Data protection declaration
I. Principles, definitions
2. We process your personal data only lawfully in accordance with the applicable data protection provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other relevant for the respective individual processing
3. The term “personal data” i. S. d. Article 4 (1) GDPR refers to all information that identifies you as a natural person or makes it identifiable. This includes, for example, your name, your address, your telephone number, your date of birth, your bank details as well as your IP address at the time of use of this website.
II. Name and contact details of the controller
1. We – the Flötotto Einrichtungssysteme GmbH – as the operator of the website are the controller for the processing of your personal data i. N. d. Art. 4 para. 7 GDPR.
2. Our full contact details are:
Flötotto Einrichtungssysteme GmbH
An der Manufaktur 4
T +49 (0) 5241 50474 0
III. Data Protection Officer
RA Dr. Sebastian Meyer, LL.M.
c/o BRANDI Lawyers
Phone: 0521 / 96535-812
With this data protection declaration, we inform you to what extent and for what purposes personal data is processed in connection with the use of the online offer.
Personal data is information about an identified or identifiable natural person. This includes all information about your identity, such as your name, e-mail address or postal address. Information that cannot be associated with your identity (such as statistical data, for example, on the number of users of the online service) is not considered personal data.
As a matter of principle, you can use our online offer without disclosing your identity and without providing personal data. We will then only collect general information about your visit to our online service. For some of the services offered, however, personal data is collected from you. This data will then only be processed by us for the purposes of using this online service, in particular for providing the requested information. When collecting personal data, only the data that is absolutely necessary must be provided. In addition, further information may be possible, in which case it is voluntary. In each case, we indicate whether the information is mandatory or voluntary. We then provide information on the specific details in the corresponding section of this data protection declaration.
Automated decision-making based on your personal data does not take place in connection with the use of our online service.
Processing of personal information
Your information is stored by us on specially protected servers within the European Union. These are protected by technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons. Access to your data is only possible for a few authorized persons. These are responsible for the technical, commercial or editorial support of the servers. Despite regular checks, however, complete protection against all dangers is not possible.
Your personal data is transmitted over the Internet in encrypted form. We use TLS encryption (Transport Layer Security) for data transmission.
Disclosure of personal data to third parties
As a matter of principle, we only use your personal information to provide the services you have requested. Insofar as external service providers are used by us in the course of providing the service, their access to the data is also exclusively for the purpose of providing the service. We take technical and organizational measures to ensure compliance with data protection regulations and also oblige our external service providers to do the same.
Furthermore, we do not pass on data to third parties without your express consent, in particular not for advertising purposes. Your personal data will only be passed on if you yourself have consented to the data being passed on or if we are entitled or obliged to do so on the basis of statutory provisions and/or official or court orders. In particular, this may involve the disclosure of information for the purposes of criminal prosecution, to avert danger or to enforce intellectual property rights.
If we transfer your personal data ourselves or through service providers to countries outside the European Union, we comply with the special requirements of Art. 44 et seq. DSGVO for this purpose and also oblige our service providers to comply with these regulations. We will therefore only transfer your data to countries outside the European Union subject to the level of protection guaranteed by the GDPR. This level of protection is ensured in particular by an adequacy decision of the EU Commission or by appropriate safeguards pursuant to Art. 46 of the GDPR.
Legal basis for data processing
Insofar as we obtain consent for the processing of your personal data, Art. 6 (1) a) DSGVO is the legal basis for the data processing.
Insofar as we process your personal data because this is necessary for the performance of a contract or in the context of a relationship with you similar to a contract, Art. 6 para. 1 lit. b) DSGVO is the legal basis for the data processing.
Insofar as we process your personal data for the fulfillment of a legal obligation, Art. 6 para. 1 lit. c) DSGVO is the legal basis for data processing.
Furthermore, Art. 6 (1) f) DSGVO is the legal basis for data processing if the processing of your personal data is necessary to protect a legitimate interest of our company or a third party and your interests, fundamental rights and freedoms do not require the protection of personal data.
Data deletion and storage period
We always delete or block your personal data when the purpose for storing it no longer applies. However, storage may take place beyond this if this is provided for by legal requirements to which we are subject, for example with regard to statutory retention and documentation obligations. In such a case, we will delete or block your personal data after the end of the corresponding requirements.
Use of our online services
Information about your computer
Each time you access our online offer, we collect the following information about your computer, regardless of your registration: the IP address of your computer, the request of your browser and the time of this request. We also collect the status and the amount of data transferred as part of this request. We also collect product and version information about the browser used and the computer's operating system. We further record from which website the online offer was accessed. The IP address of your computer is stored only for the time of use of the online offer and then deleted or anonymized by shortening. The remaining data is deleted after 90 days.
0To determine and eliminate errors, to determine the utilization of the online offer and to make adjustments or improvements. These purposes are also our legitimate interest in data processing according to Art. 6 para. 1 lit. f) DSGVO.
For our online offer - as on many websites - cookies are used. Cookies are small text files that are stored on your computer and store certain settings as well as data for exchange with the online offer from us via your browser. A cookie usually contains the name of the domain from which the cookie file was sent as well as information about the age of the cookie and an alphanumeric identifier.
Cookies allow us to recognize your computer and make any preferences and settings immediately available. The cookies we use are - as far as possible - so-called session cookies, which are automatically deleted after the end of the browser session. Occasionally, cookies with a longer storage period can also be used so that your settings and preferences can also be taken into account the next time you visit our online offering.
Most browsers are set to accept cookies automatically. However, you can deactivate the storage of cookies or set your browser to notify you as soon as cookies are sent. It is also possible to manually delete cookies that have already been stored via the browser settings. Please note that you may only be able to use our online offer to a limited extent or not at all if you reject the storage of cookies or delete necessary cookies.
The legal basis for the use of necessary cookies is our legitimate interest in the proper provision of our online offer within the meaning of Art. 6 para. 1 lit. f) DSGVO and - insofar as contracts are concluded or fulfilled via our online offer - the fulfillment of the contract within the meaning of Art. 6 para. 1 lit. b) DSGVO.
You can register to use our online service. To do so, you must provide the data requested as part of the registration process, for example name, address and e-mail address. We also record the date and time of registration and the IP address. You have the advantage that you do not have to re-enter this data for each use or order.
The legal basis for processing the data for registration is, in the case of consent, Art. 6 para. 1 lit. a) DSGVO. If you register with us for the purpose of fulfilling or initiating a contract, the legal basis for processing the data is also Art. 6 (1) (b) DSGVO.
The information requested as a mandatory field during registration is required for the fulfillment or initiation of a contract with us for certain services. However, you are not obliged to register, but can also order as a guest. In this case, however, you will have to re-enter all the data required to process the contract each time you place an order.
With the registration a customer account will be created for you. The data in the customer account will be stored by us as long as there is an active customer relationship. If no activity can be detected for a period of three years, the status of the customer relationship will be set to inactive. You can request the deletion of your customer account at any time.
Integration of third-party services
For some functions in our online offer, we make use of services from third-party providers. The corresponding services are mainly optional functions that must be explicitly selected or used by you. We have concluded contractual agreements with the respective providers for the provision or integration of their services and are committed, as far as we can, to ensuring that the third-party providers also provide transparent information about the scope of the processing of personal data and comply with the provisions of data protection law.
We use Google Analytics for statistical evaluations. Google Analytics is a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, Ireland ("Google").
On our behalf, Google uses this information to evaluate your use of the online offer, to compile reports on website activities and to provide us as the operator of the online offer with further services related to website and internet use. In addition, Google may use the data for its own purposes. Within the scope of these purposes, Google may, for example, create a profile of user behaviour or link the data with other data, for example with an existing Google account. We have no influence on these data processing procedures. According to Google, the IP address transmitted by your browser as part of Google Analytics is not merged with other data that Google collects or already has. For more information, please refer to Google's data protection information, which is linked below.
You can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available under the following link http://tools.google.com/dlpage/gaoptout?hl=de. For more information, please visit http://tools.google.com/dlpage/gaoptout?hl=de or http://www.google.com/intl/de/analytics/privacyoverview.html (general information on Google Analytics and data protection). We would like to point out that on our Internet pages Google Analytics has been extended by the code "anonymizeIp();" in order to anonymise the IP addresses, whereby the last octet is deleted.
The legal basis for data processing is your consent in accordance with Art. 6 (1) a) DSGVO. You can revoke your consent at any time with effect for the future.
For our online offer, we use the open source software Matomo for statistical evaluation of usage. This is a web analysis service. The data collected by Matomo is stored in a database for usage analysis purposes, which serves to optimise our website. The data collected includes the abbreviated IP address, the time, the website accessed, the website from which you came to ours ("referrer"), the browser used, the time spent on our website and the frequency of access.
The evaluations generated by Matomo are completely anonymised and cannot be used to identify individual persons. The data stored by Matomo is not linked to other data sources or passed on to third parties.
The legal basis for the data processing is our legitimate interest in optimising our online offer according to Art. 6 (1) lit. f) DSGVO.
On our online offer, we use the retargeting technology "Releva.nz" of the provider releva GmbH, Feilnerstr. 10, 10969 Berlin (hereinafter: "Releva.nz").
Retargeting is understood to mean technologies in which users who have previously visited a certain website are still shown suitable advertising after leaving this website. For this purpose, it is necessary to recognise Internet users beyond their own website, for which Releva.nz cookies are used; in addition, previous usage behaviour is taken into account. For example, if a user views certain products, these or similar products can later be displayed as advertisements on other websites. This is personalised advertising that is adapted to the needs of the individual user. The information generated by the cookies is used in pseudonymised form to record your interests as part of a pseudonymised user profile. For personalised advertising, it is not necessary to identify the user beyond recognition. We therefore do not combine the data used for retargeting with any other data.
For more information on data protection at Releva.nz, please visit: https://releva.nz/datenschutz
The legal basis for the data processing is your consent according to Art. 6 para. 1 lit. a) DSGVO.
We only use your personal data for orders within our company and affiliated companies as well as for the company commissioned with the processing of orders.
Storage and transfer of data for orders.
For order processing, we work together with various companies that are responsible for payment processing and logistics. We ensure that our partners also comply with data protection regulations. For example, we pass on your address data (name and address) to the respective transport company that delivers the ordered products to you. The legal basis for this is Art. 6 para. 1 lit. b) DSGVO. The processing of your personal data is necessary to fulfil the contract with you. If you also order an installation service, we will pass on your address data (name and address) to the installation service provider commissioned by us to carry out the installation at your premises. The legal basis for this is also Art. 6 Para. 1 lit. b) DSGVO.
The data is stored by us for as long as it is required for the fulfilment of the contract. In addition, we store this data for the fulfilment of post-contractual obligations and due to retention periods under commercial and tax law for the period prescribed by law. This retention period is usually 10 years to the end of the respective calendar year.
Payment processing for orders via PayPal
If the payment method has been chosen, the payment processing for orders is handled by involving the service provider PayPal.
The legal basis for payment processing is Art. 6 para. 1 lit. b) DSGVO. The processing of your personal data is necessary for the fulfilment of the contract with you, whereby the method of payment can be freely chosen by you.
The data will be stored by us for as long as it is necessary for the fulfilment of the contract. In addition, we store this data for the fulfilment of post-contractual obligations and on the basis of commercial and tax law.
Retention periods for the legally prescribed period. This retention period is usually 10 years to the end of the respective calendar year.
Depending on the selected payment method, it may be necessary to check your creditworthiness. In this case, we use external service providers to check your creditworthiness with your consent, to whom we transfer your data (name, address, date of birth, order value). For this purpose, we transmit the data to Creditreform Gütersloh, Moltkestr. 3-7, 33330 Gütersloh.
The legal basis for the credit assessment is Art. 6 para. 1 lit. a) DSGVO. If you do not wish to give your consent to the credit check, you may have to select another means of payment.
As part of the credit check, an assessment is obtained as to how high the probability of default is with regard to our claim from the order. We only receive a probability value (so-called score value) from our service provider, but no further details. On the basis of this value, we then assess whether the desired payment method can be offered. After the check has been completed, the score value is deleted by us and is not stored in the order data. It is therefore not possible for us to subsequently assess why, for example, a certain payment method was not possible.
On our online offer you have the possibility to download our furniture catalogues as PDF or to have them sent to you by post. For this purpose, we collect and use your personal data, in particular name, address and e-mail address, insofar as this is necessary for catalogue delivery.
Your details will be stored by us for as long as is necessary to fulfil the purpose of the data processing. Any statutory retention obligations remain unaffected by this.
The legal basis for data processing is your consent in accordance with Art. 6 Para. 1 lit. a) DSGVO. You can revoke your consent at any time with effect for the future.
You can create a customer account for our online offer on a voluntary basis. In the customer account, all information about you and your use of the various offers is managed centrally. In this way, you have the possibility to manage, update and, if necessary, also delete all data. The legal basis for processing the data for registration is Art. 6 para. 1 lit. a) DSGVO in the case of consent. If you register with us for the purpose of fulfilling or initiating a contract, the legal basis for processing the data is also Art. 6 para. 1 lit. b) DSGVO.
Collection of data via the customer account
All data relating to the use of the online offers is stored in the customer account, insofar as you log in with your customer account in each case. This includes, in particular, personal data (name, age, addresses, delivery and payment information), vouchers, wish lists, purchase history, communication history, search and navigation behaviour, consent to individual services (such as newsletters), discount affinity and information provided explicitly or implicitly by the customer about areas of interest. We can form segments from this data and assign customers to these segments. The affiliation to such segments is also stored in the customer account. Location-related data such as your delivery addresses or your location will be stored - insofar as you have given your consent for this.
Your current location may be used to provide you with location-based offers. If you do not want the data to be stored in your customer account in individual cases, you can use the respective offers without using your customer account. If you want to stop the storage of data in the customer account altogether, you can have your customer account deleted.
Use of the data from the customer account
We use the stored data to process the joint business relationship and - if appropriate consent has been given - to submit interesting and relevant offers to you via all communication channels used by the customer. On the basis of the stored data, we try to determine which offers are relevant to you.
We will contact you within the scope of the business relationship via the contact data provided if you make use of individual services. For example, you will automatically receive order notifications or information on the delivery status; we will inform you according to your selected preferences. Contact can be established via e-mail, messages on your smartphone or via other digital communication channels. In addition, you can select optional communication channels and occasions; these include, in particular, special newsletters and app messages.
Storage period and deletion
The data accrued during the use of the customer account is generally stored for the duration of the existence of the customer account, but can also be deleted prematurely upon request. A large part of the data can be viewed directly online and - with the exception of the e-mail address - changed or deleted. You can delete your customer account at any time by informing us of your wish for deletion, for example also via the general contact form. In the event of immediate deletion, the data may not be restored later in the event of renewed registration.
Communication with us
You can contact us in various ways, including via the contact form on our website. We will also be happy to inform you regularly by e-mail with our newsletter.
If you wish to use the contact form on our website, we will collect the personal data that you enter in the contact form, in particular your name and e-mail address. We also store the IP address and the date and time of the enquiry. We process the data transmitted via the contact form exclusively for the purpose of being able to answer your enquiry or request.
You can decide for yourself what information you send us via the contact form. The legal basis for the processing of your data is your consent in accordance with Art. 6 Para. 1 lit. a) DSGVO.
After we have processed the matter, the data will initially be stored in case of any queries. Deletion of the data can be requested at any time, otherwise we will delete the data after the matter has been fully dealt with; statutory retention obligations remain unaffected in each case.
When you register for our newsletter, your e-mail address will be used for our own advertising purposes until you unsubscribe. For this purpose, you will receive regular information by e-mail on current topics as well as e-mails for special occasions, for example special promotions. The e-mails may be personalised and individualised based on the information we have about you.
To register for our newsletter, we use the so-called double opt-in procedure, unless you have given us your consent in writing, i.e. we will only send you a newsletter by e-mail if you have previously expressly confirmed that you want us to activate the newsletter dispatch.
We will then send you a notification email and ask you to confirm that you would like to receive our newsletter by clicking on a link contained in this email.
The legal basis for the processing of your data is your consent in accordance with Art. 6 (1) a) DSGVO if you have expressly registered for the newsletter. Within the framework of the legal requirements, it may also be possible that you receive our newsletter from us without express consent because you have ordered goods or services from us, we have received your e-mail address in this context and you have not objected to receiving information by e-mail. In this case, the legal basis is our legitimate interest to send direct advertising according to Art. 6 para. 1 lit. f) DSGVO.
If you do not wish to receive any more newsletters from us, you can revoke your consent at any time with effect for the future or object to further receipt of the newsletter without incurring any costs other than the transmission costs according to the basic rates. Simply use the unsubscribe link contained in every newsletter or send us a message.
In addition to our online offer, we also use various social media channels for the transmission of information and communication, to which you will find links in our online offer or in which you will find links to our online offer. Specifically, we use the social networks. You can recognise the links by the respective logo of the provider.
Clicking on the links opens the corresponding social media pages, for which this data protection declaration does not apply. Details of the provisions and data protection notices of the respective providers apply there in principle. In the following, we have summarised for you an overview of the respective notices of the providers. For the applicable provisions, please refer to the corresponding data protection declarations of the individual providers; you will find these at:
No personal information is transmitted to the respective providers before the corresponding links are called up. Your access to the linked page is also the basis for data processing by the respective providers.
For our use of the social media channels Facebook, Instagram and YouTube, the following information on the associated processing of your personal data also applies.
In addition to our own online offer, we also operate a fan page on the social network Facebook. Via the fan page, we provide information about our activities and offer a channel for communication. The social network Facebook is operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (hereinafter: "Facebook").
Delimitation of responsibility
Within the scope of the possibilities offered by Facebook, we try to ensure the protection of your privacy and your private data. Insofar as your personal data is processed by us in connection with your visit to the Fanpage, the explanations in this data protection declaration apply without restriction. Due to the integration of the Fanpage into the Facebook offer, it should also be noted that personal data is processed by Facebook at the same time. We have no influence on the data processing by Facebook; in particular, Facebook does not act as a processor for us under our responsibility. For data processing by Facebook, the Facebook guidelines apply - at least according to Facebook - which are available at https://de-de.facebook.com/policy.php.
In terms of data protection law, it can be assumed that Facebook and we are jointly responsible for the operation of the fan page and the evaluation of user data when visiting the fan page. In accordance with data protection regulations, we have reached an agreement with Facebook on the demarcation of responsibility.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For your personal data, this is the case when the respective conversation has ended. For us, the conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified. You have the option to revoke your consent to the processing of personal data at any time; in this case, the data will be deleted by us immediately if there is no basis for further storage.
Further information on Facebook
Further information on Instagram
In addition to our own online offering, we also operate a channel on the video platform YouTube. Via the channel, we provide information about our activities and offer a channel for communication. The YouTube video platform is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: "Google").
We point out that you use the video platform and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. discussion, comments).
Processing of personal data
We process the data you enter on YouTube, in particular username and the content published under your account, to the extent that we may link to or respond to your posts or make posts from us that link to your account. The data you freely publish and distribute on YouTube will be included by us in our offer in this way and made available to our followers.
You have options to restrict the processing of your data in the general settings of your Google account. In addition, you can restrict Google's access to contact and calendar data, photos, location data, etc. on mobile devices in the settings options. However, this depends on the operating system used. In addition to these tools, Google also offers specific privacy settings for YouTube. You can find out more about this at: https://policies.google.com/privacy?hl=de&gl=de#infochoices.
Google offers operators of YouTube channels the possibility of obtaining an overview of the use of the account and its users via the "YouTube Analytics" function. Via YouTube Analytics, mainly statistical data can be accessed and evaluated. We use the data from YouTube Analytics to make the YouTube channel as attractive and efficient as possible. For this purpose, Google provides us with data that Google itself has generated on its own responsibility. The data we receive from Google is mostly anonymised data and statistics. If we receive personal data in this context, we are responsible for our further processing of this data to evaluate the use of our YouTube channel. Further information on YouTube Analytics is available from Google at https://support.google.com/youtube/answer/9002587?hl=de.
Further information on YouTube
Your rights and contact
We attach great importance to explaining the processing of your personal data as transparently as possible and also to informing you of the rights to which you are entitled. If you would like more information or wish to exercise the rights to which you are entitled, you can contact us at any time so that we can deal with your request.
Data subject rights
You have extensive rights with regard to the processing of your personal data. First of all, you have a comprehensive right to information and, if necessary, you can demand the correction and/or deletion or blocking of your personal data. You can also request a restriction of processing and have the right to object. With regard to the personal data you have provided to us, you also have a right to data portability.
If you would like to exercise one of your rights and/or receive more information about this, please contact our customer service.
Revocation of consent and objection
Once you have given your consent, you may freely revoke it at any time with effect for the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. The contact person for this is also our customer service.
If the processing of your personal data is not based on consent but on another legal basis, you can object to this data processing. Your objection will lead to a review and, if necessary, termination of the data processing. You will be informed about the result of the review and - if the data processing is to be continued nevertheless - you will receive more detailed information from us as to why the data processing is permissible.
Data protection officer and contact
We have appointed an external data protection officer who supports us in data protection issues and whom you can also contact directly. If you have any questions regarding our handling of personal data or require further information on data protection issues, please do not hesitate to contact our data protection officer and his team:
RA Dr. Sebastian Meyer, LL.M.
c/o BRANDI Attorneys at Law
Adenauerplatz 1, 33602 Bielefeld, Germany
Telephone: 0521 / 96535-812
If you would like to contact our data protection officer personally by e-mail, you can also reach him at firstname.lastname@example.org.
Further information and changes
Links to other websites
Our online offer may contain links to other websites. These links are usually marked as such. We have no influence on the extent to which the applicable data protection regulations are observed on the linked websites. We therefore recommend that you also inform yourself about the respective data protection declarations of other websites.
Changes to this data protection declaration
The status of this data protection declaration is indicated by the date (below). We reserve the right to change this data protection declaration at any time with effect for the future. A change will be made in particular in the event of technical adjustments to the online offer or in the event of changes to the data protection regulations. The current version of the data protection declaration can always be accessed directly via the online offer. We recommend that you regularly inform yourself about changes to this data protection declaration.
Status of this data protection declaration: November 2022
Flötotto Einrichtungssysteme GmbH
An der Manufaktur 4
+49 (0) 5241 50474 0