Data Protection

Privacy Policy for Using Our Website and APP

1. Controller of Data Processing (hereinafter referred to as "we")

SPATO GmbH Schellberger Weg 34 42659 Solingen Germany

Email: info@spato.de

For further details about us, please refer to our Legal Notice.

2. Personal Data, Purposes of Processing, and Legal Basis

The use of our website is generally possible without providing personal data. Providing personal data is voluntary.

Personal data includes any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

The purpose of data processing is to operate this website with information about our services, including contact options and online application opportunities.

Personal data is collected on our website only if it is:

  • Necessary for the use of the website (Legal basis: Article 6(1)(a) and/or Article 6(1)(b) of the General Data Protection Regulation (GDPR)),
  • To protect our interest in improving the user experience and maintaining the security of use (Legal basis: Article 6(1)(f) GDPR),
  • For the use of the services offered on the website and for pre-contractual measures, especially for form inputs (Legal basis: Article 6(1)(a) and/or Article 6(1)(b) GDPR), or
  • For contract conclusion and contract execution (Legal basis: Article 6(1)(a) and Article 6(1)(b) GDPR).

Further details on data processing can be found below under the respective headings:

3. Access Data/Server Log Files

When you visit our website, the servers automatically store information that your browser sends, known as server log files. This information includes:

  • Name of the accessed website,
  • File,
  • Date and time of access,
  • Message about successful retrieval,
  • Browser type and version,
  • User's operating system,
  • Referrer URL,
  • IP address (anonymized),
  • Provider.

This data is not merged with other data sources. The information is used exclusively for the analysis and maintenance of the technical operation of the servers and the network in accordance with Article 6(1)(f) GDPR.

4. Cookies

Our website stores cookies. Cookies are small files that enable specific, device-related information to be stored on the user's access device (PC, smartphone, etc.). They serve the usability of websites and thus the users (e.g., storage of login data). They also serve to collect statistical data on website usage and analyze it for the purpose of improving the offer. Further information can be found in the following sections of our privacy policy. If you consent to non-essential cookies, the legal basis is Section 25(1) TDDDG, Article 6(1)(a) GDPR (consent). Further information on the cookies or services used can be found in our consent management tool, and consents can be freely withdrawn at any time with effect for the future without disadvantage.

Users can influence the use of cookies. Most browsers have an option to limit or prevent the storage of cookies. However, it is pointed out that the use and, in particular, the user convenience without cookies may be limited.

5. Contact via Email

If you send us inquiries via email, your details from the email, including the contact data you provided there, will be stored with us for the purpose of processing the inquiry and for any follow-up questions in accordance with Article 6(1)(b) GDPR. We store and use the personal data voluntarily provided by you to the extent necessary for further correspondence with you.

If you, as a consumer or B2B customer, send an inquiry via email through our website, we forward your inquiry to the appropriate supplier in your area or the specifically

requested supplier. The legal basis for the forwarding is your consent according to Article 6(1)(a) GDPR and the processing of your inquiry according to Article 6(1)(b) GDPR.

6. Contact Form

If you send us inquiries via the contact form, your details from the inquiry form, including the contact data you provided there, will be stored with us for the purpose of processing the inquiry and for any follow-up questions in accordance with Article 6(1)(b) GDPR.

If you, as a consumer or B2B customer, send an inquiry via the contact form through our website, we forward your inquiry to the appropriate supplier in your area or the specifically requested supplier. The legal basis for the forwarding is your consent according to Article 6(1)(a) GDPR and the processing of your inquiry according to Article 6(1)(b) GDPR.

7. Customer Account

To make direct purchases as an entrepreneur or to forward your inquiries about specific products to the respective suppliers, you need to create a customer account on our website. The required information (mandatory fields) will be displayed during the registration process. Providing this data is necessary for us to set up the customer account for you. Data processing is based on the necessity of pre-contractual measures or contract execution in accordance with Article 6(1)(b) GDPR.

8. PayPal

For payment processing, we use PayPal, an online payment service provided by PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg.

Your payment data is transmitted to PayPal only to the extent necessary for payment processing. The legal basis is Article 6(1)(b) GDPR. If you use PayPal as a payment method, the bank data you have stored with PayPal will be used for payment. We do not have access to these data. You can access PayPal's privacy Sie hier.

For payment methods such as credit card via PayPal, direct debit via PayPal, or invoice purchase, PayPal reserves the right to conduct a credit check. For this purpose, your payment data will be transmitted to credit agencies in accordance with Article 6(1)(a) GDPR based on your consent to determine your creditworthiness. The result of the credit check in terms of the statistical probability of non-payment is used by PayPal for the purpose of deciding whether to provide the respective payment method. The credit report may contain probability values (so-called score values). If score values are included in the credit report result, they are based on a scientifically recognized mathematical-statistical procedure. Among other things, but not exclusively, address data is included in the calculation of the score values. For further privacy information, including the credit agencies used, please refer to PayPal's privacy policy.

You can object to this data processing at any time by sending a message to us or PayPal. However, PayPal may still be entitled to process your personal data if necessary for the contractual payment processing according to Article 6(1)(b) GDPR.

9. Visa/Mastercard

When you pay by Visa/Mastercard, your payment data is transmitted exclusively via an encrypted SSL or TLS connection to your card provider. With encrypted communication, your payment data, which you transmit to us, cannot be read by third parties. The legal basis for processing your data is the execution of the purchase contract according to Article 6(1)(b) GDPR.

For more information, please refer here to Mastercard and here to Visa. 

10. Recipients of Personal Data
Personal data will be shared with the following categories of recipients:

Our employees, in case of your inquiries, with the appropriate supplier in your area and the host of our website. The host is STRATO AG, Otto-Ostrowski-Strasse 7, 10249 Berlin.

Beyond that, your personal data will not be passed on to third parties without your express consent unless we are legally obliged to do so under Article 6(1)(c) GDPR or the data transfer is absolutely necessary for the execution of a contractual relationship according to Article 6(1)(b) GDPR.

Please note that data transmission over the internet (e.g., communication by email) can have security vulnerabilities. Complete protection of data against access by third parties is not possible.

11. Duration of Storage

We delete your personal data immediately after the purpose has been achieved. For example, we store your data from emails and contact forms until your inquiry is fully processed and resolved. After that, the information is generally deleted.

In addition, an annual review is conducted to determine whether deletion of the data stored by you is possible.

Session cookies are automatically deleted after your website visit. Access data and server log files are deleted after one week.

Please note that certain data must be retained for commercial and tax law reasons for at least six (§ 257 HGB) or ten (§ 147 AO) years.

12. Rights of Data Subjects

You are not legally obliged to provide your personal data. However, the provision may be necessary for the conclusion of a contract or the functions of the website. If you do not provide the data, a contract or a function on the website may not be offered.

There is no automated decision-making on the website, and profiling does not take place.

The rights of data subjects arise in particular from Articles 15 to 23 and Article 77 GDPR as well as Sections 32 to 37 of the Federal Data Protection Act (BDSG-new). You have the right concerning your personal data:

If you have given consent for the processing of personal data, you have the right to:

Withdraw Consent, Article 7 GDPR
with effect for the future.
Furthermore, you have the right to object to the processing of personal data:

  • Right to be informed, 15 GDPR
  • Right of rectification, 16 GDPR
  • Right to erasure, 17 GDPR
  • Right to restrict processing, 18 GDPR
  • Right to data portability, 20 GDPR.

object to the processing of personal data, Art. 21 GDPR.

1. You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you which is based on Article 6(1)(f) GDPR (data processing based on a balance of interests). If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defense of legal claims.

2.In individual cases, we process personal data for direct marketing purposes. If this is the case for you, you have the right to object at any time to the processing of personal data concerning you for such marketing. If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes.

The objection can be made without formality and should preferably be directed to us, see above under 1.

If you believe that the processing of your personal data violates data protection laws, you always have the:

Right to Complain

to the competent supervisory authority pursuant to Article 77 GDPR. Without prejudice to any other administrative or judicial remedy, you have this right to complain to a supervisory authority, in particular in the Member State of your residence, place of work, or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

The contact details of the data protection officers in the federal states, the supervisory authorities for the non-public sector, broadcasting, churches, Europe, and other countries, as well as the Virtual Data Protection Office, can be found here: Data Protection Authorities Contact Information.

The supervisory authority responsible for us is the State Commissioner for Data Protection of North Rhine-Westphalia, Kavalleriestraße 2-4, 40213 Düsseldorf.