Skip to Content

Privacy Policy


Information on the handling of personal data

We are very pleased about your interest in our website – and thus in our company. The protection of your private rights and freedoms is important to us; we only use your data for the intended purposes. As it is important to us that you are always aware of how we collect, use, and possibly transmit your data to third parties, we will provide you with comprehensive information below regarding the processing of your personal data collected by us or stored with us.

The visit to our website is generally possible without providing (personal) data; if there are any exceptions for selected services, we will explain these in the following chapters. We strictly adhere to the provisions of the EU General Data Protection Regulation (GDPR) and any other relevant data protection regulations when processing personal data.

Name and address of the data controller

Kantar Heizung und Bad GmbH

Aysegül Kablan Kantar

Kurfürstendamm 224

D-10719 Berlin

Telefon: +49 157 82290000

E-Mail: info@kantarheizungundbad.de


Rights of the data subject

The General Data Protection Regulation (GDPR) guarantees every affected person certain rights regarding their personal data. These include:

  • The right to access: Every data subject has the right to obtain from us confirmation as to whether personal data is being processed and to access this data as well as further information and copies of this data.
  • The right to rectification: Every data subject has the right to request the immediate rectification of inaccurate personal data.
  • The right to erasure (“right to be forgotten”): Every data subject has the right to request the immediate deletion of their personal data.
  • The right to restriction of processing: Every data subject has the right to request the restriction of processing of their personal data.
  • The right to data portability: Every data subject has the right to receive the personal data concerning them, which they have provided to us, in a structured, commonly used, and machine-readable format.
  • The right to object: Every data subject has the right to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them, which is carried out pursuant to Article 6(1)(e) or (f) of the GDPR. If we process personal data concerning the data subject for the purpose of direct marketing, the data subject may object to this processing in accordance with Article 21(2) and (3) of the GDPR.
  • Right to withdraw consent for data protection: Every data subject has the right to withdraw consent for the processing of personal data at any time.

The data subject also has the right to lodge a complaint with a supervisory authority if they believe that the processing of their personal data infringes the GDPR.

The supervisory authority responsible for us is: Berlin Commissioner for Data Protection and Freedom of Information


General Information on the Legal Basis for Data Processing

“Personal data” refers to any information relating to an identified or identifiable person. We process this data in accordance with applicable data protection laws, particularly the GDPR and the BDSG. We may only process personal data if one of the following legal bases applies:


Permissible act

Requirement of the GDPR

Informed consent

Article 6 paragraph 1 a

Fulfilment of a contract

Article 6 paragraph 1 b

Implementation of pre-contractual measures

Article 6 paragraph 1 b

Fulfilment of legal obligations

Article 6 paragraph 1 c

Protection of vital interests

Article 6 paragraph 1 d

Protection of our legitimate interest

Article 6 paragraph 1 f

 Retention period of personal data 

We will only store your data for as long as is necessary to achieve the purpose of processing or to fulfil our contractual or legal obligations, unless stated otherwise in the following information. Legal retention obligations may arise from commercial or tax regulations. After the end of the calendar year in which we collected the data, we will retain personal data contained in our accounting records for ten years and personal data contained in business correspondence and contracts for six years. Furthermore, we will retain data related to consent that requires proof, as well as complaints and claims, for the duration of the statutory limitation periods. Data stored for advertising purposes will be deleted if you object to the processing for this purpose.

 

Collection of general data and information

As soon as you visit our website, some general data and technical information will be collected by our web server – as can be seen from the table below:


Collected data

Purpose of the survey

used browser types and versions

correct representation of the page content

operating system used, visitor origin (referrer, e.g. Google), clicked subpages

Optimisation of our website content as well as our advertising

Date and time of access to the website, as well as the IP address and internet service provider of the visitor

Ensuring the long-term functionality of our IT systems (for the operation of the website) and preventing misuse

other data and information for threat prevention in the event of attacks

Provision of relevant information for law enforcement agencies in the event of a cyber attack

Information about specific data processing on the website

If applicable, deviating from or in addition to the general information mentioned above, you will find below details regarding the individual data processing on our website.


Cookies

On this website, we use cookies; these are small text files that are placed or stored on your computer via your internet browser (e.g. Google Chrome, Safari, Firefox, Edge). These cookies are used for various purposes: many cookies are technically necessary to provide you with certain website functions (e.g. shopping cart functions, saving your login information), other cookies serve to secure your data or the website, and some cookies can be used to analyse your user behaviour. The latter cookies may contain a so-called cookie ID – a unique identifier consisting of a string of characters that allows the association of web pages and servers with the storing browser.

Cookies that are necessary for the transmission of a message over a public telecommunications network and cookies that are strictly necessary to provide you with a function that you have explicitly requested are referred to as "technically necessary cookies" and may be set without your explicit consent (§ 25 para. 2 TDDDG). All other cookies require consent (§ 25 para. 1 TDDDG); if applicable, regulated by our consent management platform.

We use cookies, some of which are only for the duration of your stay on the website, some for a predefined period, and some permanently. You can delete all these cookies at any time manually or automatically via your web browser.

It is possible to use our services (albeit not in full functionality under certain circumstances) without cookies. Most browsers are set to automatically accept cookies. However, you can disable the storage of cookies or configure your browser to notify you as soon as cookies are sent.


Contact form

Our contact form is used for processing and, if necessary, responding to the enquiries of the form submitters. The processing is carried out to fulfil a contract in accordance with Article 6(1)(b) of the GDPR, when the enquiry serves to clarify a contractual relationship. For all other enquiries, the processing is based on our legitimate interest in accordance with Article 6(1)(f) of the GDPR, as we are interested in a prompt response to your enquiry.

The data will not be shared with third parties and/or transferred to a third country, and this is not planned.

The duration of data storage is determined by the general deadlines for data deletion. There is no obligation to provide personal data, and there are no consequences for not providing the required data. We waive automatic decision-making in this context.

The data comes directly from the individual concerned. No specific categories of personal data are collected.

There is no planned change of purpose.


Customer account and product order

To set up a customer account and to order products, we collect certain personal data in order to fulfil the contract with you. This includes salutation, title, first name, last name, street, house number, postcode, city, country, as well as optionally the date of birth for the unique identification of the customer account, processing of the product purchase, delivery, payment transactions, and handling of complaints.

Furthermore, we collect your email address and a password for authentication and independent password reset. Providing your telephone number is optional and is used for contact via phone.

The legal basis for the processing of this data is the fulfilment of the contract in accordance with Article 6(1)(b) of the GDPR. If necessary, we will pass your data on to parcel service providers, logistics service providers, and payment service providers. There is no data transfer to a third country and none is planned.

The duration of data storage is determined by the general deadlines for data deletion. Providing data in the mandatory fields is contractually required. Without this information, the creation of a customer account is not possible.

We refrain from automatic decision-making in this context, and the data comes either directly from the individual concerned or has been provided by them.

There is no planned change of purpose.

 

User-Login

Our user login allows users to access certain features or content of our website. The processing of username and password is carried out for the purpose of authentication and granting access.

The legal basis for this processing arises from the safeguarding of our legitimate interests in accordance with Article 6(1)(f) of the GDPR, as well as the fulfilment of a contract in accordance with Article 6(1)(b) of the GDPR and the implementation of pre-contractual measures in accordance with Article 6(1)(b) of the GDPR.

Your data will not be shared with third parties, and there are no plans to transfer it to a third country.

The duration of data storage is determined by the general deadlines for data deletion. There is an obligation to provide personal data, as without this data, no user account can be created. The failure to provide the required data means that no user account can be created.

There is no automated decision-making in this context, and the data comes directly from you.

There is no planned change of purpose.


Google Maps

We use Google Maps to provide maps on our website. The processing of the associated personal data is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDG. If applicable, the data may be forwarded to Google Ireland Limited, Google LLC, and Alphabet Inc. in the United States of America and may be transferred, stored, and processed there.

The data transfer is based on the standard contractual clauses of the EU Commission, and Google LLC is certified under the EU-US Data Privacy Framework (DPF).

The duration of data storage is determined by the general deadlines for data deletion.

The data usually comes from the affected person but may also originate from third parties. Possible categories of personal data include IP address, date and time of the visit, location information, URL, usage data, search terms, geographical location, and user agent.

The data protection officer of the provider can be contacted via https://support.google.com/policies/contact/general_privacy_form to be contacted. Further information on data processing by Google can be found here: https://business.safety.google/privacy/ 


Google Fonts

We use Google Fonts to provide fonts on our website. The processing of the associated personal data is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDG. If applicable, the data may be forwarded to Google Ireland Limited, Google LLC, and Alphabet Inc. in the United States of America and may be transferred, stored, and processed there.

The data transfer is based on the standard contractual clauses of the EU Commission, and Google LLC is certified under the EU-US Data Privacy Framework (DPF).

The duration of data storage is determined by the general deadlines for data deletion.

The data usually comes from the affected person but may also come from third parties. Possible categories of personal data include IP address and date and time of the visit.

The data protection officer of the provider can be contacted via https://support.google.com/policies/contact/general_privacy_form to be contacted. Further information on data processing by Google can be found here: https://business.safety.google/privacy/ 


Google AdSense

This website uses Google Adsense, a web advertising service of Google Inc., USA ("Google"). Google Adsense uses so-called "cookies" (text files) that are stored on your computer and allow for an analysis of your use of the website. Google Adsense also uses so-called "web beacons" (small invisible graphics) to collect information. By using web beacons, simple actions such as visitor traffic on the website can be recorded and collected. The information generated by the cookie and/or web beacon about your use of this website (including your IP address) is transmitted to a server of Google in the USA and stored there. Google will use this information to evaluate your use of the website in relation to the advertisements, to compile reports on website activities and advertisements for the website operators, and to provide further services related to website usage and internet usage. Google may also transfer this information to third parties if required by law or if third parties process this data on behalf of Google. In no case will Google associate your IP address with other Google data. You can prevent the storage of cookies on your hard drive and the display of web beacons by selecting "do not accept cookies" in your browser settings (in MS Internet Explorer under "Tools > Internet Options > Privacy > Settings"; in Firefox under "Tools > Options > Privacy > Cookies"); however, we would like to point out that in this case you may not be able to use all the features of this website to their full extent. By using this website, you consent to the processing of data collected about you by Google in the manner and for the purposes described above.


Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses so-called "cookies", text files that are stored on your computer and allow for an analysis of your use of the website. The information generated by the cookie about your use of this website (including your IP address) is transmitted to a Google server in the USA and stored there. Google will use this information to evaluate your use of the website, to compile reports on website activities for the website operators, and to provide other services related to website usage and internet usage. Google may also transfer this information to third parties if required by law or if third parties process this data on behalf of Google. Google will not associate your IP address with any other data held by Google in any case. You can prevent the installation of cookies by adjusting the settings of your browser software; however, we would like to point out that in this case you may not be able to use all the features of this website to their full extent. By using this website, you consent to the processing of data collected about you by Google in the manner and for the purposes described above. You can object to the collection and storage of your data at any time.to contradict.

This website uses Google Analytics with the additional feature "anonymizeIP()". This means that IP addresses are not stored and processed in full, but only in a shortened form, to exclude any direct inference about the individual.


TrustedShops

TrustedShops is used for the collection and provision of product reviews. The processing of the associated personal data is carried out on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG.

If necessary, the data will be forwarded to Trusted Shops AG, Subbelrather Straße 15c, 50823 Cologne, Germany, and processed there.

The duration of data storage is determined by the general deadlines for data deletion.

The data usually comes directly from the individual concerned. The possible categories of personal data for collection include: Unique ID, Anonymous order ID, Order number, Browser information, Device operating system, URL, Date and time of visit, Username, Email address, User-Agent, IP address, and for provision: User-Agent, IP address, Timestamp.

You can contact the Data Protection Officer of TrustedShops at privacy@trustedshops.com achieve. Further information on data processing can be found here: https://www.trustedshops.com/de/legal/datenschutz