We take data protection seriously!
Protecting your privacy when processing personal data is important to us. When you visit our website, our web servers automatically store the IP address of your Internet service provider, the website from which you visit us, the web pages you visit, and the date and duration of your visit. This information is essential for the technical transmission of the websites and secure server operation. This data is not evaluated for any specific purpose.
If you send us data via the contact form, this information will be stored on our servers for backup purposes. We will use your data exclusively to process your request. Your data will be treated with the strictest confidentiality. It will not be passed on to third parties.
Responsible
FS Tec Limited
47 OYIA BUILDING LEVEL 0, CROSS ROAD, MRS1547, MARSA, Malta
Email address: shop@bonlay.com
Personal data
Personal data is information about you. This includes your name, address, and email address. You do not have to disclose any personal information to visit our website. In some cases, we require your name and address, as well as other information, in order to provide you with the requested service.
The same applies if we provide you with informational material upon request or if we respond to your inquiries. In these cases, we will always inform you. Furthermore, we only store the data that you have provided to us automatically or voluntarily.
When you use one of our services, we generally only collect the data necessary to provide our service to you. We may ask you for additional information, but this is voluntary. Whenever we process personal data, we do so to provide our service to you or to pursue our commercial goals.
Safety precautions
We have taken technical and administrative security measures to protect your personal data against loss, destruction, manipulation, and unauthorized access. All our employees and service providers are obligated to comply with applicable data protection laws.
Whenever we collect and process personal data, it is encrypted before transmission. This means your data cannot be misused by third parties. Our security measures are subject to continuous improvement, and our privacy policies are constantly being revised. Please ensure you have the most up-to-date version.
Automatically saved data
Server log files:
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us.
These are:
- Date and time of the request
- Name of the requested file
- Page from which the file was requested
- Access status (file transferred, file not found, etc.)
- web browser and operating system used
- full IP address of the requesting computer
- amount of data transferred
This data will not be merged with other data sources. Processing is carried out in accordance with Art. 6 (1) (f) GDPR based on our legitimate interest in improving the stability and functionality of our website.
For reasons of technical security, particularly to prevent attempted attacks on our web server, we store this data temporarily. It is not possible for us to identify individual people based on this data. After seven days at the latest, the data is anonymized by shortening the IP address at the domain level, making it impossible to establish a connection to the individual user. In anonymized form, the data is also processed for statistical purposes; it is not compared with other databases or shared with third parties, even in excerpts.
Customer account
For each customer who registers, we provide password-protected direct access to their stored customer data (customer account). Here, you can view information about your completed, open, and recently shipped orders, as well as manage your address, bank details, and newsletter. You agree to treat your personal access data confidentially and not to disclose it to unauthorized third parties. We cannot accept liability for misused passwords unless we are responsible for the misuse.
With the "Stay logged in" function, we want to make your visit to our website as pleasant as possible. This function allows you to use our services without having to log in each time. For security reasons, however, you will be asked to enter your password again if, for example, you want to change your personal data or place an order. We recommend that you do not use this function if the computer is used by multiple users. Please note that the "Stay logged in" function is not available if you use a setting that automatically deletes stored cookies after each session.
Collection, processing and use of your personal data
Data protection is very important to us. Therefore, when collecting, processing, and using your personal data, we strictly adhere to the legal provisions of the Federal Data Protection Act and the Telemedia Act. We collect, store, and process your data for the entire processing of your purchase, including any subsequent warranties, for our services, technical administration, and our own marketing purposes. Your personal data will only be passed on or otherwise transmitted to third parties if this is necessary for the purpose of contract execution or billing, or if you have given your prior consent. As part of the order processing, for example, the service providers we use here (such as carriers, logistics providers, banks) receive the necessary data for order and contract processing. The data passed on in this way may only be used by our service providers to fulfill their tasks. Any other use of the information is not permitted, and none of the service providers we commission will do so.
For your order, we require your correct name, address, and payment details. We need your email address so that we can confirm receipt of your order and communicate with you. We also use this for your identification (customer login). You will also receive your order and shipping confirmations via your email address.
Your personal data will be deleted unless statutory retention periods prevent this and if you have asserted a right to deletion, if the data is no longer required to fulfil the purpose for which it was stored or if its storage is not permitted for other legal reasons.
Cookies
When you visit our website, we may store information on your computer in the form of cookies. Cookies are small files that are transferred from an internet server to your browser and stored on its hard drive. Only the internet protocol address is saved – no personal data. This information stored in the cookies allows us to automatically recognize you the next time you visit our website, making it easier for you to use. The legal basis for the use of cookies is our legitimate interest pursuant to Art. 6 (1) (f) GDPR.
Of course, you can also visit our website without accepting cookies. If you do not want your computer to be recognized the next time you visit, you can also refuse the use of cookies by changing your browser settings to "Reject cookies." You can find out how to do this in your browser's user manual. However, if you refuse the use of cookies, this may limit your ability to use some areas of our website.
Information obligations according to Art. 13 GDPR
We would like to inform you comprehensively about the processing of your data in our company and the data protection claims and rights to which you are entitled within the meaning of Art. 13 of the European General Data Protection Regulation (EU GDPR).
1. Who is responsible for data processing and who can you contact?
Responsible is
FS Tec Limited
47 OYIA BUILDING LEVEL 0, CROSS ROAD, MRS1547, MARSA, Malta
Email address: shop@bonlay.com
2. What data is processed and from which sources does this data come?
We process the data that we have received from you in the context of initiating or processing a contract, based on consent or as part of your application to us or as part of your employment with us.
Personal data includes:
Your master/contact data, for customers this includes e.g. first and last name, address, contact details (email address, telephone number, fax), bank details.
For applicants and employees, this includes, for example, first and last name, address, contact details (email address, telephone number, fax), date of birth, data from CV and employment references, bank details, religious affiliation, photographs.
For business partners, this includes, for example, the name of their legal representatives, company name, commercial register number, VAT number, company number, address, contact details (email address, telephone number, fax), bank details.
For visitors to our company, this includes name and signature.
For journalists, this includes first and last name, email address, and fax number.
For competition participants, this includes first and last name and email address.
In addition, we also process the following other personal data:
- Information about the type and content of contract data, order data, sales and document data, customer and supplier history as well as consulting documents,
- Advertising and sales data,
- Information from your electronic communication with us (e.g. IP address, log-in data),
- other data that we have received from you in the context of our business relationship (e.g. in customer discussions),
- Data that we generate ourselves from master / contact data and other data, such as customer needs and customer potential analyses,
- the documentation of your declaration of consent to receive, for example, newsletters.
- Photographs taken during events.
3. For what purposes and on what legal basis is the data processed?
We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act 2018 in its currently valid version:
-
to fulfill (pre-)contractual obligations (Article 6 (1) (b) GDPR):
Your data will be processed for contract processing online or in one of our branches, and for contract processing for your employees within our company. The data will be processed in particular when initiating business transactions and when executing contracts with you. -
to fulfill legal obligations (Article 6 (1) (c) GDPR):
Processing of your data is necessary for the purpose of fulfilling various legal obligations, e.g. under the Commercial Code or the Tax Code. -
to protect legitimate interests (Article 6 (1) (f) GDPR):
Based on a balancing of interests, data processing may be carried out beyond the actual fulfillment of the contract to protect the legitimate interests of us or third parties. Data processing to protect legitimate interests occurs, for example, in the following cases:
- advertising or marketing (see No. 4),
- Measures for business management and further development of services and products;
- Maintaining a group-wide customer database to improve customer service
- in the context of legal proceedings
- Sending non-promotional information and press releases. -
within the scope of your consent (Art. 6 para. 1 lit. a GDPR):
If you have given us your consent to process your data, e.g. to send you our newsletter, publish photos, hold competitions, etc.
4. Processing of personal data for advertising purposes
You can object to the use of your personal data for advertising purposes at any time, either in whole or in respect of individual measures, without incurring any costs other than the transmission costs according to the basic rates.
Under the legal requirements of Section 7 (3) of the German Unfair Competition Act (UWG), we are entitled to use the email address you provided upon conclusion of the contract for direct marketing purposes for our own similar goods or services. You will receive these product recommendations from us regardless of whether you have subscribed to a newsletter.
If you do not wish to receive such recommendations from us via email, you can object to the use of your address for this purpose at any time, without incurring any costs other than the transmission costs according to the basic rates. A written notification is sufficient for this purpose. Of course, every email always contains an unsubscribe link.
5. Who receives my data?
If we use a service provider for contract processing, we remain responsible for protecting your data. All contract processors are contractually obligated to treat your data confidentially and to process it only within the scope of providing the service. The contract processors we commission will receive your data if they need it to perform their respective services. These include, for example, IT service providers we need for the operation and security of our IT system, as well as advertising and address publishers for our own advertising campaigns.
Your data is processed in our customer database. The customer database supports improving the quality of existing customer data (duplicate removal, moved/deceased indicators, address correction) and enables enrichment with data from public sources.
If there is a legal obligation or in the context of legal proceedings, authorities, courts and external auditors may be recipients of your data.
In addition, insurance companies, banks, credit agencies and service providers may be recipients of your data for the purpose of initiating and fulfilling contracts.
6. How long will my data be stored?
We will process your data until the end of the business relationship or until the expiry of the applicable statutory retention periods (e.g., those stipulated in the German Commercial Code, the Tax Code, or the Working Hours Act); and furthermore, until the end of any legal disputes in which the data is required as evidence.
7. Is personal data transferred to a third country?
As a general rule, we do not transfer any data to third countries. In individual cases, transfers will only take place on the basis of an adequacy decision by the European Commission, standard contractual clauses, appropriate safeguards, or your express consent.
8. What data protection rights do I have?
You have the right to information, correction, deletion or restriction of the processing of your stored data at any time, the right to object to the processing as well as the right to data portability and to lodge a complaint in accordance with the requirements of data protection law.
Right to information:
You can request information from us as to whether and to what extent we process your data.
Right to rectification:
If we process your data that is incomplete or incorrect, you can request that we correct or complete it at any time.
Right to erasure:
You can request that we delete your data if we process it unlawfully or if the processing disproportionately interferes with your legitimate interests. Please note that there may be reasons that prevent immediate deletion, e.g., in the case of statutory retention periods.
Regardless of whether you exercise your right to erasure, we will delete your data immediately and completely, unless there is a contractual or statutory obligation to retain it.
Right to restriction of processing:
You can request that we restrict the processing of your data if
- You contest the accuracy of the data for a period of time that enables us to verify the accuracy of the data.
- the processing of the data is unlawful, but you refuse to delete it and instead request a restriction of data use,
- we no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or
- You have objected to the processing of your data.
Right to data portability:
You can request that we provide you with the data you have provided to us in a structured, common and machine-readable format and that you can transmit this data to another controller without hindrance from us, provided that
- we process this data on the basis of your consent, which can be revoked, or to fulfil a contract between us, and
- this processing is carried out using automated procedures.
If technically feasible, you can request that we transmit your data directly to another controller.
Right of objection:
If we process your data based on legitimate interests, you can object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or unless the processing serves to assert, exercise, or defend legal claims. You can object to the processing of your data for direct marketing purposes at any time without giving reasons.
Right to complain:
If you believe that we are violating German or European data protection law in the processing of your data, please contact us so that we can clarify any questions. You also have the right to contact the supervisory authority responsible for you, the relevant state data protection authority.
If you wish to exercise any of the aforementioned rights, please contact our data protection officer. If in doubt, we may request additional information to confirm your identity.
9. Am I obliged to provide data?
The processing of your data is necessary to conclude or fulfill the contract you have entered into with us. If you do not provide us with this data, we will generally have to refuse to conclude the contract or will no longer be able to perform an existing contract and will therefore have to terminate it. However, you are not obligated to consent to data processing that is not relevant for the fulfillment of the contract or is not required by law.