Privacy Policy

1. General

1.1 What is Personal Data
Personal data are data which disclose or can disclose the customer’s identity. We adhere to the policy of data avoidance. As far as possible, a collection of personal data is avoided.

1.2 Dealings with Personal Data
Personal data is used exclusively for the purpose of establishing the contract, defining its content, implementing or processing the contractual relationship (Art. 6 (1 b) GDPR).

Beyond that, personal data will only be processed if we have received your consent to do so (Art. 6 (1 a) GDPR) or if it is data whose processing is necessary for our legitimate interests and insofar as the balancing process shows that no overriding interests, fundamental rights or freedoms on your part are opposed (Art. 6 (1 f) GDPR).

We may use processors to process your personal data, with whom we have concluded a contract for order processing where necessary, but we will not pass on personal data to third parties beyond this.

Only for the fulfillment of the contract, the data will be passed on to the shipping company commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods. For the processing of payments, the payment data required will be passed on to the credit institution commissioned with the payment and, if applicable, to the commissioned and selected payment service provider.

Your personal data is processed in the EU and in countries classified as safe or appropriate by the EU. If personal data is processed in the USA, care is taken to ensure that the services we use are certified under the “Data Privacy Framework”.

1.3 User Data
When visiting this website, general technical information is raised. These are the IP-address used, time, length of visit, browser type and, if necessary, the site of origin. These user data are registered in a log file due to technical conditions and can be used and stored for statistical purposes of this website. Additional personal data are not linked to this user data.

1.4 Length of Storage
We store your personal data beyond the end of the purpose for which the data was raised, but only for the length of time which is required based on legal regulations (esp. fiscal tax law).

Specifically, for example, the following retention periods apply:

Type of Data	Retention Period
Tax Data	10 years
Commercial or business letters (including emails and faxes) and other documents insofar as they are relevant for taxation.	6 years from the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance, the annual financial statement or the management report was prepared, the commercial or business letter was received or sent, or the booking document was created, as well as when the record was made or the other documents were created.
Transaction and Registration Data	10 years from the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance, the annual financial statement or the management report was prepared, the commercial or business letter was received or sent, or the booking document was created, as well as when the record was made or the other documents were created.
Data Protection Consents for Data Processing	For the duration of the possibility for the data subject(s) to assert their rights.
(Electronic) Correspondence that Has No Tax-Related Relevance	As long as necessary for the fulfillment of the task, unless the processing serves the assertion, exercise, or defense of legal claims.
Usage Data according to Section 1.3 of this Privacy Policy	Max. 30 days

2. Your Rights

2.1 Information
You can require information from us whether we process your personal data and as far as this is the case, you have the right to information of these personal data and the additional information mentioned in Article 15 GDPR.

2.2 Right to Correction
You have the Right to Correction of the incorrect personal data relating to you; you can demand the completion of incomplete personal data according to Article 16 GDPR.

2.3 Right to Deletion
You have the Right to demand from us to immediately delete your personal data referring to you. We are required to delete them immediately, especially for one of the following reasons:

Your personal data are no longer necessary for the purpose for which they were raised or were processed
You revoke your permission which was the basis for processing your data, and an otherwise legal basis for the processing does not exist.
Your data were processed

The Right to Deletion does not exist if your personal data relating to you are required for enforcement, execution, or defense of our legal claims.

2.4 Right to Limitation of Processing
You have the Right to require from us the Limitation of Processing of your personal data, if

you argue the accuracy of data, and we examine and verify the accuracy,
the processing is unlawful, and you refuse the deletion of data and instead demand the limitation of the use thereof,
we no longer require the data, you, however, require them for enforcement, execution, or defense of legal claims,
you filed an objection against the processing of your data, and it is not clear yet, whether our warranted reasons outweigh your reasons.

2.5 Right to Transferability of Data
You have the Right to receive the relevant data pertaining to your person provided to us by you in a structured, common and machine-readable form, and you have the Right to transfer those data towards another person responsible without hindrance from us, as far as the processing is based on a permission or a contract, and our processing takes place with the help of automatized processes.

2.6 Right of Cancellation

For the extent that the processing of your personal data is based on consent (Art. 6 para. 1 sentence 1(a) GDPR), you have the right to revoke this consent at any time. This does not affect the lawfulness of the processing carried out on the basis of consent prior to the revocation.

To the extent that the processing of your personal data is based on Art. 6 para. 1 sentence 1(e) or (f) GDPR, you have the right under Art. 21 GDPR to object at any time to the processing of your personal data on grounds arising from your particular situation. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing is necessary for the assertion, exercise, or defense of legal claims.

2.7 General and Right to Complain
The execution of your Rights above is, in principle, free of charge to you. You have the Right to Complain directly to the appropriate Regulating Authority governing us, which is the Commissioner for Data Protection.

3. Data Security

3.1 Data Security
All data on our website are secured through technical and organizational measures against loss, destruction, access, modification, and distribution. We shall, however, not assume any liability for the destruction and damage of data.

3.2 Sessions and Cookies
To operate the website, we use cookies or server-side sessions in which data can be stored. We only use cookies or server-side sessions that are technically necessary for the operation of this website (e.g. spam protection for contact form, shopping cart function) and for which the assessment shows that there are no overriding interests on your part (Art. 6 I S. 1 f DSGVO).

4. Social Media Links

We use the following social media platforms for company presentation and communication (the following linked data protection declarations and opt-out options are expressly referred to).

Facebook (Meta Platforms Ireland Ltd., Merrion Road, Dublin 4, D04 X2K5, Irland)

Opt-Out: http://www.youronlinechoices.com

X (Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Irland)

Opt-Out: https://twitter.com/personalization

These social media platforms may be able to process personal data outside the EU, we refer in this respect to the above data protection declarations of the social media platforms.

The respective social media platforms may create user profiles and store cookies on your computer, in which your user behaviour is stored, based on your user behaviour and the resulting interests on your part. If you have an account on the respective social media platform and are logged in, your usage behaviour can even be stored independent of the device. Your usage profile can be used, for example, to place advertisements that presumably correspond to your interests.

We process the personal data exclusively for communication with you via the social media platform selected by you and for the optimisation of our online presence and ensure that no interests on your part are affected which outweigh this justified interest on our part (Art. 6 I S. 1 f GDPR). If you have already given the respective operator of the social media platform effective consent to the corresponding data processing, your personal data will also be processed on the basis of this consent (Art. 6 I S. 1 a GDPR).

5. Creditworthyness Informative

In the context of certification, we use the following service provider to determine whether your company is creditworthy, whether your business practices comply with our quality standards and ethical principles, whether there are currently any court and/or insolvency proceedings pending, and whether your company has a positive reputation.

CRIF GmbH, Friesenweg 22, 22763 Hamburg
Privacy Policy: https://www.crif.de/datenschutz/

In doing so, probability values regarding your future payment behavior are collected and processed, among other things. To calculate these probability values, in addition to your company name and corresponding address, the following (personal) data may also be processed by the aforementioned service providers:

• Name
• Address
• Email address
• Telephone number
• Date of birth
• Bank account details
• Payment data
• Contract data
• Outstanding claims
• Payment deferrals due to insolvency
• Ongoing insolvency proceedings
• Participation in debt counseling

The retrieval of these data is based on your consent (Art. 6 para. 1 sentence 1(a) GDPR) or, in its absence, on our legitimate interest (Art. 6 para. 1 sentence 1(f) GDPR).

Furthermore, we transmit personal data collected within the framework of the contractual relationship between you and us regarding the application, implementation, and termination of this business relationship—as well as data on non-contractual or fraudulent behavior—to the aforementioned service providers. The legal bases for these transmissions are Art. 6 para. 1 sentence 1(b) and Art. 6 para. 1 sentence 1(f) GDPR. Transmissions based on Article 6 para. 1 sentence 1(f) GDPR may only take place insofar as they are necessary to safeguard our legitimate interests or the interests of third parties, and provided that they do not override the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data.

The aforementioned service providers process the data received and also use it for the purpose of profiling (scoring) to provide their contracting partners in the European Economic Area and Switzerland, as well as, if applicable, other third countries (provided that an adequacy decision of the European Commission exists for these countries), with information, among other things, for assessing the creditworthiness of natural persons.

6. Contact regarding Data Protection

To contact us regarding Data Protection, you are welcome to contact using one of the following contact options. Responsible in the sense GDPR:

Galaxis Showtechnik GmbH
Lohgerberstraße 2
84524 Neuötting
E-Mail: info@galaxis-showtechnik.de
Telefon: +49 / 86 71 / 7 34 11