We place great importance on protecting the personal data of our customers and visitors to our website www.allbuyone.com (hereinafter ‘website’).
By using our website, you agree to your personal data being processed in accordance with the following provisions.
The controller for collecting, processing and using personal data on this website is
allbuyone GmbH (hereinafter ‘allbuyone’).
Zum Frenser Feld 1
Tel.: +49 2271-995 43 00
Fax: +49 2271-995 43 05
(2) Data Protection Officer
Using the contact details below, our Data Protection Officer is available to you for questions and further information concerning how allbuyone processes your personal data.
IITR Datenschutz GmbH
Dr. Sebastian Kraska
Tel.: +49 (0)89-18917360
(3) Legal basis for processing
We only process personal data to fulfil contracts concluded with us and to process your requests before a contract is concluded (Article 6 Paragraph 1 Letter b) of the GDPR), to meet legal obligations (Article 6 Paragraph 1 Letter c) of the GDPR) or if this is suitable, required and appropriate in order to safeguard our legitimate interests (Article 6 Paragraph 1 Letter f) of the GDPR). In addition, we only process your personal data based on your explicit consent to processing (Article 6 Paragraph 1 Letter a) of the GDPR).
Once the contract has been fully processed, your data is locked with respect to retention periods under tax law and commercial law, and is deleted once these deadlines expire.
(4) Collecting, processing and using personal data
(4.1) Accessing the website www.allbuyone.com
You can visit our website without providing personal information. We only save access details without personal references, which mainly include: the name of your internet service provider, the site from which you have visited us or the name of the requested file. For security reasons, the IP address used for access is also saved to recognise fraud and attacks, and to block such access to our shop where necessary. This data is only used for statistical purposes, evaluated in order to improve our website, and deleted after 30 days.
The legal basis for data processing is Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR. Our legitimate interests are based on the above-mentioned purposes for collecting data. This does not allow us to draw any personal conclusions about you.
(4.2) Using our online shop on the website www.allbuyone.com
Personal data is only collected if you voluntarily provide this to us when you open a customer account within the context of you ordering goods. In this case, we save the following data as a minimum (mandatory fields):
- Type of order (company/public body/private customer)
- Name and surname
- Company, where applicable
- Billing and delivery address
- Telephone number
- E-mail address incl. password
We also save the following additional information where provided:
- VAT number
- Additional address information
Access to your customer account is protected by a password that has been individually selected by you. Please note that the password is confidential and should be adequately safeguarded against unauthorised access by third parties.
When using PayPal as a payment method, we collect the e-mail address, billing address and other bank details for the connected PayPal account, if these have been provided.
We use the e-mail service Amazon SES from Amazon Webservices in order to send automated electronic order confirmations from the online shop, to send electronic order confirmations and to send electronic invoices.
We only use data shared by you without your specific consent to fulfil contracts concluded with us and to process your requests before a contract is concluded, including any communication required for this, and to process your requests before a contract is concluded, or if this is suitable, required and appropriate in order to safeguard our legitimate interests.
We store the personal data collected by us in connection with the use of our online shop for a period of one year after the order is placed, unless you have registered for a customer account with us. In this case, we store your data for as long as you have a customer account with us. We also store your data within the context of fulfilling statutory retention duties and duties to provide evidence for the respective period applicable under this statutory duty.
(4.3) Subscribing to the newsletter
If you have given your explicit consent pursuant to Article 6 Paragraph 1 Sentence 1 Letter a of the GDPR, we use your e-mail address to regularly send you our newsletter. For you to receive newsletters, we only need to collect and store your e-mail address. You may optionally provide your name and surname so that we can use your name in newsletters. In this case, you agree to this content only or incidentally having advertising content. As well as registering via the newsletter registration form, you also have the option of explicitly giving the below consent upon successful checkout: [Benefit from our weekly specials and subscribe to our newsletter -> Secure offers]. Please note that you can withdraw your consent at any time with future effect. You can find a link to unsubscribe in the bottom part of the newsletter, which can be clicked on at any time.
We use the mailing service ‘sendinblue’ from Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin to send newsletters, and share your e-mail address with them so that e-mails are sent automatically. We have concluded a corresponding contract for contract processing with this provider.
(4.4) Using the contact form
If you have any questions, you have the option of contacting us via the form on the website. The following personal data is required to do so, so that we know who the request has come from and are able to respond:
- Name and surname
- E-mail address
- Telephone number (for callback requests)
Data processing for the purposes of you contacting us takes place on the basis of Article 6 Paragraph 1 Sentence 1 Letter a of the GDPR, if your voluntary consent has been given.
The personal data collected by us when you use the contact form is automatically deleted once your request has been resolved.
(4.5) Ordering look books, samples and obtaining quotations
We provide a contact form on our website for you to obtain quotations, or to order samples or look books. We collect the following data to process your request:
- Name and surname
- Company (optional)
- E-mail address
- Telephone number
Data is collected to process your request in advance of concluding a contract (Article 6 Paragraph 1 Letter b) of the GDPR).
The personal data collected by us when you use the contact form is automatically deleted once your request has been resolved. We also store your data within the context of fulfilling statutory retention duties and duties to provide evidence for the respective period applicable under this statutory duty.
(5) Using cookies
We use ‘cookies’ on our website. These are small text files that are placed on your end device that your browser saves. Cookies are used to make our website more user-friendly, effective and secure, which is in our own legitimate interests. Cookies also allow our systems to recognise your browser and be able to offer you convenient functions, e.g. ‘Recently viewed items’. However, cookies do not store personal data, such as your name or address.
We use the following types of cookie:
a) Temporary cookies
These are saved for the duration of your visit to our website and contain information about what pages you visit on our website. This allows you to click on previously viewed pages through the navigation in our shop, for example. These cookies are deleted after your visit.
b) Persistent cookies
We store information about recently viewed items or, where applicable, items in the shopping cart, in cookies that are kept for up to 30 days. This means you have the opportunity to start where you left off every time you visit, provided that you are using the same browser and have not manually removed the cookies.
c) Cross site request forgery cookie
To protect our website from machine manipulation, we save an additional cookie that identifies you in our system as a valid user and protects your session from external parties. This cookie is kept for up to 365 days, provided that you are using the same browser and have not manually removed the cookies.
Individual cookies stored by us are described in further detail under points (6) - (8) for tracking tools, evaluation tools and social media tools. Data processed by cookies is required for the specified purposes to safeguard our legitimate interests, as well as those of third parties pursuant to Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR.
Of course, you can view our website without using cookies. If you don’t want your end device to be recognised, you can prevent cookies from being saved on your hard drive by selecting ‘Do not accept cookies’ in your browser settings. You can find out exactly how this works in your browser provider’s instructions.
(6) Using tracking tools
(6.1) Using Google Analytics
This website uses Google Analytics, a web analysis service from Google Inc. (‘Google’) in order to safeguard its own legitimate interests pursuant to Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR. Google Analytics uses ‘cookies’, text files that are saved on your computer that allow website use to be analysed. Information collected by the cookie about your use of this website is generally sent to a Google server in the USA and saved there. However, if IP anonymisation is activated on this website, your IP address is truncated by Google within the European Union Member States or in other signatory states to the Agreement on the European Economic Area before it is sent. A full IP address is only sent to a Google server in the USA and truncated there in exceptional cases. By order of the operator of this website, Google will use this information to evaluate the use of the website, to compile reports about website activities and to provide other services to the website operator that relate to website and internet use. The IP address sent from your browser as part of Google Analytics will not be merged with other Google data. You can prevent cookies from being saved by changing your browser settings; please note that in this case, you may not be able to use all of this website’s functions properly. You can also prevent the data generated by the cookie relating to your use of the website (inc. your IP address) from being captured and processed by Google by downloading and installing the browser plug-in available via the following link: https://tools.google.com/dlpage/gaoptout?hl=de. You can also prevent collection by Google Analytics by clicking on the following link. This will place an opt-out cookie on your machine that will prevent your data from being collected when you visit this website in future: deactivate Google Analytics
(6.2) Use of Google Signals
Within Google Analytics, this website also uses the Google Signals extension function to protect its own legitimate interests pursuant to Art. 6 (1) p. 1 lit. f DSGVO. Google Signals links your visit data collected on our website with Google information from your Google accounts. The linked Google information may include your location, search history, YouTube history, and data from websites that partner with Google, and is used to provide aggregated and anonymized insights into user behavior across devices (so-called "cross device tracking").
The link only takes place if you are logged into your Google accounts at the same time as using our website and have consented to this link for the purpose of ad personalization. In this case, Google Signals will install corresponding cookies on your terminal device. By linking data of the logged-in users, cross-device pseudonymized reports and statistics, cross-device remarketing and the export of cross-device conversions to Google Ads are possible. Specific user profiles are not made available to us.
By ticking the checkbox for the use of Google Signals as part of our consent management tool, you consent to the use of your data in accordance with the above procedure.
(6.3) Using Google remarketing
(6.4) Facebook Pixel (Meta Pixel)
On our website, we use the so-called "Facebook pixel" of the social network Facebook, which is operated by Meta Platforms Inc. USA or, if the user is located in Europe, by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin, Ireland ("Meta").
We use the Facebook pixel to measure the effectiveness of our advertising on Facebook's social media pages ("Facebook Ads") and to better reach our target groups within our Facebook ads. The Facebook pixel enables us to analyse and evaluate user behaviour after clicking on a Facebook ad and after subsequent forwarding to our website (so-called "conversion"). For this purpose, the Facebook pixel sets an independent cookie when a user clicks on a Facebook ad and calls up our website. Data from our website is shared with Facebook via this cookie. If you subsequently log in to Facebook or visit Facebook while logged in, your visit to our website will be noted in your Facebook profile. The data collected about you is anonymous for us, so it does not allow us to draw any conclusions about the identity of the user. However, the data is stored and processed by Meta so that a connection to the respective Facebook profile is possible and can be used by Meta for its own market research and advertising purposes. The use of the Facebook pixel is based on our legitimate interests in accordance with Art. 6 para. 1 lit. f) DS-GVO.
In addition, we use the Facebook pixel in the additional function for extended data matching to transmit meta information to ensure that you are only shown the topics from our offer that are of interest to you as part of the Facebook advertising (so-called "Custom Audiences"). Our aim here is to ensure that the advertisements do not have a harassing effect. For this purpose, we transmit personal data to Meta that we collect from transactions on our website, such as the email address from the evaluation of contract conclusions, account logins or registrations. From this, Meta forms target groups ("Custom Audiences" or "Lookalike Audiences") for the more targeted display of our advertisements on Facebook. You can find more information about this here. If we transmit data to Meta for matching purposes, this data is encrypted locally in the browser and only then sent to Meta via a secure https connection. This is done solely for the purpose of matching data that has also been encrypted by Meta.
You can object to the collection by the Facebook pixel and use of your data to display Facebook ads. To adjust which types of ads are displayed to you within Facebook, you can visit the page set up by Facebook and follow the instructions there on the settings for usage-based advertising. The settings are platform-independent (desktop or mobile).
By clicking the checkbox for the use of the Facebook pixel with extended matching as part of our consent management tool, you consent to the use of your data in accordance with the above procedure.
6.5 Brevo Automation
On our website we use Brevo Automation (formerly Sendinblue), an email marketing and marketing automation solution from Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany. For this purpose, the Brevo plug-in is integrated on our website and the Brevo Tracker is installed, which tracks the behaviour of visitors to our website via a cookie.
Brevo Automation enables us, in addition to rolling out e-mail campaigns (e.g. newsletters, see point 4.3.), to communicate in a purposive manner using e-mail addresses and other contact data (e.g. name, address, telephone number) with a target user group defined by us. Through the integration of Brevo Automation, we can track visitor actions and identify website visitors. When a visitor recorded in the contact database is recognised by Brevo Automation, the page visited is recorded by Brevo Automation. This enables us to target you and contact you specifically according to your interests. In addition, we can manage your contact attributes, segment contacts and view and analyse real-time statistics and logs on the emails we send.
Using so-called marketing automation workflows, we also have the possibility to set up a sequence of automated actions (sending emails or SMS, updating a contact attribute, adding contacts to lists, etc.) that are triggered by certain conditions or actions of your visit to our website, e.g., by adding a product to the shopping cart.
Brevo Automation is fully integrated with our email campaigns and transactional emails (SMTP), so the contact details you leave on our website are automatically uploaded to Brevo and stored in a Brevo contact database when you interact with one of our emails.
Brevo Automation is used based on our legitimate interests pursuant to Art. 6 (1) lit. f) DS-GVO. Nevertheless, we only use Brevo Automation if you have given us your express consent, Art. 6 para. 1 lit. a) DSGVO.
By ticking the checkbox for receiving our newsletter and using Brevo Automation as part of our consent management tool, you consent to the use of your data in accordance with the above procedure. You can revoke this consent at any time.
(7) Use of the Google Tag Manager
This website uses the Google Tag Manager, a marketing product of Google Inc. ("Google"). The Google Tag Manager is a marketing organisation tool that enables us to centrally integrate and manage code sections, so-called tags, for the tracking tools we use on our website. For this purpose, Java Script code sections are inserted into the source code of our website. The Google Tag Manager is a domain that manages the tags of the tracking tools used, but does not itself store cookies or personal data or access personal data.
The data generated by the use of the Google Tag Manager is transferred by us anonymously to Google, as a rule to a Google server, possibly also in the USA, and stored there. On our behalf, Google will use this information to merge it with a variety of other anonymised website data in order to create benchmarking measures and user trends. We have concluded an order processing agreement with Google for the transfer of data.
You can prevent the storage of cookies in the tracking tools managed by the Google Tag Manager by setting your browser software accordingly. In this case, the deactivation also remains in place for all tracking tags implemented via the Google Tag Manager.
(8) Evaluation tools
(8.1) Using ‘eKomi - The Feedback Company’
To continuously optimise our service and to build trust for new customers, we have been working with the company ‘eKomi - The Feedback Company’ since January 2012 in order to safeguard our own legitimate interests pursuant to Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR. eKomi is an independent customer opinion tool for online shops where only real buyers can provide feedback. 4 days after your goods are sent, you will receive an e-mail asking you to rate our service. eKomi does not receive any customer data from our database. They are only given the customer number and the e-mail address via an interface. Your personal information is not shared with third parties. They are only used for rating our service or for any potential arbitration required. eKomi is obligated to handle the data shared with it in compliance with data protection law, and takes all organisational and technical measures to protect your data.
(8.2) Integrating the Trusted Shops trust badge
The Trusted Shops trust badge is shown on this website to display our Trusted Shops seal of approval and any collected reviews, as well as to offer Trusted Shops products to buyers after placing an order.
This is used to safeguard our main legitimate interests in optimally marketing our goods and services pursuant to Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR, within the context of weighing all interests at stake. The trust badge and the services advertised through it are an offering from Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne.
If the trust badge is clicked on, the web server automatically saves a ‘server log file’ that stores your IP address, date and time of access, transferred volume of data AND the requesting provider (access data), for example, and documents the access. This access data is not evaluated and is automatically overwritten at the latest of seven days after your visit to the site ends.
Other personal data is only shared with Trusted Shops if you have given your consent to this, have chosen to use Trusted Shops products after placing an order, or are already registered for use. In this case, contractual agreements made between you and Trusted Shops apply.
(9) Using social media plug-ins
This website uses ‘social plug-ins’ (‘plug-ins’) from the social network Facebook, operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (‘Facebook’) to safeguard its own legitimate interests pursuant to Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR. The plug-ins can be recognised by the Facebook logo or the notes ‘Social plug-in from Facebook’ or ‘Facebook social plug-in’. You can find an overview of Facebook plug-ins and their appearance here.
If you click onto a page on our website that contains such a plug-in, your browser will establish a direct link with Facebook servers. Plug-in content is sent directly to your browser by Facebook and embedded into the website by Facebook.
Using this plug-in embedding, Facebook is notified that your browser has accessed it from the corresponding page on our website, even if you don’t have a Facebook account or you are not logged into Facebook. This information (including your IP address) is directly sent from your browser to Facebook’s server in the USA and saved there.
If you are logged into Facebook, Facebook can directly associate your visit to our website with your Facebook account. If you interact with the plug-ins, for example by clicking the ‘Like’ button, or posting a comment, this information will also be sent directly to Facebook’s server and saved there. The information is also published on Facebook and shown to your Facebook friends.
Facebook can use this information for the purposes of advertising, market research and the needs-based design of Facebook pages. For this purpose, Facebook creates use, interests and relationship profiles, e.g. to evaluate your use of our website with respect to the adverts shown to you on Facebook, to inform other Facebook users about your activities on our website and to provide other services that relate to the use of Facebook.
If you don’t want Facebook to associate the data collected by our website with your Facebook account, you must first log out of Facebook before visiting our website.
We use the provider YouTube to embed videos on our website. Embedding takes place in order to safeguard our own legitimate interests in attractive web design; Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR. The video platform YouTube is operated by YouTube LLC, headquartered in 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is a Google Inc. company, headquartered in 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.
Videos are embedded on our web pages using ‘YouTube plug-ins’. If you access our company’s web pages that contain such plug-ins, a connection is established with YouTube servers and the plug-in is displayed. Information is sent to YouTube servers notifying YouTube which of our web pages you have visited. If you are logged in as a member of YouTube, YouTube will associate this information with your personal user account. When using the plug-in, e.g. by clicking on a video’s start button, this information will also be associated with your user account. You can prevent this association by logging out of your YouTube user account and other user accounts from YouTube LLC and Google Inc. before using our website, and deleting the related cookies from the companies.
(9.3) Using Google+ social plug-ins
Our website uses the ‘+1’ button from the social network Google Plus, which is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (‘Google’) in order to safeguard our own legitimate interests pursuant to Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR. The button can be recognised by the ‘+1’ symbol on a white or coloured background.
If you click onto a page on our website that contains such a button, your browser will establish a direct link with Google servers. ‘+1’ button content is sent directly to your browser by Google and embedded into the website by Google. We therefore have no influence over the scope of data that Google collects using the button. According to Google, no personal data is collected if you don’t click on the button. Such data, including the IP address, is only collected and processed for members who are logged in.
You can find the purpose and scope of data collection and further processing and use of the data by Google as well as your rights and settings options for protecting your privacy in Google’s buttons policy for the ‘+1’ button: http://www.google.com/intl/de/+/policy/+1button.html and in the FAQs: http://bit.ly/r3Qmer.
If you are a Google Plus member and don’t want Google to collect data about you via our website and to associate it with member data saved by Google, you must first log out of Google Plus before visiting our website.
(10) Sharing personal data
Your personal data is generally not shared with third parties. Data is only shared if and to the extent that this is absolutely required in order to process your order:
a) Shipping companies
Your data is shared with shipping companies commissioned with delivery, provided this is required to deliver goods.
b) Payment providers
We share your payment details with financial institutions - or rather payment solution providers - commissioned with payment in order to process payments.
c) Affiliated companies
Your data is shared with the affiliated company (eps Holding, Talangerstr. 5, 82152 Krailling) to fulfil and process your order.
d) Service providers
(11) Security and encryption
allbuyone protects customer data collected by saving the data on password-protected servers that are secured by firewalls, and by using encryption technology to protect it against unauthorised access. Data sent to us during the use of the website is sent using SSL encryption technology. Internally, we have established other technical and organisational measures to protect your data, with regard to saving and processing your data.
Even though we take these precautions to provide you with a secure environment for your data, we cannot absolutely guarantee that your data is secure on the internet. We therefore recommend that you take all precautions necessary to protect your personal data when using the internet. Above all, please ensure you use secure passwords, sufficient and up-to-date virus scanners and a secure browser.
(12) Your rights with respect to your data
You have the right:
- to request information about your personal data that is processed by us, pursuant to Article 15 of the GDPR. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom the data has been or is being disclosed, the intended storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was collected by us, and the existence of automated decision-making including profiling and meaningful information about the details of this, where applicable;
- to request that incorrect or incomplete personal data stored by us is immediately rectified pursuant to Article 16 of the GDPR;
- to request that your personal data stored by us is erased pursuant to Article 17 of the GDPR, provided that processing is not required to exercise the right to free expression of opinion and information, to fulfil a legal obligation, for reasons in the public interest or to assert, exercise or defend legal claims;
- to request that the processing of your personal data is restricted pursuant to Article 18 of the GDPR, if the accuracy of the data is disputed by you or processing is unlawful, and you have objected to such data being erased and we no longer require the data, but you require it to assert, exercise or defend legal claims, or you have objected to processing pursuant to Article 21 of the GDPR;
- to request that you receive the personal data concerning you, which you have provided us, in a structured, commonly used and machine-readable format or is transmitted to another controller, pursuant to Article 20 of the GDPR; and
- to withdraw the consent you have previously given at any time pursuant to Article 7 Paragraph 3 of the GDPR. This results in us no longer being able to process data on which this consent is based in the future.
(13) Right to object
If your personal data is processed on the basis of legitimate interests pursuant to Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR, you have the right to object against your personal data being processed pursuant to Article 21 of the GDPR, provided that there are reasons that relate to your particular situation or provided that the objection is against direct marketing. If the latter applies, you have the general right to object, which is processed by us without having received details concerning a particular situation.
If you would like to assert your right of withdrawal or your right to object, an e-mail will suffice, which can be sent to email@example.com.
(14) Option of lodging a complaint
You have the right to lodge a complaint with data protection supervisory authorities.