Data Protection Declaration of ORION Versand GmbH & Co. KG
Thanks to our decades of business experience as an erotic mail-order company, we know how important it is to protect our customers’ personal data.
Data protection is a matter of trust, which means that the observation of all the valid data protection regulations has therefore been a given and been extremely important to us for years.
In order to make the protection of your personal data easier, we are informing you about the processing of your personal data as part of our customer relationship.
I. Name and Address of the Responsible Party
The responsible party for the purpose of the General Data Protection Regulation (GDPR) and other national data protection acts of the member states as well as other data protection regulations is:
ORION Versand GmbH & Co. KG
Schäferweg 14
24941 Flensburg
Germany
Tel.: +49 (0)461 50 40 0
E-Mail.: service@orion.de
II. Name and Address of the Data Protection Officer
The Data Protection Officer is:
Stefan Götz
Schäferweg 14
24941 Flensburg
Germany
Tel.: +49 (0)461 50 40 277
E-Mail: mailto:sgoetz@orion.de
III. General Information about Processing Data
1. The Scope of Processing Personal Data
We gather and use our users’ personal data only to the extent necessary for providing a functioning website as well as content and performance. The gathering and the use of our users’ personal data takes place regularly only with the user’s consent. There is only an exception to this when previous consent cannot be obtained for essential reasons and the processing of data is permitted by legal regulations.
2. Legal Basis for Processing Personal Data
Insofar as we can obtain the consent from the person concerned for the processing of personal data, Art. 6 paragraph. 1 lit. a from the EU General Data Protection Regulation (GDPR) serves as the legal basis for processing personal data.
Art. 6 paragraph. 1 lit. b GDPR serves as the legal basis for processing personal data of which the person concerned is the affected party that is required to fulfil a contract. This also applies to the processing that is required for the consummation of pre-contractual measures.
Art. 6 paragraph. 1 lit. c GDPR serves as the legal basis insofar as processing personal data is necessary for the fulfilment of a legal obligation that is subject to our company.
Art. 6 paragraph. 1 lit. d GDPR serves as the legal basis in the event of essential interests of the person concerned or another natural person requiring the processing of personal data.
Art. 6 paragraph. 1 lit. f GDPR serves as a legal basis for the processing when the processing is required to protect a legitimate interest of our company or a third party and the interests, civil rights and fundamental freedoms of the person concerned does not outweigh the aforementioned interest.
3. Deleting of Data and Storage Period
The personal data of the person concerned will be deleted or blocked as soon as it is no longer necessary for the purpose of its collection. Furthermore, storage can take place if it is provided by a European and national legislator in EU regulations, legislation or other requirements to which the person responsible is subject. Blocking or deleting data also takes place when a storage period, required by the mentioned norms, expires, unless it is necessary to store data for longer for a completion of a contract or a fulfilment of a contract.
IV. Provision of the Website and the Creation of Log Files
1. Description and Scope of Data Processing
Every time an internet page is viewed, our system automatically gathers data and information from the computer system of the computer used to view the page.
The following data will be collected:
- - Information about the browser type and the version used
- - The user’s operating system
- - The user’s IP address
- - Date and time of access
- - Websites that the user’s system uses to visit our internet page
The data will also be saved in our system’s log files. This data does not get saved together with other personal data from the user.
2. Legal Basis for Processing Data
The legal basis for the temporary storage of data and the log files is Art. 6 paragraph. 1 lit. f GDPR.
3. The Purpose of Processing Data
The temporary storage of the IP address by the system is necessary to make a delivery of the website on the user’s computer possible. For this purpose, the user’s IP address must be saved for the duration of the session. It is stored in the log files in order to guarantee the functionality of the website. In addition to that, the data serves to optimise our website and to guarantee the safety of our information technology systems. An analysis of the data for marketing purposes does not take place in this context. In these cases, our valid interest also lies in the processing of data according to Art. 6 paragraph. 1 lit. f GDPR.
4. The Duration of Storage
The data will be deleted as soon as it is no longer necessary for the purpose of collection. In the case of gathering data for the provision of the website, this will be when the respective session has ended.
In the case of storing data in log files this will be no later than seven days. An extension of storage is possible. In this case, the user’s IP addresses will be deleted or distorted so that it is no longer possible to assign them to the client who viewed the website.
5. Possibility of Objection and Removal
The gathering of data for the provision of the website and the storing of data in log files is absolutely necessary for the operation of the website. There is therefore no possibility of objection on the part of the user.
V. Using Cookies
1. Description and Scope of Processing Data
Our website uses cookies. Cookies are text files that are stored on the user’s computer by the internet browser. A cookie can be stored on the user’s operating system when they visit a website. This cookie contains a characteristic sequence of letters that allows the browser to be uniquely identified when the website is reopened. We use cookies to make our website more user-friendly. Some elements of our internet page require that the calling browser be identified even after a page change (e.g. placing an order). Apart from the characteristic sequence of letters, no data is stored in the cookie. Furthermore, when the user enters the E-Commerce shop via an advertising partner, we save a reference identifier for this partner as a cookie with a duration of 60 days. This cookie does not allow referencing to personal data and only serves as the provisioning for sales that will be realised when our E-Commerce shop is re-visited.
2. Legal Basis for Processing Data
The legal basis for processing personal data using cookies is Art. 6 paragraph. 1 lit. f GDPR.
3. The Purpose of Processing Data
The purpose of using technical necessary cookies is to make it easier for the user to use websites. Some of the functions on our internet page cannot be offered without the use of cookies. It is necessary that the browser can also be recognised after a page change.
We need cookies for the following things: shopping basket, transfer of language settings, wishlist functionality, contact form.
For these purposes, our legitimate interests in the processing of personal data also lie with Art. 6 paragraph. 1 lit. f GDPR.
4. Duration of Storage and the Possibility of Objection and Removal
Cookies are stored on the user’s computer and transferred to our page. You as the user therefore have full control over the use of cookies. You can deactivate or restrict the transfer of cookies by changing your internet browser settings.
Cookies that have already been stored can be deleted at any time. This can also be done automatically. Some of the website’s functions may not work fully if cookies are deactivated for our website.
1. This is how you can tell your browser how to deal with cookies
a) Internet Explorer
- Click “Extras” in the menu and select Internet Options.
- Select the “Data Protection” tab.
- Here you can set the amount of cookies that should be accepted or rejected.
- Please confirm your settings with “Ok”.
b) Google Chrome
- Click in the upper right corner on the "Customize Google Chrome" symbol.
- Select “Settings".
- Click on the "Show Advanced Settings" link.
- In the “Data Protection” section, click “Content Setting”.
- You can change the settings for cookies in the “Cookies” section.
- Confirm by clicking on “Ready”.
c) Firefox
- Click “Extras” in the settings.
- Select the “Data Protection” tab.
- Click the drop-down menu and choose the “User-defined Settings” tab.
- Here you can choose your own settings whether and/or in what context and from which websites cookies should be permanently accepted.
- Please confirm your settings with “Ok”.
VI. Newsletter
1. Description and Scope of Processing Data
There is an option of subscribing to a free newsletter on our website. The E-mail address from the form gets transferred to us when you register for the newsletter.
In addition to this, the following data will be collected during registration:
- IP address of the computer used for registration and confirmation (Double Opt-in proceedings).
- Date and time of the registration and confirmation (Double Opt-in proceedings).
The data will not be given to third parties in the context of data processing for the sending of newsletters. The data is only used for sending the newsletter.
2. Legal Basis for Processing Data
The legal basis for processing data after a user has registered for the newsletter is Art. 6 paragraph. 1 lit. a GDPR.
3. The Purpose of Processing Data
The collection of the user’s E-mail address is for delivering the newsletter. The collection of other personal data in the context of the registration procedure is for preventing abuse of the service or the E-mail address used.
4. Duration of Storage
The data gets deleted as soon as it is no longer necessary for the purpose of its collection. The user’s E-mail address will be saved for the duration of the user’s subscription to the newsletter. The other personal data collected as part of the registration procedure will normally get deleted after seven days.
5. Possibility of Objection and Removal
The user concerned can unsubscribe to the newsletter at any time. For this purpose, there is a respective link in every newsletter. This link also allows a revocation of the consent to the storage of personal data during the registration procedure.
VII. Registration
1. Description and Scope of Processing Data
On our website, we give the user the option to register by providing personal data. The data is entered in a form and passed on to us and stored by us. The data is not given to third parties. The following data is collected as part of the registration process:
- E-mail address
- Date of birth
- IP address
The date and time are also saved to the data record at the time of registration. As part of the registration process, consent is obtained from the user for processing this data.
Furthermore, the user has the option of adding to the registration data in further steps by adding their billing and delivery address, in order to make it easy to order products. This data is explained in more detail in point X. E-Commerce.
With the creation of an account, you automatically participate in our bonus programme. In addition, the following data will be processed for the bonus programme:
- Amount of collected bonus points.
- Time of redemption of the bonus points, conversion into a discount code.
- Time of use for the discount code.
2. Legal Basis for Processing Data
The legal basis for processing data with the existence of consent from the user is Art. 6 paragraph. 1 lit. a GDPR.
3. The Purpose of Processing Data
A registration of the user is necessary for the availability of certain content and services on our website. This includes writing product reviews, maintaining a personal wishlist of items and the simplified order process by reusing registration and address data in the online shop.
When creating an account, you automatically participate in our bonus programme.
4. Duration of Storage
The data gets deleted as soon as it is no longer necessary for the purpose of its collection. This is the case for the data collected during the registration process when the registration on our website is cancelled or amended.
5. Possibility of Objection and Removal
The user has the option of terminating the registration by logging into their customer account, then going to “Your Data” in the menu and following the instructions for deleting the customer account. You can change the data stored about you at any time in your customer account. You can also contact our customer services at https://www.orion.de/service/.
VIII. Contact Form and E-Mail Contact
1. Description and Scope of Processing Data
There is a contact form on our website that can be used for contacting us electronically. If a user takes advantage of this option, the data entered in the form will be passed on to us and stored by us. The data stored is:
- Title
- First name and surname
- Address
- Date of birth
- E-mail address
Your consent will be obtained for processing the data in the context of the sending process and you will be directed to the data protection declaration.
Alternatively, it is also possible to contact us using the E-mail address provided. In this case, the user’s personal data transferred with the E-mail will be stored.
The data is not given to third parties in this context. The data is only used for processing the conversation.
2. Legal Basis for Processing Data
The legal basis for processing data with the existence of consent from the user is Art. 6 paragraph. 1 lit. a GDPR.
The legal basis for processing data, which is transferred in the course of sending an E-mail, is Art. 6 paragraph. 1 lit. f GDPR. If the E-mail contact aims to conclude a contract, then the additional legal basis for the process is Art. 6 paragraph. 1 lit. b GDPR.
3. Purpose of Processing Data
Processing personal data from the form is only for processing the contact. In the case of contact via E-mail, this also includes the necessary legitimate interest in processing the data.
The other personal data processed during the sending process is for preventing abuse of the contact form and to ensure the safety of our information technology system.
4. Duration of Storage
The data gets deleted as soon as it is no longer necessary for the purpose of its collection. For the personal data from the contact form and the data sent via E-mail, this is the case when the respective conversation with the user has ended. The conversation has ended when it can be inferred from the circumstances that the facts in question have been fully clarified.
The additional personal data that was collected during the sending process will normally get deleted after seven days.
5. Possibility of Objection and Removal
The user has the option of withdrawing their consent to the processing of their personal data. If the user contacts us via E-mail, they can object to the storage of their personal data at any time. In this case, the conversation cannot be continued.
Furthermore, the user has the option of withdrawing their consent via telephone, E-mail (https://www.orion.de/service/) or the contact form.
All the personal data that has been saved as part of making contact will get deleted in this case.
IX. Rights of the Affected Person
If your personal data is processed, you are the affected person according to the GDPR and these are the following rights that you have:
1. Right to Information
You have the right to demand a confirmation from the responsible party whether personal data that affects you will be processed by us.
If your personal data is being processed, you can demand disclosure about the following information:
- The purposes of processing personal data;
- The categories of personal data that will be processed;
- The recipient or categories from the recipient to whom your personal data has been or will be disclosed;
- The planned duration of the storage of your personal data or, if concrete information about this is not possible, the criteria used for determining the storage period;
- The existence of the right to rectification or erasure or your personal data, the right to restrict processing from the responsible party or a right to object to the processing;
- The existence of the right to complain to a supervisory authority;
- All available information about the origin of the data when the personal data is not collected from the affected person;
- The existence of automated decision making including profiling according to Art. 22 paragraph. 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved as well as the consequences and the intended effects of such a processing for the affected person.
You have the right to demand information about whether your personal data will be passed on to a third country or an international organisation. In this context, you can demand to be informed about suitable guarantees according to Art. 46 GDPR related to the transmission.
2. Right to Rectification
You have the right to have your personal data rectified and/or completed by the responsible party if this data is inaccurate or incomplete. The responsible party has to rectify the information immediately.
3. Right to Restriction of Processing
You can demand a restriction of the processing of your personal data under the following conditions:
- If you dispute the accuracy of your personal data for a period of time that enables the responsible party to check the accuracy of the personal data;
- The processing is unlawful and you do not want your personal data to be deleted and you request that your personal data is restricted;
- The responsible party no longer needs the personal data for the purpose of processing but you require the data for enforcing, exercising or defending a legal claim, or
- If you have entered an objection against the processing according Art. 21 paragraph. 1 GDPR and it is not yet certain whether the valid reasons from the responsible party outweigh your reasons.
If the processing of your personal data has been restricted, this data – with the exception of its storage – may only be processed with your consent or for enforcing, exercising or defending a legal claim or protection of rights from another natural or legal person or for reasons of important public interest of the Union or of a member state.
If the restriction of the processing is restricted according to the aforementioned conditions, you will be informed before the restriction has been lifted.
4. Right to Erasure
a) Obligatory deletion
You can demand that the responsible party deletes your personal data immediately and the responsible party must delete this data immediately if the following reasons apply:
- If your personal data is no longer needed for the purpose it was collected or processed.
- If you withdraw your consent to which the processing was based on according to Art. 6 paragraph. 1 lit. a or Art. 9 paragraph. 2 lit. a GDPR, and there is no other legal basis for processing the data.
- If you enter an objection against the processing according to Art. 21 paragraph. 1 GDPR and no overriding valid reasons exist for the processing or you enter an objection against the processing according to Art. 21 paragraph. 2 GDPR.
- If your personal data was processed unlawfully.
- If the deletion of your personal data is required for fulfilling a legal obligation according to European Union law or the right of the member states to which the responsible party is subject.
- If your personal data was collected in relation to offered information society services according to Art. 8 paragraph. 1 GDPR.
b) Information Given to Third Parties
If the responsible party has made your personal data public and they are obliged to delete the data according to Art. 17 paragraph. 1 GDPR, then they shall take appropriate measures taking account of the available technology and the cost of implementation, including those of a technical nature, in order to inform the responsible data processors, who process your personal data, that you, as the affected person, have demanded that all links to this personal data or from copies or replicas of this personal data be deleted.
c) Exceptions
The right to erasure does not apply if the processing is necessary for:
- Exercising the right of freedom of expression and information;
- Fulfilling a legal obligation that requires processing under the law of the Union or member states to which the responsible party is subject or for the performance of a task that is of public interest or in the exercise of official authority that is delegated to the responsible party;
- Reasons of public interest in the area of public health according to Art. 9 paragraph. 2 lit. h and i, as well as Art. 9 paragraph. 3 GDPR;
- Archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes according to Art. 89 paragraph. 1 GDPR, insofar as the law referred to in paragraph a) is likely to make the realisation of the aims of this processing impossible or seriously affect them, or
- Enforcement, exercise or defence of legal claims.
5. Right to Notification
If you have asserted your right to rectification, erasure or restriction of the processing of your data against the responsible party, then they are obliged to inform all the recipients, that have disclosed your personal data, about the rectification or erasure of the data or the restriction of the processing of the data, except when it proves to be impossible or involves disproportionate effort.
You have the right to be informed about the recipients by the responsible party.
6. Right to Data Portability
You have the right to receive your personal data, which you have given to the responsible party, in a structured, current and machine-readable format. Furthermore, you have the right to transfer this data to another responsible party without obstruction from the responsible party that has already received your personal data provided that
- The processing is based on consent according to Art. 6 paragraph. 1 lit. a GDPR or Art. 9 paragraph. 2 lit. a GDPR or based on a contract according to Art. 6 paragraph. 1 lit. b GDPR and
- The processing is done using automated procedures.
In exercising this right, you also have the right to ask one responsible party to transfer your personal data directly to another as far as this is technically possible. The rights and freedoms of others are not allowed to be affected.
The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task, that is of public interest or in the exercise of official authority that has been delegated to the responsible party.
7. Right to Object
You have the right to object at any time, for reasons that arise from your particular situation, to the processing of your personal data that takes place because of Art. 6 paragraph. 1 lit. e or f GDPR; this also applies to profiling based on these provisions.
The responsible party no longer processes your personal data, except when they can provide compelling, worthy reasons for the processing that outweigh your interests, rights and freedoms or the processing is for the enforcement, exercise or defence of legal claims.
If your personal data is processed to conduct direct advertising, you have the right to object at any time against the processing of your personal data for the purposes of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.
If you object to the processing for direct advertising purposes, then your personal data will no longer be processed for these purposes.
You have the possibility of exercising your right to object through automated procedures in the context of using services from the information society – regardless of the directive 2002/58/EG – where technical specifications are used.
8. Right to Object to the Data Protection Consent Declaration
You have the right to withdraw your data protection consent declaration at any time. Withdrawing your consent will not affect the lawfulness of the processing carried out on the basis of the consent up until the withdrawal.
9. Automatic Decision in an Individual Case Including Profiling
You have the right not to be subject to a decision based solely on an automated processing – including profiling – that will have legal effects or affects you significantly in a similar way. This does not apply when the decision is
- Necessary for the conclusion or fulfilment of a contract between you and the responsible party,
- Permissible on the grounds of legislation from the Union or member states to which the responsible party is subject, and that the legislation has suitable measures to safeguard your rights, freedoms and legitimate interests or
- With your explicit consent.
However, these decisions must not be based on specific categories of personal data according to Art. 9 paragraph. 1 GDPR, unless Art. 9 paragraph. 2 lit. a or g applies and suitable measures have been taken to protect your rights, freedoms and legitimate interests.
In regard to the cases mentioned in (1) and (3), the responsible party shall take suitable measures to safeguard your rights, freedoms and legitimate interests, where at least the right to obtain intervention of a person on the part of the responsible party to declare their own point of view and to hear an appeal of the decision.
10. Right to Complain to a Supervisory Authority
Regardless of other administrative or judicial relief, you have the right to complain to a supervisory authority especially in the member state of your place of residence, your place of work or the place of the alleged offence when you are of the opinion that the processing of your personal data violates the GDPR.
The supervisory authority, where the complaint was submitted, informs the claimant about the status and the results of the complaint including the possibility of judicial relief according to Art. 78 GDPR.
X. E-Commerce
1. Description and Scope of Data Processing
Personal data is collected in our online shop for processing contracts. This data is entered in a form and transferred to us and stored by us. The data is only given to third parties in the context of processing orders, for example, for processing payments and for delivery via a parcel service. The following data is collected as part of the ordering process:
- Title
- Delivery address
- E-mail address
- Date of birth
- A different delivery address (optional)
The date and time that the order took place in the online shop are also saved to the data record.
Users that have registered in the online shop (see VII Registration) can use the data collected with the registration to make the ordering process easier and they do not have to re-enter it.
As part of the ordering process, consent will be obtained from the user for processing this data.
2. Legal Basis for Processing Data
The legal basis for processing data with the existence of consent from the user is Art. 6 paragraph. 1 lit. a GDPR.
The legal basis for processing personal data for the purposes of accepting, processing and implementing the contract is Art. 6 paragraph. 1 lit. b GDPR.
3. The Purpose of Processing Data
The collection of data is necessary for fulfilling a contract with the user or implementing pre-contractual measures
4. Duration of Storage
The data gets deleted as soon as it is no longer necessary for the purpose of its collection.
This is the case for the personal data that was collected in the online shop during the ordering process for the fulfilment of a contract or the implementation of pre-contractual measures when the data is no longer necessary for the implementation of the contract. There may be a need to store personal data from the contracting party even after the conclusion of the contract in order to fulfil contractual or legal obligations.
5. Possibility of Objection and Removal
The user has the option of getting their data, that was collected during the ordering process, deleted at any time.
If the data is necessary for the fulfilment of a contract or the implementation of pre-contractual measures, then early deletion of the data is only possible if non-contractual or legal obligations exclude a deletion.
XI. Using Payment Services and Payment Methods
When processing orders in our online shop, the user can choose from various payment methods.
During the payment processes, personal data, name, delivery address, E-mail, date of birth, balance of invoice, which the user provided for the ordering process, can be transferred to the relevant provider of the payment method. Furthermore, the provider can further process the data, e.g. in order to carry out an identity check or depending on the chosen method of payment, to perform a credit check.
1. Transfer
The provider for the payment method “Transfer” is Klarna GmbH, Theresienhöhe 12, 80339 Munich. You can find the data protection information here: https://www.klarna.com/de/datenschutz
2. “PayPal”
The provider for the payment method “PayPal” is PayPal (Europe) S.á.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxemburg. You can find the data protection information here: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
3. Pay by Invoice
You are welcome to purchase items from us on account. If you choose this payment method, we transmit - in addition to the processing of your data in the context of the purchase in the online store in general according to section 3.1 - to protect against credit risks certain personal information data for the purpose of credit assessment to CRIF GmbH, Leopoldstraße 244, 80807 Munich.
The credit agency processes and stores personal data in order to provide us with information for assessing the creditworthiness of customers and for checking the accessibility of persons at the addresses provided by them. For this purpose, probability or scoring values are also calculated and transmitted. Such information is necessary in order to be able to assess the risk of non-payment in advance in the case of an invoice purchase. At the same time, the data processing and the information provided by the credit agencies based on this serve to protect the recipients of the information, such as us, from economic losses. The data is also processed for fraud prevention and risk management purposes.
Based on the feedback of information data by the credit agencies, we can decide whether we can offer the payment method selected by you purchase on account. You will receive more detailed information from the respective service provider:
CRIF GmbH, Leopoldstraße 244, 80807 Munich
The processing of personal data by CRIF takes place within the framework of joint responsibility pursuant to Art. 26 DSGVO. We have concluded a corresponding agreement with CRIF in order to safeguard the rights of data subjects appropriately and in accordance with the provisions of the DSGVO and the BDSG. The jointly responsible parties fulfill the respective data subject rights brought to them independently and within the framework of the respective business processes they have implemented. Further information on data protection can be found at
https://www.crif.de/media/2715/informationsblatt-art-14-dsgvo-auskunfttei.pdf
4. Debt Collection
In the case of outstanding claims, which are not provided by the user despite multiple reminders from ORION Versand GmbH & Co. K, then ORION Versand GmbH & Co. KG has the right to pass on personal data to debt collection companies. The companies for Germany are:
- Creditreform Flensburg Hanisch KG, Lise-Meitner-Straße 1, 24941 Flensburg, Germany
- Prodefacto Forderungsmanagement GmbH, Am Landgericht 2,49074 Osnabrück, Germany
- Universum Inkasso GmbH, Hanauer Landstraße 164, 60314 Frankfurt am Main, Germany
- Dr. Christine Dausend Forderungsmanagement GmbH, Konrad-Adenauer-Str. 25, 50996 Cologne, Germany
The companies for Austria are:
- Infoscore Austria GmbH, Weyringergasse 1, A-1040 Vienna, Austria
- Alektum GmbH, Schwedenplatz 2, A-1010 Vienna, Austria
The following personal data will be sent to the company:
- Surname
- first name
- address
- E-mail address
- documentation of orders
- amount of the claim
- reason for the claim
- behaviour towards the reminders
The transfer of data to the debt collection companies for the purpose of recovering the claim in the context of the debt collection is Art. 6 paragraph. 1 lit. b GDPR.
5. Credit Card
We work together with an established and PCI certified provider for the payment method “Credit Card”. The credit card details will be collected there and we will only receive an anonymous identifier (KEN) from them.
XII. Use of Web Analysis and Other Services
We use various web analysis services on our internet pages; these pages mainly use so-called cookies.
Withdrawal of your Cookie – Consent
You can retrospectively adjust your settings for the future, select or deselect certain cookies, or exercise your right of withdrawal. Go directly to the privacy settings.
1. Usercentrics
This website uses the Cookie Consent technology from Usercentrics in order to obtain your consent to the storage of certain cookies on your terminal device and to document these in accordance with the data protection regulations. The technology provider is Usercentrics GmbH, Rosental 4, 80331 München, https://usercentrics.com (“Usercentrics”).
The following data will be transferred to Usercentrics:
- Your consent or the revocation of your consent
- IP address
- Information about the browser
- Information about your terminal device
- Time of your visit to the website
Furthermore, Usercentrics stores a cookie on your browser, in order to allocate the given consent or the revocation. The data collected in this way will be stored until you request us to delete it, you delete the Usercentrics cookie yourself or the purpose for which the data is stored is no longer applicable. Mandatory legal obligation to preserve records remain unaffected.
Usercentrics is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 paragraph. 1 lit. c GDPR.
2. Google Analytics
We use Google Analytics, a Google Inc. service on our websites.
The operator of the service is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Google Analytics uses cookies, text files, that are saved on the user’s computer and make an analysis of the user’s use of the website possible. Usually, the arising information about the use of the website (including your IP address) will be passed on to a Google server in the USA and stored there.
We use the extension “-anonymizelp” on our websites for IP anonymity, whereby your IP address is shortened by Google beforehand within the member states of the European Union or in other contractual states of the agreement in the European Economic Area.
On rare occasions, the full IP address will be passed on to a Google server in the USA and be shortened there.
Google will use the generated information on our behalf, in order to analyse the use of our website, compile reports on website activities at orion.de and to provide us with other services related to the website and internet usage.
Google will not merge the IP address collected by Google Analytics with other data from Google. Google may pass on the information collected by Google Analytics to third parties if Google is legally bound to do so or as far as third parties process this data on Google’s behalf.
We have implemented Google Analytics reports for performance of demographic characteristics and interests for our website. We use data and visitor data obtained by third parties (e.g. age, sex, interests) via Google’s interest-based advertising in the context of Google Analytics.
You, the user of our website, can prevent the storage of cookies by going to your browser’s settings.
We would like to inform you that you then might not be able to use all of our website’s functions in their entirety.
Furthermore, you can object to and prevent the collection of data, including your IP address, generated by the cookie and your use of the website going to Google and the processing of this data by Google by downloading and installing the browser plug-in that can be found here: https://tools.google.com/dlpage/gaoptout?hl=en.
We would like to inform you that the Google Analytics on our website has been expanded with “gat._anonymizeIp()”, in order to ensure an anonymous collection of IP addresses, so-called IP masking.
Further information about data protection at Google can be found here: https://policies.google.com/.
3. Google Analytics Adwords Remarketing
Furthermore, we use Google Analytics with Google Service Adwords Remarketing. Google uses cookies for this service that will be stored on the user’s computer and that make an analysis of the way the offer is used by the user possible. The collected data, including the user’s IP address, is transferred to Google in the USA and saved there. Google shortens the IP addresses to the last three characters so that it is not possible to assign the IP address to a specific user.
Google uses the obtained data for evaluating the use of our website by the user, in order to create reports on the user’s activities on our website for us and, where necessary, generate further services for us in this context.
Google will transfer data, which was collected in the context of the use of the services, to third parties as far as this is required by law and also data collected by third parties on Google’s behalf. Google and other third parties have the option of placing advertisements because of cookies from the user’s previous visits to our website. Equally, advertisements from our company can be advertised on third party websites or Google itself. During the process, Google does not establish a connection between the user’s IP address and other data stored by Google.
You can deactivate the function at any time by going to the advertisement preferences manager if you don’t want the aforementioned service. Please follow this link: https://adssettings.google.com
We would like to inform you that you also might not be able to use all our website’s functions in their entirety in this respect.
4. Google Fonts
Our website uses the Google Fonts service, that is offered for users in the European economic zone and Switzerland, from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (together “Google”) for all the other users. When you open a page, your browser will load the necessary fonts, in order show the text correctly and uniformly. For this purpose, your browser must connect to the Google servers. This is how Google knows that our website has been accessed via your IP address. According to Google, these kinds of page openings are separate from other Google services that require user authentication.
In the event that personal data is transferred to the USA, Google has agreed to be subject to the US Privacy Shield.
The legal basis for data processing is Art. 6 paragraph. 1 lit. f GDPR, based on our interest in a correct and uniform presentation of our online presence.
You can find further information in the FAQ and in Google’s Data Protection Declaration.
For technical reasons, these cookies are absolutely necessary for the use of our services. They guarantee that our service is secure and works how you want it too.
5. Google Tag-Manager
Our website uses the Google Tag Manager, that is offered for users in the European economic zone and Switzerland, from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (together “Google”) for all the other users. The Tag Manager is used to manage tracking tools and other services, so-called website tags. A tag is an element that is stored in the source text of our website, in order to collect predefined usage data for example. The Google Tag Manager triggers other tags that may collect data for themselves. Some of this data will be stored on a Google server in the USA. If there is a deactivation at the domain or cookie level, it will remain disabled for all the tracking tags that are implemented by the Google Tag Manager.
The legal basis for the use of the Google Tag Manager is Art. 6 paragraph. 1 lit. f GDPR, based on our interest in an efficient management of the tools we use.
You can find more information here: Information from Google about the Tag Manager
6. Google Double-Click
We still use the Google Double Click Cookie. Google uses cookies with this service when the user views an advertisement for our website or clicks on an advertisement banner for our offer. As a result, the user can be shown advertisements that will be of interest to them. The service also provides information to the internet service provider whether the user views an advertisement, clicks on it and then makes a purchase on our website. All the data will be collected and used anonymously and pseudonymously. IP addresses will be changed immediately after the transfer so that it is not possible to assign the IP addresses collected to the user profiles.
You can deactivate the function at any time by going to Deactivation of Cookies in your browser if you don’t want the aforementioned service.
You can find further information about the terms of use and data protection here: https://policies.google.com/privacy.
By using our website, you agree to the use of data collected, processed and transferred by Google Analytics for the stated purposes.
7. Sovendus GmbH Voucher Offer
If you are interested in a voucher offer from Sovendus GmbH, Moltkestr. 11, 76133 Karlsruhe, Germany (Sovendus) and click on the voucher banner, we will pass on your title, name and E-mail address to Sovendus in an encrypted way in preparation for the voucher (Art. 6 paragraph.1 b, f GDPR). The IP address has already been transferred and is only used by Sovendus for data security purposes and is usually anonymised after seven days. Furthermore, we transfer pseudonymised order numbers, order value with currency, session ID, coupon code and timestamp to Sovendus for billing purposes.
For more information about the processing of your data by Sovendus, please refer to the online data protection policy here: https://www.sovendus.com/en/privacy_policy/.
8. Top Deals from Sovendus GmbH
For a choice of an interesting regional top deal for you, we will pass on your title, year of birth, country, postcode/ zip code (anonymised), hash value of the E-mail address and IP address in a pseudonynised and encrypted way to Sovendus GmbH, Moltkestr. 11, 76133 Karlsruhe, Germany (Sovendus) (Art. 6 paragraph.1 b, f GDPR). The IP address has already been transferred and is only used by Sovendus for data security purposes and is usually anonymised after seven days.
If you click on a top deal, we also transfer your name, your address and your E-mail address to Sovendus in an encrypted way in preparation for the personal requirements of the top deal from the product provider (Art. 6 paragraph.1 b, f GDPR).
For more information about the processing of your data by Sovendus, please refer to the online data protection policy here: https://www.sovendus.com/en/privacy_policy/.
9. Use of Remarketing Technologies via AWIN
When you visit this website, information about the pages you visit will be stored. The data is processed for statistical, advertising and profiling purposes. This makes it possible for us to understand what our customers expect from us when they visit the website and how we can improve the service. AWIN is the data processor for ORION.
10. Information about the AWIN partner programme
ORION processes your personal data to carry out an affiliate marketing campaign. In doing so, we are able to track which third party website, app or other technology provider referred potential customers to our website and apps (“Referrer”) and pay them a commission in return for those referrals. While doing so, we pursue the valid interest of carrying out an online advertising campaign that is awarded based on performance. We work together with AWIN AG (AWIN AG, Landsberger Allee 104 BC, 10249 Berlin) who support us in implementing this affiliate marketing campaign. You can find the AWIN data protection declaration here. It contains information about the data processing by AWIN and your rights in this respect.
In some cases, AWIN may keep a restricted profile that relates to you. However, this does not disclose your identity, online behaviour or other personal characteristics. This profile is only to track whether a transfer was started on one device and then completed on another.
In some cases, AWIN and the Referrer of the potential customer may receive and process your personal data, in order to implement the affiliate marketing campaign together with us.
Likewise, we receive potential customers’ personal data from AWIN and the Referrers that can be divided into the following categories: cookie data, data relating to the website, app or technology from which a potential customer was directed to us, and technical information about the device you used or an ID that is individually assigned to your transaction which AWIN can match with the aforementioned data in its system.
11. Information About the Use of KUPONA
KUPONA media collects anonymised information and data about the surfing behaviour of the user on this page for the optimised distribution of advertisement campaigns on the internet. In doing so, so-called cookie text files are stored on your computer. KUPONA can also make targeted product recommendations on other websites in the form of product-specific advertisement banners after an algorithm-based analysis of the user’s surfing behaviour. The use of cookies serves only as an optimisation of the offer, a personal identification of the user is ruled out as well as the use and disclosure of data to third parties. However, if you would like to object to the use of anonymised cookie data and the respective analysis of your surfing behaviour, you can do this here: https://www.kupona.de/datenschutz
12. Use of ShopVote Graphics
We have included ShopVote graphics on this website to display our ShopVote seal and any collected and/or pooled ratings. This serves to protect our valid interests that are mainly in the context of a balancing of interests in the ideal marketing of our offer in accordance with Art. 6 paragraph. 1 S. lit. f GDPR. The ShopVote graphics and the services advertised with them are an offer from Blickreif GmbH, Alter Messeplatz 2, 80339 Munich.
The web server automatically saves a so-called server log file when the ShopVote graphics are accessed. The server log file contains e.g. your IP address, date and time of when it was accessed, transferred amount of data and the source of the access (access data), and it documents the access. This access data is not analysed and are automatically overridden no later than 7 days after the end of your visit to the site. Other personal information will not be collected or stored by the ShopVote graphics.
13. Information about the use of target performance
This website uses Retargeting technology from Target Performance GmbH (target performance, Rosenheimerstr. 145 e-f, 81671 Munich). Further information about this third party provider can be found here: http://www.targetperformance.net. The valid data protection regulations of target performance can be found here: http://www.targetperformance.net/privacy-policy.
In the case of retargeting technology, a cookie will be stored on your computer or mobile device, in order to collect pseudonymised data about your interest and adapt the advertisement individually to the stored information. If the collected information shows a personal reference, the processing is carried out in accordance with Art. 6 paragraph. 1 S. lit. f) GDPR on the basis of a valid interest in the insertion of personalised advertising and market research. The target performance Adserving and Retargeting technology uses visitors’ IP addresses to evaluate the geographical region, the access speed and the internet provider. At no time will the exact address, place of residence or further personal data be assigned to a specific person.
14. Information about the use of The Reach Group GmbH
This website uses Retargeting technology from The Reach Group (The Reach Group GmbH, Am Karlsbad 16, 10785 Berlin). Further information about the third party provider can be found here: https://trg.de/en. The valid data protection regulations of The Reach Group can be found here: https://trg.de/en/privacy-statement.
Retargeting technology is used to collect information about the surfing behaviour of website visitors for advertising purposes in an anonymous form and it then stores the information in “cookie” text files on the computer. Specific product recommendations can then be shown on other websites as personalised advertising banners that you might find interesting. The legal basis for this processing is in accordance with Art. 6 paragraph. 1 S. lit. f) GDPR on the basis of a valid interest in the insertion of personalised advertising and market research. You can object to the use of your user data via this link: https://hal9000.redintelligence.net/privacy/8lcfmzhxc8d6/?reference=&language=en
15. Instagram
We have inserted plug-ins on our website from the social network Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA). The Instagram plug-in can be recognised by the Instagram button. If you click on the Instagram button and are logged in to your Instagram account at the same time, the content of our website can be linked to your Instagram profile. This way, Instagram can match your visit to our website with your Instagram account.
Please note that as the operator of the online shop, we explicitly point out that we have no knowledge of the content of the data that is transferred to Instagram nor how it is used by Instagram.
For further information, especially about the data protection topic via Instagram please click here: https://instagram.com/about/legal/privacy.
16. WORDFENCE
This site uses the security plug-in WORDFENCE, in order to protect the website from cyber attacks etc. The provider is DEFIANT, 800 5th Ave Ste 4100, Seattle, WA 98104. The provided GDPR-compliant data processing agreement was concluded. WORDFENCE currently uses three cookies and the text below explains what each cookie does, who set the cookie and why the cookie contributes to protecting the website.
wfwaf-authcookie- (Hash) What does it do: This cookie is used by the WORDFENCE firewall, in order to perform an ability test of the current user before loading WordPress. Who gets this cookie: This cookie is only set for users who can log in to WordPress. How does this cookie help: With this cookie, WORDFENCE firewall recognises logged in users and enables increased access. WORDFENCE can also recognise users who aren’t logged in and can restrict their access to secure areas. The cookie informs the firewall about which access level a visitor has, in order to help the firewall to make wise decisions about who to allow and who to block.
wf_loginalerted_ (Hash) What does it do: This cookie is used to tell the WORDFENCE administrator when an administrator logs in from a new device or location. Who gets this cookie: This cookie is only set for administrators. How does this cookie help: This cookie helps the website operator to know whether an admin login has taken place from a new device or location.
wfCBLBypass What it does: WORDFENCE offers a website visitor the option to bypass the country blocking by accessing a hidden URL. This cookie can track who is allowed to bypass the country blocking. Who gets this cookie: If a hidden URL, defined by the site administrator, is accessed, this cookie is used to check whether the user on the site can access the site from a country that is restricted by the country blocking. This is set for anyone that knows the URL that allows a bypass of the standard country blocking. This cookie will not be set for anyone who doesn’t know the hidden URL for bypassing the country blocking. How does this cookie help: This cookie gives website owners a way to allow certain users from blocked countries even though their country has been blocked.
You can find more information about the handling of user data in DEFIANT’s data protection declaration: https://www.wordfence.com/privacy-policy/.
17. Customa
Anonymised data for marketing and optimisation purposes is collected and stored on this website using the technology from customa. The technology provider is the trust in dialog Services GmbH, Merkurring 33-35, 22143 Hamburg, https://www.customa.de.
Cookies can be used for this purpose. Cookies are text files that are stored locally in the cache of the visitor’s internet browser. The cookies enable the recognition of the internet browser.
18. Linkster
On this page we use the tracking technology of Linkster GmbH, Geschwister-Scholl-Straße 52, 20251 Hamburg, to measure and visualize insights into partnerships and advertising channels. This is a function for measuring the efficiency of the corresponding advertising measures. Furthermore, the information enables us to assign advertising successes for billing with corresponding advertising partners.If you click on an advertising integration, cookies are set in your browser, which are read out in the event of a transaction. At every touch point, your browser sends an HTTP request to the Linkster server with which certain information is transmitted. This information includes the URL of the website on which advertising material is placed (referrer URL), the browser identifier (user agent) of yourend device (including information about the device type and the operating system), the IP address of the end device (This IP address is anonymized and hashed by us before storage), HTTP header (data packet automatically transmitted by your browser with various technical information), the time of the request and, if previously saved on the device, the cookie with its Content.
A cookie is a small data packet that is exchanged between your browser and the server. The information relevant to the web application can be stored and transmitted in this data package, e.g. the content of a virtual shopping cart.
The tracking technology stores cookies on your end device to document actions. A 24-digit, anonymous ID is stored in the cookie. Linked to this ID, the data is encrypted in our database on the server.
This contains information about the last touch points (i.e. when a particular advertising material was displayed or clicked on by a device). The stored touch points can, if necessary, be combined to form a sequence chain (user journey).
With an action request, the order number and the shopping cart value of your order are usually also transmitted and saved by us. In addition, the following values can be transmitted and saved: your new customer characteristic as well as the information you provided in a customer survey.
The cookies saved by Linkster GmbH are deleted after 30 days at the latest. The information transmitted to us and the cookies only serve the purpose of correctly assigning the success of an advertising medium and the corresponding billing and is in line with our legitimate interests in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR.
If you do not want cookies to be stored in your browser, you can do this by setting your browser accordingly. You can deactivate the storage of cookies in your browser under Extras / Internet options, restrict them to certain websites or set your browser so that it notifies you as soon as a cookie is sent. Please note, however, that inthis case you will have to reckon with a limited display of online offers and limited user guidance. You can also delete cookies at any time. In this case, the information stored in it will be removed from your device.
The collection and processing of tracking data can also be deactivated by clicking on this tracking opt-out link:
- Tracking opt-out: https://trck.linkster.co/privacy-optout.do
- Viewing your data: https://trck.linkster.co/privacy-mydata.do
The following overview shows which cookies are used by our tracking technology:
- TRS: Unique, 24-digit identifier (ID) for tracking partnerships. This cookie is stored in the client browser and identifies database records that contain the touchpoint data.
- TRSCJ: Fallback cookie with the rudimentary touchpoint data for trackingpartnerships. This cookie contains all touchpoint data encrypted on the client browser.
- trs_db_optout: When you click on the tracking opt-out link, a special cookie is written, which deactivates tracking in the current web browser of the end device. However, tracking is reactivated as soon as you delete the tracking opt-out cookie.
19. Adform
This website uses the Adform tool from Adform A/S Wildersgade 10B, sal. 1 DK-1408 Copenhagen, Denmark that collects data for analysis, marketing and optimisation, thus helping us to improve our marketing measures and website. The data collected is used by Adform to link advertising contacts and clicks on advertisements with a resulting use of our website. In this way, we can ascertain whether internet users who have seen our adverts actually go to our website or find out which products they are interested in and how the app is used. This helps us make more efficient use of our advertising budget. We are also able to use the data collected to provide you with advertisements that are tailored to your interests (e.g. products that you were interested in).Pseudonym online identification numbers (online ID) such as cookie IDs, IP address, device IDs, advertising ID / IDFA (e.g. on Android or Apple smartphones) are used for data collection. In such cases, no identifying user-related data such as a name or address is stored. All the IDs that we use simply allow us to recognise your end device or your internet browser. The data collected will not be used to personally identify you as a user of our website without your express consent. The legal basis for data processing is Art. 6 paragraph. 1 lit. a from the EU General Data Protection Regulation (GDPR). If you do not want any of your data to be collected by Adform, please proceed as follows:
By clicking on the following link you will find out how to deactivate data collection on your computer or mobile device:
https://site.adform.com/privacy-center/platform-privacy/opt-out/
XIII. Facebook
Information about Facebook Pixel
Information about the third party: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Further information from the third party regarding data protection can be found on Facebook’s website: https://www.facebook.com/about/privacy. Information about Facebook Pixel can be found here: https://www.facebook.com/business/help/651294705016616
Scope of Use
We use Facebook Pixel on our website www.orion.de, an offer from Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA (hereinafter referred to as “Facebook”).
Facebook Pixel makes it possible for Facebook to display our advertisements on Facebook, so-called “Facebook Ads”, to those Facebook users that have visited our website.
Advertisements will be mainly shown to visitors who have shown an interest in our products and topics through their use of the offer.
With the use of Facebook Pixel, it is possible for us to recognise whether the user was redirected to our website after clicking on our Facebook Ad. For this purpose, Facebook Pixel sets so-called cookies (see above) that get saved in the browser’s temporary storage of the user’s terminal device.
If the user has logged into Facebook with their local user account, then the visit to our website will be recorded by Facebook in the Facebook user account. For ORION Versand GmbH & Co. KG, the collected data about the user is anonymous and we can therefore not identify the respective user.
Facebook can however merge this data with the user’s Facebook account; ORION Versand GmbH & Co. KG expressly has no influence on Facebook’s use of the data.
Facebook gets the information that the user has accessed our website or clicked on an advertisement from generally available information.
If the user has a Facebook account and is registered, Facebook matches the visit with the respective account. Facebook can locate and use the user’s IP address and, if necessary, further information as well, even without a user registering or logging in to the account.
Purpose of Processing
The purpose of processing data collected by Facebook Pixel is the optimisation of the marketing measures, in order to be able to present relevant and interesting ORION Versand GmbH & Co. KG advertisements and marketing measures, and to avoid annoying advertisements. The targeted design of the marketing measures takes place for the benefit of the user.
The legal basis of processing the data is Art. 6 paragraph. 1 f) GDPR; ORION Versand GmbH & Co. KG has a legitimate interest in the described processing of the data.
Rights of the Affected
The user has the right to object to the processing of data to display Facebook Ads. The user can exercise their right to object by changing the settings from activated to deactivated here:
Furthermore, the user has the option of going to settings and selecting which type of advertisements are shown to them, in the context of Facebook.
The user can set the desired settings themselves here: https://www.facebook.com/settings?tab=ads
However, these settings will get deleted if the user deletes their cookies.
Furthermore, the user can deactivate the cookies, which serve as reach measurement and advertisement purposes, via the following websites:
- http://optout.networkadvertising.org/
- http://www.aboutads.info/choices
- http://www.youronlinechoices.com/uk/your-ad-choices/
However, these settings will get deleted if the user deletes their cookies.
Privacy Shield Agreement
Facebook has subjected itself to the Privacy Shield Agreement between the European Union and the USA and has become certified. This means that Facebook is obliged to observe the standards and regulations for the European data protection policy. The user can find more information here: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
Information about Facebook Social Plugins
Information about the third party: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. You can find information from the third party about data protection here: https://www.facebook.com/about/privacy
Scope of Use
We use “Facebook Social Plugins” on our website www.orion.de, an offer from Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter referred to as “Facebook”).
Facebook Social Plugins save and process information about the user’s behaviour on our website. For this purpose, Facebook Social Plugins sets so-called cookies that get saved in the browser’s temporary storage of the user’s terminal device and make an analysis of the user’s use of our website possible.
Purpose of Processing
The purpose of processing data collected by Facebook Plugins is the optimisation of the marketing measures and the improvement of the user’s experience on our website. We can improve the functions and design of our website and make it easier and simpler for the user to use our website because of statistical analysis of the data from the user’s behaviour.
The legal basis of processing the data is Art. 6 paragraph. 1 f) GDPR; ORION Versand GmbH & Co. KG has a legitimate interest in the described processing of the data.
Rights of the Affected
The user can prevent the installation of cookies by deleting existing cookies and by deactivating the storage of cookies in their web browser’s settings.
The deactivation may result in the user not being able to use all of the functions on our website fully.
The user can prevent the Facebook Social Plugins collecting data by using a so-called opt-out cookie. You can do this here:
However, these settings will get deleted if the user deletes their cookies.
Furthermore, the user can prevent the processing of personal data by deactivating the execution by JavaScript in the browser or by installing an overall JavaScript Blocker. (e.g. https://noscript.net/ or https://www.ghostery.com).
The deactivation or installation may result in the user not being able to use all of the functions on our website fully.
Privacy Shield Agreement
Facebook has subjected itself to the Privacy Shield Agreement between the European Union and the USA and has become certified. This means that Facebook is obliged to observe the standards and regulations for the European data protection policy. The user can find more information here: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
XIV. Use of the PostIdent Procedure from DHL Paket GmbH
1. Description and Scope of Data Processing
In accordance with the rules, we use the so-called PostIdent procedure from DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany for dispatching selected items in our assortment.
This procedure ensures that the ordered goods only get delivered to the person who made the order and who is of legal age once they have been identified by the postman after they have seen the person’s ID. If the person orders again, the delivery is handed to the identified recipient only.
We pass on your personal data (Mr., Ms., Name, Address, Date of Birth) to the DHL Paket GmbH service provider. As part of the delivery of goods, the DHL Paket GmbH deliverer checks whether the person is of legal age by looking at their ID. If the person, who has ordered the goods, is of legal age, then the package will be delivered.
DHL Paket GmbH only tells ORION Versand GmbH & Co. KG if the customer was successfully identified as being of legal age as part of the delivery procedure. ORION Versand GmbH & Co. KG enters this information into the customer’s account. DHL Paket GmbH will not pass on any other personal data.
Information about the DHL Paket GmbH data protection can be found here: https://www.dhl.de/de/toolbar/footer/datenschutz.html
2. Legal Basis for Data Processing
The legal basis for processing personal data in the context of the aforementioned PostIdent procedure is Art. 6 paragraph. 1 b) GDPR.
3. Purpose of Processing
The purpose of processing personal data as part of the PostIdent procedure is the legal dispatching of selected goods that are only allowed to be delivered to people who are of legal age. A dispatch of such goods without the PostIdent procedure is not provided by us.
4. Duration of Storage
The data will be deleted as soon as it is no longer necessary for the purpose of collection.
This is the case for the personal data that was collected in the online shop during the ordering process for the fulfilment of a contract or the implementation of pre-contractual measures when the data is no longer necessary for the implementation of the contract. There may be a need to store personal data from the contracting party even after the conclusion of the contract in order to fulfil contractual or legal obligations.
5. Possibility of Objection and Removal
The user has the option of getting their data and the data from their customer account, that was collected during the ordering process, deleted at any time.
If the data is necessary for the fulfilment of a contract or the implementation of pre-contractual measures, then early deletion of the data is only possible if non-contractual or legal obligations do not stand in the way of deletion. It will then no longer be possible to process and execute the customer’s order.
XV. Data Protection Information for Product Testers
1. Scope of Processing Personal Data
We collect and process the personal data on the application form that has been provided by a person who is applying to be a product tester for ORION Versand GmbH & Co. KG. This is the information that we collect:
- Surname
- first name
- date of birth
- sex
- address
- E-mail address
- pseudonym
- IP address
- time of entry
Furthermore, the person should select a category of their preferred test products and write a short statement about the person’s incentive and qualification as a product tester. The test reviews will be made public under the pseudonym provided by the product tester.
2. Legal Basis for Processing Personal Data
By submitting the application form, you acknowledge and confirm the validity of the data protection regulations of ORION Versand GmbH Co. KG and agree to the collection and processing of your personal data within the context and scope described.
The legal basis for processing data with the existence of consent from the user is Art. 6 paragraph. 1 lit.a) GDPR.
3. Purpose of Data Processing
The collection and processing of the user’s personal data is for the purpose of reviewing and selecting the applicants for the task of being a product tester.
The address and contact details are for the purpose of contact and maintaining contact, as well as delivering the products that are to be tested.
The “Desired Category” section takes any of the user’s preferences into account and ensures a delivery of test products that is customised to the tester’s wishes.
The personal information provided by the applicant about their incentive and qualification as a product tester will be used to review, select and decide upon a product tester.
The product reviews will be made public under the pseudonym provided by the product tester.
4. Duration of Storage
The personal data will be deleted as soon as it is no longer necessary for the purpose of collection.
In the case of collecting and processing the product tester’s personal data, we save the data for the duration of the product tester selection process and then for as long as the person is a product tester.
The product reviews that are made public under the pseudonym provided by the product tester will be saved and used for an unlimited period of time.
5. Possibility of Objection and Removal
The user has the option of objecting to the processing of their personal data at any time. However, they will no longer be able to be a product tester. The user can make their objection via E-mail, by post or on the telephone. A postal objection should be sent to ORION Versand GmbH & Co. KG, Schäferweg 14, 24941 Flensburg, Germany.
The product reviews and the publication of the reviews under the pseudonym are not affected by the objection.
XVI. Data Protection Information for Our Blog
1. Scope of Processing Personal Data
The users have the option of commenting on individual articles in our blog. They can do this anonymously. The user has the option of also providing a pseudonym and E-mail address. The IP address, data and time of the comment will still be collected. The comment will appear underneath the article and will either be anonymous or appear with the pseudonym provided.
The users have the option of asking topic-related questions in the contact form. These questions will be answered by us via E-mail and then made public under the pseudonym or a shortened version of the user’s name. We therefore collect and process the following data:
- Title
- name or pseudonym
- age
- E-mail address
2. Legal Basis for Processing Personal Data
The legal basis for processing personal data with the existence of consent from the user is Art. 6 paragraph. 1 lit.a) GDPR.
3. Purpose of Data Processing
The collection and processing of the user’s personal data, in so far as this has been given, is for the purpose of selecting and a possible processing of the comments if a question on the contact form is being replied to.
4. Duration of Storage
The personal data will be deleted as soon as it is no longer necessary for the purpose of collection.
The comments on blog articles that are made public anonymously or under the pseudonym provided by the user will be saved and used for an unlimited period of time.
The questions we receive will be answered via E-mail and the personal data will be deleted.
5. Possibility of Objection and Removal
The user has the option of objecting to the processing of their personal data at any time. The user can make their objection via E-mail, by post or on the telephone. A postal objection should be sent to ORION Versand GmbH & Co. KG, Schäferweg 14, 24941 Flensburg, Germany.
The comments on blog articles and the publication of the comments made anonymously or under the pseudonym are not affected by the objection.
XVII. Data Protection Information for ORION and friends
1. Scope of Processing Personal Data
The online presence of ORION Versand GmbH & Co. KG. at www.orionandfriends.de is aimed at interested and potential co-operation partners of ORION Versand GmbH & Co. KG., who want to co-operat with ORION Versand GmbH & Co. KG. as a product tester, blogger or influencer.
There is a contact form on the internet page for contacting us. Personal data will be collected from this form. These are the mandatory fields that have to be filled in:
- Surname
- first name
- date of birth
- E-mail address
- address
These are optional fields that can be filled in:
- Instagram – profile name
- Facebook – link to Facebook profile
- Blog – link to the blog
- Youtube – name of the Youtube channel
The acknowledgement and confirmation of the validity of the data protection policy.
Furthermore, the IP address and timestamp of when the contact form was sent will be collected and processed.
2. Legal Basis for Processing Personal Data
By ticking the box and submitting the contact form, you acknowledge and confirm the validity of the data protection regulations of ORION Versand GmbH Co. KG and agree to the collection and processing of your personal data within the context and scope described.
The legal basis for processing data with the existence of consent from the user is Art. 6 paragraph. 1 lit.a GDPR.
3. Purpose of Processing
The processing of the user’s personal data is for the purpose of selecting the applicants and contacting potential co-operation partners.
The address and contact details are for the purpose of contact and maintaining contact, as well as delivering the products that are to be tested. For this purpose, the address and E-mail address will also be passed on to the carrier that will deliver the test products, as well as for direct contact for the purpose of delivery.
The user explicitly agrees with the aforementioned transfer of personal data.
The date of birth is to prove that the user is of legal age. ORION Versand GmbH & Co. KG only wants to co-operate with partners of legal age.
The optional information is used to get an idea of the potential co-operation partners and their activities up until now.
4. Duration of Storage
The personal data will be deleted as soon as it is no longer necessary for the purpose of collection.
In the case of collecting and processing the co-operation partner’s personal data, we save the data for the duration of the checks and where applicable for the duration of the co-operation. After the co-operation has ended, personal data will be deleted taking into account of any legal obligation to preserve records.
5. Possibility of Objection and Removal
The user has the option of objecting to the processing of their personal data at any time. However, further co-operation with ORION and friends is no longer possible. The user can make their objection via E-mail, by post or on the telephone. A postal objection should be sent to ORION Versand GmbH & Co. KG, Schäferweg 14, 24941 Flensburg, Germany.
XVIII. Data Protection Information for Applicants
1. Scope of Processing Personal Data
If you want to send us your inquiries or application documents via our applicant portal at www.orion.de/orion-gruppe/jobs-und-karriere/jetzt-bewerben/, we will collect and process the following data:
- Surname
- first name
- Postal address
- E-mail address
- Subject of your message
- The files you have sent to us (application documents)
- inquiries
- salary
- expectation
- start date
- If applicable the message you wrote to us in the message box
- Your acknowledgement and confirmation of the validity of the data protection policy
- Your IP address
- Timestamp
If you want to send us your inquiries or application documents directly via E-mail at bewerbung@orion.de, we will collect and process the following data:
- E-mail address
- The files you have sent to us (application documents)
- inquiries
- salary expectation
- start date
- Your acknowledgement and confirmation of the validity of the data protection policy
- Your IP address
- Timestamp
You can also send us your application documents by post. We then collect and process the personal data from your documents. By sending us your documents, you agree to the processing of your personal data for the purpose of carrying out the application process.
2. Legal Basis for Processing Personal Data
In order to send us a message in our applicant portal, you have to tick the “I have read and agree to the data protection policy” box. This means that you agree to the collection and processing of your personal data within the context and scope of the applicant portal and application process of ORION Versand GmbH Co. KG.
The legal basis for processing data with the existence of consent from the user is Art. 6 paragraph. 1 lit.a GDPR.
The same applies when you send your message via E-mail to bewerbung@orion.de. By sending your application documents in the post, you agree to the processing of your personal data.
The legal basis for processing data with the existence of consent from the user is Art. 6 paragraph. 1 lit.a GDPR.
3. Purpose of Data Processing
The collection and processing of the user’s personal data is for the purpose of selecting and checking the application documents in the context of deciding on which applicant to employ at ORION Versand GmbH & Co. KG.
The address and contact details are for the purpose of contact and maintaining contact in the context of the application process.
Your personal data and application documents will be checked by the human resources department as part of the application process and, where applicable, brought to the attention of some or all of the managers and the works council.
4. Duration of Storage
The personal data will be deleted as soon as it is no longer necessary for the purpose of collection.
The personal data of the users who could not be taken into consideration for the vacant position will be deleted after 6 months.
5. Possibility of Objection and Removal
The user has the option of objecting to further processing of their personal data at any time and to the consent they gave ORION Versand GmbH & Co. KG to process their personal data.
In this case, the personal data will be deleted immediately. Further processing of the user’s application documents is no longer possible.
The user can make their objection via E-mail, by post or on the telephone. A postal objection should be sent to ORION Versand GmbH & Co. KG, Schäferweg 14, 24941 Flensburg, Germany.
We send the application documents back to you on a portable storage device (e.g. USB stick, CD) after the storage period without keeping any copies.
Further information about data protection at ORION Versand GmbH & Co. KG and information about your rights can be found here: https://www.orion.de/service/privacy.
Technical Standard - HTTPS/TLS Encryption
We use the most modern security methods for data transfer: the latest version of the TLS protocol 1.2, that is based on a large 2048-bit key, has been signed by SHA256. Furthermore, we also provide Perfect Forward Secrecy, so that no conclusions from our secret key for partially compromised information are allowed. All the information (as well as the website’s address/URL) transferred this way is encrypted like this.
The passwords we save for customer logins are made unreadable for third parties because we use constantly updated one-way codes (we are currently using "bcrypt"). We use random individual characters for each saved password (called salt).
Updated June 2023