Privacy Policy
As of: January 13, 2025
Table of Contents
- Responsible Party
- Overview of Processing Activities
- Applicable Legal Bases
- Security Measures
- Provision of Online Services and Web Hosting
- Use of Cookies
- Contact and Inquiry Management
Responsible Party
Clioro – a brand of Dettinger Schmuck GmbH
Westliche Karl Friedrich Str. 89
75172 Pforzheim
Commercial Register: HRB 503221 Mannheim
Registry Court: Mannheim Registry Court
Represented by:
Frank Dettinger, Falk Dettinger, Katja Cicala
Authorized Representatives: Frank Dettinger, Falk Dettinger, Katja Cicala
Email Address: info@clioro.com
Overview of Processing Activities
The following overview summarizes the types of processed data, their purposes, and the affected individuals.
Types of Processed Data
- Inventory data.
- Contact data.
- Content data.
- Usage data.
- Meta, communication, and procedural data.
- Log data.
Categories of Affected Individuals
- Communication partners.
- Users.
Purposes of Processing
- Communication.
- Security measures.
- Organizational and administrative procedures.
- Feedback.
- Provision of our online offering and user-friendliness.
- Information technology infrastructure.
Applicable Legal Bases
Applicable legal bases under the GDPR: Below is an overview of the GDPR legal bases upon which we process personal data. Please note that in addition to the GDPR, national data protection regulations may apply in your or our country of residence or business location. If specific legal bases are applicable in individual cases, we will inform you accordingly in this privacy policy.
- Consent (Art. 6(1)(a) GDPR) – The data subject has given their consent to the processing of their personal data for one or more specific purposes.
- Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is party, or for taking steps at the data subject’s request prior to entering into a contract.
- Legitimate interests (Art. 6(1)(f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, provided these interests are not overridden by the interests or fundamental rights and freedoms of the data subject that require protection of personal data.
National data protection regulations in Germany: In addition to the GDPR, national data protection laws in Germany apply. These include, in particular, the Federal Data Protection Act (BDSG), which contains specific provisions on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and data transfers, as well as automated decision-making in individual cases, including profiling. State-level data protection laws of individual federal states may also apply.
Notice on applicability of GDPR and Swiss DPA: This privacy notice serves to inform you under both the Swiss DPA and the GDPR. For broader applicability and understanding, terms from the GDPR are used. This includes the terms “processing” of “personal data,” “legitimate interests,” and “special categories of data” instead of their Swiss equivalents. However, the legal meaning of these terms continues to be determined according to the Swiss DPA where applicable.
Security Measures
We implement appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs, the nature, scope, context, and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons.
These measures include ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access, data entry, data sharing, availability, and separation. Furthermore, we have procedures in place to ensure the exercise of data subject rights, data deletion, and responses to data risks. We also consider the protection of personal data during the development or selection of hardware, software, and processes based on the principle of data protection through technology design and privacy-friendly default settings.
Securing online connections with TLS/SSL encryption technology (HTTPS): To protect user data transmitted through our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are cornerstones of secure data transmission on the Internet. These technologies encrypt the information transmitted between the website or app and the user’s browser (or between two servers), protecting the data from unauthorized access. TLS, as the advanced and more secure version of SSL, ensures that all data transmissions meet the highest security standards. When a website is secured with an SSL/TLS certificate, it is indicated by HTTPS in the URL, signaling users that their data is securely and encryptedly transmitted.
Provision of Online Services and Web Hosting
We process users’ data to provide them with our online services. For this purpose, we process the user’s IP address, which is necessary to deliver the content and functions of our online services to the users’ browser or device.
- Processed Data Types: Usage data (e.g., page views, time spent, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons). Log data (e.g., log files regarding logins, data retrieval, or access times).
- Affected Persons: Users (e.g., website visitors, users of online services).
- Processing Purposes: Provision of our online offering and user-friendliness; IT infrastructure (operation and provision of information systems and technical equipment such as computers, servers, etc.). Security measures.
- Storage and Deletion: Deletion as specified in the section “General Information on Data Storage and Deletion.”
- Legal Basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 lit. f GDPR).
Additional Notes on Processing Procedures, Methods, and Services:
- Collection of Access Data and Log Files: Access to our online offering is logged in the form of so-called “server log files.” Server log files may include the address and name of accessed websites and files, date and time of access, transmitted data volumes, successful access messages, browser type and version, the user’s operating system, referrer URL (the previously visited page), and, as a rule, IP addresses and the requesting provider. Server log files may be used for security purposes, e.g., to prevent server overload (especially in the event of misuse, such as DDoS attacks) and to ensure server stability and performance; Legal Basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 lit. f GDPR). Data Deletion: Log file information is stored for a maximum duration of 30 days and then deleted or anonymized. Data required for evidence purposes is exempt from deletion until the respective incident is fully resolved.
Use of Cookies
The term “cookies” refers to functions that store and read information on users’ devices. Cookies can also be used for various purposes, such as ensuring the functionality, security, and convenience of online offerings, as well as analyzing visitor flows. We use cookies in compliance with legal regulations. Where required, we obtain prior consent from users. If consent is not required, we rely on our legitimate interests. This applies when storing and reading information is essential to provide explicitly requested content and functions. These include storing settings and ensuring the functionality and security of our online offering. Consent can be revoked at any time. We provide clear information on the scope and usage of cookies.
Notes on Data Protection Legal Bases: Whether we process personal data using cookies depends on consent. If consent is given, it serves as the legal basis. Without consent, we rely on our legitimate interests, as explained in this section and in the context of respective services and procedures.
Storage Duration: Regarding storage duration, the following types of cookies are distinguished:
- Temporary Cookies (also: Session Cookies): Temporary cookies are deleted at the latest after a user leaves an online offering and closes their device (e.g., browser or mobile application).
- Permanent Cookies: Permanent cookies remain stored even after the device is closed. For example, login status can be saved, and preferred content displayed directly when a user revisits a website. Data collected via cookies may also be used for reach measurement. Unless explicitly stated otherwise during consent collection, users should assume these cookies are permanent and may be stored for up to two years.
General Notes on Revocation and Objection (Opt-out): Users can revoke their consents at any time and object to the processing according to legal provisions, including via their browser’s privacy settings.
- Processed Data Types: Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
- Affected Persons: Users (e.g., website visitors, users of online services).
- Legal Basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 lit. f GDPR). Consent (Art. 6 Para. 1 Sentence 1 lit. a GDPR).
Additional Notes on Processing Procedures, Methods, and Services:
- Processing of Cookie Data Based on Consent: We use a consent management solution to obtain user consent for the use of cookies or procedures and providers mentioned within the consent management solution. This process involves obtaining, logging, managing, and revoking consent, particularly related to the use of cookies and similar technologies. The consent statements are stored to avoid repeated requests and to demonstrate compliance with legal requirements. The storage occurs server-side and/or in a cookie (so-called Opt-In Cookie) or via similar technologies to associate the consent with a specific user or device. Unless specific details about consent management providers are provided, the following general notes apply: The consent storage duration is up to two years. A pseudonymous user identifier is created and stored along with the consent time, scope (e.g., categories of cookies and/or service providers), and information about the browser, system, and device used; Legal Basis: Consent (Art. 6 Para. 1 Sentence 1 lit. a GDPR).
Contact and Inquiry Management
When contacting us (e.g., via post, contact form, email, phone, or social media) or as part of existing user and business relationships, the details of the inquiring persons are processed as necessary to respond to contact inquiries and requested measures.
- Processed Data Types: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); contact details (e.g., postal and email addresses, phone numbers); content data (e.g., textual or visual messages and contributions, and related information such as authorship and creation timestamps); usage data (e.g., page views, time spent, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
- Affected Persons: Communication partners.
- Processing Purposes: Communication; organizational and administrative procedures; feedback (e.g., collecting feedback via online forms). Provision of our online offering and user-friendliness.
- Storage and Deletion: Deletion as specified in the section “General Information on Data Storage and Deletion.”
- Legal Basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 lit. f GDPR). Contract performance and pre-contractual inquiries (Art. 6 Para. 1 Sentence 1 lit. b GDPR).
Additional Notes on Processing Procedures, Methods, and Services:
- Contact Form: When contacting us via our contact form, email, or other communication methods, we process the personal data transmitted to respond to and handle the respective request. This typically includes details such as name, contact information, and any additional information necessary for appropriate handling. We use this data exclusively for the stated purpose of contact and communication; Legal Basis: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 Sentence 1 lit. b GDPR), Legitimate interests (Art. 6 Para. 1 Sentence 1 lit. f GDPR).
To manage the cookies and similar technologies (tracking pixels, web beacons, etc.) and related consents, we use the consent tool “Real Cookie Banner.” Details on the functionality of “Real Cookie Banner” can be found at https://devowl.io/de/rcb/datenverarbeitung/. Legal bases for the processing of personal data in this context are Art. 6 Para. 1 lit. c GDPR and Art. 6 Para. 1 lit. f GDPR. Our legitimate interest is managing the cookies and similar technologies and related consents. Providing personal data is neither contractually required nor necessary for concluding a contract. You are not obligated to provide personal data. If you do not provide the personal data, we cannot manage your consents.
Created with the free Data Protection Generator by Dr. Thomas Schwenke