for Kings Road Merch GmbH
www.kingsroadmerch.eu & eu.kingsroadmerch.com
A. General provisions regarding the processing of data on our website
We, Kings Road Merch GmbH, are pleased about your interest in our websites www.kingsroadmerch.eu & eu.kingsroadmerch.com and in our offerings on our websites.
The protection of your personal data is important and a priority for us. Therefore, we aim to provide you with detailed information below about what data is collected when you visit our websites or use our services there and how we process and use this data from there on. We also inform you here about which technical and organisational security measures we have taken in this regard.
Although we as the data controller have implemented numerous technical and organisational security measures for the processing of personal data, the transfer of data over the internet can be fundamentally insecure, meaning that it is impossible to guarantee absolute security. We ask that you take this into account when using our web-based service.
2. Definition of terminology
3. Name and postal address of the data controller responsible for processing "Controller" as defined by data protection legislation:
Kings Road Merch GmbH
Untere Brinkstrasse 66
44141 Dortmund - Germany
Tel. +49 (0)231-496694-0
4. Contact details of the Data Protection Officer
5. Erasure and restriction of personal data / duration of storage
The law requires data to be retained for six years under Section 257, Paragraph 1 of the German Commercial Code (accounting ledgers, inventories, opening balance sheets, end-of-year financial statements, business correspondence, accounting documents, etc.) or for ten years under Section 147, Paragraph 1 of the German Fiscal Code (ledgers, records, management reports, accounting documents, business correspondence, etc.)
6. Rights of data subjects
6.1. Right to confirmation
Any data subject is entitled to request confirmation from the data controller responsible for processing about whether personal data pertaining to them is being processed. If a data subject wishes to make use of this right to confirmation, they can contact us or another employee for this purpose at any time.
6.2. Right to information
Any data subject whose personal data is being processed is entitled to receive information at any time about what personal data is stored about them and to receive a copy of this information. The data subject is also entitled to receive the following information:
- the purposes of processing
- the categories of personal data being processed
- the recipients or categories of recipients to whom the personal data is or will be disclosed, especially where recipients are located in Third Countries (non-EEA countries) or are international organisations
- where possible, the planned duration of storage of the personal data; if this is not possible, the criteria that define how long this data is stored for
- the existence of a right to have their personal data corrected or erased, to have processing restricted by the data controller, and to object to this processing
- the existence of a right of complaint to a supervisory authority
- where personal data is not collected from the data subject: all available information about the origin of the data
- the existence of automated decision-making processes, including profiling under Article 22, Paragraphs 1 & 4 of the GDPR and - at least in these cases - relevant information about the applied logic as well as the scope and intended effects of such processing for the data subject
The data subject is also entitled to information about whether personal data is being transmitted to a Third Country or an international organisation. If this is the case, the data subject is also entitled to receive information about suitable guarantees related to this transmission.
If a data subject wishes to make use of this right to information, they can contact us for this purpose at any time.
6.3 Right to correction
Any data subject affected by the processing of personal data is entitled to demand the immediate correction of any incorrect personal data pertaining to them. The data subject is also entitled to demand that incomplete personal data be completed in line with the purpose of the processing by submitting an additional declaration.
If a data subject wishes to make use of this right to correction, they can contact us for this purpose at any time.
6.4 Right to erasure
Any data subject affected by the processing of personal data is entitled to demand that the data controller have their personal data erased immediately, as long as one of the following cases applies and as long as processing is not required:
- The personal data has been collected for purposes or has been processed in other ways that are no longer required.
- The data subject has withdrawn their consent that enabled processing under Article 6, Paragraph 1, Letter a of the GDPR or Article 9, Paragraph 2, Letter a of the GDPR, and there is no other legal basis for processing.
- The data subject has lodged their objection to processing in accordance with Article 21, Paragraph 1 of the GDPR, and there are no overriding legitimate reasons for processing.
- The personal data is being processed unlawfully.
- The erasure of the personal data is required for compliance with a legal obligation under the law of the European Union or the member states to which the data controller is subject.
- The personal data has been collected in connection with information society services in accordance with Article 8, Paragraph 1 of the GDPR.
If one of the aforementioned cases applies and a data subject wishes to have personal data stored by Kings Road Merch GmbH erased, they can contact us for this purpose at any time. We will then have the requested erasure performed immediately.
If the personal data has been made public by Kings Road Merch GmbH and if our company in its capacity as the data controller is required to erase the personal data in accordance with Article 17, Paragraph 1 of the GDPR, we will take measures that are reasonable in consideration of available technology and implementation costs, including of a technical nature, to ensure that other data controllers that have processed the published personal data are notified that the data subject has demanded of these other data controllers the erasure of all links to this personal data or has demanded copies or duplicates of this personal data, unless processing is required. We will have the necessary action taken on a case-by-case basis.
6.5 Right to restrict processing
Any data subject affected by the processing of personal data is entitled to demand that the data controller restrict processing if one of the following requirements is met:
- The correctness of the personal data is disputed by the data subject for a period of time in which the data controller can review the correctness of the personal data.
- The data is being processed unlawfully, the data subject rejects erasure of their personal data and instead demands restriction of the use of their personal data.
- The data controller no longer requires the personal data for the processing purposes, but the data subject requires it in order to establish, exercise or defend against legal claims.
- The data subject has lodged an objection against processing in accordance with Article 21, Paragraph 1 of the GDPR and it is not yet certain whether the legitimate interests of the data controller outweigh those of the data subject.
If one of the aforementioned cases applies and a data subject wishes to have the use of their personal data stored by Kings Road Merch GmbH restricted, they can contact us for this purpose at any time. We will have the necessary measures taken to have processing restricted.
6.6 Right to data portability
Any data subject affected by the processing of personal data is entitled to receive a copy of their personal data as provided by the data subject to a data controller in a structured, standardised and machine-readable format. The data subject is also entitled to have this data transmitted to another data controller without obstruction by the data controller to whom the personal data was provided, as long as the processing is performed on the basis of consent provided in accordance with Article 6, Paragraph 1, Letter a of the GDPR or Article 9, Paragraph 2, Letter a of the GDPR or on the basis of a contract in accordance with Article 6, Paragraph 1, Letter b of the GDPR, such processing is performed with the aid of automated procedures, and where this process is not required for the performance of a task carried out for reasons of public interest or in the exercise of official authority vested in the controller.
When exercising their right to data portability, the data subject is also entitled under Article 20, Paragraph 1 of the GDPR to have the personal data transmitted directly by one data controller to another data controller insofar as this is technically feasible and does not adversely affect the rights and freedoms of other persons.
The data subject may contact us at any time to make use of their right to data portability.
6.7 Right to object
Any data subject affected by the processing of personal data is entitled to lodge an objection against the processing of their personal data on the basis of Article 6, Paragraph 1, Letters e or f of the GDPR at any time, on grounds relating to their particular circumstances. This also applies to profiling procedures based on these provisions.
Where such an objection is lodged, Kings Merch GmbH will cease to process the personal data, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Where Kings Road Merch GmbH processes personal data for direct marketing purposes, the data subject has the right to object to processing of personal data concerning him or her for such marketing at any time, which includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing for direct marketing purposes, the personal data will no longer be processed for such purposes.
The data subject is also entitled to object to the processing of their personal data for scientific or historical research purposes or statistical purposes pursuant to Article 89, Paragraph 1 of the GDPR on grounds relating to their particular circumstances unless this processing is required for the performance of a task carried out for reasons of public interest.
The data subject may contact us directly to make use of their right to object. The data subject is also entitled to use automated methods governed by technical specifications to exercise their right to object in connection with the use of information society services, regardless of Directive 2002/58/EC.
6.8 Automated individual decision-making, including profiling
Any data subject affected by the processing of personal data is granted the right by the European Union legislative to be not subject to decision-making processes that are exclusively based on automated processing - including profiling where relevant - insofar as such processes may result in legal effects for them or may significantly adversely affect them in a similar fashion, unless such decisions
- are necessary for the conclusion or performance of a contract between the data subject and the data controller or
- are authorised by European Union or member state law to which the controller is subject, where these laws include suitable measures to safeguard the rights, freedoms and legitimate interests of the data subject or
- are taken with the express consent of the data subject.
If the decision
- is necessary for the conclusion or performance of a contract between the data subject and the data controller or
- is taken with the express consent of the data subject, Kings Road Merch GmbH will take suitable measures to safeguard the rights, freedoms and legitimate interests of the data subject, which include at the very least the right to invoke human intervention on the behalf of the data controller, to represent their own point of view, and to contest the decision.
If the data subject wishes to make use of their rights relating to automated decision-making processes, they can contact us to do so at any time.
6.9 Right to withdraw consent under data protection law
Any data subject affected by the processing of personal data is entitled to withdraw consent for the processing of their personal data at any time.
If the data subject wishes to make use of their right to withdraw consent, they can contact us to do so at any time.
Any data subject can contact us directly at any time with any questions and concerns that they may have on data protection and privacy.
6.10 Right to lodge a complaint with a data protection supervisory authority
Any data subject affected by the processing of personal data is entitled to lodge a complaint with a data protection supervisory authority through us about how their personal data is processed.
7. Legal basis of processing
Article 6, Paragraph 1, letter a of the GDPR serves as the legal basis upon which Kings Road Merch GmbH performs such processing. In this connection, consent must be acquired for a certain processing purpose. If the processing of personal data is required for the performance of a contract to which the data subject is a party, processing is based on Article 6, Paragraph 1, Letter b of the GDPR. The same applies to any processing actions that are required to perform pre-contractual activities, for instance in relation to enquiries regarding our products & services. Where Kings Road Merch GmbH is subject to a legal obligation that necessitates the processing of personal data, processing is based on Article 6, Paragraph 1, Letter c of the GDPR. In rare cases, it may be necessary to process personal data in order to safeguard the vital interests of the data subject or another natural person, in which case processing is based on Article 6, Paragraph 1, Letter d of the GDPR. Finally, processing actions may be based on Article 6, Paragraph 1, Letter f of the GDPR. This legal basis permits processing that is not encompassed by any of the previously stated legal bases, as long as the processing is necessary to safeguard the legitimate interests of Kings Road Merch GmbH or a third party, unless outweighed by the interests, fundamental rights and fundamental freedoms of the data subject. Such processing is in particular permitted because it is specifically mentioned by the European legislative (see Recital 47, Sentence 2 of the GDPR).
8. Accommodation of legitimate interests
9. Data protection when using our contact details
If you use the contact details specified on our website to contact us (for instance our email address or fax number), the personal data that you transmit in this connection will only be processed for the purpose of the contact.
If the reason for your contact is to express interest in our products or services or if it relates to the performance of an existing contract with us, processing is performed on the basis of Article 6, Paragraph 1, Letter b of the GDPR. In all other contact scenarios, we have a legitimate interest in accordance with Article 6, Paragraph 1, Letter f of the GDPR in processing data in order to continue the communication initiated by you.
We store the data required for the performance of the contract until expiry of the statutory warranty and (where relevant) contractual guarantee periods. We retain data required under commercial and tax law for the periods of time specified by statute, which is normally ten years (see Section 257 of the German Commercial Code and Section 147 of the German Fiscal Code). Data processed for the performance of pre-contractual activities will be deleted as soon as the measures have been completed and it is apparent that it will not result in the conclusion of a contract.
The personal data that we store on the basis of a legitimate interest will be stored until the purpose of the contact has been fulfilled. You are entitled at any time on grounds relating to your particular circumstances to object to the processing of data that is performed on the basis of Article 6, Paragraph 1, Letter f of the GDPR and is not performed for the purpose of direct marketing. Where data is processed for direct marketing purposes, on the other hand, you can object to this processing at any time without specifying grounds.
The recipients of personal data processed on this legal basis are IT service providers (in particular hosters) with whom we have concluded Data Processing Agreements in accordance with Article 28 of the GDPR.
10. Data protection in relation to job applications and during applicant selection procedures
We collect and process the personal data of applicants for the purpose of conducting applicant selection procedures. This therefore constitutes a pre-contractual activity within the meaning of Article 6, Paragraph 1, Letter b of the GDPR.
Data may be processed electronically, for instance when an applicant sends corresponding application documents to us digitally, for example by email or through our contact form. If we conclude an employment agreement with an applicant, the transmitted data will be stored for the purpose of governing the employment relationship in accordance with statutory requirements. If no employment agreement is concluded with the applicant by the data controller, the application documents will be automatically erased six months after sending the rejection correspondence, unless there are other legitimate interests of the data controller opposing erasure. Another example of a legitimate interest in this context might be an obligation to provide evidence in proceedings under the General Equal Treatment Act.
Where incoming applications are received in digital form, the recipients of the processed personal data are our IT service providers (in particular hosters), with whom we have concluded corresponding Data Processing Agreements in accordance with Article 28 of the GDPR.
B. Specific provisions regarding the processing of data on our website
1. Collection and usage of your data
The scope and nature of how your data is collected and used will vary depending on whether you only visit our website to access information or wish to make use of services that we offer, for instance by concluding a contract via the website.
2. Informational usage/collected data/cookies
(1) When using our website for solely informational purposes, i.e. if you do not submit an order through our website or send us information in any other way, we will only collect the personal data that your browser sends to our server. If you wish to view our website, we collect the following data, which we require on technical grounds to allow our website to be displayed to you and to ensure its stability and security (legal basis: Article 6, Paragraph 1, Sentence 1, Letter f GDPR):
- IP address
- Date and time of the request
- Time zone difference relative to Greenwich Mean Time (GMT)
- Content of request (specific page)
- Access status/HTTP status code
- Amount of data transmitted in each case
- Website from which the request originates
- Operating system and display information
- Language and version of the browser software.
(2) The data processed in accordance with Paragraph 1 of this regulation will be stored for a maximum of 30 days for the specified purposes and then deleted.
(3) In addition to the aforementioned data, cookies will also be stored on your device when you use our website. This is based on our legitimate interest in the optimisation and cost-effective operation of our online service pursuant to Article 6, Paragraph 1, Letter f of the GDPR. Cookies are small text files stored on your hard drive under their associated browser to allow certain information to be supplied via the entity setting the cookie (in this case us). Cookies are unable to execute programs or transmit viruses onto your computer. Their purpose is to make the web service more user-friendly and more effective on the whole.
a) Our website uses the following types of cookie, the scope and function of which are described below:
- Transient cookies (see b)
- Persistent cookies (see c)
b) Transient cookies are automatically deleted when you close your browser - this especially concerns session cookies which store the "session ID" that allows various requests from your browser to be allocated to the shared session. This allows your device to be recognised again when you return to our website. Session cookies are deleted when you log out or close your browser.
c) Persistent cookies are automatically deleted after a specified period, which will vary depending on the cookie and can be several years. You can delete the cookies in your browser's security settings at any time.
d) You can configure your browser as you require, for instance to reject third-party cookies or all cookies. Please note that if you do so, you may not be able to use all of this website's functions.
f) The Flash cookies we use are not registered by your browser, but by your Flash plug-in. We also use HTML5 storage objects that are stored on your end device. These objects store the required data regardless of the browser that you are using and do not have an automatic expiry date. If you do not wish for Flash cookies to be used, you will need to install an appropriate add-on such as "Better Privacy" for Mozilla Firefox (https://addons.mozilla.org/en/firefox/addon/betterprivacy/) or Adobe Flash Killer Cookie for Google Chrome. You can prevent the use of HTML5 storage objects by setting privacy mode in your browser. We also recommend deleting your cookies and browser history on a regular basis.
(5) The recipients of the data processed in accordance with the above paragraphs are IT service providers (in particular hosters), with whom we have concluded corresponding Data Processing Agreements in accordance with Article 28 of the GDPR.
3. Google Analytics (with anonymisation function)
We use the "_gat._anonymizeIp" option for web analytics using "Google Analytics". This option truncates the IP address of the data subject's internet connection and anonymises it when our web pages are accessed from a member state of the European Union or from another signatory of the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to enable analysis of visitor traffic on our website. Google uses the acquired data and information to analyse usage of our website for the purpose of preparing online reports for us that illustrate activity on our web pages and to provide other services related to the use of our website.
Google Analytics sets a cookie on the end device of the data subject. This cookie enables Google to analyse usage of our website. Any access to one of the individual pages of our website in which the Google Analytics component is integrated causes the web browser on the end device of the data subject to send information to Google for the purpose of this online analysis. This behaviour is brought about by the Google Analytics component. During this machine-based process, Google will obtain personal data such as the IP address of the data subject, which Google uses among other things to track the origin of traffic, monitor clicks and as a result calculate commission.
The cookie is used to store personal information, for example the time of access, the location from which the site was accessed, and the frequency of access of our website by the data subject. Upon each visit to our web pages, this personal data, including the IP address of the internet connection used by the data subject, will be transmitted to Google Inc. in the USA. This personal data will probably be stored permanently by Google Inc. in the USA. Google Inc. may forward this personal data, which is collected by machine-based methods, to third parties.
The data subject can prevent cookies from being set by our website at any time by configuring the used web browser accordingly, thereby permanently blocking the cookie from being set. Configuring the web browser in this way would also prevent Google from setting a cookie on the IT system of the data subject. A cookie previously set by Google Analytics can also be deleted at any time through the web browser or using other software tools.
The data subject also has the option to object and prevent the collection of the data generated by Google Analytics in relation to the use of our website and the processing of this data by Google, for which the data subject must install a browser add-on under the link https://tools.google.com/dlpage/gaoptout.
However, if you wish to make use of services offered on our website, for instance by purchasing something in our online shop or using the contact form, it will be necessary to provide personal data. Specifics on this can be found in the provisions below.
4.1 Purpose of data processing
(1) Your personal data that you provide during the order process is required to establish a contract with us (e.g. contract party details) and is also required by law (e.g. tax regulations). Failure to provide personal data would make it impossible to conclude the contract with you. For certain payment methods, we require the necessary payment details to forward to our payment service provider.
If you send us an enquiry by email or via the contact form before the contract is concluded, or if you conclude a contract through our website, we will process the data received in this manner to perform pre-contractual activities, for instance by answering your questions on our services or products.
You can voluntarily create a customer account that will enable us to store your data for later purchases. By creating an account under "My account", the data that you provide you will revocably stored. All other data, including your user account, can always be deleted in the customer account section.
The data that you provide will therefore be processed for the purpose of fulfilling the contract or performing pre-contractual activities in accordance with Article 6, Paragraph 1, Letter b of the GDPR and for compliance with legal obligations in accordance with Article 6, Paragraph 1, Letter c of the GDPR.
(2) The recipients of the personal data processed in accordance with this provision are payment service providers, delivery service providers, IT service providers (in particular hosters) and enterprise resource planning systems, with whom we have concluded corresponding Data Processing Agreements in accordance with Article 28 of the GDPR.
(3) We store the data required for the performance of the contract until expiry of the statutory warranty and (where relevant) contractual guarantee periods. We retain data required under commercial and tax law for the periods of time specified by statute, which is normally ten years (see Section 257 of the German Commercial Code and Section 147 of the German Fiscal Code). Data processed for the performance of pre-contractual activities will be deleted as soon as the measures have been completed and it is apparent that it will not result in the conclusion of a contract.
4.2 Contact form
(1) When voluntarily using our contact form, you will be asked to provide your forename, surname, email address, if appropriate your telephone number and address, and the reason for your enquiry/contact (message). The only required information when submitting an enquiry is your email address. The information will only be collected and stored for the purpose of responding to your enquiry.
(2) We use the "double opt-in" process to respond to your enquiry, which means that when an email is sent, we send you an email to the email address you provided in which we ask you to confirm that you consent to the processing of your personal data for the purpose of answering your enquiry. If you do not confirm your enquiry within 24 hours, your information will be locked before being automatically deleted after a month. We also store your IP addresses and the times of your registration and confirmation. The purpose of this procedure is to document your enquiry and enable investigation of potential abuse of your personal data.
(3) The legal basis for the processing of your personal data is provided by the consent that you have expressly provided in accordance with Article 6, Paragraph 1, Letter a of the GDPR and by our legitimate interest in accordance with Article 6, Paragraph 1, Letter f of the GDPR in responding to your enquiry regarding our services and in documenting potential abuse of the email address used for this purpose.
(4) Once you have provided confirmation, we will store the information provided by you via the contact form until the purpose of your enquiry has been fulfilled. We store the other personal data stored in accordance with Paragraph 1 for a maximum of one month after receipt of confirmation.
(5) The recipients of the data processed in accordance with this provision are IT service providers (in particular hosters), with whom we have concluded corresponding Data Processing Agreements in accordance with Article 28 of the GDPR.
(1) With your consent and by providing your email address, you can subscribe to our newsletter so that we can keep up updated with our latest and greatest offers. The purchased goods & services will be named in the Declaration of Consent. The only required information for signing up to the newsletter is your email address.
(2) We use the "double opt-in" process for signing up to our newsletter, which means that when you sign up, we will send an email to the address you provided, in which we ask you to confirm that you actually want to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be locked before being automatically deleted after a month. We also store your IP addresses and the times of your registration and confirmation. The purpose of this procedure is to document your registration and enable investigation of potential abuse of your personal data. Once you confirm your registration to the newsletter, we will store the information that you have provided in accordance with Paragraph 2 for the purpose of sending the newsletter and documenting potential abuse of your email address as stated in Paragraph 2.
(3) We also conduct performance measurements by integrating a "web beacon" into each newsletter, which is a 1x1 pixel-sized file that is accessed from our server when the newsletter is opened. The download of this file provides information about the browser you use and the click ID (which specifically identifies your email address and the specific email dispatch), your IP address or DNS name and the time it was accessed. This information is used to improve the technical aspects of the services by referencing the technical data or target groups and their reading behaviour according to their access locations (which are identifiable based on IP addresses) or access times. The collection of data for statistical purpose also includes identifying whether the newsletter has been opened, when it was opened and which links were clicked on. While this information can be attributed to individual newsletter recipients for technical reasons, it is not our own to observe individual users. These analyses help us to identify our users' reading habits and adapt our content to them to send different context to cater to our users' interests.
(4) The legal basis for the processing of your personal data is provided by the consent that you have expressly provided in accordance with Article 6, Paragraph 1, Letter a of the GDPR and, regarding the data processed as described in Paragraph 2, by our legitimate interest in accordance with Article 6, Paragraph 1, Letter f of the GDPR in documenting potential abuse of the email address used for this purpose.
(5) You can withdraw your consent for delivery of the newsletter at any time and unsubscribe from the newsletter. You can declare your withdrawal by clicking on the link provided in any newsletter email, by sending an email to firstname.lastname@example.org, or by sending a message to the contact details provided in the legal notice.
(6) Your email address will only be stored for delivery of the newsletter as long as you wish to remain registered. The other data stored under Paragraph 2 will be automatically deleted by us no later than one month after the cancellation of your subscription.
(7) The recipients of the data processed in accordance with this provision are IT service providers (in particular hosters), with whom we have concluded corresponding Data Processing Agreements in accordance with Article 28 of the GDPR.
5. Social plugins
No "social plugins" are used on our website. We simply offer links to the following social media services:
Service provider: Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA
Please refer to Facebook's Data Policy at www.facebook.com/help for information about which data is collected and how it is used. Options for protecting your privacy on Facebook are available at: www.facebook.com/policy.
Service provider: Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA
Service provider: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Service provider: Instagram LLC, 1601 Willow Rd, Menlo Park CA 9402, USA
We implement organisational, contractual and technical security measures in keeping with technological advancements to ensure that data protection regulations are complied with and to protect the data we process from accidental or wilful manipulation, loss, destruction or access by unauthorised persons.
The security measures include in particular the encrypted transmission of data between your browser and our server.
This data protection statement is currently applicable and up to date as of October 19th 2021.
Amendment to this data protection statement may be necessary due to the further development of our website and offers thereof, or changed legal or official requirements.