We process personal user data (hereinafter „data“) only to the extent necessary to provide a functional and convenient website as well as our content and services.
“Processing” means the collection, use, transfer and / or storage of data. In principle, based on General Data Protection Regulation (hereinafter „GDPR“), all data with which a natural person can be identified are considered „personal data“. The exact definitions of the terms are defined in Art. 4 GDPR.
The following information informs you in particular about the type, scope, purpose, duration and legal basis of the processing of personal data the purposes and means of processing of which we decide alone or together with others, as well as the components of third parties used by us for optimization and usage quality, if applicable, which process data on their own responsibility:
A) Information on the person responsible
B) Rights of the user
C) Information on data processing
A) Information on the person responsible
The person responsible (hereinafter “provider”) within the meaning of the GDPR and other national data protection laws of the member states as well as other data protection laws is:
FILOU SOFTWARE GMBH
Tel.: +49/ (0)2382/77094-90
Fax: +49/ (0)2382/77094-92
B) Rights of the user
With regard to the data processing to be described in more detail below, users and data subjects have the right,
1. to receive a confirmation of whether data concerning him is being processed, information about the data being processed, further information about the nature of the data processing, and copies of the data in accordance with Art. 15 GDPR;
2. to demand the immediate correction of the incorrect data concerning him or the completion of this data in accordance with Art. 16 GDPR;
3. to demand that the data concerning him will be deleted immediately in accordance with Art. 17 GDPR, alternatively, if, for example, further processing is necessary as stipulated in Art. 17 (3) GDPR, demand a restriction of the processing of the data in accordance with Art. 18 GDPR;
4. that he receives the data concerning him and provided by him in accordance with Art. 20 GDPR and to request their transmission to other responsible persons;
5. to file a complaint with the supervisory authority under Art. 77 GDPR if the user considers that the processing of his data by the provider violates the GDPR.
6. The user is entitled to object to the future processing of the data concerning him, which is processed by a person responsible on the basis of Art. 6 Para. 1 lit. f) GDPR. at any time in accordance with Art. 21 DSGVO. The objection may in particular be made against processing for direct marketing purposes.
7. The provider is also obliged to notify all recipients of the data to whom the data have been disclosed, any correction or erasure of the personal data or a restriction on the processing carried out pursuant to Article 16 DSGVO, Article 17 (1) GDPR and Article 18 GDPR. The obligation does not exist in the event that this communication proves to be impossible or involves a disproportionate effort.
Die Verpflichtung besteht nicht für den Fall, dass diese Mitteilung sich als unmöglich erweist oder mit einem unverhältnismäßigen Aufwand verbunden ist. The user has the right to receive information regarding these recipients.
C) Information on data processing
Insofar as no detailed information is given below regarding the individual data processing, the user’s data processed by the provider will be deleted or blocked as soon as the purpose of the storage is omitted and the deletion does not conflict with any statutory storage requirements.
For communication and security reasons, during the visit of the website a.o. the following data, which the user’s internet browser transmits to the provider or to his web space provider, are collected (so-called server log files):
– Browsertyp und -version;
– used operating system;
– Website from which the user has switched to the website of the provider (Referrer URL);
– Website that the user visits;
– Date and time of access;
– Internet Protocol (IP) address of the user.
After seven days at the latest, the data will be anonymized by shortening the IP address at the domain level, so that it is no longer possible or only with a disproportionate effort to draw conclusions about a specific or identifiable natural person. The now anonymous data are processed exclusively “for statistical purposes” in order to optimize the Internet presence. Data whose further retention is required for evidential purposes are excluded from the anonymization until the final clarification of the respective incident.
The basis for this storage is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the improvement, stability, functionality, and security of our website.
Data whose further retention is required for evidential purposes are excluded from the deletation until the final clarification of the respective incident.
a) „Session“-Cookies/ „Persistente“-Cookies
The provider uses so-called cookies on its website. Cookies are small text files or other storage technologies that the Internet browser used by the user stores and saves on the device. These cookies individually process certain information of the user, such as browser and location data and IP address values.
The processing allows the provider to make his website more user-friendly, effective and secure. For example, the processing of the “session” cookies enables the content to be displayed in different languages or, if necessary, the use of a shopping cart function.
The “persistent” cookies allow the website to recognize the user through his browser during a regular visit to the website. For example, to pre-set the language settings or not to display the cookie banner repeatedly.
If personal data are processed by these cookies for the purposes of initiating an agreement or processing a contract, the legal basis of the processing is Art. 6 para. 1 lit. b DSGVO.
If the processing is not intended to initiate an agreement or to execute the contract, the processing serves the legitimate interest of the provider in improving the functionality of the website and is based on the legal basis of Art. 6 para. 1 lit. f DSGVO.
The “session” cookies are deleted when the user closes his browser. The “persistent” cookies are automatically deleted after a deadline set by the provider. This period varies by cookie, but does not exceed one year.
b) Third-party cookies
If applicable, third-party cookies are also used on the website of the provider. These third party vendors are affiliate companies with whom the provider cooperates for the purposes of advertising, analysis or website functionalities. Should this be the case, the purposes and legal bases of the corresponding processing are given in the following statements.
c) Eliminating possibility
The user can prevent or restrict the installation of cookies by setting the browser accordingly. Already saved cookies can also be deleted at any time. The settings depend on the browser used. For Flash cookies, the processing can not be prevented by the settings of the browser, but by the appropriate setting of the Flash player. Should the user prevent or restrict the installation of the cookies, this may result in the failure to use all the functions of the website to the full extent.
The personal data provided by the user for the purpose of a purchase of goods or services will be processed by the provider for the purpose of the contract execution. The details of the data are required for the conclusion of the contract; without the provision of the data, the contract is not possible. The legal basis for processing is Art. 6 para. 1 lit. b DSGVO. After completion of the contract, the data of the user with regard to tax and commercial retention periods are deleted.
The personal data of the user are passed on to a service provider used to process the purchase of goods or services, to the carrier in charge of the delivery or to the financial service provider, insofar as this is necessary for processing, delivery or payment of the goods.
The legal basis for processing is Art. 6 para. 1 lit. b DSGVO.
Note about PayPal:
In the case of the selection of the payment service provider PayPal by the customer, PayPal may issue credit checks for certain payment methods that are also selected by the customer. For details on the processing of personal data of the customer by PayPal at
Should the user register for a customer account with the provider, the data entered in the course of this registration (eg name, address, e-mail address) will be used exclusively for the fulfillment of a contract or the implementation of pre-contractual measures as well as for the general administration of the customer relationship ( eg retrieval of previous orders or for support and access to “filou4you”) collected and stored. The registration will also save the IP address and date and time of registration. A passing on to third does not take place.
If the opening of the customer account serves the fulfillment of a contract or the implementation of pre-contractual measures, then additional legal basis is Art. 6 para. 1 lit. b GDPR.
Any consent granted to the user account may be revoked at any time by the user pursuant to Art. 7 para. 3 GDPR by notification to the provider. The related data is deleted as soon as its processing is no longer required. If the data is required to fulfill a contract or to carry out pre-contractual measures, the data of the user will be deleted upon expiry of the tax and commercial retention periods.
In the case of contact of the user -per contact form or e-mail- with the provider, the personal data of the user entered on this occasion will be used to process the request. The details of the data are required to answer the request, without the provision of data, a response is not or only partially possible.
If the contact request serves the fulfillment of a contract or the performance of pre-contractual measures, the legal basis is Art. 6 para. 1 lit. b GDPR.
The data of the user will be deleted, if the request of the user has been finally answered and no legal storage obligations, like e.g. in a subsequent contract, oppose.
Any consent granted may be revoked at any time by the user pursuant to Art. 7 para. 3 GDPR by notification to the provider. The related data is deleted as soon as its processing is no longer required.
The legal basis is Art. 6 para. 1 lit. a GDPR. According to Art. 7 para. 3 GDPR, the user can revoke this consent at any time by sending a message to the provider or the unsubscribe link contained in the newsletter for the future.