The legal basis for the processing of your personal data depends on the purpose underlying the processing.
5.1 Technical administration of the website
The legal basis for the processing of personal data for the purpose specified above is Art. 6(1) lit. b of the General Data Protection Regulation (GDPR), provided a contractual relationship exists with you. Where no contractual relationship exists between the company and you, the legal basis for data processing is Art. 6(1) lit. f GDPR. A transfer of personal data (see figure 2) is necessary in order to establish a connection to the website and to display website content.
5.2 Provision of services
The legal basis for the processing of personal data for the purpose specified above is Art. 6(1) lit. b GDPR. We provide our services as part of fulfilling contractual obligations. We are unable to fufil or perform the contract with you if we are unable to process personal data.
The following services are available on our website www.einhell.de (March 2022) for which we store personal data:
5.3 Google Tag Manager
Our website uses Google Tag Manager, a service provided for persons from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and for all other persons by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
We have concluded a data processing agreement with Google Ireland Limited for the use of Google Tag Manager. In the event that personal data is transferred from Google Ireland Limited to the USA, Google Ireland Limited and Google LLC have concluded standard contractual clauses (Implementing Decision (EU) 2021/914, Module 3) pursuant to Art. 46(2)(c) GDPR. In addition, we also obtain your explicit consent for the transfer of your data to third countries in accordance with Art. 49(1)(a) GDPR.
5.4 Google Analytics 4
If you have given your consent, this website uses Google Analytics 4, a web analytics service provided by Google LLC. The responsible party for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
Scope of processing
Google Analytics 4 has IP address anonymization enabled by default. Due to IP anonymization, your IP address will be shortened by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser as part of Google Analytics 4 will not be merged with other Google data.
During your website visit, your user behavior is recorded in the form of "events". Events can be:
- Page views
- First visit to the website
- Start of session
- Your "click path", interaction with the website
- Scrolls (whenever a user scrolls to the bottom of the page (90%))
- Clicks on external links
- Internal search queries
- Interaction with videos
- File downloads
- Seen / clicked ads
- Language settings
- Purchase of products (if function is available on the website)
- Your approximate location (region)
- Technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
- Your internet service provider
- The referrer URL (via which website/advertising medium you came to this website)
Purposes of processing
On behalf of the operator of this website, Google will use this information to evaluate your pseudonymous use of the website and to compile reports on website activity. The reports provided by Google Analytics 4 serve to analyse the performance of our website and the success of our marketing campaigns.
Recipients of the data are/may be:
- Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (as processor under Art. 28 GDPR)
- Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
- Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
It cannot be ruled out that US authorities may access the data stored by Google.
Third country transfer
Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.
Duration of storage
The data sent by us and linked to cookies are automatically deleted after 14 months. The deletion of data whose retention period has been reached occurs automatically once a month.
The legal basis for this data processing is your consent pursuant to Art.6 para.1 p.1 lit. a GDPR.
You can revoke your consent at any time with effect for the future by accessing the cookie settings (privacy button at the bottom left of the page) and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.
In addition, you can prevent the collection of data generated by the cookie and related to your use of the website to Google and the processing of this data by Google, by
- downloading and installing the browser add-on to disable Google Analytics 4. This will install an opt-out cookie on your device. This prevents the collection by Google Analytics 4 for this website and for this browser in the future, as long as the cookie remains installed in your browser.
- disabling Google Analytics 4 by via the following link: Disable Google Analytics 4. This will set an opt-out cookie on your device. This prevents the collection by Google Analytics 4 for this website and for this browser in the future, as long as the cookie remains installed in your browser.
We embed YouTube videos on some of our websites. The provider of the corresponsing plug-ins is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a site with the YouTube plug-in, a connection to the servers at YouTube is established. YouTube is thereby notified of which sites you visit. If you are logged into your YouTube account, YouTube can associate your surfing history to you personally. You can prevent this by logging out of your YouTube account.
If you have deactivated the storage of cookies for the Google ad program, then you need not be concerned about this type of cookie when viewing YouTube videos. However, YouTube also collects non-personal user information in other cookies. If you wish to prevent this, you must block cookies from being saved to your browser.
You can find additional information on data privacy at "Youtube“ in the provider's data protection notice at: https://www.google.de/intl/de/policies/privacy/.
5.6 Google Maps
This website uses Google Maps API in order to visually display geographic information. When using Google Maps, Google collects, processes and utilises data on use of the map function by users. You can obtain further information on data processing by Google in Google's data protection notice. There you can also make changes to your personal data privacy settings in the data protection centre.
5.7 Use of script libraries (Google webfonts)
We use script libraries and font libraries on this website, such as, for example, Google Webfonts, in order to display our content correctly and in a graphically appealing manner on all browsers (https://fonts.google.com/). Google Webfonts are used to avoid repeat downloads to your browser's cache. If the browser does not support Google Webfonts or blocks access, the content will be displayed in standard font.
Accessing script libraries or font libraries automatically establishes a connection to the provider of the library. It is theoretically possible -- though it is currently unclear whether and for what purpose -- providers collect data on these libraries..
You can find the data privacy guielines for the library provider Google here: https://policies.google.com/privacy.
If the Do-Not-Track feature is activated in the browser, no external Issuu plug-ins will be loaded without approval, only the reference to this option will be displayed.
Our pages use features from Cloudflare. The provider is Cloudflare, Inc. 665 3rd St. #200, San Francisco, CA 94107, USA.
Cloudflare provides a globally distributed content delivery network with DNS. The technical transfer of information between your browser and our website is routed via the Cloudflare network. Cloudflare is thus able to analyse the data traffic between users and our websites; for example, to speed up the loading time of our pages or to detect and ward off attacks on our services.
In addition, Cloudflare may store cookies on your computer for optimisation and analysis. This safeguards our legitimate interests in the security, performance and reliability of our advertising offer in accordance with Art. 6(1)(f) GDPR. We have concluded a corresponding contract processing agreement with Cloudflare on the basis of the GDPR. The data is generally processed in Germany or other states in the European Union. Insofar as processing is carried out in third countries in certain cases, processing is only carried out if the adequacy of the level of data protection in the third country has been asserted by the EU Commission in accordance with Article 45 GDPR, on the basis of the EU standard contractual clauses or if an adequate level of data protection is ensured by the data recipient in another way. Cloudflare collects statistical data about your visit to this website. Access data includes:
- IP address
- Date and time of the request
- Content of the request (specific page)
- Access status/HTTP status code
- Amount of data transferred in each case
- Website from which the request comes
- Browser, operating system and its interface, language and version of the browser software
Cloudflare uses the log data for statistical evaluations for the purpose of operation, security and optimisation of the offer. You can find information about the data collected there and about security and data protection at Cloudflare here.
5.10 Friendly Captcha
Einhell uses the "Friendly Captcha" service to prevent fraudulent activity and to protect you as an end user from becoming a potential victim of cybercrime.
The solution of the crypto puzzle is used to track whether the website / webshop is being used fraudulently or through automated machine processing, e.g. using bots, and to confirm the visitors are real people. The service is used in forms (contact forms, prize draw forms, registration and login forms, etc.) and in the order process.
To provide the service, Friendly Captcha stores the following data:
- the User Agent, Origin and Referer request headers.
- The puzzle itself, which contains information about the Friendly Captcha account and the identifier of the website to which the puzzle relates.
- The version of the Friendly Captcha service being used.
- Timestamp (Date / Time) that the puzzle was requested and solved.
Friendly Catch stores an anonymised counter for each IP address to enable dynamic scaling of the puzzle complexity in the edge network, in order to detect malicious/automated use and minimise the banning of real people. The IP addresses are anonymised by one-way hashing, and thus are not personally identifiable. The use of Friendly Captcha does not involve the storage of personal data such as your name, email address, online profile, etc.
No cookies are set when using Friendly Captcha.
Provider of the service:
Friendly Captcha GmbH, Wörthsee, Deutschland
In accordance with article 6, section 1(f) of the General Data Protection Regulation (GDPR), Einhell Germany AG and its subsidiaries have a legitimate interest in the use of Friendly Captcha, as the service helps to prevent potentially fraudulent activity on our website / webshop which could put Einhell infrastructure at risk.
5.11 Matomo (self-hosted)
Description of Service
This is an open source web analytics service. Matomo is providing the technology. However, Matomo is not processing any data as the data is not being transferred to Matomo due to the self-hosting solution. Self-hosting means that Einhell hosts the web analytics service Matomo on its own servers and thus has sole sovereignty over the analytics data.
This list represents the purposes of the data collection and processing.
We use Matomo without any tracking cookies - instead we rely on cookieless tracking. Cookieless tracking is an alternative form of tracking that uses methods such as counting unique IP addresses or browser fingerprinting to identify users instead of cookies.
This list represents all (personal) data that is collected by or through the use of this service.
- Time of users previous visit
- Screen resolution
- Files clicked or downloaded
- Links to outside domain clicked
- Page speed
- Page URL
- Number of users visits
- Anonymized user IP
- User agent
- Browser information
- Time zone
- Time of users first visit
- Date and time of visit
- Page title
- Referrer URL
- Usage data
- Device information
- Geographic location
- Anonymized order ID
We use IP anonymization for the analysis with Matomo. In this case, your IP address is shortened before analysis so that it can no longer be clearly assigned to you. The same applies to the order ID, which is also anonymized when the shopping functionality is available on the website.
In the following the required legal basis for the processing of data is listed.
- Art. 6 para. 1 s. 1 lit. f GDPR
- §25 para. 2 no. 2 TTDSG
Location of Processing
This is the primary location where the collected data is being processed. If the data is also processed in other countries, you are informed separately.
If you do not agree to the storage and use of your data, you can deactivate the data processing here. In this case, an opt-out cookie will be stored in your browser, which prevents Matomo from storing usage data. If you delete your cookies, this will have the effect that the Matomo opt-out cookie will also be deleted. The opt-out must then be reactivated when you visit our site again.