Privacy Policy

1. General

We attach great importance to the protection of your personal data and your privacy. This is why we would like to inform you about the way we handle your personal data, in particular the type, scope and purpose of the processing of personal data, as well as the data protection claims and rights you are entitled to.

We process your personal data in accordance with the provisions of data protection law, in particular the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG new). When we refer to data or personal data hereinafter, we mean any information through which you can be directly or indirectly identified as a person.

2. Responsible party and data protection officer

The responsible party in the sense of the GDPR is Bayerische Glaswerke GmbH. We can be reached using the following contact details:

Zacharias-Frank-Str. 7

92660 Neustadt a. d. Waldnaab

Germany

Phone: +49 96 02 30 0

Email: webshop@nachtmann.com and webshop@spiegelau.com

The data protection officer within the meaning of the GDPR is Projekt 29 GmbH & Co. KG; you can get in touch with any concerns regarding data protection using the following contact details: Telephone: +49 941 29 86 93 0 Email: anfrage@projekt29.de

3. Purpose of processing, legal basis and data collected

3.1. Contract processing and personal customer account

We process your personal data so that we can fulfill orders when you purchase products via our webshop and, where applicable, to manage your personal customer account. You are free to place orders as a guest without a customer account, to register as a new customer or to log in as a customer in the personal customer account. The customer account lets you better manage your orders and create wish and gift lists, among other things.

The following personal data may be processed for this purpose: Title, first and last name, address, country, email address, telephone number, VAT ID, company, order number, order status, watch lists, purchase history, payment amounts, payee details, payment method, credit card details and payment details.

The legal foundation for the processing is fulfillment of a contract or the implementation of pre-contractual measures in accordance with Art. 6 para. 1 lit. b GDPR.

3.2. Contract processing and business account

We process your personal data in order to execute orders and manage your SPIEGELAU For Business - business account if you are a retailer, wholesaler or operator of a hospitality business or winery and purchase products via our webshop.  

The following personal data may be processed for this purpose: Title, first and last name, address, country, email address, telephone number, VAT ID, company, company type, order number, order status, watch lists, purchase history, payment amount, payee details, payment method, credit card details and payment details.

The legal foundation for the processing is fulfillment of a contract or the implementation of pre-contractual measures in accordance with Art. 6 para. 1 lit. b GDPR.

3.3 Newsletter

We process your personal data when you subscribe to our newsletter through our online store. By doing so, you will receive interesting information about our activities, products and offers by email. Following your initial registration, you will receive a confirmation email, through which you must reconfirm your subscription.

The following personal data may be processed for these purposes: Title, first and last name, email address, company type, date of birth, country and language.

The legal foundation for sending the newsletter shall be your consent in accordance with Art. 6 para. 1 lit. a GDPR. This consent can be revoked at any time by clicking on the unsubscribe option in the newsletter.

The legal foundation for sending the newsletter to catering customers is our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR in connection with §7 para. 3 of the Act against Unfair Competition (UWG). You have the right to object at any time to the processing of your personal data for the purpose of such advertising (see 8.4. second paragraph).

Placing a tick in the box indicates that you give your consent to receive the regular newsletter of Bayerische Glaswerke GmbH with information on the RIEDEL, SPIEGELAU and NACHTMANN brands by e-mail. The newsletter is sent via Optimizely AB (Optimizely AB, c/o Attention: General Counsel, Box 7007, 103 86 Stockholm, Sweden) as a service provider. In this case, the RSN Group has concluded a contract for order processing in accordance with Art. 28 of the General Data Protection Regulation. Optimizely therefore processes your data in strict accordance with the Group's instructions. You are entitled to withdraw your consent at any time by sending an e-mail to  webshop@nachtmann.com and webshop@spiegelau.com with effect for the future. There is also a link to unsubscribe from further information in each newsletter.

3.4. Accounting

We process your personal data in order to manage our internal accounting system.

The following personal data may be processed for this purpose: Title, first and last name, contact information, function, power of representation and processed business cases.

The legal foundation for the processing is fulfillment of a legal obligation in accordance with Art. 6 para. 1 lit. c GDPR.

3.5. Factoring

In order to process our purchase price claim arising from your purchase by invoice, we reserve the right to assign the claim to the Targo Commercial Finance AG for factoring purposes. We will transmit your required personal data (e.g. name, address, invoice data) to the Targo Commercial Finance AG, Heinrich-von-Brentano-Straße 2, 55130 Mainz.

3.6. Commercial credit insurance

If you enter into a continuing obligation with us, we will also reserve the right to use the service of the commercial credit insurance provided by the Euler Hermes Deutschland AG.  In this context, the Euler Hermes Deutschland AG will carry out a credit assessment. We will transmit the personal data required for your credit assessment (e.g. name, address, registration number) to the Euler Hermes Deutschland branch of the Euler Hermes SA, Friedensallee 254, 22763 Hamburg. The result of the credit assessment will be used exclusively for the purpose of making decisions related to the conclusion and the amount of a commercial credit insurance. The recipient may use the data forwarded in this manner only for the completion of his task. Another use of the information is not permitted.

The transmission and processing of your data for factoring purposes and/or the credit assessment is necessary in order to protect our legitimate interests (Art. 6 sec. 1 lit. f DS-GVO).

3.7. Applications

We process your personal data within the scope of the application process if you send us the corresponding application documents, e.g. via email.

The following personal data may be processed for this purpose: Title, first and last name, address, email address, telephone number, date of birth, CV incl. submitted documents (certificates etc.)

The legal foundation for the processing is fulfillment of a contract or the implementation of pre-contractual measures in accordance with Art. 6 para. 1 lit. b GDPR or the protection of our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR.

If the processing is based on the protection of our legitimate interest, then you have the right to raise an objection to such processing of your personal data at any time (see point 8.4. first paragraph).

3.8. Friendly Captcha (bot/spam protection)

Our website uses the “Friendly Captcha” service (www.friendlycaptcha.com). This service is provided by Friendly Captcha GmbH, Am Anger 3-5, 82237 Woerthsee, Germany. Friendly Captcha is an innovative, privacy-friendly protection service which makes it harder for automated programs and scripts (“bots”) to use our website.

To enable its use we have integrated a program code from Friendly Captcha into our website (e.g. for contact forms) which allows the visitor’s device to establish a connection with the servers of Friendly Captcha with the aim of receiving a computational task from Friendly Captcha. The visitor’s device triggers a computational task which takes up a certain amount of system resources and sends the result of the computation to our web server. The server uses an interface to establish contact with the Friendly Captcha server and receives a notification as to whether the device has solved the puzzle correctly. Depending on the result, we can then add security rules to enquiries received via our website, allowing us to process or reject them, for instance.

Friendly Captcha does not place or read cookies on the visitor’s device. IP addresses are stored only in hashed (one-way-encrypted) form and do not allow either us or Friendly Captcha to identify individual persons. Where personal data are collected, these are deleted after no more than 30 days.

The legal basis for the processing is our legitimate interest in protecting our website from malicious access by bots, thus also in spam protection and protection from attacks (e.g. bulk enquiries), Art. 6 (1) (f) GDPR. You can find more information on data protection and the use of Friendly Captcha at https://friendlycaptcha.com/legal/privacy-end-users/

4. Transfer of data

4.1. Bayerische Glaswerke GmbH and affiliated companies

Only those departments or employees within Bayerische Glaswerke GmbH who require your personal data for processing for the relevant purposes will receive it.

Any data transfer within our affiliated companies, namely RSN Logistik GmbH and Nachtmann GmbH, will only take place based on an order processing agreement.

4.2. Shipping company

Once you have placed your order in the webshop, we will transfer your shipping data to the corresponding shipping service provider for the purpose of processing the contract. The corresponding shipping company will only process your shipping data for the purpose of fulfilling the contract.

Logistics service providers/transport companies and/or shipping partners who receive the following data for the purpose of delivering the ordered goods or for the purpose of notifying you of the shipment: First name, last name, postal address along with the email address and telephone number, if applicable. The legal foundation for the processing shall be Art. 6 para. 1 letter b) GDPR.

4.3. PayPal

If you pay via PayPal, your payment data will be forwarded to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as "PayPal") within the framework of the payment procedure for the purpose of processing the contract. PayPal reserves the right to perform a credit check on some payment methods. To the extent that score values are incorporated into the result of the credit report, these may include, among other things, address data.

4.4. Sofort transfer (Klarna)

If you transfer payment via Sofort, your payment data will be transmitted to Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany, for the purpose of processing the contract. You will receive confirmation of the transaction immediately after completing the payment process. We will then receive the transfer credit directly.

4.5. Credit card

If you pay by credit card, your payment data will be transferred to your credit institution (e.g. American Express Company, Visa Inc. or Mastercard Inc.) for the purpose of processing the contract.  

4.6. Apple Pay

If you pay via Apple Pay, your payment data will be transferred to the service provider Apple Inc., Infinite Loop, Cupertino, CA, 95014, USA for the purpose of processing the contract. Apple Pay stores the payment and transaction data, including the approximate amount of the purchase, the approximate date and time, and whether the transaction was successfully completed.

4.7. Processors

Processors commissioned by us, i.e. the payment platform provider Adyen N.V., which we have commissioned to process the payment methods listed above, shall receive your data to the extent that they require it to fulfill their respective tasks. All processors have been carefully selected and take appropriate technical and organizational measures to ensure that your data is processed in accordance with the legal data protection obligations and that your rights are protected. Above all, the processors are not permitted to use your personal data for their own purposes.

5. Storage duration

We process your personal data to the extent reasonably necessary in order to achieve the corresponding purposes and, moreover, in accordance with the legal retention and documentation obligations that arise, inter alia, from the Commercial Code (HGB) or the Fiscal Code (AO).

Your data will therefore be deleted in principle once the contract has been fully processed, your consent has been withdrawn or you have objected, insofar as the storage is not required for compliance with a legal obligation or to assert, exercise or defend legal claims. For instance, data in the form of application documents shall be deleted after seven months in the event that the application has not led to an employment relationship. Any further processing shall only occur if you have consented to the further use of your data or if we have retained the right to process data beyond this, as permitted by law.

6. Social Plugins

6.1. Provider and data processing

Social plugins ("plugins") from the following providers are integrated on our website:

Facebook Inc. (operated by Meta Platforms), 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook“);

Instagram LLC. (operated by von Meta Platforms), 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram“);

WhatsApp Ireland Limited (operated by Meta Platforms), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“WhatsApp“);

Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA (“Twitter“);

Pinterest Inc., 651 Brannan Street, San Francisco, CA 94107, USA (“Pinterest“);

LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (“LinkedIn“).

The plugins are marked with the respective logo of the provider. When you access one of our websites where a plugin is integrated, your browser establishes a direct connection with the servers of the respective provider, irrespective of whether you have your own profile with this provider or not. In the process, browser names, preferred language and the IP address of your end device shall be transmitted to the respective provider, among other things.

In the event that you are logged in to one of the services, the providers may directly assign your visit to our website with your respective profile on Facebook, Instagram, WhatsApp, Twitter, Pinterest and LinkedIn. The information can or will be published in the respective social network, on your account and displayed there to your contacts.

6.2. Purpose of data collection and further information

The privacy policy of the respective provider will give you information about the purpose and scope of the data collection and the further processing and use of the data by the respective provider, as well as your rights in this context and setting options for the protection of your privacy.

Facebook: http://www.facebook.com/policy.php

Instagram: https://help.instagram.com/519522125107875/?helpref=uf_share

WhatsApp: https://www.whatsapp.com/privacy

Twitter: https://twitter.com/privacy

Pinterest: https://policy.pinterest.com/de/privacy-policy

LinkedIn: https://de.linkedin.com/legal/privacy-policy?

6.3. Two-click solution

All plugins on our website have been implemented using a two-click solution in order to protect your data. This means that when you access one of our websites that contains plugins, no immediate connection is established to the servers of the respective providers. A connection and the associated data transfer is only established once you activate the corresponding plugin from Facebook, Instagram, WhatsApp, Twitter, Pinterest or LinkedIn. The data transfer and processing already described above then takes place to and by the corresponding provider.

7. Analysis-Tools

7.1. Use of Microsoft Services for Web Analytics and Advertising Purposes

We use the technologies set out below from Microsoft Ireland Operations Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland ("Microsoft"). The data processing is carried out on the basis of an agreement between jointly responsible persons in accordance with Art. 26 GDPR. The information automatically collected by Microsoft technologies about your use of our website is usually transferred to a server of the Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA and stored there. 

For the USA, there is no adequacy decision by the European Commission. Our cooperation is based on standard data protection clauses of the European Commission. 

For further information on data processing by Microsoft, please refer to the Microsoft privacy policy https://privacy.microsoft.com/de-de/privacystatement

 

7.2. Microsoft Advertising

For advertising purposes in the Bing, Yahoo and MSN search results as well as on third-party websites, the so-called Microsoft Advertising Remarketing Cookie is saved when you visit our website, which automatically enables interest-based advertising by collecting and processing data (IP address, time of visit, device and browser information as well as information on your use of our website) and by means of a pseudonymous CookieID and based on the pages you visit.

For website analytics and event tracking, we use Microsoft Advertising Universal Event Tracking (UET) to measure your subsequent usage behaviour when you have accessed our website via a Microsoft Advertising ad, from which usage profiles are created using pseudonyms. For this purpose, cookies may be used and data (IP address, time of visit, device and browser information as well as information on your use of our website based on events specified by us, such as visiting a website or subscribing to a newsletter) may be collected, from which usage profiles are created using pseudonyms. If your Internet-enabled devices are linked to your Microsoft account and you have not deactivated the "Interest-based advertising" setting in your Microsoft account, Microsoft may generate reports on usage behaviour (in particular cross-device user numbers), even if you change your terminal device, so-called "cross-device tracking". We do not process personal data in this respect; we only receive statistics compiled on the basis of Microsoft UET.

7.3. Belboon, AWIN, Affilinet

This website uses the affiliate advertising networks of belboon (www.belboon.de, belboon GmbH, Weinmeisterstr. 12-14, D-10178 Berlin), AWIN (www.awin.com, AWIN AG, Eichhornstraße 3, D- 10785 Berlin) and Affilinet (www.affili.netaffilinet GmbH, Sapporobogen 6-8, D-80637 Munich). In the context of this, the respective conversion tracking is used. If you have accessed our website via an advertising medium of one of these affiliate networks, a valid cookie will be saved for 90 days. Within this time, we and the respective affiliate network can recognise that the user has been redirected to our site. These cookies serve the sole purpose of correctly assigning the success of an advertising medium and the corresponding billing within the framework of its advertising network. Only the information about when a particular advertising medium was clicked on by a device is saved in a cookie. In the tracking cookies, an individual sequence of numbers, which cannot, however, be assigned to the individual user, is stored, which documents the partner programme of an advertiser, the publisher (i.e. on whose website the advertising material was displayed) and the time of the user's action (click or view). In doing so, the corresponding affiliate network also collects information about the device from which a transaction is carried out, e.g. the IP address, the operating system and the accessing browser. Personal data is not collected, processed or used by the affiliate networks.

The data is stored and analyzed on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the correct calculation of its affiliate remuneration. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's end device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

7.4. Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool allowing us to embed tracking or statistical tools and other technologies on our website. Google Tag Manager itself neither creates user profiles nor stores cookies, nor does it carry out any independent analyses. It is merely used to manage and deploy the tools that are integrated through it. Google Tag Manager does, however, collect your IP address, which can also be transmitted to Google's parent company in the United States.

Google Tag Manager is used on the basis of Art. 6 para. 1 lit. f GDPR.

7.5. Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads allows us to display advertisements in the Google search engine or on third-party websites whenever users enter certain search terms on Google (keyword targeting). Targeted advertisements can also be displayed (target group targeting) according to the user data (e.g. location data and interests) held by Google. As the operator of the website, we are able to analyse this data in quantitative terms, for example by analysing which search terms have prompted our advertisements to be displayed and how many advertisements have resulted in the corresponding clicks.

This service is used subject to your consent in accordance with Art. 6 para. 1 lit. a GDPR and 25 para. 1 of the German Telecommunications Digital Services Data Protection Act (TDDDG). You can revoke your consent at any time. The data transmission to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:

https://policies.google.com/privacy/frameworks and

https://privacy.google.com/businesses/controllerterms/mccs/.

8. Your rights

8.1. Right to information

You have the right at any time, within the framework of the applicable legal provisions, to request confirmation as to whether personal data pertaining to yourself is being processed. Should this be the case, you are entitled to receive information about this personal data (e.g. the purposes of processing, the categories of personal data and recipients) without charge.

8.2. Right to rectification

You have the right to request that we rectify any incorrect personal data about you without undue delay.

8.3. Right to deletion

You have the right to request the immediate deletion of your personal data if certain conditions are met. Such a right to deletion exists, for example, if (i) your data is no longer necessary for the purposes for which it was collected or otherwise processed, (ii) your data was processed in an unlawful manner, (iii) the data processing is based on your declaration of consent and you withdraw your consent, or (iv) you object to the processing in accordance with Art. 21 para. 1 GDPR and there are no overriding legitimate reasons for the processing of your personal data. You also have a right to deletion if you object to processing for the purpose of direct marketing.

The right to deletion shall not be applicable if one of the exceptions of Art. 17 para. 3 GDPR applies. This is the case, for instance, if processing is necessary for compliance with a legal obligation under EU or Austrian law (e.g. statutory retention obligations) or in order to assert, exercise or defend legal claims.

8.4. Right to object to data processing

If the data processing is performed to safeguard our legitimate interests, you have the right at any time to object to the processing of your personal data on the grounds arising from your particular situation. The respective legal foundation on which processing is based can be found in this privacy policy. Should you lodge an objection, we will no longer process your personal data in question unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is used to assert, exercise or defend legal claims.

In the event that we process your personal data in order to carry out direct advertising, you have the right of objection to such processing of your personal data for the purpose of this type of advertising at any time.

8.5. Right to withdraw consent

If the data is processed with your consent in accordance with Art. 6 para. 1 lit. a GDPR, you have the right to withdraw your consent at any time. The legality of the processing based on the consent shall remain unaffected until the withdrawal.

8.6. Right to data portability

You have the right to request that personal data pertaining to you, which we process automatically based on your consent or in fulfillment of a contract, be handed over to you or to a third party in a commonly used, machine-readable format. Insofar as you request the direct transfer of the data to another responsible party, we will only do so to the extent that this is technically feasible.

8.7. Right to restrict data processing

You have the right to request that we restrict the processing of your personal data. This right to restrict processing will apply in the following cases:

If you contest the accuracy of the personal data we hold about you, we generally require time to verify this. You are entitled to request that the processing of your personal data be restricted for the duration of the check.

In the event that your personal data was/is processed unlawfully, you may request that data processing be restricted instead of deleted.

If we no longer require your personal data for the purposes of processing, but you require it to exercise, defend or enforce legal claims, you are entitled to request that we restrict the processing of your personal data instead of deletion.

If you have raised an objection in accordance with Art. 21 para. 1 GDPR, then a balancing of your interests and ours must be carried out. Pending a determination of whose interests prevail, you have the right to request that we restrict the processing of your personal data.

Where you have placed restrictions on the processing of your personal data, with the exception of its storage, this data may only be processed with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons relating to an important public interest of the European Union or a Member State.

8.8. Right to file a complaint with the competent supervisory authority

If you believe that we have violated data protection law by processing your personal data or that your data protection rights have been infringed in any other way, you may file a complaint with the competent supervisory authority.

The Bavarian State Office for Data Protection (BayLDA) is our competent supervisory authority.

Postfach1349
91504 Ansbach
Germany

Phone: +49 981 180093 0
Fax: +49 981 180093 800
Email: poststelle@lda.bayern.de