Privacy Policy

1. Data Protection at a Glance

General information

The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data is any data that enables you to be personally identified. You can obtain detailed information about data protection from our Privacy Policy, which follows this text.

Data collection on our website

Who is responsible for data collection on this website? The website operator processes data on this website. You can obtain contact details from this website’s Legal Notice. How do we collect your data? Your data is collected on the one hand by you disclosing it to us. For example, it could involve data that you enter in a contact form. Our IT systems automatically collect other data when you visit this website. This is primarily technical data (e.g. Internet browser, operating system or time of page access). This data is recorded automatically as soon as you enter our website. For what purposes do we use your data? A portion of the data is collected to ensure that the website is provided without any errors or defects. Other data can be used to analyse your user behaviour. What rights do you have in respect of your data? You have the right to receive free information at any time about the origin and recipient(s) of any personal data of yours that we store and about the purpose for which it is used. You also have the right to request that this data be corrected, blocked or deleted. You can contact us at any time at the address given in the Legal Notice if you have any further qquestions about data protection. You also have the right to lodge a complaint with the regulatory authority responsible.

Analysis and third-party tools

Your browsing behaviour may be statistically analysed when you visit our website. This is undertaken primarily with the aid of cookies and so-called analysis programmes. Generally speaking, your browsing behaviour is analysed on an anonymity basis and it can’t be traced back to you. You can opt out of this analysis or prevent it by not using certain tools. You can obtain detailed information from the following Privacy Policy. You can opt out of this analysis. We will provide you with information about your opt-out options in this Privacy Policy.

2. General and Mandatory Information

Data protection

The operator of this website takes the protection of your personal data very seriously. We treat your personal data in confidence, as well as in accordance with statutory data protection regulations and this Privacy Policy. A range of personal data is collected when you use this website. Personal data is data that enables you to be personally identified. This Privacy Policy explains what data we collect and to what use we put it. It also explains how and for what purposes that happens. We should like to point out that data transfer on the Internet (e.g. in email communication) may be subject to security vulnerabilities. Full protection of data against acess by third parties is not possible.

Information about the entity responsible

The entity responsible for processing data on this website is: TOMAMI GmbH Am Lichtetal 1 61462 Königstein, Germany Phone: +49 6174 209320 Email: info@tomami.eu The entity responsible is the natural person or legal entity that makes decisions on their own or together with others about the purposes and methods of processing personal data (e.g. names, email addresses or similar).

Revoking your consent to the processing of your data

Many data processing procedures are only feasible with your explicit consent. You can revoke any consent that you have previously provided at any time. All you need to do is email us a non-formal notification to that effect. The legality of any data processing undertaken up to the revocation date remains unaffected by the revocation itself.

Right to lodge a complaint with the regulatory authority responsible

In the event of breaches of data protection law, the party concerned is entitled to make a complaint to the regulatory authority responsible. The regulatory authority responsible for data protection issues is the state data protection officer of the federal state, in which our company is based. A list of data protection officers and their contact details can be obtained from the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_linksnode.html.

Right to data portability

You have the right to have any data that we process using automated means, to which you have consented or in performance of a contract, returned to you or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another entity responsible, this will only be undertaken if technically feasible.

SSL and TLS encryption

This website utilises SSL and TLS encryption for security reasons and to safeguard the transfer of confidential content, such as orders or enquiries, which you send to us in our capacity as the website operator. You can identify an encrypted connection, if the browser’s address line changes from “http://” to “https://” and if there is a padlock symbol in your browser line. When SSL and TLS encryption is activated, third parties are unable to read the data that you send us.

Encrypted payment transactions on this website

If on conclusion of a contract involving payment, you are obliged to communicate your payment details (e.g. account number as part of a direct debit mandate) to us, this data is required for payment transaction purposes. Payments involving standard payment methods (Visa/MasterCard, direct debit) are transacted solely via an encrypted SSL or TLS connection. You can identify an encrypted connection if your browser’s address line changes from “http://” to “https://” and if there is a padlock symbol in your browser line. Where communication is encrypted, third parties are unable to read the payment data that you send us.

Information, blocking, deletion

As part of the legal provisions in force, you have the right at any time to receive free information about the personal data of yours that we store, its origin, recipients and the purpose of processing such data, and if necessary, to have this data corrected, blocked or deleted. You can contact us at the address stated in the Legal Notice at any time, if you have any questions about this or other questions on the subject of personal data.

Objection to advertising emails

We herewith object to the use of the contact details stated in our mandatory Legal Notice for the purposes of sending unsolicited advertising and information material. The operator of this website explicitly reserves the right to take legal action against senders of unsolicited advertising information, for example in the form of spam emails.

3. Data Collection on Our Website

Cookies

This website uses so-called cookies to some extent. Cookies do not cause any damage to your computer and do not contain any viruses or other malware. The purpose of cookies is to make our offering more user-friendly, more effective as well as more secure and reliable. Cookies are small text files, which are automatically generated by your browser and saved on your computer. Most of the cookies that we use are so-called “session cookies”. They are automatically deleted once you have left our website. Other cookies remain stored on your terminal device until you delete them. These cookies enable us to recognise your browser when you next visit our website. You can configure your browser to alert you whenever new cookies are about to be stored and to permit cookies on a case-by-case basis, to pre-empt acceptance of cookies in certain cases or generally, as well as to activate the automatic deletion of cookies when you close your browser. Deactivating cookies may impair the functionality of this website. Cookies, which are required for electronic communication purposes or to provide certain functions that you need (e.g. shopping cart function), are stored in line with Art. 6 Par. 1 lit. f of the GDPR. The website operator has a legitimate interest in storing cookies to ensure error-free, enhanced provision of its services. Where other cookies (e.g. cookies for analysing your browsing behaviour) are stored, these are dealt with separately in this Privacy Policy.

Server log files

The provider of this website automatically collects and stores information in so-called server log files, which your browser automatically forwards to us. This information includes:

Browser type and version
Operating system used
Referrer URL
Hostname of accessing computer
Time of server request
IP address

This data is not combined with data from other sources. Data is processed on the basis of Art. 6 Par. 1 lit. f of the GDPR, which permits the processing of data for the purposes of performing a contract or complying with pre-contractual arrangements.

Contact form

If you send us enquiries using the Contact form, we store the details that you have provided in that form, including your contact details, for the purposes of responding to your enquiry and in case we have any follow-up questions. We do not disclose this data without your consent. Processing the data stated in the Contact form is therefore based solely on your consent (Art. 6 Par. 1 lit. a of the GDPR). You can revoke your consent at any time. All you need to do is email us a non-formal notification. The legality of any data processing undertaken up until the date of revocation remains unaffected by the revocation itself. The data that you enter in the Contact form remains in our possession until you request us to delete it, you revoke your consent for us to store your data or once the purpose of storing this data no longer applies (e.g. once your enquiry has been responded to). Mandatory legal requirements – in particular retention periods – remain unaffected.

Registering on this website

You can register on our website, in order to make use of additional on-site functions. We use the data that you provide solely to enable you to utilise the offering or service, which you have signed up for. The mandatory details that are requested when you sign up must be provided in full. Otherwise we will decline your registration request. We use the email address provided when you register to keep you informed about important changes, for instance to the scope of our offering, or about technically necessary modifications. The data that you enter when you register is processed on the basis of your consent (Art. 6 Par. 1 lit. a of the GDPR). You can revoke your consent at any time. All you need to do is email us a non-formal notification. The legality of any data processing undertaken up until the date of revocation remains unaffected by the revocation itself. We store the data collected when you register for as long as you are registered on our website and then delete it. Statutory retention periods remain unaffected.

Processing of data (customer and contract data)

We collect, process and use personal data solely to the extent required to establish/justify, structure or modify legal relationships (master data). This is undertaken based on Art. 6 Par. 1 lit. b of the GDPR, which permits the processing of data for the purposes of performing a contract or complying with pre-contractual arrangements. We only collect, process and use personal data related to usage of our website (usage data) to the extent required to enable the user to utilise our service or to bill them for using the service. The customer data collected is deleted once the order has been fulfilled or the business relationship has been terminated. Statutory retention periods remain unaffected.

Data transfer upon conclusion of contracts involving online shops, merchants/distributors and the shipping of goods

We only disclose your personal data to third parties if this is required as part of the contract performance process, for instance to companies that have been commissioned to deliver the products you order or the financial institution commissioned to process payments. Your data is not otherwise communicated or only if you have given your explicit consent. Your personal data is not disclosed to third parties, e.g. for advertising purposes, without your explicit consent. Your personal data is processed on the basis of Art. 6 Par. 1 lit. b of the GDPR, which permits the processing of data for the purposes of performing a contract or complying with pre-contractual arrangements.

4. Analysis Tools and Advertising

Google Analytics

This website utilises functions provided by web analysis service Google Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses so-called “cookies”. These are text files, which are stored on your computer and enable your use of this website to be analysed. The information about your use of this website generated by the cookie is usually transmitted to and stored on a Google server located in the USA. Storage of Google Analytics cookies is based on Art. 6 Par. 1 lit. f of the GDPR. The website operator has a legitimate interest in the analysis of user behaviour for the purposes of enhancing both its web offering and advertising. IP anonymisation We have activated the IP anonymisation function on this website. This means that your IP address is abridged by Google prior to transmission to the USA, however this only applies within countries that are members of the European Union or the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and abridged locally. Google will use this information for the purposes of evaluating your use of this website and compiling reports on website activity on behalf of the operator of this website and of providing other services related to website activity and Internet use to the operator of this website. Google will not combine your IP address, which is communicated by your browser during use of Google Analytics, with any other data of yours that it holds. Browser plugin You can prevent the installation of cookies by activating the relevant setting in your browser software; however, we should like to point out that you may then not be able to make full use of all the functions on this website. Furthermore, you can prevent collection of cookie-generated, website-use-related data (incl. your IP address) and its transfer to Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available from the following link: https://tools.google.com/dlpage/gaoptout?hl=de. Opting out of data collection You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie that prevents future collection of your data when you visit this website is then set: Deactivate Google Analytics. You can obtain further information about how Google Analytics handles user data in Google’s Privacy Policy:https://support.google.com/analytics/answer/6004245?hl=de. Contract data processing We have concluded a contract data processing agreement with Google and comply in full with the strict guidelines applying to the use of Google Analytics put in place by the German data protection authorities. Demographic features within Google Analytics This website uses Google Analytics’ “Demographic Features” function. This function enables reports to be produced that include statements about the age, gender and interests of website visitors. This data originates from interests-related Google advertising as well as from visitor data from third-party providers. This data can’t be matched to a specific person. You can deactivate this function at any time via the advertising settings in your Google account or prohibit the collection of your data by Google Analytics as described in the “Opting out of data collection” section above.

Google Analytics Remarketing

Our website uses the Google Analytics Remarketing function in combination with the cross-device Google AdWords and Google DoubleClick functions. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This function enables the advertising target audiences created by Google Analytics Remarketing to be linked with the cross-device Google AdWords and Google DoubleClick functions. This enables interests-related, personalised advertising messages, which were matched to you based on previous usage or browsing behaviour on a terminal device (e.g. smartphone), to be displayed on another of your terminal devices (e.g. tablet or PC). If you have provided the relevant consent, Google links your web and app browser history with your Google account for this purpose. This enables the same personalised advertising messages to be displayed on every terminal device that you log in to using your Google account. To support this function, Google Analytics logs Google-authenticated user IDs, which are temporarily linked with our Google Analytics data, in order to define and create target audiences for cross-device advertising. You can permanently opt out of cross-device remarketing/targeting by deactivating the personalised advertising setting in your Google account; to do this, use the following link: https://www.google.com/settings/ads/onweb/. The aggregation of collected data in your Google account is undertaken solely on the basis of your consent, which you can provide Google with or revoke as the case may be (Art. 6 Par. 1 lit. a of the GDPR). As far as data collection processes that are not aggregated in your Google account are concerned (e.g. because you don’t have a Google account or have opted out of aggregation), the collection of data is based on Art. 6 Par. 1 lit. f of the GDPR. The website operator has a legitimate interest in analysing anonymised website user behaviour for promotional purposes. You can obtain further information about Google Analytics Remarketing and its data protection rules from Google’s Privacy Policy at: https://www.google.com/policies/technologies/ads/.

Google AdWords and Google Conversion Tracking

This website uses Google AdWords. AdWords is an online advertising programme provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”). We use so-called conversion tracking as part of Google AdWords. When you click on a Google ad, a conversion tracking cookie is set. Cookies are small text files that your Internet browser stores on your computer. These cookies expire after 30 days and are not used for user identification purposes. If the user visits certain pages on this website and the cookie has not yet expired, Google and we can tell that the user clicked on the ad and was redirected to that page. Every Google AdWords client has a different cookie. Cookies can therefore not be tracked via the website of an AdWords client. The information obtained using the conversion cookie is used to generate conversion statistics for the AdWords clients, who have opted for conversion tracking. Clients are told the total number of users, who clicked on their ad and were redirected to a conversion tracking-tagged page. However, they do not receive any information that enables them to personally identify users. If you do not wish to participate in tracking, you can opt out by easily disabling the Google Conversion Tracking cookie by changing your browser settings. In doing so, you will not be included in the conversion tracking statistics. “Conversion cookies” are stored on the basis of Art. 6 Par. 1 lit. f of the GDPR. The website operator has a legitimate interest in analysing user behaviour to enhance both its website and its advertising. You can obtain further information about Google AdWords and Google Conversion Tracking from Google’s Privacy Policy: https://www.google.de/policies/privacy/. You can configure your browser to inform you about the setting of cookies, so that you can decide on a case-by-case basis whether to accept or reject cookies. Alternatively, your browser can be configured to accept cookies automatically under certain conditions or to reject them every time, or to automatically delete cookies when closing your browser. Deactivating cookies may impair the functionality of this website.

Google reCAPTCHA

We use “Google reCAPTCHA” (hereafter referred to as “reCAPTCHA”) on our website. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). The reCAPTCHA tool is designed to verify whether data is entered on our website (e.g. in a contact form) by humans or automated programmes. To do this, reCAPTCHA analyses the behaviour of the website visitor based on various features. This analysis begins automatically as soon as the website visitor enters the website. reCAPTCHA analyses a range of information (e.g. IP address, time spent by the visitor on the website or mouse movement by the visitor). The data gathered during the analysis is passed on to Google. These reCAPTCHA analyses take place entirely in the background. Website visitors are not made aware of the fact that an analysis is being performed. Data is processed on the basis of Art. 6 Par. 1 lit. f of the GDPR. The website operator has a legitimate interest in protecting their website against improper automated data leakage and against SPAM. You can obtain further information about Google reCAPTCHA and about Google’s Privacy Policy from the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.

5. Newsletter

Newsletter data

If you wish to subscribe to the Newsletter offered on our website, we require a valid email address from you, as well as information that allows us to verify that you are the owner of the specified email address and that you consent to receiving the Newsletter. No additional data is collected or is only collected on a voluntary basis. We only use this data to send the requested information and do not disclose it to third parties. We therefore process any data that you enter in the Newsletter Registration Form solely with your consent (Art. 6 Par. 1 lit. a of the GDPR). You can revoke your consent to the storage of your data and email address, as well as their use for sending the Newsletter, at any time, e.g. using the “Unsubscribe” link in the Newsletter. The legality of data processing undertaken prior to receipt of your revocation remains unaffected. We store the data that you provide for the purposes of subscribing to the Newsletter until such time as you cancel your subscription, after which the data will be deleted. Data that we have stored for other purposes (e.g. email addresses for the members’ section) remains unaffected.

MailChimp

This website utilises the services of MailChimp to send our Newsletter to subscribers. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. MailChimp is a service that can be used, for example, to organise and analyse the sending of newsletters. When you enter data for the purposes of subscribing to our Newsletter (e.g. your email address),this data is stored on MailChimp servers located in the USA. MailChimp has “EU-US Privacy Shield” certification. The “Privacy Shield” is an agreement between the European Union (EU) and the USA designed to guarantee compliance with Eurpean data protection standards in the USA. We are able to analyse our Newsletter campaigns with the aid of MailChimp. When you open an email sent by MailChimp, a file contained in the email (a so-called web beacon) establishes a link with the MailChimp servers in the USA. This ascertains whether a Newsletter message was opened and which links, if any, were clicked. Technical information is also logged (e.g. time of access, IP address, browser type and operating system). This information can’t be matched to the specific Newsletter recipient. It is used solely for the purposes of statistically analysing Newsletter campaigns. The results of these analyses can be used to customise future Newsletters to reflect the interests of recipients better. If you do not wish to be involved in such MailChimp analyses, then you need to unsubscribe from the Newsletter. In every Newsletter message we provide a link that enables you to do so. Furthermore, you can also unsubscribe directly on our website. Data is processed on the basis of your consent (Art. 6 Par. 1 lit. a of the GDPR). You can revoke your consent at any time by unsubscribing from the Newsletter. The legality of any data processing undertaken prior to receipt of your revocation remains unaffected by the revocation itself. We store the data that you provide us with for the purposes of subscribing to our Newsletter until you unsubscribe from the Newsletter. Once you have unsubscribed, your data will be deleted from both our and MailChimp’s servers. Data that we have stored for other purposes (e.g. email addresses for the members’ section) remains unaffected. You can obtain further information about MailChimp’s Privacy Policy at: https://mailchimp.com/legal/terms/. Conclusion of a data processing agreement We have concluded a so-called “data processing agreement” with MailChimp, in which we obligate MailChimp to protect the data of our customers and not to disclose it to third parties. You can view this agreement at the following link: https://mailchimp.com/legal/forms/data-processing-agreement/sampleagreement/.

6. Plugins and Tools

YouTube

Our website uses YouTube plugins, a site that is run by Google. The operator of the site is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit one of our pages featuring a YouTube plugin, a connection is established to the YouTube servers. The YouTube server is informed about which of our pages you have visited. If you are logged in to your YouTube account, you enable YouTube to match your browsing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account. YouTube is used to make our website appealing. This represents a legitimate interest as per Art. 6 Abs. 1 lit. f of the GDPR. Further information about how user data is handled can be obtained from YouTube’s Privacy Policy at: https://www.google.de/intl/de/policies/privacy. AMAZON PARTNER PROGRAMME TOMAMI GmbH participates in Amazon EU’s partner programme, which was designed to provide a medium for websites, via which these can earn commission in the form of advertising refunds for placing ads and links to Amazon.de. Amazon uses cookies to enable it to track the origin of orders. Among other things, Amazon can identify whether you have clicked on the partner link on this website. You can obtain further information about how Amazon uses data from the company’s Privacy Policy: http://www.amazon.de/gp/help/customer/display.html/ref=footer_privacy?ie=UTF8&nodeId=3312401

7. Payment Providers

Mollie

One of the payment options we offer on our website is via Mollie. The provider of this payment service is Mollie B.V., Keizersgracht 126, 1015CW Amsterdam, Netherlands, (hereafter referred to as “Mollie”).

When you select payment by bank transfer (advance payment), credit card, Giropay, Paypal, Apple Pay or Sofortüberweisung (these payment methods are provided by Mollie), the payment details you provide are communicated to Mollie. Your data is communicated to Mollie on the basis of Art. 6 Par. 1 lit. a of the GDPR (consent) and Art. 6 Par. 1 lit. b of the GDPR (data processing in performance of a contract). You have the option of revoking your consent to the processing of your data at any time. A revocation does not affect the validity of any data processing transactions undertaken in the past.

PayPal

One of the payment options we offer on our website is via PayPal. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, (hereafter referred to as “PayPal”). When you select payment via PayPal, the payment details that you provide are communicated to PayPal. Your data is communicated to PayPal on the basis of Art. 6 Par. 1 lit. a of the GDPR (consent) and Art. 6 Par. 1 lit. b of the GDPR (data processing in performance of a contract). You have the option of revoking your consent to the processing of your data at any time. A revocation does not affect the validity of any data processing transactions undertaken in the past.