Privacy Policy
Version 2 — 26-Mar-2023
Courtesy translation for informational purposes only. The definitive version of this Privacy Policy is the German version.
1. Purpose
This Privacy Policy serves to inform you about the personal data collected on this website, why they are collected, how they are processed, when they are eventually deleted, and which rights are granted to persons concerned. Personal data are data that can be used to identify a natural.
2. Legal basis
The processing of personal data is based on the General Data Protection Regulation of the European Union (EU GDPR) and the Federal Data Protection Act of Germany.
3. Controller
The person determining the purposes and means of the processing of personal data — the Controller — is the operator of the website (see Site Notice), unless otherwise stated.
The Controller of data related with payments is the external payment provider (see below).
4. Hosting
4.1 External Hosting
This website is not hosted on our own servers in our own computer center, but on servers we rent from an external service provider. External hosting offers operational benefits in terms of improved service offering (e.g. shorter response times, higher data throughput) as well as greater availability / failure safety. However, it also means that most of the personal data collected on this website are processed on the server of the external service provider.
When choosing the service provider selection criteria are, amongst others, a company registered in Germany with an impeccable reputation, operating the servers we rent in a computer center located in Germany. Moreover, we established a data processing agreement with the service provider in accordance with article 28 EU GDPR.
The service provider is: IONOS SE, Elgendorfer Straße 57, 56410 Montabaur, Germany. The computer center is located in Berlin, Germany.
4.2 Accessibility via encrypted connections (SSL)
By using this website, data is exchanged between your device (e.g. desktop computer, laptop computer, tablet, smartphone) and the website servers. Each time you click a link or submit a form, a request is created which the server reacts to with a response. Because of the architecture and functionality of the internet, request (from you to us) as well as responses (from us to you are routed via various network nodes.
It is practically impossible to know a request's or a response's route in advance and who the various nodes on the route are operated by. Therefore, to be on the safe side, you should assume that requests and responses, potentially containing personal data, can be viewed or even manipulated, even if doing so is illegal.
Secure Socket Layer (SSL) ist a broadly used technology to encrypt requests and responses between a user device and a server ("end-to-end encryption"), protecting the data from unauthorized viewing or manipulation.
This website is accessible via SSL connections. With regard to the protection of persona data from unauthorized access, we advise you to make use of the SSL connections offered by us. Most browsers indicate active SSL connections with a closed padlock symbol in or near the address field. When in doubt, consult the documentation of your browsers. Our website facilitates using SSL connections by automatically responding to requests via a non-SSL connection with a redirect to the equivalent SSL connection. Most browsers follow that redirect automatically.
5. Personal Data
5.1 Server log files
All requests sent to our servers are being recorded in server log files. Specifically, the following information are logged:
- Point in time
- IP adresse
- Name of page / file / resource
- Name of referring page / file / resource
- Connection protocol
- Request size
- Operating system
- Browser type
- Server response status code
We log this data because it provides important insights when it comes to averting dangers, eliminating malfunctions and optimising the website in terms of function and presentation. These are legitimate interests within the meaning of Art. 6 para. 1 lit. f of the GDPR.
The processing of this data is only carried out by ourselves. We do not forward the data to third parties. We do not combine this data with personal data from other sources.
The server log files are deleted when the purpose for processing the data is no longer given, but at the latest after 90 days.
5.2 Cookies
This paragraph contains general information about cookies. Cookies are small files that are stored on the user's device at the instigation of a website and whose content can be read again by that website if required. This is useful for different purposes. For example, some cookies are technically necessary for certain functions of a website desired by the user, such as the assignment of entries in an online form to the correct usage session, precisely so that these entries are not visible in the session of another user. On the other hand, cookies can be used to track user behaviour, if necessary across several websites. Cookies can be created in such a way that they are automatically deleted by your browser at the end of the session ("session cookies") or retained ("permanent cookies"). Depending on the configuration of the browser, permanent cookies are deleted automatically after a certain time or by manual action of the user.
A technically necessary session cookie is set on this website to identify the session. The cookie is deleted at the end of the session, at the latest when you close the browser completely.
Additional cookies essential for the payment functionality are set by the payment provider (see below).
No other cookies are set.
5.3 Logbook Configurator
If you design the logbook to contain personal data of the owner, peronal data will be collected via the corresponding form in the logbook configurator. These are:
- indication if natural or organisational person
- gender, academic degree / titel, first name, last name (for natural persons), or name (for organisational persons), respectively
- postal address (Street, building no., postal code, city, country)
- phone number
- email address
This data is collected for the purpose of product customisation requested by the orderer. Since the user of the logbook configurator is not necessarily also the owner or the person concerned, the user must confirm in the corresponding form with regard to Art. 6 para. 1 lit. a GDPR that the person concerned agrees to the processing of the personal data concerning him or her, including the forwarding to the printer described below.
In the event that a purchase contract is concluded with regard to the logbook, the data collected will be incorporated into the artwork. We create the artwork ourselves — for the purpose of fulfilling our obligations under the purchase contract — so that no data is passed on to third parties during this processing step. After completion, the artwork is then forwarded to the printer.
Otherwise, the data will not be processed, i.e. will not be passed on to third parties.
All logbook data, including any personal data contained therein, will be automatically deleted if not ordered within 14 days after completion of the configuration process.
5.4 Order form
Through the order form, the personal data of the customer and, if applicable, the invoice recipient and, if applicable, the recipient of the goods (delivery address) are collected.
- indication if natural or organisational person
- gender, academic degree / titel, first name, last name (for natural persons), or name (for organisational persons), respectively
- postal address (Street, building no., postal code, city, country)
- phone number
- email address
We collect this data for the purpose of contract initiation and, if applicable, contract execution on the basis of Art. 6 (1) lit. b of the GDPR.
The processing of this data takes place only by ourselves. It is not forwarded to third parties. We do not combine this data with personal data from other sources.
We store the data only as long as the purpose requires. For purchase contracts, the retention period for tax reasons is 10 years from the end of the calendar year in which the contract was fulfilled. During this period, the processing of data is restricted. In the event that a sales contract is not concluded, we delete this data immediately.
5.5 Payment provider
Payment data (e.g. credit card number, expiry date, etc.) must be provided when ordering. This data is transmitted directly to an external payment service provider. We do not collect or process the payment data. We only receive information from the payment service provider as to whether the payment was successfully made.
The payment provider is Stripe, Inc., 354 Oyster Point Blvd, South San Francisco, CA 94080, United States of America, or, depending on the location of the customer and other factors, a Stripe subsidiary. See the additional information on the Stripe website.
5.6 Contact form and email
The contact form collects the following personal data: name, email address. The same is true for emails sent to us. We collect this data to be able to respond via email.
The data is transferred to an enquiry management system operated by an external service provider. A Data Processing Agreement exists between Logbook Tailor and the provider to ensure the data is protected in a legally compliant way and may not be passed on to third parties. The external service provider is: Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.
We store the personal data until your enquiry has been processed in full or until you request us to delete it.
6. Backups
Backups refer to copies of all website data, including personal data. Backups serve to be able to put the website back into operation after a failure.
The backups are stored on the hoster's servers in a data centre that is within the scope of the GDPR for a period of 30 days and subsequently deleted.
7. Rights
Data subjects (persons concerned) have the rights listed below.
- Right of access — Receive information about the source of the data, for what reason and how the data is processed.
- Right of rectification — have incorrect data rectified.
- Deletion or restriction — let data be deleted or its processing restricted.
- Transfer — receive the data in a common, machine readible format or have it transferred to a third party.
- Right to revoke — the consent to the processing of the data in general and for advertising purposes in particular.
- Right to complain — in the event of breaches against the GDPR.
To exercise your rights, please contact the Controller or, one of the supervisory authorities, as applicable.
8. Updates of this Privacy Policy
This Privacy Policy will be updated as necessary so that it is always in line with the functional and technical circumstances and the current legal situation. The version number of the currently valid version including the date are indicated under the title of this Privacy Policy.
Website users who consented to have their email address stored will be informed by email about updates of this Privacy Policy.