Commercial register Hamburg, HRB 147180
Managing Director: Michael Schmitt
Phone number: +49 40 22859631
Email address: hello(at)gravitales.com
The terms used, such as "personal data" or their "processing" we refer to the definitions in Article 4 of the General Data Protection Regulation (DSGVO).
The personal data of users processed within the scope of this online offer includes inventory data (e.g. names and addresses of customers), contract data (e.g. services used, names of clerks, payment information), usage data (e.g. the web pages visited on our online offer, interest in our products) and content data (e.g. entries in the contact form).
The term "user" includes all categories of data subjects. They include our business partners, customers, interested parties and other visitors to our online offer. The terms used, such as "user are to be understood as gender-neutral.
We process users' personal data only in compliance with the relevant data protection regulations. This means that the users' data is only processed if a legal permission exists. I.e., in particular if the data processing is necessary for the provision of our contractual services (e.g. processing of orders) as well as online services, or is required by law, a consent of the user is available, as well as due to our legitimate interests (i.e. interest in the analysis, optimization and economic operation and security of our online offer in the sense of Art. 6 para. 1 lit. f. DSGVO, in particular in the case of range measurement, creation of profiles for advertising and marketing purposes, and collection of access data and use of third-party services.
We point out that the legal basis of the consents Art. 6 para. 1 lit. a. and Art. 7 DSGVO, the legal basis for processing for the performance of our services and implementation of contractual measures Art. 6 para. 1 lit. b. DSGVO, the legal basis for processing to fulfill our legal obligations Art. 6 para. 1 lit. c. DSGVO, and the legal basis for processing to protect our legitimate interests Art. 6 para. 1 lit. f. DSGVO is.
Users have the right to obtain, upon request and free of charge, information about the personal data that we have stored about them.
In addition, users have the right to correct incorrect data, restrict processing and delete their personal data, if applicable, to assert their rights to data portability and, in the event of the assumption of unlawful data processing, to file a complaint with the competent supervisory authority.
Likewise, users may revoke consents, in principle with effect for the future.
The data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the user data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e. the data is blocked and not processed for other purposes. This applies, for example, to user data that must be retained for reasons of commercial or tax law.
According to legal requirements, data is stored for 6 years in accordance with § 257 para. 1 HGB (commercial books, inventories, opening balances, annual financial statements, commercial letters, accounting vouchers, etc.) and for 10 years in accordance with § 147 para. 1 AO (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).
Users may object to the future processing of their personal data in accordance with the legal requirements at any time. The objection can be made in particular against the processing for purposes of direct advertising.
Users are requested to inform themselves regularly about the content of the data protection declaration.
We take organizational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of data protection laws are complied with and to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.
The security measures include in particular the encrypted transmission of data between your browser and our server.
Data is only passed on to third parties within the framework of legal requirements. We only pass on users' data to third parties if this is necessary, for example, on the basis of Art. 6 Para. 1 lit. b) DSGVO for contractual purposes or on the basis of legitimate interests pursuant to Art. 6 Para. 1 lit. f. DSGVO in the economic and effective operation of our business.
If we use subcontractors to provide our services, we take appropriate legal precautions and corresponding technical and organizational measures to ensure the protection of personal data in accordance with the relevant legal provisions.
If, within the scope of this data protection declaration, content, tools or other means are used by other providers (hereinafter collectively referred to as "third party providers") and their named registered office is located in a third country, it is to be assumed that a transfer of data to the third party providers' countries of domicile takes place. Third countries are countries in which the GDPR is not directly applicable law, i.e. basically countries outside the EU or the European Economic Area. The transfer of data to third countries takes place either if there is an adequate level of data protection, user consent or otherwise legal permission.
We process inventory data (e.g., names and addresses as well as contact data of users), contract data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services pursuant to Art. 6 para. 1 lit b. DSGVO.
Users can optionally create a user account, in which they can view their orders in particular. As part of the registration process, the required mandatory information will be provided to users. The user accounts are not public and cannot be indexed by search engines. If users have cancelled their user account, their data with regard to the user account will be deleted, subject to their retention is necessary for commercial or tax reasons in accordance with Art. 6 para. 1 lit. c DSGVO. It is the responsibility of the users to save their data in the event of termination before the end of the contract. We are entitled to irretrievably delete all user data stored during the term of the contract.
Within the scope of registration and renewed registrations as well as the use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user's protection against misuse and other unauthorized use. In principle, this data is not passed on to third parties, unless it is necessary for the pursuit of our claims or there is a legal obligation to do so pursuant to Art. 6 Para. 1 lit. c DSGVO.
We process usage data (e.g., the visited web pages of our online offer, interest in our products) and content data (e.g., entries in the contact form or user profile) for advertising purposes in a user profile, e.g., to display product information to the user based on their previously used services.
When contacting us (via contact form or e-mail), the user's details are processed for the purpose of handling the contact request and its processing pursuant to Art. 6 (1) lit. b) DSGVO.
The user's details may be stored in our customer relationship management system ("CRM system") or comparable inquiry organization.
When users leave comments or other contributions, their IP addresses are stored on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. DSGVO are stored for 7 days.
This is done for our security in case someone leaves unlawful content in comments and posts (insults, prohibited political propaganda, etc.). In this case, we ourselves can be prosecuted for the comment or post and are therefore interested in the identity of the author.
The user's details may be stored in our comment system or comparable inquiry organization.
With the following information, we inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedure and your rights of objection. By subscribing to our newsletter, you agree to receive it and to the described procedures.
We send newsletters, e-mails and other electronic notifications with promotional information (hereinafter "newsletter") only with the consent of the recipient or a legal permission. Insofar as the contents of the Newsletter are specifically described in the context of a registration, they are decisive for the consent of the users. In addition, our newsletters contain information about our products, offers, promotions and our company.
The registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other e-mail addresses. The registrations to the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation time, as well as the IP address. Changes to your data stored with the shipping service provider are also logged.
Furthermore, according to its own information, the shipping service provider may use this data in pseudonymous form, i.e. without assigning it to a user, to optimize or improve its own services, e.g. for technical optimization of the shipping and display of the newsletter or for statistical purposes to determine which countries the recipients come from. However, the dispatch service provider does not use the data of our newsletter recipients to write to them itself or to pass them on to third parties.
To subscribe to the newsletter, it is sufficient to enter your e-mail address.
The newsletters contain a so-called "web beacon i.e. a pixel-sized file that is retrieved from the server of the dispatch service provider when the newsletter is opened. In the course of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of the retrieval are collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined with the help of the IP address) or the access times. Statistical surveys also include determining whether newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our intention nor that of the dispatch service provider to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
The use of the dispatch service provider, performance of the statistical surveys and analyses as well as logging of the registration process, are carried out on the basis of our legitimate interests pursuant to Art. 6 (1) lit. f DSGVO. Our interest is directed towards the use of a user-friendly as well as secure newsletter system that serves our business interests as well as meets the expectations of the users.
You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. At the same time, your consent to the dispatch of the newsletter by the dispatch service provider and the statistical analyses will expire. A separate cancellation of the dispatch by the dispatch service provider or the statistical analysis is unfortunately not possible. You will find a link to cancel the newsletter at the end of each newsletter. If users have only subscribed to the newsletter and cancelled this subscription, their personal data will be deleted.
In accordance with the requirements of the Basic Data Protection Regulation (DSGVO) applicable as of May 25, 2018, we inform you that the consent to the sending of e-mail addresses is based on Art. 6 para. 1 lit. a, 7 DSGVO and § 7 para. 2 No. 3, or para. 3 UWG. The use of the dispatch service provider, performance of statistical surveys and analyses as well as logging of the registration process, are based on our legitimate interests pursuant to Art. 6 para. 1 lit. f DSGVO. Our interest is directed towards the use of a user-friendly as well as secure newsletter system that serves our business interests as well as meets the expectations of the users. We would also like to point out that you can object to the future processing of your personal data in accordance with the legal requirements pursuant to Art. 21 DSGVO at any time. The objection can be made in particular against the processing for purposes of direct advertising.
We collect on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. DSGVO, we collect data about each access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Log file information is stored for security reasons (e.g. for the clarification of abuse or fraud) for a maximum of seven days and then deleted. Data whose further storage is necessary for evidentiary purposes is excluded from deletion until the final clarification of the respective incident.
Cookies are pieces of information that are transmitted from our web server or third-party web servers to users' web browsers, where they are stored for later retrieval. Cookies may be small files or other types of information storage.
We use "session cookies which are only stored for the duration of the current visit to our online presence (e.g. to enable the storage of your login status or the shopping cart function and thus the use of our online offer at all). In a session cookie, a randomly generated unique identification number is stored, a so-called session ID. In addition, a cookie contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted when you have finished using our online offer and log out or close the browser, for example.
If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
Within our online offer, we use content or service offers of third party providers on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. DSGVO) to integrate content or services offered by third-party providers, such as videos or fonts (hereinafter uniformly referred to as "content"). This always requires that the third-party providers of this content are aware of the IP address of the user, since without the IP address they could not send the content to their browser. The IP address is thus required for the display of this content. We endeavor to use only such content whose respective providers use the IP address only for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as be linked to such information from other sources.
The following presentation provides an overview of third-party providers and their content, along with links to their privacy statements, which contain further information on the processing of data and, in part already mentioned here, opt-out options.
As a tag management system and for managing website tags, we use the "Google Tag Manager" on our website, a service of Google Ireland Limited, Gordon House, BarrowStreet, Dublin 4, Ireland. The Google Tag Manager tool, which implements the tags on the website, is a cookie-less domain and does not itself collect any personal data. The service provides for the triggering of other tags, which in turn may collect data. Google Tag Manager itself does not access this data. If a deactivation has been made at the domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager.
Google is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law.
Information on data protection or the service itself can be found on the following Google web pages.
Google is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law.
Google will use this information on our behalf for the purpose of evaluating the use of our online offer by users, compiling reports on the activities within this online offer and providing us with other services relating to the use of this online offer and internet usage. In doing so, pseudonymous usage profiles of the users can be created from the processed data."
We only use Google Analytics with IP anonymization activated. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
The IP address transmitted by the user's browser is not merged with other data from Google. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent the collection of data generated by the cookie and related to their use of the online offer to Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available under the following reference."
You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set, which will prevent the collection of your data during future visits to this website. If you delete your cookies, you must click this link again.
For more information about Google's data usage, settings and opt-out options, please visit Google's websites.
We use social plugins ("plugins") of the social network facebook.com on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 (1) lit. f. DSGVO) social plugins ("plugins") of the social network facebook.com, which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). The plugins can display interaction elements or content (e.g. videos, graphics or text contributions) and are recognizable by one of the Facebook logos (white "f" on blue tile, the terms "Like", "Like" or a "thumbs up" sign) or are marked with the addition "Facebook Social Plugin". The list and appearance of Facebook social plugins can be viewed at the following reference.
Facebook is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law.
When a user calls up a function of this online offer that contains such a plugin, his or her device establishes a direct connection with Facebook's servers. The content of the plugin is transmitted by Facebook directly to the user's device and integrated into the online offer by the latter. In the process, usage profiles of the users can be created from the processed data. We therefore have no influence on the scope of the data that Facebook collects with the help of this plugin and therefore inform users according to our level of knowledge.
By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the online offer. If the user is logged into Facebook, Facebook can assign the visit to his Facebook account. If users interact with the plugins, for example by clicking the Like button or posting a comment, the corresponding information is transmitted from your device directly to Facebook and stored there. If a user is not a member of Facebook, there is still the possibility that Facebook will learn and store his or her IP address. According to Facebook, only an anonymized IP address is stored in Germany.
The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as the related rights and settings options for protecting the privacy of users, can be found in the privacy notices of Facebook.
If a user is a Facebook member and does not want Facebook to collect data about him or her via this online offer and link it to his or her membership data stored on Facebook, he or she must log out of Facebook and delete his or her cookies before using our online offer. Further settings and contradictions regarding the use of data for advertising purposes, are possible within the Facebook profile settings or via the US side or the EU side. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.
Within our online offer, the so-called "Facebook pixel" of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are a resident of the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"), is used due to our legitimate interests in the analysis, optimization and economic operation of our online offer and for these purposes.
Facebook is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law.
With the help of the Facebook pixel, it is possible for Facebook, on the one hand, to determine the visitors to our online offer as a target group for the display of advertisements (so-called "Facebook ads"). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (so-called "Custom Audiences"). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of users and do not have a harassing effect. With the help of the Facebook pixel, we can also track the effectiveness of the Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").
The Facebook pixel is directly integrated by Facebook when you visit our website and can save a so-called cookie, i.e. a small file, on your device. If you subsequently log in to Facebook or visit Facebook while logged in, the visit to our online offer will be noted in your profile. The data collected about you is anonymous for us, so it does not allow us to draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and can be used by Facebook and for its own market research and advertising purposes. If we should transmit data to Facebook for matching purposes, this data is encrypted locally in on the browser and only then sent to Facebook via a secure https connection. This is done solely for the purpose of creating a comparison with the data encrypted in the same way by Facebook.
The processing of the data by Facebook takes place within the framework of Facebook's data usage policy. Accordingly, you will find general information on the display of Facebook ads there. Specific information and details about the Facebook pixel and how it works can be found in Facebook's help section.
You can object to the collection by the Facebook pixel and the use of your data for the display of Facebook ads. To set what types of ads you are served within Facebook, you can visit the page set up by Facebook and follow the instructions there on the settings for usage-based advertising. The settings are platform-independent, which means that they are applied to all devices, such as desktop computers or mobile devices. To prevent the collection of your data using the Facebook pixel on our website, please click the link below. Note: When you click the link, an "opt-out" cookie will be stored on that device. If you delete the cookies in this browser, then you must click the link again. Furthermore, the opt-out only applies within the browser you are using and only within our web domain where the link was clicked.
The newsletter and e-mails are sent using ActiveCampaign, ActiveCampaign, LLC, 150 N. Michigan Ave Suite 1230, Chicago, IL, US, USA. ActiveCampaign is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with the European level of data protection.
With the help of ActiveCampaign, we can analyze our newsletter campaigns. When you open an email sent with ActiveCampaign, a file contained in the email (so-called web beacon) connects to ActiveCampaign's servers in the USA. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on. In addition, technical information is recorded (e.g. time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.
The data processing is based on your consent (Art. 6 para. 1 lit. a DSGVO). you can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.
The data you provide us with for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of ActiveCampaign after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this.
We use "Hotjar" on our website, a web analytics service provided by Hotjar Ltd, Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta. With Hotjar it is possible to measure and evaluate the usage behavior (clicks, mouse movements, scroll heights, etc.) on our website. Hotjar generates information through the "tracking code" embedded on the website and via small text files (cookies), which are stored locally in the cache of your web browser on your terminal device and which enable an analysis of the use of our website.
We use Hotjar for the purpose of analyzing the use of our website and to be able to continuously improve individual functions and offers as well as the user experience. Through the statistical evaluation of user behavior, we can improve our offer and make it more interesting for you as a user. This is also our legitimate interest in the processing of the above data by Hotjar.
The information generated by the cookies is transmitted to the Hotjar servers in Ireland and stored there. The cookies that Hotjar uses have different "lifetimes"; some remain valid for up to 365 days, some remain valid only during the current visit. The following information may be recorded by your device and browser: Your device's IP address (collected and stored in an anonymized format), your email address including your first and last name if you provided it to us through our website, screen size of your device, device type and browser information, geographic location (country only), preferred language to display our website.
Hotjar also uses third-party services (e.g., Google Analytics and Optimizely) to provide services. These third parties may store or otherwise process information that your browser submits when you visit our website (which may include your IP address).
Hotjar uses all this information to evaluate the use of our website, to create reports about the use and to provide other services in connection with the evaluation of our website. you can prevent the collection of data by Hotjar by clicking on the following link and following the instructions there.
For more information on the use of data by Hotjar, on setting and objection options, and on data protection, please refer to the following Hotjar website.
External fonts from Google, Inc. - "Google Fonts". The integration of Google Fonts is done by a server call at Google (usually in the USA).
Maps of the service "Google Maps" provided by the third-party provider Google Inc.