You can access and print out the current version of this data protection policy by clicking on the link
Data protection
Data protection policy according to GDPR.
The confidence you place in us to handle your data properly is essential for the success of the service we offer. Your data is collected, processed (stored, modified, transmitted, blocked and erased) and used strictly in compliance with the relevant data protection regulations. This data protection policy informs you how your data is processed when you use our website.
I. Name and address of the data controller.
The data controller pursuant to the General Data Protection Regulation and other national data protection laws of the member states and also other data protection regulations is:
nobilia-Werke J. Stickling GmbH & Co. KG
Waldstraße 53-57
33415 Verl
Germany
Phone: + 49 5246 508 0
Email: info@nobilia.de
Website: www.nobilia.de
II. Name and address of the data protection officer.
The data protection officer of the data controller is:
Data Protection Officer c/o nobilia-Werke J. Stickling GmbH & Co. KG
Waldstraße 53-57
33415 Verl
Germany
Phone: + 49 (0) 5246 508 0
Email: datenschutz@nobilia.de
III. General information on data processing.
1. EXTENT OF PERSONAL DATA PROCESSING
We collect and use personal data from our users only as far as this is required for providing a functional website as well as our content and services. Personal data from our users is collected and processed routinely only with the consent of our users. An exception to this applies in cases where requesting consent is impossible before data is processed or where legal provisions permit the data to be processed.
2. LAWFUL BASIS FOR PROCESSING PERSONAL DATA
Where we ask users to consent to the processing of their personal data, we do so on the lawful basis of Article 6(1)(a) of the EU General Data Protection Regulation (GDPR).
Where personal data is processed to fulfil a contract which the user concerned has entered into, we do so on the lawful basis of Article 6(1)(b) GDPR. This also applies to processing required for taking steps prior to entering into a contract.
If processing is required to maintain the legitimate interest of our company or a third party, and the interests, fundamental rights and freedoms of the user concerned do not override the above-mentioned interest, the lawful basis for processing is Article 6(1)(f) GDPR.
3. DATA ERASURE AND RETENTION PERIOD
The personal data of the user concerned is deleted or blocked as soon as the purpose of storage no longer applies. It may be permissible to store data for a longer period if European or national legislators have provided for this possibility in EU regulations, laws or other directives to which the data controller is subject. The data is also blocked or deleted even if a mandatory retention period specified by the above-mentioned standards expires, unless further storage is required for concluding or executing a contract.
4. SOCIAL MEDIA
On our website, we have included links to the social networks Pinterest, Instagram and Houzz. You will recognise the links by the logo of each site. The social media sites will open by clicking on the links, but our data protection policy does not extend to these sites. For details of the terms that apply to these linked sites, please refer to the data protection policies for each of the sites; you will find these on:
Pinterest: https://policy.pinterest.com/de/privacy-policy
Instagram: https://help.instagram.com/519522125107875
Houzz: https://www.houzz.de/privacyPolicy
Prior to accessing these links there is no transmission of personal information to the respective providers. When you access the linked site, this constitutes the basis for data processing by the site provider.
IV. Provision of the website and creation of log files.
1. DESCRIPTION AND EXTENT OF DATA PROCESSING
Our system automatically collects data and information from the accessing computer system every time our website is accessed. The following data is collected:
(1) Browser type / browser version
(2) User operating system
(3) User’s public IP address
(4) Date and time the website was accessed
(5) Referring websites
(6) Transferred data volume, and
(7) Notification of whether access was successful.
The data is also stored in log files in our system. This data is not saved together with any other personal data of the user.
2. LAWFUL BASIS FOR DATA PROCESSING
The temporary storage of data and log files is lawful pursuant to Article 6(1)(f) GDPR.
3. PURPOSE OF DATA PROCESSING
The IP address is temporarily stored in the system as it is necessary to provide website access to the user’s computer. The user’s IP address is retained while that website is being accessed.
The data is saved in log files to ensure website functionality. The data is also used to optimise the website and ensure the security of our IT systems. The data is not evaluated in this context for marketing purposes.
These purposes also include our legitimate interest in data processing pursuant to Article 6(1)(f) GDPR.
4. RETENTION PERIOD
The data will be deleted when it is no longer needed for the purpose it was collected. For data collected to provide access to the website, this will be at the end of every session.
We also save the following access data in the log files:
(1) Website you were referred from or name of the requested file,
(2) Date and time of the request,
(3) Transferred data volume,
(4) Notification of whether the request was successful,
(5) Public IP address of the requesting computer,
(6) Referring URLs,
(7) Types of browser used,
(8) Operating systems used.
This data is processed for the purpose of enabling the use of our website (establishing a connection), for system security, for technical administration of the network infrastructure and to optimise our web presence. Data is not disclosed to third parties or otherwise evaluated. A personalised user profile is not created.
If data is saved in log files, it is deleted after no more than 30 days. Some data may be preserved for a longer period of time. In this case, user IP addresses are deleted or made unidentifiable, so that it is no longer possible to associate them with the accessing client.
5. OBJECTION AND REMOVAL OPTION
Collecting data to provide access to the website and storing the data in log files is essential for operating the website. This means that the user has no possibility to object to this.
V. Use of cookies.
1. DESCRIPTION AND EXTENT OF DATA PROCESSING
Our website uses cookies. Cookies are data files stored by the Internet browser or saved on the user’s computer system by the Internet browser. If a user accesses a website, a cookie may be saved on the user’s operating system. This cookie contains a specific string of characters that allows the browser to be uniquely identified every time the website is accessed.
We use cookies to make our website more user-friendly. Some of our website’s functions require that the accessing browser can be identified after changing sites. The following data is saved and transferred in the cookies:
(1) User information in the wish list
(2) User information in the kitchen online planner
(3) User information in the kitchen configurator
Our website also uses cookies that can analyse users’ browsing behaviour. The following data can be transferred through these:
(4) Resource access including the accessing, anonymised IP address for tracking and marketing purposes
Technical measures are used to pseudonymise the user data collected in this way.
2. LAWFUL BASIS FOR DATA PROCESSING
The lawful basis for processing personal data using cookies for tracking and marketing purposes is Article 6(1)(a) GDPR.
3. PURPOSE OF DATA PROCESSING
a) Technically necessary cookies
The purpose of using technically necessary cookies is to facilitate website use for users. Some functions of our website cannot be provided without using cookies. For these functions, it is necessary for the browser to be recognised even after changing sites. The following applications require cookies:
(1) nobilia.de wish list function
(2) Kitchen online planner
(3) Kitchen configurator
The user data collected by technically necessary cookies is not used to create user profiles.
B) Tracking cookies
Tracking cookies are used to improve the quality of our website and its content. These cookies give us information about how our website is used, allowing us to steadily improve our web presence.
c) Marketing cookies
Marketing cookies are used to provide personalised content that is relevant to your interests.
(1) Google Analytics
We use Google Analytics for statistical evaluation. Google Analytics is a web analytics service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94034, USA. The information generated by the cookie about your use of this website will generally be transferred to a Google server in the USA and stored there. However, within member states of the European Union or other states party to the European Economic Area Agreement, your IP address will first be abbreviated. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website traffic, and to provide other services for the website operator relating to the use of the website and the internet. The IP address transmitted by your browser in connection with Google Analytics will not be associated with any other data held by Google. You may refuse the storage of cookies by selecting the appropriate settings of your browser. Please note, however, that in this case you may not be able to use the full range of functions on this website. You may also prevent Google from tracking and processing the data generated by the cookies relating to your use of the website (including your IP address) by clicking on the following link and downloading and installing the browser plug-in provided: http://tools.google.com/dlpage/gaoptout?hl=de.
For further information on this, please visit http://tools.google.com/dlpage/gaoptout?hl=de or http://www.google.com/intl/de/analytics/privacyoverview.html (general information on Google Analytics and data protection). Please note that “anonymizeIp();” was added to the Google Analytics code on our website to anonymise IP addresses by deleting the final 8-bit byte.
(2) Google Tag Manager
This website uses Google Tag Manager. Google Tag Manager is a solution that allows marketing website tags to be managed using an interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not register personal data. The tool causes other tags to be activated which may, in turn, register data under certain circumstances. Google Tag Manager does not access this information. If recording has been deactivated on domain or cookie level, this setting will remain in place for all tracking tags implemented with Google Tag Manager.
For more information about Google Tag Manager, please visit: https://www.google.de/tagmanager/use-policy.html
(3) Google Conversion
We use the services of Google Ads Conversion to draw attention to our attractive offers with the help of advertising (Google Ads) on external websites. We can determine how successful individual advertising measures are in relation to the data for the advertising campaigns. We want to show you advertisements that are of interest to you in order to make our website more interesting for you.
Google Conversion Tracking is a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). If you have your habitual residence in the European Economic Area or Switzerland, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is the data controller. This means that Google Ireland Limited is therefore the company affiliated to Google which is responsible for processing your data and ensuring compliance with applicable data protection laws.
These advertisements are provided by Google using “ad servers”. We use ad server cookies for this purpose that allow certain parameters for gauging success, such as the appearance of advertisements or clicks by users, to be measured. If you access our website via a Google ad, Google Ads stores a cookie on your computer.
These cookies enable Google to recognise your web browser. If a user visits certain website pages belonging to a Google Ad advertiser and the cookie stored on their computer has not yet expired, Google and the advertiser can recognise that the user has clicked on the advertisement and has been redirected to this page. Each Google Ads advertiser is assigned a different cookie. Cookies cannot therefore be tracked via the websites of a Google Ads advertiser. We do not collect or process any personal data in the previously mentioned advertising measures. We only receive statistical evaluations from Google. On the basis of these evaluations we can recognise which of the advertising measures used are particularly effective. We do not receive any further data regarding the use of advertisements, however; in particular, we cannot identify users based on this information.
Google uses strict standards to ensure the security of the data; only pages containing the Google conversion code are recorded. The data collected is encrypted and only used in secure servers. For more information and Google’s privacy policy, please refer to: https://policies.google.com/privacy?gl=de
(4) Google Remarketing
Our website uses the remarketing functions of the Google Ads service. The remarketing function allows users of our website to see our advertisements based on their interests when they visit other websites within the Google display network (in Google searches or on YouTube, “Google Ads” or on other websites).
For this purpose, the interaction of users on our website is analysed, such as which offers the user was interested in, in order to show users targeted advertising on other Internet sites after visiting our website. Google does this by storing a number in the browsers of users who visit certain Google services or websites within the Google display network. This number, known as a “cookie,” is used to track visits by these users. This number is used to uniquely identify a web browser on a particular device and not to identify an individual, and no personal information is stored.
For more information and Google’s privacy policy, please refer to: https://policies.google.com/privacy?gl=de
(5) Facebook pixel
Our website uses the “Custom Audiences” remarketing function of Facebook Inc. (“Facebook”). This allows users of the website to see interest-based advertisements (“Facebook ads”) when visiting the Facebook social network or other websites that also use this process. We want to show you advertisements that are of interest to you in order to make our website more interesting for you.
Due to the marketing tools used, your browser automatically establishes a direct connection to the Facebook server. We do not have any influence on the extent and further use of the data collected by Facebook through the use of this tool and therefore inform you according to our level of knowledge: By integrating Facebook Custom Audiences, Facebook receives information that you have accessed the corresponding part of our website or clicked on one of our advertisements. If you are registered with a Facebook service, Facebook may associate your visit with your account. Even if you are not registered with Facebook or have not logged in, it is possible that the provider may obtain and store your IP address and other identifying features.
It is possible to deactivate the “Facebook Custom Audiences” function for logged in users at
https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen#.
For more information about Facebook’s data processing, please visit https://www.facebook.com/about/privacy.
(6) Pinterest Conversion Tracking
Our website uses the conversion tracking technology of the Pinterest social network (Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland), which enables us to show our website visitors who have already taken an interest in our website and our content/offerings and are Pinterest members, relevant advertisements and offers on Pinterest. For this purpose, a so-called conversion tracking pixel from Pinterest is integrated in our pages, which tells Pinterest when you visit our website that you have called up our website and which parts of our offer you are interested in. You can deactivate the collection of data for displaying interest-based advertising on Pinterest at any time in your account settings on Pinterest at https://www.pinterest.de/settings.
For more information about Pinterest conversion tracking technology, please visit
https://help.pinterest.com/de/business/article/track-conversions-with-pinterest-tag.
4. RETENTION PERIOD, OBJECTION AND ERASURE OPTION
Cookies are saved on the user’s computer and transmitted from this computer to our website. This means you as the user have full control over the use of cookies. By changing the settings in your web browser you can deactivate or restrict the transmission of cookies. The retention period for Google Analytics is 14 months, and the language information for the website is stored for 180 days. Previously saved cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may not be possible to use all functions of our website to their full extent.
VI. Registration.
1. DESCRIPTION AND EXTENT OF DATA PROCESSING
We offer specialist retailers the option of registering on our website (nobilia Extranet) by entering their personal data. The data is entered in the input mask, transmitted to us and stored. Data is not disclosed to third parties. The following data is collected during the registration process:
(1) Customer number
(2) Company
(3) Street and house number
(4) Postcode, town and country
(5) Phone and fax number
(6) Website
(7) First and last name of the contact person, their department, phone and fax number and email address
During the registration process, the user is asked to consent to this data being processed.
2. LAWFUL BASIS FOR DATA PROCESSING
The lawful basis for processing data when the user has given consent is Article 6(1)(a) GDPR. If the purpose of registration is the performance of a contract to which the user is party or to take steps prior to entering into a contract, an additional lawful basis is provided by Article 6(1)(b) GDPR.
3. PURPOSE OF DATA PROCESSING
Registration of the user is required to provide certain content and services on our website. The registered user can activate email transmission of confirmed orders, is granted access to our order information system, delivery times, service information and information about news and courses.
4. RETENTION PERIOD
The data will be deleted when it is no longer needed for the purpose it was collected. This is the case for the data collected during registration if the registration on our website is cancelled or modified.
5. OBJECTION AND REMOVAL OPTION
As a user, you have the option of cancelling your registration at any time. You can have your stored personal data changed at any time. You can initiate the correction and erasure of data yourself under the menu item “My account”.
VII. Contact form and email contact.
1. DESCRIPTION AND EXTENT OF DATA PROCESSING
Our website contains a contact form which can be used for contacting us electronically. If a user takes advantage of this option, the data entered in the input mask is transmitted to us and stored. This data comprises:
(1) First name and last name
(2) Email address
(3) Company
(4) Street and house number
(5) Postcode, town and country
(6) Phone and fax number
In addition, the following data is saved at the time the message is sent:
(7) IP address
(8) User agent
(9) Time of contact
With regard to processing this data, reference is made to the data protection policy prior to transmission.
Alternatively, it is possible to use the email address provided to contact us. In this case, the user’s personal data transmitted by email is saved.
No data is disclosed to third parties in this context. The data is only used for processing the interaction.
2. LAWFUL BASIS FOR DATA PROCESSING
The lawful basis for processing this data is Article 6(1)(f) GDPR.
3. PURPOSE OF DATA PROCESSING
We only process this personal data to deal with your enquiry and send any information you may have requested or answer your questions. Since you are contacting us, this constitutes our legitimate interest in processing this data.
Any other personal data processed during the transmission process is used to prevent misuse of the contact form and safeguard our IT systems.
4. RETENTION PERIOD
The data will be deleted when it is no longer needed for the purpose it was collected. For the personal data from the input mask of the contact form and the personal data transmitted by email, this is the case when each interaction with the user is completed. The interaction is completed when the circumstances indicate that the matter in question has been fully dealt with.
5. OBJECTION AND REMOVAL OPTION
Users may revoke their consent to the processing of their personal data at any time. The user can object to the retention of their personal data at any time by contacting us by email at datenschutz@nobilia.de. However, in this case, the interaction cannot be continued.
In this case, all personal data saved when the user contacted us is deleted.
VIII. Rights of the data subject.
If personal data related to your person is processed, you are the data subject as defined by GDPR and you have the following rights vis-à-vis the data controller:
1. RIGHT OF ACCESS
You can request confirmation from the data controller indicating whether we are processing personal data relating to you.
If this is the case, you can request information from the data controller on the following:
(1) The purposes for which your personal data is processed;
(2) The categories of personal data processed;
(3) The recipients, or categories of recipients, to whom your personal data was or is disclosed;
(4) The planned duration of storage of your personal data or, if specific information cannot be given, criteria for their definition;
(5) The existence of a right of rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to this processing;
(6) The existence of a right to lodge a complaint with a supervisory authority;
(7) All available information about the origin of the data, if the personal data is not collected from the data subject;
(8) The existence of automated decision-making procedures, including profiling, pursuant to Article 22(1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved and the extent and envisaged effect of such procedures on the data subject.
You have the right to request information from us on whether the relevant personal data is transferred to a third country or to an international organisation. In this context, you can request to be informed about appropriate safeguards pursuant to Article 46 GDPR in connection with the transfer.
2. RIGHT TO RECTIFICATION
You have the right to request that the data controller rectify and/or complete any personal data related to your person, if this is incorrect or incomplete. The controller must make the correction as soon as possible.
3. RIGHT TO RESTRICT PROCESSING
Under the following conditions, you can request that the processing of your personal data be restricted:
(1) If you dispute the correctness of your personal data for a period of time which enables the controller to check that your personal data is correct;
(2) If processing is unlawful and you do not wish for your personal data to be deleted and instead request a restriction in the use of your personal data;
(3) If the controller no longer requires your personal data for processing purposes, but you still require the data for asserting, exercising or defending legal claims; or
(4) If you have filed an objection to processing based on Article 21(1) GDPR and it is not yet clear whether the legitimate reasons of the controller outweigh your interests.
If processing of your personal data was restricted, your personal data may only be used – with the exception of its retention – with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural person or legal entity or for reasons of important public interest of the European Union or a member state.
If processing was restricted according to the above-mentioned conditions, the data controller will inform you before this restriction is lifted.
4. RIGHT TO ERASURE
Obligation to erase
You have the right to have personal data referring to your person deleted immediately and the data controller is obligated to delete this data immediately if one of the following reasons applies:
(1) The personal data referring to your person is no longer required for the purposes for which it was collected or otherwise processed.
(2) You withdraw your consent on which processing was based pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR and there is no other lawful basis for processing.
(3) You object to the processing of your data based to Article 21(1) GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing based on Article 21(2) GDPR.
(4) The personal data related to your person was processed unlawfully.
(5) The erasure of your personal data is required to meet a legal obligation according to European Union law or the law of EU member states, to which the controller is subject.
(6) The personal data related to you was collected based on offered information society services according to Article 8(1) GDPR.
b) Transmission to third parties
If the data controller has published the personal data related to your person and is obligated to delete it according to Article 17(1) GDPR, the controller will take adequate measures, including of a technical nature, taking into account the available technology and the costs of its implementation, to inform data controllers, who are processing the personal data in question, that you as the data subject have requested that they delete all links to this personal data or copies and duplicates of this personal data.
c) Exceptions
There is no right to erasure if the processing is necessary
(1) For exercising the right to free speech and information;
(2) To meet a legal obligation which requires processing according to European Union law or the law of one of its member states, to which the data controller is subject, or to fulfil a task that is in the public interest or a task of official authority assigned to the controller;
(3) For reasons of public interest with regard to public health pursuant to Article 9(2)(h) and (i) as well as Article 9(3) GDPR;
(4) For archival purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) GDPR, provided that the right to erasure is expected to make achieving these aims of processing impossible or to severely impact them, or
(5) To assert, exercise or defend legal claims.
5. RIGHT TO BE INFORMED
If you have exercised your right to rectification, erasure or restriction of processing vis-à-vis the data controller, the controller is obliged to report this rectification, erasure or restriction of processing to all recipients to whom your personal data concerning you has been disclosed, unless this proves impossible or involves a disproportionate effort.
You have the right to request the controller to inform you about these recipients.
6. RIGHT TO OBJECT
You have the right to object to processing of personal data related to your person at any time, for reasons based on your specific situation, if this processing is based on Article 6(1)(e) GDPR; this also applies to profiling based on these provisions.
The data controller will not continue to process the personal data related to your person unless the controller can prove interests worthy of protection for this processing which override your interests, rights and freedoms, or if processing is for the purpose of asserting, exercising or defending legal claims.
If the personal data related to your person is being processed for the purpose of targeted advertising, you have the right to object to the processing of the personal data related to your person for the purpose of this type of advertising at any time; this also applies to profiling related to such targeted advertising.
If you object to the processing of your personal data for the purpose of targeted advertising, your personal data will no longer be processed for this purpose.
You may exercise your option to object in relation to the use of information society services, irrespective of Directive 2002/58/EC, by means of automated procedures using technical specifications.
7. RIGHT TO REVOKE THE DECLARATION OF CONSENT UNDER DATA PROTECTION LAW
You have the right to withdraw your declaration of consent under data protection law at any time. Withdrawal of your declaration of consent does not affect the lawfulness of the data processing performed up to that point based on your consent.
8. RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY
Without prejudice to other legal remedies based on administrative law or court decisions, you have the right to lodge a complaint with a supervisory authority, especially in the member state in which you or your workplace is located, or in which the alleged infringement occurred, if you believe that processing of your personal data is in breach of the GDPR.
The supervisory authority with which the complaint was lodged informs the complainant about the status and the result of the complaint, including the possibility of a legal remedy according to Article 78 GDPR.
The responsible supervisory authority is:
North Rhine-Westphalia State Commissioner for Data Protection and Freedom of Information (LDI NRW)
POB 20 04 44
40102 Düsseldorf
Germany
Phone: +49 (0) 211 38424-0
Fax: +49 (0) 211 38424-10
Email: poststelle@ldi.nrw.de
Download the nobilia data protection policy here:
General terms of delivery and payment for orders of nobilia elements goods
General terms of delivery and payment for orders of nobilia elements goods