Data privacy information stationary business
Data Privacy Information for Customers and Prospects
Data privacy information regarding our processing of customer and prospect data in accordance with Articles 13, 14, and 21 of the General Data Protection Regulation (GDPR)
MIMOS eGbR (Company Register: Local Court Wuppertal, GsR 853)
Authorized partners: Lea-Charlotte Mattler-Strötgen and Pia Strötgen-Janßen
Friedrich-Ebert-Str. 6
42103 Wuppertal
Tel.: 0202 - 39309572
Email: hello@mimosring.com
———————————————————————————————————————————————
Dear Customer, Dear Prospect,
In accordance with the provisions of Art. 13, 14, and 21 of the General Data Protection Regulation (GDPR), we hereby inform you about the processing of your personal data and your related data protection rights. Which data is processed in detail and how it is used depends largely on the requested or agreed services.
To ensure that you are fully informed about the processing of your personal data in the context of contract fulfillment or the implementation of pre-contractual measures, please take note of the following information.
1. Controller in the sense of data protection law
MIMOS eGbR
Authorized partners: Lea-Charlotte Mattler-Strötgen and Pia Strötgen-Janßen
Friedrich-Ebert-Str. 6
42103 Wuppertal
Tel.: 0202-39309572
Email: hello@mimosring.com
Website: www.mimosring.com
2. Purposes and legal bases for the processing of personal data
We process your personal data in accordance with the provisions of the European General Data Protection Regulation (EU-GDPR) and the Federal Data Protection Act (BDSG), provided that these are necessary for establishing, executing, fulfilling a contract, and for carrying out pre-contractual measures.
The processing of your personal data serves, for example,
- to answer and process your inquiry,
- to create and send offers to you,
- to execute and implement your order,
- to discuss order details and to send a completion notice.
We also require your personal data for
- the creation and transmission of invoices for your order or purchase
- and, in the context of a scrap gold purchase, for the creation of a purchase agreement.
Insofar as the provision of personal data is necessary for the initiation or execution of a contractual relationship or within the framework of pre-contractual measures, processing is lawful according to Art. 6 Para. 1 lit. b GDPR.
If you give us explicit consent to process personal data for specific purposes (e.g., disclosure to third parties, advertising by email or post (see Section 8 of this data privacy information) or analysis for marketing purposes)
the lawfulness of this processing is based on your consent according to Art. 6 Para. 1 lit. a GDPR. Granted consent can be revoked at any time with effect for the future (see Sections 8, 9, and 10 of this data privacy information).
If necessary and legally permissible, we process your data beyond the actual contractual purposes to fulfill legal obligations according to Art. 6 Para. 1 lit. c GDPR. Furthermore, processing may take place to protect our legitimate interests or those of third parties according to Art. 6 Para. 1 lit. f GDPR. This is permissible unless your interests or fundamental rights and freedoms, which require the protection of personal data, outweigh these interests. If applicable, we will inform you separately, stating the legitimate interest, insofar as this is legally required.
3. Categories of personal data
We only process data that is related to the establishment of the contract or pre-contractual measures. This may include general personal data (name, address, telephone number, email address), documentation data (data from consulting and service discussions), order data, payment data, and, if applicable, further data that you provide to us when establishing the contract. For processing a scrap gold purchase, we also require your date of birth and your ID card number for the purchase agreement.
4. Origin of personal data
We process personal data that we receive from you in the context of contacting us or establishing a contractual relationship or within the framework of pre-contractual measures, or that you provide via our contact and/or appointment booking form on our website www.mimosring.com. Further information on the processing of your personal data within the framework of contacting us and booking appointments via the corresponding forms on our website can be found under sections 5 and 6 of this data protection information and in the data protection declaration of our website.
5. Recipients of the data
Within our company, we disclose your personal data exclusively to those individuals who require this data for the fulfillment of contractual and legal obligations or for the implementation of our legitimate interests.
Furthermore, your personal data may be passed on to affiliated companies or external partners, insofar as this is necessary and permissible within the scope of the purposes and legal bases set out in Section 2 of this data privacy information.
If we commission third parties with the processing of your personal data, this is generally done on the basis of a data processing agreement in accordance with Art. 28 GDPR. In these cases, we ensure that the processing of personal data complies with applicable data protection regulations. The categories of these recipients include in particular providers of internet services as well as providers of customer management systems and software.
In addition, we work with partners for whom a data processing agreement is not required, as the processing of personal data takes place on the basis of special legal provisions, such as the Telecommunications Act (TKG). In these cases, data processing is covered by corresponding legal regulations.
There are also partners who provide a Data Processing Agreement (DPA) that ensures the protection of personal data in accordance with the provisions of the GDPR. Here, too, we ensure that the transmission of data complies with data protection regulations.
Your personal data is processed on our behalf, among others,
- by Sendinblue GbmH / Brevo (Köpenicker Straße 126, 10179 Berlin, Germany), through which we create our email marketing campaigns and send you our newsletter. > Further information on the processing and protection of your personal data by Brevo can be found under Section 8 of this data privacy information, in the data privacy policy of our website or online shop www.mimosring.com and under https://www.brevo.com/de/legal/
- by Klaviyo Inc. (125 Summer St Floor 7, Boston, MA 02111, USA), a platform through which we create our email marketing campaigns and send you our newsletter. > Further information on the processing and protection of your personal data by Klaviyo can be found under Section 8 of this data privacy information, in the data privacy policy of our website or online shop www.mimosring.com and under https://www.klaviyo.com/legal/privacy-notice, https://www.klaviyo.com/legal as well as under https://www.klaviyo.com/legal/data-processing-agreement and https://www.klaviyo.com/legal/subprocessors.
- by the Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, USA) or Microsoft Ireland Operations Limited (One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland) as the provider of the Microsoft 365 online service we use for our daily email communication with customers, suppliers, service providers and interested parties. > Further information on the processing and protection of your personal data by Microsoft can be found at https://www.microsoft.com/de-de/microsoft-365/business/data-security-privacy-germany, https://www.microsoft.com/licensing/docs and https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA?lang=14&assetType=283&year=2024
- by Calendly LLC (BB&T Tower, 271 17th St NW, Atlanta, GA 30363, USA), an appointment booking function through which you can directly book an appointment with us on our website. > Further information on the processing and protection of your personal data by Calendly can be found under Section 6 of this data privacy information, in the data privacy policy of our website or online shop www.mimosring.com and under https://calendly.com/legal/privacy-notice, https://calendly.com/legal and https://calendly.com/legal/data-processing-addendum
- by Shopify International Ltd. (c/o Intertrust Ireland, 2nd Floor, 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland) our hosting provider for our MIMOS online presence (homepage and online shop). > Further information on the processing and protection of your personal data by Shopify can be found in the data privacy policy of our website or online shop www.mimosring.com and at https://www.shopify.com/legal/privacy, https://www.shopify.com/legal/privacy/customers, https://www.shopify.com/legal/dpa and https://www.shopify.com/legal/cookies
- by 1&1 Telecommunication SE (Elgendorfer Str. 57, 56410 Montabaur, Germany) as the telecommunications provider for our telephone connection. > Further information on the processing and protection of your personal data by 1&1 can be found at https://www.1und1.de/Datenschutz and https://www.gesetze-im-internet.de/tkg_2021/
- by DATEV eG (Paumgartnerstr. 6 - 14 , 90429 Nürnberg, Germany) as the provider of the accounting software we use for our financial accounting. > Further information on the processing and protection of your personal data by DATEV can be found at https://www.datev.de/web/de/m/ueber-datev/datenschutz/
- by sevDesk GmbH (Im unteren Angel 1, 77652 Offenburg, Germany) as the provider of the invoicing and accounting software we use for our digital quote and invoice creation and our sending of quotes, invoices and invoice corrections by email. > For the creation of quotes, invoices and invoice corrections, it is necessary for us to include the full name and contact details (address, email address, telephone number) of our customers in sevDesk. As a rule, the contact details are also stored there by us. > Further information on the processing and protection of your personal data by sevDesk can be found at https://sevdesk.de/datenschutz/
- by CCV GmbH (Gewerbering 1, 84072 Au i.d. Hallertau, Germany) as the commercial network operator for our cashless card payment system. > Further information on the processing and protection of your personal data by CCV can be found at https://www.ccv.eu/de/datenschutz/
Furthermore, your personal data is processed within the framework of our cashless card payment system by the following technical network operators/acquirers:
- by Payone GmbH (Lyoner Straße 9, 60528 Frankfurt am Main, Germany) for EC or girocard payments and Nexi Germany GmbH (Helfmann-Park 7, 65760 Eschborn, Germany) for accepting credit card payments. Please also refer to the corresponding checkout notice "Data Protection Information according to Art. 13, 14 of the General Data Protection Regulation (GDPR) on card payments" at our card payment device and the data protection information from Payone and Nexi available for information and to take away. Further information on the processing and protection of your personal data by Payone and Nexi can be found at https://www.payone.com/DE-de/datenschutz, https://www.payone.com/DE-de/dsgvo and https://media3.payone.com/f/64176/x/c90fa8e6ef/payone-information-zu-datenverarbeitung-gemass-art-14-dsgvo-0220-1.pdf as well as https://www.nexigroup.com/de/datenschutzrichtlinie/ and https://www.nexi.de/content/dam/nexide/downloads/download-center/legal/DE_DE_Datenschutz_Information_DSGVO_fuerKarteninhaber.pdf
Otherwise, data will only be passed on to recipients outside the company if legal provisions permit or require this, if the transfer is necessary for processing and thus for fulfilling the contract or, upon your request, for carrying out pre-contractual measures, if we have your consent, or if we are authorized to provide information.
Under these conditions, recipients of personal data may include, for example:
- External tax advisor
- Public authorities and institutions (e.g., public prosecutor's office, police, supervisory authorities, tax office) if there is a legal or official obligation
- Recipients to whom the transfer is directly necessary for the establishment or fulfillment of the contract, such as (financial service providers, shipping service providers, external engraver)
Data processing for the purpose of shipping
For the fulfillment of the contract according to Art. 6 para. 1 sentence 1 lit. b GDPR, we pass on your data to the shipping service provider commissioned with the delivery, insofar as this is necessary for the delivery of ordered/commissioned goods. If you have any questions about our service providers and the basis of our cooperation with them, please contact the contact option described in section 1 of this data protection information.
Data transfer to shipping service providers for the purpose of shipping notifications
If you have given us your express consent to this during or after your order/commission, we will, based on this consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, pass on your e-mail address and telephone number to the selected shipping service provider so that they can contact you before delivery for the purpose of delivery notification or coordination.
The consent can be revoked at any time by sending a message to the contact option described in this data protection information or directly to the shipping service provider at the contact address listed below. After revocation, we will delete your data provided for this purpose, unless you have expressly consented to further use of your data or we reserve the right to further data use that is legally permitted and about which we inform you in this declaration. If you have any questions about our service providers and the basis of our cooperation with them, please contact the contact option described in section 1 of this data protection information.
United Parcel Service Deutschland S.à r.l. & Co. OHG
Görlitzer Straße 1
41460 Neuss
Germany
Bertram Juwelier Service GmbH & Co. KG
Klosterstraße 11–13
50931 Cologne
Germany
Data transfer to external engraver
For the incorporation of individual engravings into or onto a piece of jewelry commissioned or supplied by you, we work with an external engraver if it is a type of engraving that we cannot produce ourselves with our engraving machine within our workshop (e.g. various fonts, special characters and symbols, handwriting engravings, fingerprint engravings, etc.).
For this purpose, we pass on the engraving text you desire to the external engraver. Engraving texts often contain personal data such as your name and/or names of people close to you, wedding dates, birthday dates, baptism dates, handwriting excerpts, fingerprints, etc. A confidentiality agreement exists with the external engraver for the protection of your personal data. If you have any questions about the external engraver and the basis of our cooperation with them, please contact the contact option described in section 1 of this data protection information.
Data transfer to external goldsmiths (course instructors)
Within the scope of our cooperation with external goldsmiths who conduct our wedding ring courses (independent goldsmiths), we transmit personal data of our customers exclusively for the following purposes:
- Payment processing and organization of services:
If payment processing is carried out by the external goldsmith, the necessary data (e.g., name, contact details, payment information) will be transmitted to them. The external goldsmiths act on our behalf and are subject to the provisions of the General Data Protection Regulation (GDPR). - Purpose-bound use:
The commissioned external goldsmiths are obliged to use customer data exclusively for the provision of the agreed services. Further processing or disclosure of the data is impermissible, unless required by law or with the express consent of the data subject. - Confidentiality and protection of data:
We ensure that all external goldsmiths are contractually obliged to comply with data protection regulations. This includes, in particular, the confidentiality of customer data and its protection against unauthorized access.
6. Transfer of data to a third country
A transfer of personal data to countries outside the EEA (European Economic Area) or to an international organization will only take place if this is necessary for the processing and fulfillment of a contract or for the implementation of pre-contractual measures at your request, if the disclosure is legally required or you have given us your consent.
Furthermore, such a transfer takes place when you visit our website, use our online shop at www.mimosring.com, or make a purchase in our online shop. Detailed information on the transfer of personal data to a third country in connection with visiting our website or using our online shop can be found in the data protection declaration published there.
All information on the possible transfer of personal data to a third country by our newsletter service providers Brevo (Sendinblue GmbH) and Klaviyo (Klaviyo Inc.), by our appointment booking function Calendly (Calendly LLC) as well as by other partners can be found in sections 5, 6 and 8 of this data protection information and the links provided there, as well as in the data protection declaration published on our website or in our online shop at www.mimosring.com.
7. Duration of data storage
If necessary, we process and store your personal data for the duration of our business relationship or for the fulfillment of contractual purposes. This includes, among other things, the initiation and processing of a contract.
In addition, we store your data in our digital customer file.
There we record your personal details and, for example, some order details that might be relevant for possible subsequent orders (e.g. ring sizes, metal allergies, etc.). If you do not agree with this, you can exercise your right to erasure of data according to Art. 17 GDPR (see section 9 of this data protection information).
Your e-mail address will also remain in the system of Sendinblue GmbH or Klaviyo for agreed newsletter dispatch, provided you have given your consent via the double opt-in procedure. You can revoke the given consent to store the e-mail address and its use for sending the newsletter at any time (see sections 8 and 9 of this data protection information).
In addition, we are subject to various retention and documentation obligations, which arise, among other things, from the German Commercial Code (HGB) and the German Fiscal Code (AO).
The prescribed periods for retention or documentation are two to ten years.
Finally, the storage period also depends on the statutory limitation periods, which, for example, according to §§ 195 ff. of the German Civil Code (BGB), are generally three years, but in certain cases can also be up to thirty years.
8. Advertising by e-mail, post
8.1 E-mail newsletter with registration and newsletter tracking
If you subscribe to our newsletter, we use the data required for this purpose or separately provided by you to regularly send you our e-mail newsletter based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. Unsubscribing from the newsletter is possible at any time and can be done either by sending a message to the contact option described below or via a dedicated link in the newsletter. After unsubscribing, we will delete your e-mail address from the recipient list, unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to further data use that is legally permitted and about which we inform you in this data protection information.
We would like to point out that when sending the newsletter, we evaluate your user behavior. For this purpose, we also analyze your interaction with our newsletter by measuring, storing and evaluating opening rates and click rates for the purpose of designing future newsletter campaigns ("newsletter tracking").
For this evaluation, the e-mails sent contain one-pixel technologies (e.g. so-called web beacons, tracking pixels), which are stored on our website. For the evaluations, we link in particular the following "newsletter data"
- the page from which the page was requested (so-called referrer URL),
- the date and time of the request,
- the description of the type of web browser used,
- the IP address of the requesting computer,
- the email address,
- the date and time of registration and confirmation
and the one-pixel technologies with your e-mail address or your IP address and, if applicable, an individual ID. Links contained in the newsletter can also contain this ID.
If you do not wish newsletter tracking, it is possible to unsubscribe from the newsletter at any time, as described above.
The information will be stored as long as you are subscribed to the newsletter.
8.2 E-mail newsletter without registration and your right to object
If we receive your email address in connection with the sale of goods or services and you have not objected, we reserve the right to regularly send you offers for similar products from our range to those already purchased via email, based on Section 7 Para. 3 UWG. This serves to protect our legitimate interests in addressing our customers for advertising purposes, which outweigh other interests in a balancing of interests, in accordance with Art. 6 Para. 1 Sentence 1 Lit. f GDPR. You can object to this use of your email address at any time by sending a message to the contact option described in Section 1 of this data protection information or via a dedicated link in the advertising email, without incurring any costs other than the transmission costs according to the basic rates.
After unsubscribing, we will delete your email address from the recipient list, unless you have expressly consented to further use of your data in accordance with Art. 6 Para. 1 Sentence 1 Lit. a GDPR or we reserve the right to further data use that is legally permitted and about which we inform you in this data protection information.
8.3 Newsletter dispatch
The newsletter and the newsletter tracking described above may also be sent by our service providers as part of processing on our behalf. If you have any questions about our service providers and the basis of our cooperation with them, please contact the contact option described in section 1 of this data protection information.
Our service providers are located and/or use servers in the following countries, for which the European Commission has determined an adequate level of data protection by decision: United Kingdom.
Our service providers are located and/or use servers in the following countries, for which the European Commission has determined an adequate level of data protection by decision: USA, United Kingdom.
The adequacy decision for the USA applies as a basis for the third country transfer, insofar as the respective service provider is certified. A certification exists.
Our service providers are located and/or use servers in these countries: Australia. For these countries, there is no adequacy decision by the European Commission. Our cooperation with them is based on these guarantees: Standard contractual clauses of the European Commission (https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en?prefLang=de).
Our service providers are located and/or use servers in the following countries, for which the European Commission has determined an adequate level of data protection by decision: Canada.
Our service providers are located and/or use servers in the following countries for which the European Commission has adopted an adequacy decision regarding the level of data protection: USA, Canada.
There is a decision by the European Commission on an adequate level of data protection for the USA as a basis for a third country transfer, insofar as the respective service provider is certified. Until certification by our service providers, data transfer continues to be based on this: Standard contractual clauses of the European Commission.
Our service providers are located and/or use servers in these countries: India. For this country/these countries, there is no adequacy decision by the European Commission. Our cooperation with them is based on these guarantees: Standard contractual clauses of the European Commission.
Addition from Brevo (Sendinblue GmbH):
If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter.
To ensure that the newsletter is sent with your consent, we use the so-called double opt-in procedure. In the course of this, the potential recipient can be included in a distribution list. Subsequently, the user receives a confirmation e-mail giving them the opportunity to confirm the registration in a legally secure manner. Only if confirmation is given will the address be actively included in the distribution list.
Sendinblue GmbH is used as newsletter software. Your data will be transmitted to Sendinblue GmbH. Sendinblue GmbH is prohibited from selling your data and from using it for purposes other than sending newsletters. Sendinblue GmbH is a German, certified provider that has been selected according to the requirements of the General Data Protection Regulation and the Federal Data Protection Act.
Further information can be found here: https://www.brevo.com/de/informationen-newsletter-empfaenger/? rtype=n2go.
You can revoke the consent given for the storage of data, the e-mail address and their use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter.
Data protection measures are always subject to technical renewal, for this reason we ask you to inform yourself regularly about our data protection measures by consulting our data protection information.
8.4 Postal advertising and your right to object
We reserve the right to use your first and last name as well as your postal address for our own advertising purposes, e.g. for sending you interesting offers and information about our products by mail. This serves to protect our legitimate interests in addressing our customers for advertising purposes, which outweigh other interests in a balancing of interests, in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. You can object to the storage and use of your data for these purposes at any time by sending a message to the contact option described in section 1 of this data protection information.
9. Your Rights
Every data subject has the right to information according to Art. 15 GDPR, the right to rectification according to Art. 16 GDPR, the right to erasure according to Art. 17 GDPR, the right to restriction of processing according to Art. 18 GDPR, the right to notification according to Art. 19 GDPR, and the right to data portability according to Art. 20 GDPR.
In addition, there is a right to lodge a complaint with the competent data protection supervisory authority according to Art. 77 GDPR if you believe that the processing of your personal data is not lawful.
The right to complain exists irrespective of any other administrative or judicial remedy.
In North Rhine-Westphalia, the competent supervisory authority for data protection is:
State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
Kavalleriestr. 2-4
40213 Düsseldorf
P.O. Box 20 04 44
40102 Düsseldorf
Tel.: 0211/38424-0
Fax: 0211/38424-10
E-Mail: poststelle@ldi.nrw.de
Website: www.ldi.nrw.de
If data processing is based on your consent, you are entitled, pursuant to Art. 7 GDPR, to revoke your consent to the use of your personal data at any time. Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected. Please also note that we may have to retain certain data for a certain period of time to comply with legal requirements (see Section 7 of this data protection information).
10. Information about your right to object according to Art. 21 GDPR
Insofar as the processing of your personal data is carried out in accordance with Art. 6 para. 1 lit. f GDPR to safeguard legitimate interests, you have the right, pursuant to Art. 21 GDPR, to object to the processing of this data at any time for reasons arising from your particular situation. We will then no longer process this personal data, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.
In individual cases, we process your personal data for direct marketing purposes. You have the right to object to the processing for direct marketing purposes at any time. If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes.
To assert your rights, including the right to object, you can contact us informally using the following contact details:
MIMOS eGbR
Authorized partners: Lea-Charlotte Mattler-Strötgen and Pia Strötgen-Janßen
Friedrich-Ebert-Str. 6
42103 Wuppertal
Tel.: 0202-39309572
Email: hello@mimosring.com
Website: www.mimosring.com
11. Necessity of Providing Personal Data
The provision of personal data for the establishment, execution, or fulfillment of a contract or for pre-contractual measures is generally not legally or contractually required. You are therefore not obliged to provide personal data. However, please note that this data is usually necessary for the decision on entering into a contract, contract fulfillment, or pre-contractual measures. The collection of your data is necessary to process your request. You provide this data to us voluntarily. Failure to provide it would result in us being unable to answer your request or process your order.
An existing contract cannot be executed and may have to be terminated.
We recommend always providing only such personal data that is necessary for the conclusion of a contract, contract fulfillment, or pre-contractual measures.
12. Automated Decision-Making and Profiling
For the establishment, fulfillment, or execution of the business relationship as well as for pre-contractual measures, we generally do not use fully automated decision-making and profiling in accordance with Art. 22 GDPR. Should we use these procedures in individual cases, we will inform you separately or obtain your consent, if legally required.
13. Video Surveillance
Our retail store is under video surveillance.
In accordance with Art. 13 GDPR, we have placed clearly visible signs regarding video surveillance in the relevant areas. In addition, a detailed information sheet on video surveillance is available, which informs data subjects about their rights in connection with the collection and processing of video recordings.
The following provisions apply to the processing of personal data within the scope of video surveillance:
Name and Contact Details of the Controller:
MIMOS eGbR
Authorized partners: Lea-Charlotte Mattler-Strötgen and Pia Strötgen-Janßen
Friedrich-Ebert-Str. 6
42103 Wuppertal
Tel.: 0202-39309572
Email: hello@mimosring.com
Website: www.mimosring.com
Contact Details of the Data Protection Officer: /
Purposes and Legal Basis of Data Processing:
Exercise of house rights, theft prevention, crime prevention, securing evidence in case of criminal offenses Legal basis: Art. 6 para. 1 lit. f GDPR
Legitimate Interests Pursued:
Protection of the property of the controller and the employees in the premises. The legitimate interests of the storing entity are essentially identical to the purposes listed above.
Retention Period or Criteria for Determining the Period:
Recordings are deleted when they are no longer necessary for achieving the aforementioned purposes or if protective interests of the data subjects prevent further storage, at the latest after 7 days.
If video recordings are stored as evidence for criminal and/or civil prosecution, deletion will be carried out in accordance with the statutory limitation periods.
Recipients of the Data or Categories of Recipients of the Data:
The data is only processed and passed on internally within MIMOS eGbR. In individual cases, a transfer to the competent law enforcement authorities may take place if this is necessary for the prosecution of criminal offenses.
Information on the Rights of Data Subjects:
The data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the information listed in detail in Art. 15 GDPR.
The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her and, where appropriate, the completion of incomplete personal data (Art. 16 GDPR).
The data subject has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay where one of the grounds listed in Art. 17 GDPR applies, e.g., if the data is no longer necessary for the purposes for which it was collected (right to erasure).
The data subject has the right to obtain from the controller restriction of processing where one of the conditions listed in Art. 18 GDPR applies, e.g., if the data subject has objected to the processing, for a period enabling the controller to verify the accuracy of the personal data.
The data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims (Art. 21 GDPR).
Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data relating to him or her infringes the GDPR (Art. 77 GDPR). The data subject may exercise this right before a supervisory authority in the Member State of his or her habitual residence, place of work or place of the alleged infringement.
In NRW, the competent supervisory authority for data protection is:
The State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
Westphalia
Kavalleriestr. 2-4
40213 Düsseldorf
Postfach 20 04 44
40102 Düsseldorf
Phone: 0211/38424-0
Fax: 0211/38424-10
Email: poststelle@ldi.nrw.de
Internet: www.ldi.nrw.de
Status: January 2026
Note:
You can find the privacy policy for our online shop at Online Shop Privacy Policy.


