1) Introduction and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data refers to all data with which you can be personally identified.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Villental GmbH, Lembergerweg 30, 71706 Markgröningen, Germany, Tel.: +49 1626025981, Email: management@villental.com. The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data.

2) Data Collection When Visiting Our Website

2.1 When you visit our website purely for informational purposes, i.e., without registering or otherwise providing us with information, we only collect the data that your browser transmits to our server (so-called "server log files"). When you access our website, we collect the following data, which is technically necessary for us to display the website:

  • The website visited
  • Date and time at the time of access
  • Amount of data sent in bytes
  • Source/reference from which you reached the site
  • Browser used
  • Operating system used
  • IP address used (if applicable: in anonymized form)

The processing is carried out in accordance with Art. 6(1)(f) GDPR, based on our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to retrospectively check the server log files if there are concrete indications of unlawful use.

2.2 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries sent to the controller). You can recognize an encrypted connection by the "https://" prefix and the lock symbol in your browser’s address bar.

3) Hosting & Content Delivery Network

3.1 Shopify

For hosting our website and displaying content, we use the system of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify").

Data is also transferred to Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada.

All data collected on our website is processed on the servers of this provider. We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

For data transfers to Canada, an adequate level of data protection is ensured by a decision of the European Commission.

3.2 Cloudflare

We use a content delivery network from the following provider: Cloudflare Inc., 101 Townsend St. San Francisco, CA 94107, USA.

This service enables us to deliver large media files such as graphics, website content, or scripts faster via a network of regionally distributed servers. The processing is based on our legitimate interest in improving the stability and functionality of our website in accordance with Art. 6(1)(f) GDPR. We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on a decision of the European Commission.

4) Cookies

To make visiting our website attractive and to enable the use of certain functions, we use cookies, small text files that are stored on your device. Some of these cookies are deleted automatically after closing the browser (so-called "session cookies"), while others remain on your device for a longer period to allow saving site settings (so-called "persistent cookies"). In the latter case, you can find the storage duration in the cookie settings section of your web browser.

Where the processing of personal data is concerned via cookies used by us, it is carried out either for the performance of the contract in accordance with Art. 6(1)(b) GDPR, based on your consent in accordance with Art. 6(1)(a) GDPR, or based on our legitimate interest in ensuring the best possible functionality of the website and a customer-friendly and effective experience of visiting the site in accordance with Art. 6(1)(f) GDPR.

You can set your browser to inform you about the placement of cookies and to allow you to decide whether to accept them individually or to exclude the acceptance of cookies for certain cases or in general.

Please note that the functionality of our website may be restricted if cookies are not accepted.

5) Contacting Us

When you contact us (e.g., via contact form or email), personal data will be processed solely for the purpose of processing and responding to your inquiry, to the extent necessary.

The legal basis for processing this data is our legitimate interest in responding to your request in accordance with Art. 6(1)(f) GDPR. If your contact aims to conclude a contract, then the additional legal basis for the processing is Art. 6(1)(b) GDPR. Your data will be deleted once it can be inferred from the circumstances that the matter has been conclusively resolved, provided there are no legal retention obligations to the contrary.

6) Data Processing When Opening a Customer Account

Pursuant to Art. 6(1)(b) GDPR, personal data will continue to be collected and processed if you provide it to us when opening a customer account. The required data for opening an account can be found in the input form on our website.

You can delete your customer account at any time by sending a message to the controller's address listed above. After the account is deleted, your data will be erased as long as all contracts concluded through it have been fully processed and no legal retention periods prevent deletion.

7) Data Processing for Order Processing

7.1 To the extent necessary for fulfilling the contract, personal data collected by us will be shared with the assigned transport company or payment service provider to carry out the delivery and payment process in accordance with Art. 6(1)(b) GDPR.

If we owe updates for goods with digital elements or for digital products based on a corresponding contract, we process the contact details you provided at the time of the order (name, address, email address) to inform you personally about upcoming updates within the legally required timeframe via an appropriate communication method (e.g., by post or email). Your contact details are used strictly for notifications about the updates we are obligated to provide, and this data is only processed to the extent necessary for this purpose.

In the context of processing your order, we work with the following service provider(s) who assist us in whole or in part in executing concluded contracts. Certain personal data will be transferred to these service providers according to the following information.

7.2 Use of Payment Service Providers (Payment Services)

  • PayPal

On this website, one or more online payment methods from the following provider are available: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.

When selecting a payment method from the provider, for which you make a payment in advance, the payment data you provide during the ordering process (e.g., name, address, bank, and credit card information, currency, and transaction number) as well as information about your order will be passed on to the provider in accordance with Art. 6(1)(b) GDPR. Your data will be transmitted solely for the purpose of processing the payment with the provider and only to the extent necessary for this purpose.

If you select a payment method for which we make an advance payment, you will also be asked during the order process to provide certain personal data (e.g., first and last name, street, house number, postal code, city, date of birth, email address, phone number, possibly data on an alternative payment method).

To protect our legitimate interest in determining your solvency in such cases, this data will be forwarded by us to the provider in accordance with Art. 6(1)(f) GDPR for the purpose of a credit check. The provider will review the information you provide, as well as other data (such as shopping cart, invoice amount, order history, payment experience), to determine whether the payment option selected can be granted with respect to payment and/or default risks.

The credit report may contain probability values (so-called score values). Where score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Address data, among other things, are included in the calculation of the score values.

You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for the contractual processing of payments.

  • Shopify Payments

On this website, one or more online payment methods from the following provider are available: Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland.

When selecting a payment method from the provider, where you make a payment in advance (e.g., credit card payment), the payment data you provide during the ordering process (e.g., name, address, bank, and credit card information, currency, and transaction number) as well as information about your order will be passed on to the provider in accordance with Art. 6(1)(b) GDPR. Your data will be transmitted solely for the purpose of processing the payment with the provider and only to the extent necessary for this purpose.

8) Tools and Miscellaneous

8.1 DATEV

To carry out our accounting, we use the cloud-based accounting software service from the following provider: DATEV eG, Paumgartnerstr. 6-14, 90429 Nuremberg, Germany.

The provider processes our company’s incoming and outgoing invoices and, where applicable, our bank transactions to automatically capture invoices, match them to transactions, and use them to prepare our financial accounting through a semi-automated process.

If personal data is processed here, it is carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in efficiently organizing and documenting our business transactions.

8.2 Cookie Consent Tool

This website uses a "cookie consent tool" to obtain effective user consent for cookies and cookie-based applications that require consent. The "cookie consent tool" is displayed to users when they visit the site in the form of an interactive user interface, where they can give consent for certain cookies and/or cookie-based applications by checking the appropriate boxes. Only consented cookies are loaded onto the user's device through the tool.

The tool sets technically necessary cookies to store your cookie preferences. Personal user data is generally not processed in this context.

If personal data (e.g., the IP address) is processed in individual cases for the purpose of storing, assigning, or logging cookie settings, this processing is carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in a legally compliant, user-specific, and user-friendly consent management system for cookies and, therefore, in the legally compliant design of our website.

Further legal basis for the processing is also Art. 6(1)(c) GDPR. We are legally obligated to make the use of non-essential cookies dependent on the user's consent.

If necessary, we have concluded a data processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

Further information about the operator and the cookie consent tool settings can be found directly in the corresponding user interface on our website.

9) Data Subject Rights

9.1 The applicable data protection law grants you the following data subject rights (rights of access and intervention) regarding the processing of your personal data, whereby reference is made to the legal basis for the respective exercise conditions:

  • Right to access under Art. 15 GDPR;
  • Right to rectification under Art. 16 GDPR;
  • Right to erasure under Art. 17 GDPR;
  • Right to restriction of processing under Art. 18 GDPR;
  • Right to notification under Art. 19 GDPR;
  • Right to data portability under Art. 20 GDPR;
  • Right to withdraw consent under Art. 7(3) GDPR;
  • Right to lodge a complaint under Art. 77 GDPR.

9.2 Right to Object

IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR OVERRIDING LEGITIMATE INTEREST WITHIN THE FRAMEWORK OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA. HOWEVER, FURTHER PROCESSING IS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OUTWEIGH YOUR INTERESTS, FUNDAMENTAL RIGHTS, AND FREEDOMS, OR IF THE PROCESSING IS FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.

IF WE PROCESS YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING PURPOSES. YOU CAN EXERCISE YOUR RIGHT TO OBJECT AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA FOR DIRECT MARKETING PURPOSES.

10) Duration of Storage of Personal Data

The duration of storage of personal data is determined by the respective legal basis, the processing purpose, and—if applicable—the respective statutory retention period (e.g., retention periods under commercial and tax law).

When processing personal data based on explicit consent under Art. 6(1)(a) GDPR, the data concerned will be stored until you withdraw your consent.

If there are statutory retention periods for data that is processed under Art. 6(1)(b) GDPR as part of legal or similar obligations, this data will be routinely deleted once the retention periods expire, provided it is no longer required for contract fulfillment or contract initiation and/or if we no longer have a legitimate interest in continuing storage.

When processing personal data based on Art. 6(1)(f) GDPR, this data will be stored until you exercise your right to object under Art. 21(1) GDPR unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defense of legal claims.

When processing personal data for the purpose of direct marketing based on Art. 6(1)(f) GDPR, this data will be stored until you exercise your right to object under Art. 21(2) GDPR.

Unless otherwise specified in this declaration regarding specific processing situations, stored personal data will be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.