3. Purposes of processing data, legal bases and legitimate interests pursued by GARPA or a third party and categories of recipients
3.1. Accessing our site
When you access our website, the browser used on your device automatically sends information to the server of our website and temporarily saves it in a log file, over which we have no influence. The following information will be collected without your intervention and stored until automatically deleted:
- the IP address of the Internet-enabled device making the requesting,
- the date and time of the access,
- the name and URL of the file accessed,
- the website from which access was made (referrer URL),
- the browser you are using and, if applicable, the operating system of your Internet-capable computer as well as the name of your access provider.
The legal basis for processing the IP address is Art. 6 (1) point f) GDPR. Our legitimate interest arises from the purposes of data collection listed below. We wish to point out that we are not able to draw any direct conclusions about your identity from the data collected, nor can any be drawn through us.
The IP address of your device and the other data listed above are used by us for the following purposes:
- to ensure a smooth connection setup,
- to ensure smooth use of our website, and
- to evaluate system security and stability.
The data are stored only as long as is necessary to fulfil the purpose intended for storage and are deleted afterwards automatically. We also use cookies, tracking tools, targeting methods and social media plug-ins for our website. The exact methods involved and how their data are used for this purpose are explained in more detail in section 3.4 below.
If you accept geolocalization in your browser or operating system or other settings of your device, we use this function in order to be able to offer you individual services related to your current location. We process your location data in this way exclusively for this function. The data will be deleted once the use has ended.
3.2. Conclusion, Performance or Termination of a Contract
3.2.1. Processing data upon the conclusion of a contract
The scope of GARPA’s business is the distance selling of goods and services, retail trade within the framework of permits issued by the relevant authorities, and the serial production of goods to be offered. In this context, we process the data required for the conclusion, performance or termination of a contract with you. This includes:
- Salutation, Title, First Name, Surname
- Invoice and Delivery Address
- Email Address
- Billing and Payment Information
- Date of Birth
- Telephone Number
Art. 6 (1) point b) of the GDPR serve as the legal basis, i.e. you provide us with the data on the basis of the contractual relationship between you and us. In order to process your email address for online orders, we are also obliged to electronically confirm receipt of your order due to a provision in the German Civil Code (BGB). Art. 6 (1) point c) of the GDPR serve as the legal basis. We store the data collected for performing the contract at least until the expiry of the statutory or possible contractual warranty and guarantee rights, provided we do not use your contact data for advertising purposes (see 3.3. below).
The following data processing operations are also required to process the purchase agreement:
We work together with logistics companies for the purpose of processing the sales contract. The following data may be transmitted to these logistics companies commissioned by us for the purpose of delivering the ordered goods or for announcing them: Information about your delivery address (first name, surname, postal address) as well as your email address and telephone number. The logistics company will contact you prior to delivery to provide you with the time of delivery or to discuss delivery details with you.
3.2.2. Identity, Creditworthiness and Information to Credit Agencies
If necessary, we may verify your identity by consulting information from service providers. Art. 6 (1) points b) and f) of the GDPR serve as the legal basis. Authorisation to do so arises from ensuring the protection of your identity and the avoidance of fraud attempts at our expense. The circumstance and the result of our enquiry will be added to your customer account or your guest account for the duration of the contractual relationship.
During the ordering process, we also check your credit rating, provided that you select the payment method ‘on account’. For this purpose, we pass on the following types of data to credit agencies cooperating with us: name, address, date of birth. Art. 6 (1) point f) of the GDPR serve as the legal basis. The legitimate interest required under this provision arises from our interest in minimising the credit risk associated with these types of payments. The circumstance and the result of our enquiry will be added to your customer account for the duration of the contractual relationship.
If you have already made a purchase with us, your data stored by us about you can be supplemented by score values. Scoring is the process of making a forecast of future events based on information collected and past experiences. Such processing is based on Art. 6 (1) point f) of the GDPR. The preparation of such forecasts is to be regarded as a legitimate interest within the meaning of the aforementioned provision. Based on the data stored about your, you will be assigned to statistical groups of people with similar entries in the past. The underlying method used is a well-founded mathematical-statistical method for predicting risk probabilities that has long been tried and tested in practice.
In the event of a delay in payment, we reserve the right to pass on the necessary data to a company commissioned with asserting the claim if other legal requirements have been met. Art. 6 (1) point. b) and Art. 6 (1) point f) of the GDPR serve as the legal basis. The assertion of a contractual claim shall be regarded as a legitimate interest within the meaning of the second provision. Information about the delay in payment or a possible bad debt loss will also be forwarded to credit agencies cooperating with us if other legal requirements have been met. Art. 6 (1) point f) of the GDPR serve as the legal basis. The legitimate interest required here arises from our interest and that of third parties in reducing contractual risks for future contracts.
3.3. Processing Data for Advertising Purposes
The following explanations refer to the processing of personal data for advertising purposes. The DSGVO declares such processing of data based on Art. 6 (1) point f) of the GDPR to be generally conceivable and a legitimate interest. The duration of data storage for advertising purposes does not follow rigid principles and is based on the question of whether storage is necessary for advertising purposes. Please refer to Section 3.3.4 for the procedure to be followed should you wish to assert your right to object.
3.3.1. Advertising Purposes of GARPA and Third Parties
If you have concluded a contract with us, we will store you as a customer in our system. In this case, we process your postal contact details beyond a concrete consent, in order to send you information about products and services in this way. We process your email address, provided we have received it from you, in order to send you information about our own, similar products beyond a concrete consent.
3.3.2. Interest-Oriented Advertising
To ensure that you only receive advertising information that is of supposed interest to you, we categorise and supplement your customer profile with further information. Both statistical information and information about you (e.g. basic details from your customer profile) are used for this purpose. The aim is to provide you with advertising that is solely oriented to your actual or supposed needs and not to trouble you with useless advertising.
3.3.3. Referring friends
If our customers inform us of potential interested parties for our offers (e.g. catalogue request), we collect this personal data provided to us for the purpose of acquiring new customers. We process and use the name and postal address to send our catalogue. For this purpose, we may pass on the personal data provided to us to relevant service providers commissioned by us. We are also obliged to inform the person you have named that you have given us the address data. We store your details (details of the interested party and the fact that you recommended the interested party) as long as this is necessary to fulfil the purpose for reasons of proof. The processing of postal contact data for the purpose of “referring friends” takes place outside the existence of a concrete consent in order to provide interested parties with information about products and services in this way. The GDPR declares such processing of personal data for advertising purposes on the basis of Art. 6 para. 1 lit. f) GDPR as fundamentally conceivable and as a legitimate interest.
3.3.4. Participation in analytics union
As a participating partner in the analytics union, a cooperation of various distance-selling companies, we process your data within the scope of our legitimate interest pursuant to Art. 6 para. 1 lit. f of the GDPR for our own and third-party marketing activities.
In this process, your data is first analysed by selected and reliable service providers on a pseudonymised basis together with data from other participating companies in order to identify relevant marketing activities for you and to be able to generate any interested new customers. For more information, please visit info.analyticsunion.com or contact CUSTOMY GmbH & Co. KG, Klarissengasse 4, 48143 Münster, Germany.
The involvement of the trusted service providers and use of special encryption procedures as well as the conclusion of processing between joint controllers (Art. 26 of the GDPR) ensure that the data protection regulations of the GDPR are met.
You can object to the use of your data for these purposes directly to us or more easily at the following website info.analyticsunion.com in accordance with Art. 21 of the GDPR. In the event of an objection, your name and address will continue to be stored in pseudonymised form with the selected service providers in order to protect your rights and to ensure that you do not receive unsolicited advertising in the future or that your data is processed for these purposes. If, in addition to your objection, you also expressly request the complete deletion of this pseudonymised data, it can no longer be ensured that you will be excluded from marketing activities in the future, as no corresponding protective comparison can then be made with your pseudonymised data record created for this purpose.
You can assert all other data subject rights arising from the GDPR, in particular your rights to information, correction, deletion and transfer, directly against us. We will then process your request with the help of our cooperation partners.
In accordance with Art. 11 (1) of the GDPR, the possibility of your identification on the basis of the data concerning you will only be maintained for as long as it is necessary for the purpose of the respective data processing. Due to the complex encryption procedures, it is therefore possible that your data can no longer be linked to your identity afterwards. The data subject rights of Art. 15-20 of the GDPR can only be asserted in this case if you provide additional information that allows us or our cooperation partners to clearly identify you.
3.3.5. Right to object
You can object to your data being processed for the above-mentioned purposes at any time free of charge, separately for the respective communication channel, and with effect for the future. To do so, simply send an email or a letter by post to the contact details listed under Section 2.
If you object to your data being processed, the contact address concerned will be blocked for further processing for advertising purposes. We wish to point out that advertising material may still be sent temporarily in exceptional cases even after receipt of your objection. This is technically due to the necessary lead time of advertisements and does not mean that your right to object has not been considered. We ask for your understanding.
3.3.6. Information on the Newsletter
We offer you the possibility of subscribing to our newsletter via our website. In order to make sure that no errors were made when entering the email address, we use the double opt-in process. This means that we will send you a confirmation link after you have entered your email address in the registration field. Your email address will be added to our mailing list only after you click on this confirmation link. Your electronic contact details will be processed solely on the basis of your consent pursuant to Art. 6 (1) point a) of the GDPR. You may revoke your consent at any time with effect for the future. To do so, simply send an email to the email address provided under Section 2 or click on the “Unsubscribe” button at the end of each newsletter.
3.4. Online Presence and Website Optimisation
3.4.1. Cookies – General Information
We use cookies on our website. Cookies are small files that are automatically created by your browser and stored on your device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not cause any damage to your device, do not contain viruses, Trojans or other malware. Information is stored in the cookie that is generated in connection with the specific end device used. This does not mean, however, that we will gain immediate knowledge of your identity.
The use of cookies serves on the one hand to make using our offer more convenient for you. In this respect, we use temporary cookies to recognise that you have already visited individual pages on our website. These will be deleted automatically once you leave our site. These cookies required for the functionality of our website are essential and cannot be deactivated (e.g. session cookies).
In addition, we also use permanent cookies which are stored on your device for a specified period of time to make our website more user friendly. If you visit our site again to use our services, the site automatically recognises that you have previously visited it and which data you entered as well as the settings you have made, so that you do not have to enter these again.
The cookies are automatically deleted after a specific period of time. Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is generated. However, if you disable cookies completely, you may not be able to use all the features of our website. The length of time cookies are stored depends on their purpose and is not the same for everyone.
The marketing cookies used by us serve to display advertising that is in line with your interests. When you visit another website, the browser cookie will be recognised and advertisements selected based on the information stored in this cookie will be displayed.
The sue of statistic cookies helps us to measure the reach of our own offer. We can track which website was visited before calling our website and how our website was used, among other things. We use this data, among other things, to optimise our website by evaluating the campaigns we have carried out.
The legal basis on which we process your personal data using cookies depends on whether we ask you for your consent. If this is the case and you consent to the use of cookies, the legal basis for the processing of your data is the declared consent in accordance with Art. 6 para. 1 lit. a) of the GDPR. Otherwise, the data processed with the help of cookies will be processed on the basis of our legitimate interests (e.g. in the business operation of our online offer and its improvement) or, if the use of cookies is necessary, in order to fulfil our contractual or legal obligations.
Regardless of whether the processing is based on consent or legal permission, you have the option at any time to revoke your consent or to object to the processing of your data using cookie technologies.
Revoking consent shall not affect the lawfulness of processing data carried out on the basis of the consent up to the point of revocation.
You can exercise your right to object by using the settings of your browser, e.g. by deactivating the use of cookies (this can also restrict the functionality of our online offer)
You may revoke your consent or configure your settings for the cookies used on our website by clicking on the following link: Edit cookie settings.
3.4.2. Google Analytics
We use Google Analytics, a web analysis service provided by Google Ireland Limited (“Google”), to provide need-based design and continuous optimisation of our pages.
In this context, pseudonymised user profiles are created and cookies are used. The information generated by the cookie about your use of this site such as
- Browser type/version,
- Operating system used,
- Referrer URL (the previously visited page),
- Host name of the accessing computer (IP address),
- Time of the server request,
are transferred to a Google server possibly in the USA or other third countries, and stored there. The information is used to evaluate the use of the website, to compile reports on website activities and to provide other services related to website and Internet use for market research purposes and to design these Internet pages in line with requirements. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of third parties. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymised so that it is not possible to associate them with a user (IP masking).
You can prevent the use of cookies by selecting the appropriate settings in the browser; however, please note that if you do this, you may not be able to use the full features of this website. You can also prevent data generated by the cookie and related to your use of the website (including your IP address) from being collected as well as from processing this data by Google by downloading and installing the browser plug-in available under the following link: As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking this link. An opt-out cookie is set to prevent your data from being collected in the future when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again. You can find further information on data protection in connection with Google Analytics on the Google Analytics website.
The legal basis for the processing of personal data described here is your consent in accordance with Art. 6 Para. 1 lit. a) of the GDPR.
You may revoke your consent or configure your settings for the cookies used on our website by clicking on the following link: Edit cookie settings.
3.4.3. Facebook Custom Audience via the Pixel Method
We use “Facebook pixels” on our website, a service provided by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter “Facebook”).
Facebook pixels enable Facebook to display our Facebook ads only to Facebook users who have visited our website, especially those who have shown interest in our online offerings or certain topics or products. Facebook pixels allow you to check whether a user has been redirected to our website after clicking on our Facebook ads. Facebook Pixel uses cookies, which are small text files that are stored locally in the cache of your web browser on your device.
If you have a Facebook user account and are registered, Facebook can associate the visit to your user account. The data collected about you is anonymous to us and does not give us any information about the identity of the user. However, Facebook may associate this data with your Facebook account. We have no control over the extent and further use of data collected by Facebook through the use of Facebook pixels. Even if you are not registered with Facebook or have not logged in, Facebook may collect and store your IP address and other identifying information.
We use Facebook pixels for marketing and optimisation purposes, in particular to place relevant and interesting ads on Facebook and thus improve our offer, make it more interesting for you as a user, and avoid annoying ads. This is also our legitimate interest in processing the above-mentioned data. For more information about Facebook’s collection and use of this information and your rights and choices regarding your privacy, please see Facebook’s Privacy Policy.
3.4.4. Targeting
We want to ensure that you only see advertising on your end devices that is oriented towards your actual or supposed interests through the targeting measures used. It is both in your and our interest to not bother you with uninteresting advertisements.
The legal basis for the processing of personal data described here is your consent in accordance with Art. 6 Para. 1 lit. a) of the GDPR.
You may revoke your consent or configure your settings for the cookies used on our website by clicking on the following link: Edit cookie settings.
3.4.4.1. Onsite-Targeting
Our website uses cookies to collect and evaluate information to optimise advertisements. This information includes, for example, information about which of our products you are interested in. Any recording or analysis is done exclusively under a pseudonym and does not enable us to identify you. In particular, the information will not be merged with your personal data. This information enables us to display offers on our site that are specifically tailored to your interests, such as those arising from your past user behaviour. The cookie is automatically deleted after 30 days.
3.4.4.2. Re-Targeting
We also use re-targeting technologies from Google. This enables us to make our online offer more interesting and tailored to your needs. For this purpose, a cookie is set with which data from interested customers is collected using pseudonyms. This information is used to display interest-related advertisements about our offers on the websites of our partners. No directly personal data will be stored and no user profiles will be merged with personal data on you. The cookie is stored for a period of 2 years and then automatically deleted.
3.4.4.3. Right to revoke/object/opt-out
In addition to the option to revoke your consent and the deactivation methods described above, you can also generally prevent the targeting technologies described above by setting the appropriate cookie in your browser (see also 3.4.1.). In addition, you can deactivate preference-based advertising with the help of the preference manager by accessing it here.
3.4.5. Social Media Plug-Ins
We use social plug-ins from the social networks Facebook, Instagram, Pinterest and YouTube on our website on the basis of Art. 6 (1) point f) of the GDPR in order to make our company better known. The underlying advertising purpose is to be regarded as a legitimate interest within the meaning of the GDPR. The responsibility for operation that is compliant with data protection regulations is to be guaranteed by their respective providers. These plug-ins are integrated by the two-click method in order to protect visitors to our website in the best possible way.
3.4.5.1. Facebook
We use plug-ins from the social network Facebook on our website, which are offered by Facebook Inc. The Facebook plug-ins are marked with a Facebook logo or contain “Like” or “Share”. An overview of the Facebook plug-ins and their appearance can be found by clicking the following link.
When you activate such a plug-in (first click), your browser establishes a direct connection to Facebook’s servers. The content of the plug-in is transmitted directly from Facebook to your browser and integrated into the page. This integration provides Facebook with the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook account or are not logged in to Facebook. This information (including your IP address) is transmitted directly from your browser to a Facebook server in the USA where it is stored. If you are logged in to Facebook, Facebook can immediately associate your visit to our website with your Facebook account. If you interact with the plug-ins, for example by pressing the “Like” button, this information is also transmitted directly to a Facebook server where it is stored. The information will also be published to your Facebook account and displayed to your Facebook friends.
The purpose and scope of the collection of data and further processing including use of the data by Facebook as well as your rights in this regard and setting options to protect your privacy can be found in Facebook’s Privacy Policy.
If you do not want Facebook to associate the data collected about your visit to our site directly with your Facebook account, you must log out of Facebook before visiting our site.
3.4.5.2. Instagram
Our website also uses social network plug-ins from Instagram. The Instagram service is a Facebook product provided by Facebook Inc. The plug-ins are marked with an Instagram logo, for example in the form of an “Instagram camera”.
When you activate the plug-in (first click), your browser establishes a direct connection to Instagram’s servers. The content of the plug-in is transmitted directly from Instagram to your browser and integrated into the page. This integration provides Instagram with the information that your browser has accessed the corresponding page of our website, even if you do not have an Instagram account or are not logged in to Instagram.
This information (including your IP address) is transmitted directly from your browser to an Instagram server in the USA where it is stored. If you are logged in to Instagram, Instagram can immediately associate your visit to our website with your Instagram account. If you interact with the plug-ins, for example by pressing the “Like” button, this information is also transmitted directly to an Instagram server where it is stored. The information will also be published to your Instagram account and displayed to your Instagram contacts.
If you do not want Instagram to associate the data collected through our website directly with your Instagram account, you must log out of Instagram before visiting our website. For more information, see Instagram’s Privacy Policy.
3.4.5.3. YouTube
Our website uses plug-ins from YouTube which is operated by Google. YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA is the site operator.
When you activate the plug-in (first click), your browser establishes a direct connection to YouTube’s servers. This will tell the YouTube server which of our pages you have visited. If you are logged in to your YouTube account, you allow YouTube to directly associate your surfing behaviour with your personal profile. You can prevent this by logging out of your YouTube account beforehand. You can find further information about the handling of user data in YouTube’s Privacy Policy.
3.4.5.4. Pinterest
We also use social plugins on our website by the social network Pinterest, which is operated by Pinterest Europe Ltd. Palmerston House, 2nd Floor Fenian Street, Dublin 2, Ireland (“Pinterest”). If you visit a page that contains such a plug-in, your browser establishes a direct connection with the Pinterest servers. The plug-in transmits protocol data to the server of Pinterest. This log data may include your IP address, the address of the websites visited, which also contain Pinterest functions, browser type and settings, date and time of the request, your use of Pinterest, and cookies.
If you click the Pinterest “Pin it” button while logged into your Pinterest account, you can link the content of our pages to your Pinterest profile. This allows Pinterest to match the visit to our pages to your user account. We would like to point out that we have no knowledge of the content of the data transmitted or its use by Pinterest. Further information on the purpose, scope and further processing and use of the data by Pinterest as well as your rights and options to protect your privacy can be found in Pinterest’s privacy policy (https://about.pinterest.com/en/privacy-policy).
3.4.6. Blog
Users have the option of leaving individual comments on individual blog posts on a blog located on the website of the data controller. A blog is a portal, usually open to the public, on a website, in which one or more people can post articles or write down thoughts in blog posts. The blog posts can usually be commented on by third parties.
If a data subject leaves a comment in the blog published on this website, in addition to the comments left by the data subject, information on the time when the comment was entered and on the user name chosen by the data subject (pseudonym) are stored and published.
Furthermore, the email address is saved and the IP address assigned to the data subject by the Internet Service Provider (ISP) is also logged. This storage of the IP address is done for security reasons and in the event that the data subject violates the rights of third parties or posts illegal content through a comment submitted. The storage of these personal data is therefore in the own interest of the data controller, so that the data controller could, if necessary, be exculpated in the event of an infringement of the law. This personal data collected will not be passed on to third parties, unless such a transfer is required by law or serves the legal defence of the data controller.
3.4.7. Appointments via Microsoft Booking
We use Microsoft Bookings to book consultation appointments online.
The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA.
Microsoft Bookings is a service that allows appointment requests to be made. The data you enter for the purpose of your enquiry (name, email address, telephone number, address, customer number, website URL and notes or your request) are stored on the servers of Microsoft USA or Ireland.
The use of this tool is based on Art. 6 para. 1 lit. f of the GDPR. We have a legitimate interest in the appointment management in order to optimise our offer. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a of the GDOPR; consent can be revoked at any time.
For more information, please see Microsoft's Privacy Policy at: https://privacy.microsoft.com/de-de/privacystatement.
Please note that you are not obliged to use Microsoft Bookings to make an appointment. If you do not wish to use the service, please use a different contact option offered to make an appointment.
If consent is revoked, the intended contact with the user is no longer possible or communication that has already begun can no longer be continued.
3.4.8. Matterport
Our website includes a virtual showroom that enables visitors to browse through our collection individually. The operator of this portal is Matterport, Inc, 352 E. Java Dr. Sunnyvale, CA 94089, USA. When you visit one of our pages containing such a virtual tour, a connection to Matterport's servers is established. This will tell the Matterport server which of our pages you have visited. In addition, Matterport obtains your IP address. This also applies if you are not logged in to Matterport or do not have an account with Matterport. The information collected by Matterport is transmitted to the Matterport server in the USA. If you are logged in to your Matterport account, you allow Matterport to directly associate your surfing behaviour with your personal profile. You can prevent this by logging out of your Matterport account beforehand.
The use of Matterport serves the interest of presenting our online offers in an appealing way. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f of the GDPR. If corresponding consent has been requested (e.g. consent to the storage of cookies), processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a of the GDOPR; consent can be revoked at any time.
For more information on how Matterport implements the GDPR and handles user data, see: https://support.matterport.com/hc/en-us/articles/360000904267-Matterport-s-Plan-for-GDPR and in the Privacy Policy of Matterport at: https://matterport.com/legal/data-processing-agreement.
3.4.9. Typeform
We have integrated Typeform on this website. The provider is TYPEFORM S.L., Carrer Bac de Roda, 163, 08018 Barcelona, Spain (hereinafter “Typeform”).
Typeform enables us to create online forms and integrate them into our website. The data you enter in our Typeform forms is stored on Typeform’s servers until you ask us to delete it, revoke any consent you have given to store it, or the purpose for storing the data no longer applies (e.g., after we have finished processing your request). Mandatory legal provisions – in particular, retention periods – remain unaffected by this.
The use of Typeform is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in functioning online forms. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.
3.4.10. Microsoft Advertising
We use Universal Event Tracking (UET) on our website via the Microsoft Advertising (formerly Bing Ads) a service of Microsoft Corporation (USA). Microsoft stores a cookie in your browser via UET to enable an analysis of the use of our online offer.
Prerequisite for this is that you have reached our website via an advertisement from Microsoft Advertising. In this way, Microsoft and we can recognise that someone has clicked on an advertisement, been redirected to our online offer and reached a previously determined target page (so-called conversion measurement). No IP addresses are not stored during this process. No further personal information about the identity of the user is communicated.
Microsoft Advertising is only used with your consent. Art. 6 para. 1 lit. a of the GDPR serves as the legal basis. You can revoke your consent at any time in the data protection settings by deactivating conversion tracking.
You can find more information on data protection at Microsoft in the
Microsoft PrivacyPolicy at https://privacy.microsoft.com/de-de/privacystatement.
3.4.11. Matomo
This website uses the open source web analytics service Matomo. Matomo uses technologies that make it possible to recognise users across pages to analyse user behaviour (e.g. cookies or device fingerprinting). The information collected by Matomo about the use of this website is stored on our server. The IP address is anonymised before storage.
Matomo helps us collect and analyse data about visitors’ use of our website. This enables us to find out, among other things, when which page views were made and from which region they come. We also collect various log files (e.g. IP address, referrer, browsers and operating systems used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.).
The use of this analysis tool is based on Art. 6 para. 1 lit. f of the GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and advertising. If a corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a of the GDPR and Section 25 para. 1 of the TTDSG (German Telecommunications Telemedia Privacy Act), insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
3.4.14. Use of Cookiebot by Usercentrics
Our website uses the "Cookiebot" Consent Management Platform from Usercentrics to manage your consent for the use of cookies and similar technologies in compliance with legal requirements. Cookiebot enables you to determine which cookies are stored on your device through an appropriate consent selection.
Provider: Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany.
Data Processing: When using Cookiebot, the following data is collected and processed:
- Your IP address in anonymized form (last three digits are set to "0"),
- Date and time of consent,
- Browser user agent,
- URL from which consent was given,
- An anonymous, random, and encrypted key,
- Your consent status as proof of consent.
This data is used to manage and document your consent, ensuring compliance with legal requirements.
Legal Basis: The processing of your personal data is based on Article 6(1)(c) GDPR to fulfill our legal obligations.
Retention Period: Consent data is retained for 12 months and then automatically deleted.
For more information on data protection at Cookiebot, visit: https://www.cookiebot.com/en/privacy-policy/.
3.4.11.1. IP anonymisation
We use IP anonymisation for analyses with Matomo. Your IP address is shortened before analysis so that it can no longer be clearly assigned to you.
3.4.11.2. Hosting
We host Matomo exclusively on our own servers so that all analysis data remains with us and is not passed on to third parties.
3.5. Contact
We offer visitors to our websites the opportunity to contact us via a contact form or by email. We use the information you provide via the contact form or by email (required information is marked with an asterisk) exclusively for the purpose of processing your request. This is done on the basis of Art. 6 (1) point f) of the GDPR. Proper handling of your concerns is to be regarded as a legitimate interest within the meaning of the GDPR. If you contact us in connection with a contractual relationship between you and us, Art. 6 (1) point b) of the GDPR, i.e. this contractual relationship, is also the legal basis for processing data. The data provided will be deleted immediately after use, unless there is a legal retention period. Your data will not be used for another purpose or transferred to third parties unless you have consented to this.
3.5.1. Privacy policy on audio and video conferences
Data processing
We use online conference tools, among other things, to communicate with our clients. The tools we use in detail are listed below. If you communicate with us by video or audio conference via the Internet, your personal data will be collected and processed by us and the provider of the respective conference tool.
The conference tools collect all data that you provide/enter to use the tools (email address and/or your telephone number). Furthermore, the conference tools process the duration of the conference, start and end (time) of participation in the conference, number of participants and other ‘contextual information’ related to the communication process (metadata).
Furthermore, the provider of the tool processes all technical data required for handling of online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, and the type of connection.
If content is exchanged, uploaded or otherwise made available within the tool, this is also stored on the servers of the tool providers. Such content includes, but is not limited to, cloud recordings, chat/instant messages, voice mails uploaded photos and videos, files, whiteboards and other information shared while using the service.
Please note that we do not have full control over the data processing operations of the tools used. Our options are largely determined by the corporate policy of the respective provider. For further information on data processing by the conference tools, please refer to the privacy policies of the respective tools used, which we have listed below this text.
Purpose and legal basis
The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 para. 1 lit. b of the GDPR). Furthermore, the use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest within the meaning of Art. 6 para. 1 lit. f of the GDPR). Insofar as consent has been requested, the tools in question are used on the basis of this consent; consent can be revoked at any time with effect for the future.
Duration of storage
The data collected directly by us via the video and conference tools will be deleted from our systems as soon as you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies. Stored cookies remain on your end device until you delete them. Mandatory statutory retention periods remain unaffected.
We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details on this matter, please contact the operators of the conference tools directly.
Conference tools used
We use the following conference tools:
Microsoft Teams
We use Microsoft Teams. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 , USA. For details on data processing, please refer to the Microsoft Teams Privacy Policy:https://privacy.microsoft.com/en-gb/privacy.
3.6. Access to the GARPA image archive/image database
We use the double opt-in procedure to register to our database. This means that after you register, we will send you an email to the specified email address in which we ask you to confirm that you wish to have your data entered into the database. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and the time of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify any potential misuse of your personal data.
The functions of the database can be described as follows:
For press contacts: Providing free image and text files for editorial purposes only.
For architects & interior designers: Providing free technical drawings, image and text files for personal, educational and informative purposes, for preparing quotations/cost estimates to end customers in connection with the sale of GARPA products via the company itself and for use in training courses or seminars.
3.7. Furnishing Planner
The Furnishing Planner on this website uses HTML5 storage objects that are stored on your mobile device. These objects store the required data (current plans, saved plans) independently of your browser and do not have an automatic expiry date. No personal data is stored by the Furnishing Planner. You can prevent the use of HTML5 storage objects by using private mode in your browser.
