages with an embedded YouTube video, a connection is established to Google's servers. Google places a cookie on your end device when the video starts or when you enter our website in order to collect information about user behaviour. According to information provided by Google and YouTube, these cookies are used to record video statistics, improve user friendliness and prevent abusive practices and thus comply with Art. 6 Para. 1f of the GDPR.
If you are logged into Google with your own account while watching the YouTube video on our website, your data will be directly assigned to your account. To prevent this, you must first log out of Google .
Google evaluates your data in accordance with Art. 6 Para. 1f of the GDPR on the basis of its own legitimate interests for the display of personalised advertising, market research and/or needs-based design of its website.
Your right to object to the collection and evaluation of such a user profile must be asserted against Google and YouTube.
The Use of Web Analytics Service "Matomo"
On our web pages we use the analytics service Matomo (www.matomo.org), formerly Piwik, of the provider InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand. Taking into account our legitimate interest pursuant to Art. 6 Para. 1f of the GDPR, we use this service purely for statistical purposes to analyse user behaviour in order to optimise our web pages. For this purpose, anonymous user profiles are also created and evaluated. Cookies, i.e. small text files, which are stored on your end device, are also used for this purpose and to recognise visitors returning to our website.
The anonymous data collected with Matomo (including the anonymisation of the IP address) is processed on our servers and is not merged with personal data of the bearer of the pseudonym.
You can easily object to the storage and evaluation of your data concerning your visit by a single click.
If you remove the tick, a so-called opt-out cookie will be stored on your end device so that Matomo no longer collects any session data. Please note that after deleting your own cookies (via the browser settings), the opt-out cookie is also deleted. If you then wish to continue to object to an evaluation, you must repeat the procedure ("remove tick").
The Use of the Trusted Shops Trustbadge
The Trusted Shops Trustbadge is integrated on our web pages to display our Trusted Shops Trustmark and the collected reviews as well as to offer Trusted Shops products to buyers after an order.
This is necessary to safeguard our legitimate prevailing interests in an optimal marketing by ensuring the safety of your purchase according to Article 6 (1) f GDPR. The Trustbadge and the services advertised with it are an offer of the Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, _Germany. The Trustbadge is made available by a CDN provider (Content-Delivery-Network) as part of order processing. The Trusted Shops GmbH uses also service provider from the USA. An adequate level of data protection is guaranteed. Further information to the data security of the Trusted Shops GmbH can be found here: https://www.trustedshops.co.uk/imprint/
When the Trustbadge is called up, the web server automatically saves a server log file which contains, for example, your IP address, the date and time of the call, the amount of data transferred and the requesting provider (access data) and documents the call. Individual access data are stored in a security database for the analysis of security problems. The log files are automatically deleted 90 days after creation at the latest.
Further personal data will be transferred to Trusted Shops GmbH if you decide to use Trusted Shops products after completing an order or have already registered for use. The contractual agreement made between you and Trusted Shops applies. For this purpose personal data is automatically collected from the order data. Whether or not you are already registered as a Trusted Shops customer is automatically checked by means of a neutral parameter, the e-mail address hashed by cryptological one-way function. The e-mail address is converted to this hash value, which cannot be decrypted by Trusted Shops before it is transmitted. After checking for a match, the parameter is deleted automatically.
Questions about privacy protection
Tel: +49 6031 69 69 0
Fax: +49 6031 69 69 27
... by post: