We appreciate your interest in our online offer. Below we inform you about the handling of personal data and about the data subject rights in accordance with the provisions of the General Data Protection Regulation (GDPR). Personal data is any data which is personal to you, e.g. name, address, e-mail address, user behaviour.
Responsible in the meaning of the Art. 4 Nr. 7 GDPR is
METTEN Stein+Design GmbH & Co. KG
(s.a. our Imprint)
The data protection officer can be reached at:
METTEN Stein+Design GmbH & Co. KG
Data Protection Officer
We secure our website and other systems by technical and organisational measures against loss, destruction, access, modification or dissemination of your data by unauthorised persons. Access to customer accounts is only possible after entering a user ID and a personal password. You should always treat your access data confidentially and close the browser window when you have finished communicating with us, especially if you share the computer with others.
For secure communication with us, we offer encrypted communication via the SSL protocol, which we use to secure the transfer of your personal data in our online shop.
To enable access to our web site, there is limited to a no longer 30 days period, in principle, of temporarily data storage carried out for the purpose of ensuring data and system security. This refers to data that may allow identification of a person (e.g., the IP address). The potential processing of such personal data for the purposes of data and system security is based on stipulations under Art. 6 para. 1 sentence 1 lit. f GDPR and our legitimate interest in securing our systems and preventing abuse.
Personal data will only be processed for the period required to achieve the respective processing purpose or if provided for in applicable laws or regulations, e.g. commercial or tax retention requirements. If a storage purpose ceases or if a legally prescribed storage period expires, the personal data concerned will be routinely and in accordance with the statutory provisions deleted or their processing will be restricted, e.g. limited under commercial or fiscal retention requirements.
The processing of personal data based on a legal obligation, namely the fulfilment of statutory retention obligations, and is based on stipulations under Art. 6 para. 1 sentence 1 lit. c GDPR Insofar as personal data pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR are processed for purposes of securing evidence; these processing purposes are dispensed with after expiry of the statutory limitation periods; the statutory period of limitation is of three years.
We process your personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other applicable data protection regulations. Which data is processed in detail and how it is used depends largely on the services requested or agreed upon in each case. Further details or additions to the purposes of data processing can be found in the respective contract documents, forms, a declaration of consent and/or other information provided to you. In addition, data protection information may be updated from time to time, as you can see from our website.
We process personal data to implement our contracts with you and to execute your orders as well as to carry out measures and activities within the scope of pre-contractual relations. These essentially include contract-related communication, the corresponding invoicing and associated payment transactions, verifiability of transactions, orders and other agreements, goodwill procedures, measures for controlling and optimising business processes and for fulfilling due diligence obligations, statistical evaluations for corporate management, cost recording and controlling, internal and external communication, emergency management, accounting and tax assessment of operational services, risk management, assertion of legal claims and defence in legal disputes, ensuring IT security and general security, securing and exercising domiciliary rights, guaranteeing the integrity, authenticity and availability of data, prevention and investigation of criminal offences, control by supervisory bodies or controlling authorities.
Beyond the actual fulfilment of the contract or preliminary contract, we may process your data, if necessary, to protect our own legitimate interests or those of third parties, in particular for the following purposes
Your personal data can also be processed for specific purposes (e.g. use of your e-mail address for marketing purposes) on the basis of your consent. You can generally withdraw this at any time. This also applies to withdrawing declarations of consent which were granted to us prior to the application of the GDPR, as of 25.05.2018. You will be separately informed about the purposes and consequences of withdrawing or failing to grant consent in the corresponding text of the consent. In principle, withdrawing a consent is only valid for the future. Any processing that has taken place prior to the withdrawal shall not be affected and shall remain lawful.
Like any other company, we are also subject to a large number of legal obligations. These may primarily involve legal requirements, but may also be regulatory or official requirements. In addition, the disclosure of personal data may become necessary in the context of official/judicial measures for the purpose of gathering evidence, prosecution or enforcement of civil claims.
Insofar as this is necessary for the provision of our services, we process personal data received from other companies or other third parties as permitted. In addition, we process personal data that we have permissibly obtained, received or acquired from public sources and we are allowed to process. Relevant categories of personal data may include in particular:
The internal departments or organisational units within our company that receive your data are those which require the data to fulfil our contractual and legal obligations or within the scope of processing and implementing our legitimate interests. Your data will be passed on to external parties solely
We will not forward your data to third parties for any other reason. If we commission service providers within the scope of order processing, your data will be subject to the same security standards by them as by us. In other cases, the recipients may use the data only for the purposes for which these were transmitted to them.
In the case of merely informative use of the website, i.e. if you do not register or otherwise provide us with information, we will only collect the following personal data that your browser transmits to our server, which is technically necessary for us to display our website and to ensure its stability and safety: IP address, date and time of the request, Greenwich Mean Time (GMT), time zone difference, request content (concrete page), access status / HTTP status code, amount of data transferred, the website that receives the request, browser, operating system and its interface as well as language and version of the browser software. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interest in the sense of this standard lies in the provision of a functional website. The personal data will be deleted as soon as the purpose of the storage is omitted.
As part of the operation of this website and related processes, we may be assisted by other service providers (for example, web hosting and web development) who work for us as contracted processors. These service providers are strictly bound by instructions and contractually obliged to us.
Our legitimate interest within the meaning of Art. 6 para. 1 sentence 1 lit. f) GDPR consists in providing and optimising our services.
Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or always a hint appears before a new cookie is created. However, disabling cookies completely may mean that you cannot use all features of our website.
We use the web tracking tool "Matomo" (formerly "Piwik"), an open-source software for the statistical analysis of visitor access. Matomo uses for the analysis of the use of the website cookies, which are stored on your computer. The usage information generated by the cookie is transmitted and stored onto our server for the purpose of optimising our online offer. An evaluation of IP address data is carried out in any case only in abbreviated / anonymised form, so that a personal reference is excluded. Regarding the nature, extent and functionality of cookies in general, we refer to the general cookie explanation above.
The legal basis for the processing of personal data using Matomo is Art. 6 (1) sentence 1 lit. f) GDPR. Our legitimate interest in the sense of this standard is to provide a user-friendly and optimised website.
In the sense of an opt-out, you can decide whether a web analytics cookie for Matomo may be stored in your browser, in order to enable us to collect and analyse various statistical data provided by Matomo.
This places a so-called deactivation cookie in your browser. Please note that the Matomo deactivation cookie of this website will also be deleted if you remove the cookies stored in your browser. In addition, if you're using another computer or web browser, you'll need to go through the deactivation process again.
5. Web fonts
On our website, so-called web fonts from Adobe Typekit are used for the uniform display of certain fonts. The provider is Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe).
The browser loads the required fonts directly from Adobe when the respective pages are opened, so that they can be displayed correctly. In doing so, the browser connects to the servers of Adobe in the USA. This way, Adobe is notified that our website has been accessed via your IP address. According to Adobe, no cookies are stored when the fonts are provided.
Adobe has joined the EU-US Privacy Shield. For further information, please visit: https://www.adobe.com/de/privacy/eudatatransfers.html.
We use typekit in the interest of a correct presentation of the website. Therefore, the use is based on a legitimate interest in the sense of art. 6 par. 1 letter f of the GDPR. For more information about Adobe Typekit Web Fonts, please visit: https://www.adobe.com/de/privacy/policies/typekit.html.
On our website, we offer you various ways to contact us and send us messages. Contact is in particular carried out by means of a phone, e-mail or via the provided contact form which can be used for electronic contact. As far as you agree to this, the data entered in the input mask will be transmitted to us and stored. At the time of sending the completed contact form, the following data will also be stored: IP address of the calling computer, date and time of sending. Alternatively, contact via the provided e-mail address or by phone is also possible. In this case, your personal data transmitted by e-mail or by phone will be stored.
The data is used exclusively for processing the conversation. The legal basis for the processing of the data is Art. 6 para. 1 sentence 1 lit. f) GDPR. If the establishment of contact aims at concluding a contract, then additional legal basis for the processing is Art. 6 para. 1 p.1 lit. b) of GDPR. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems. This is also our legitimate interest.
The personal data transmitted to us in case of a contact made will be deleted if the respective conversation with you is over and the storage of the data is no longer necessary.
We are happy to inform you about your rights under the GDPR as "data subject". You have the following rights regarding your personal data:
In addition, we summarise here the key points of the data subject rights under the GDPR as follows, although this description does not claim to be exhaustive, but merely addresses the main features of the data subjects under the GDPR provisions:
The data subject has the right to ask the person responsible for its presumable data processing for a confirmation of the processing of the personal data concerned.
The data subject has the right to access personal data concerning him or her and the following related information:
The data subject has the right to provide a copy of the personal data with regard to the personal data relating to him or her that is the subject of a data processing.
The data subject has the right to demand from the person responsible without delay the correction of incorrect personal data concerning him. In consideration of the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary statement.
The data subject has the right to require the controller to restrict the processing if one of the following conditions is met:
In principle and subject to the statutory necessity of data processing (see, for example, Art. 17 (3) GDPR), the data subject has the right to demand that the data subject's personal data be deleted immediately if one of the following reasons applies:
The data subject has the right to receive personal data relating to him or her which were prior provided to a data controller, in a structured, common and machine-readable format. S/he has the right to request the transfer of that information to another person, without interference from the data controller having being prior provided with such data, subject to the fact that the respective data processing is based on a consent or on a contract pursuant to Art. 6 (1) sentence 1 lit. b GDPR and the data processing is carried out using automated procedures.
In exercising the right to data portability, the data subject has the right to obtain the personal data to be transferred directly from one controller to another, where this is technically feasible.
The data subject has the right to revoke any consent granted, at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent given, until the revocation.
Any data subject shall have the right to complain to a supervisory authority, in particular in the Member State of his or her residence, place of work or place of alleged infringement, if the data subject considers that the processing of personal data concerning him/her violates this Regulation.
The data protection supervisory authority responsible for us is:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
For questions about the processing of personal data and for asserting the stipulations under para. IV., please contact our data protection officer:
METTEN Stein+Design GmbH & Co. KG
Phone: 02206 / 603-0
Telefax: 02206 / 603-80