1) Information about the collection of personal data and contact details of the controller

1.1 We are delighted that you are visiting our website and thank you for your interest. Below, we inform you about how we handle your personal data when you use our website. Personal data includes all data that can personally identify you.

1.2 The controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is GESO, Memelerstr.2, 30900 Wedemark, Germany, Tel .: 05139 9089550 Email: geso-steube@steube-hannover.de. The controller is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.

1.3 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser's address bar.

2) Data collection when visiting our website

When you visit our website for informational purposes only, i.e., if you do not register or otherwise provide us with information, we only collect the data that your browser transmits to our server (so-called "server log files"). When you access our website, we collect the following data, which are technically necessary for us to display the website:

- Our visited website

- Date and time of access

- Amount of data sent in bytes

- Source/reference from which you accessed the page

- Browser used

- Operating system used

- IP address used (if applicable, in anonymized form)

The processing is carried out in accordance with Art. 6 Para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. There is no further disclosure or use of the data. However, we reserve the right to check the server log files subsequently if there are specific indications of unlawful use.

3) Cookies

To make visiting our website attractive and to enable the use of certain functions, we use cookies on various pages. These are small text files that are stored on your end device. Some of the cookies we use are deleted after the end of the browser session, i.e., after you close your browser (so-called session cookies). Other cookies remain on your end device and enable us or our partner companies (third-party cookies) to recognize your browser on your next visit (persistent cookies). If cookies are set, they collect and process certain user information to an individual extent, such as browser and location data as well as IP address values. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie.

Some cookies are used to simplify the ordering process by storing settings (e.g., remembering the contents of a virtual shopping cart for a later visit to the website). If personal data is also processed by individual cookies implemented by us, the processing is carried out in accordance with Art. 6 Para. 1 lit. b GDPR either for the execution of the contract or in accordance with Art. 6 Para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit.

We may work with advertising partners who help us make our website more interesting for you. For this purpose, cookies from partner companies are also stored on your hard drive when you visit our website (third-party cookies). If we work with the aforementioned advertising partners, you will be informed individually and separately about the use of such cookies and the scope of the data collected in the following paragraphs.

Please note that you can set your browser so that you are informed about the setting of cookies and can decide individually about their acceptance or exclude the acceptance of cookies for specific cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find these for the respective browsers at the following links: Internet Explorer:

 https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies

Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

Chrome: https://support.google.com/chrome/answer/95647?hl=en&hlrm=en

Safari: https://support.apple.com/en-us/guide/safari/manage-cookies-and-website-data-sfri11471/mac

Opera: https://help.opera.com/en/latest/web-preferences/#cookies

Please note that if you do not accept cookies, the functionality of our website may be limited.

4) Contact

When you contact us (e.g., via contact form or email), personal data is collected. The data collected can be seen from the respective contact form, if available. This data is stored and used exclusively for the purpose of answering your inquiry or for contacting you and the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your inquiry pursuant to Art. 6 Para. 1 lit. f GDPR. If your contact aims at concluding a contract, an additional legal basis for processing is Art. 6 Para. 1 lit. b GDPR. Your data will be deleted after final processing of your inquiry; this is the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no legal retention obligations.

5) Data processing when opening a customer account and for contract processing

According to Art. 6 Para. 1 lit. b GDPR, personal data will continue to be collected and processed if you provide it to us for the execution of a contract or when opening a customer account. The data collected can be seen from the respective input forms. Deletion of your customer account is possible at any time and can be done by sending a message to the above-mentioned address of the controller. We store and use the data provided by you for contract processing. After complete execution of the contract or deletion of your customer account, your data will be blocked with respect to tax and commercial retention periods and deleted after these periods, unless you have expressly consented to further use of your data or a legally permitted further data usage has been reserved by us, about which we will inform you accordingly below.

6) Data Processing for Order Fulfillment

The personal data collected by us will be passed on to the transport company commissioned with the delivery as part of the contract processing, insofar as this is necessary for the delivery of the goods. We will forward your payment data to the authorized credit institution as part of the payment processing, if this is necessary for the payment processing. If payment service providers are used, we will inform you explicitly below. The legal basis for the transfer of data is Art. 6 para. 1 lit. b GDPR.

7) Use of Social Media: Social Plugins

7.1 Facebook Plugins with Shariff Solution

On our website, so-called social plugins ("plugins") of the social network Facebook are used, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook").

To increase the protection of your data when visiting our website, these buttons are not unrestrictedly integrated as plugins, but only embedded into the page using an HTML link. This type of integration ensures that when a page of our website containing such buttons is called up, no connection is established with the servers of Facebook yet. When you click on the button, a new browser window opens and calls up the page from Facebook, where you can interact with the plugins there (possibly after entering your login data).

Facebook Inc. based in the USA is certified for the US-European data protection agreement "Privacy Shield", which ensures compliance with the data protection level applicable in the EU.

For the purpose and scope of data collection and the further processing and use of the data by Facebook as well as your related rights and privacy settings, please refer to Facebook's privacy policy: [https://www.facebook.com/policy.php](https://www.facebook.com/policy.php)

7.2 LinkedIn Plugin as Shariff Solution

On our website, so-called social plugins ("plugins") of the online service LinkedIn are used, which is operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA ("LinkedIn").

To increase the protection of your data when visiting our website, these buttons are not unrestrictedly integrated as plugins, but only embedded into the page using an HTML link. This type of integration ensures that when a page of our website containing such buttons is called up, no connection is established with the servers of LinkedIn yet. When you click on the button, a new browser window opens and calls up the page from LinkedIn, where you can interact with the plugins there (possibly after entering your login data).

LinkedIn Corporation based in the USA is certified for the US-European data protection agreement "Privacy Shield", which ensures compliance with the data protection level applicable in the EU.

For the purpose and scope of data collection and the further processing and use of the data by LinkedIn as well as your related rights and privacy settings, please refer to LinkedIn's privacy policy: 

 (https://www.linkedin.com/legal/privacy-policy)

7.3 Twitter Plugin as Shariff Solution

On our website, so-called social plugins ("plugins") of the microblogging service Twitter are used, which is operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA ("Twitter").

To increase the protection of your data when visiting our website, these buttons are not unrestrictedly integrated as plugins, but only embedded into the page using an HTML link. This type of integration ensures that when a page of our website containing such buttons is called up, no connection is established with the servers of Twitter yet. When you click on the button, a new browser window opens and calls up the page from Twitter, where you can interact with the plugins there (possibly after entering your login data).

Twitter Inc. based in the USA is certified for the US-European data protection agreement "Privacy Shield", which ensures compliance with the data protection level applicable in the EU.

For the purpose and scope of data collection and the further processing and use of the data by Twitter as well as your related rights and privacy settings, please refer to Twitter's privacy policy: (https://twitter.com/privacy)

7.4 Xing Plugins

The "XING Share Button" is used on this website. When you call up this website, a connection to servers of XING AG ("XING") is briefly established via your browser, with which the "XING Share Button" functions (in particular the calculation/display of the counter value) are provided. XING does not store any personal data about you through the access to this website. XING does not store IP addresses in particular. There is also no evaluation of your usage behavior via the use of cookies in connection with the "XING Share Button". You can find the current data protection information on the "XING Share Button" and additional information on this website: (https://www.xing.com/app/share?op=data_protection)

7.5 Use of Videos (e.g., YouTube, Vimeo)

Privacy Policy for the Use of a YouTube Plugin

This website includes at least one plugin from YouTube, which belongs to Google Inc., located in San Bruno, California, USA.

When you visit YouTube:

As soon as the page of this website equipped with a YouTube video is accessed and you start playback, a connection to the YouTube servers is established. The YouTube server is informed which specific page of this website you visited. If you are logged in, your surfing behavior can be assigned to your personal profile.

You can prevent this possibility by logging out of YouTube beforehand. Further information on the collection and use of your data by YouTube can be found in the privacy policy there: (www.youtube.com).

Further information on data protection at "YouTube" can be found in the provider's privacy policy: (https://www.google.de/intl/de/policies/privacy/)

Cookies

This website uses the YouTube embedding function to display and play videos from YouTube. We use the enhanced data protection mode, which, according to the provider's information, only starts storing user information when the video is played. As soon as the playback of the embedded video starts, YouTube uses cookies to collect information about user behavior.

According to YouTube's statements, these cookies, among other things, serve to collect video statistics, improve user-friendliness, and prevent abusive actions.

Regardless of whether the embedded videos are played, a connection to the Google network "DoubleClick" is established every time this website is called up, which can trigger further data processing operations without our influence.

DoubleClick – personalized advertising

DoubleClick is partly responsible for providing tailored advertising to the user. For example, if you search for

11) Tools and Miscellaneous

Google Web Fonts

This site uses so-called web fonts provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google") for the uniform display of fonts. When you access a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.

For this purpose, your browser must establish a connection to Google's servers, which may also involve the transmission of personal data to Google LLC's servers in the United States. As a result, Google becomes aware that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If your browser does not support web fonts, a default font will be used by your computer.

In the event of the transmission of personal data to Google LLC. based in the USA, Google LLC. has certified itself for the US-European data protection agreement "Privacy Shield," which ensures compliance with the level of data protection applicable in the EU. An up-to-date certificate can be viewed here: (https://www.privacyshield.gov/list)

Further information on Google Web Fonts can be found at

 [https://developers.google.com/fonts/faq]

(https://developers.google.com/fonts/faq) and in Google's privacy policy: 

(https://www.google.com/policies/privacy/)

12) Rights of the Data Subject

12.1 The applicable data protection law grants you comprehensive rights with regard to the processing of your personal data (rights of data subjects), about which we inform you below:

Right to information pursuant to Art. 15 GDPR: You have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the information specified in Art. 15 GDPR.

Right to rectification pursuant to Art. 16 GDPR: You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and, if necessary, the completion of incomplete personal data.

Right to erasure ("right to be forgotten") pursuant to Art. 17 GDPR: You have the right to obtain the erasure of personal data concerning you without undue delay where one of the grounds specified in Art. 17 GDPR applies.

Right to restriction of processing pursuant to Art. 18 GDPR: You have the right to obtain restriction of processing where one of the conditions specified in Art. 18 GDPR applies.

Right to data portability pursuant to Art. 20 GDPR: In certain cases, which are outlined in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format or to transmit those data to another controller.

Right to object pursuant to Art. 21 GDPR: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 (1) (e) or (f) GDPR, including profiling based on those provisions.

Right to withdraw consent pursuant to Art. 7 (3) GDPR: You have the right to withdraw your consent at any time with future effect. In the event of withdrawal, we will erase the data concerned without undue delay, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Right to lodge a complaint pursuant to Art. 77 GDPR: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

12.2 Right to Object

IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR OVERRIDING LEGITIMATE INTERESTS IN THE CONTEXT OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS BEING PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH MARKETING. YOU MAY EXERCISE THE RIGHT TO OBJECT AS DESCRIBED ABOVE.

IF YOU MAKE USE OF YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

13) Duration of the Storage of Personal Data

The duration of the storage of personal data is determined by the respective statutory retention period (e.g., commercial and tax retention periods). After the expiry of the period, the corresponding data is routinely deleted, provided that it is no longer necessary for the fulfillment of the contract or the initiation of a contract and/or there is no longer a justified interest on our part in the further storage.