Privacy Policy

1) Introduction and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about how your personal data is handled when using our website. Personal data refers to all data with which you can be personally identified.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:
Zernolux Import & Export GmbH, Die Rappenwiesen 7, 61350 Bad Homburg v. d. Höhe, Germany
Phone: +49 1512 5363473
Email: kontakt@zernolux.de

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.

2) Data Collection When Visiting Our Website

2.1 When using our website for informational purposes only (i.e. without registering or otherwise transmitting information), we only collect data that your browser transmits to our server (so-called “server log files”). When you access our website, we collect the following technically necessary data:

  • Website visited
  • Date and time of access
  • Amount of data sent (in bytes)
  • Source/referrer from which you accessed the page
  • Browser used
  • Operating system used
  • IP address (possibly anonymized)

Processing is carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. This data is not shared or used otherwise. However, we reserve the right to review server log files later if there are concrete indications of unlawful use.

2.2 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries). You can recognize an encrypted connection by “https://” and the lock symbol in your browser.

3) Hosting & Content Delivery Network

For hosting our website and displaying its content, we use a provider that performs its services exclusively on servers within the European Union, either directly or via subcontractors.

All data collected on this website is processed on these servers.
We have concluded a data processing agreement with the provider to ensure the protection of visitor data and prevent unauthorized disclosure.

4) Cookies

We use cookies (small text files stored on your device) to make our website more user-friendly and enable certain functions.

  • Session cookies are deleted after closing the browser
  • Persistent cookies remain on your device and store settings

If personal data is processed via cookies, processing occurs based on:

  • Art. 6(1)(b) GDPR (contract execution), or
  • Art. 6(1)(a) GDPR (consent), or
  • Art. 6(1)(f) GDPR (legitimate interest)

You can configure your browser to inform you about cookies and decide individually or disable them entirely.
Please note: disabling cookies may limit website functionality.

5) Contact

5.1 WhatsApp Business

You can contact us via WhatsApp (WhatsApp Ireland Limited, Dublin, Ireland) using the Business version.

Depending on the context:

  • Business inquiries: processed under Art. 6(1)(b) GDPR
  • General inquiries: processed under Art. 6(1)(f) GDPR

We may store:

  • Your phone number
  • Your name (if provided)

Your data is used only to respond to your inquiry and is not shared with third parties.

Note: WhatsApp may access contact data and transfer it to Meta Platforms Inc. (USA).

We ensure:

  • Only users who contacted us via WhatsApp are stored
  • Data transfer is based on your consent (Art. 6(1)(a) GDPR)

More info: https://www.whatsapp.com/legal/?eea=1#privacy-policy

We have a data processing agreement with WhatsApp and rely on the EU-US Data Privacy Framework.

5.2 Contact Forms / Email

When contacting us (e.g. via form or email), personal data is collected and used only to process your request.

Legal basis:

  • Art. 6(1)(f) GDPR (legitimate interest)
  • Art. 6(1)(b) GDPR (if contract-related)

Data is deleted after the request is fully processed unless legal retention obligations apply.

6) Use of Customer Data for Direct Marketing

MailChimp

Newsletter delivery via:
The Rocket Science Group LLC (MailChimp), USA

  • Data processed under Art. 6(1)(f) GDPR
  • Optional tracking (opens, clicks) under Art. 6(1)(a) GDPR

You can withdraw consent at any time.

Data transfers rely on the EU-US Data Privacy Framework.
A data processing agreement is in place.

7) Web Analytics Services

Google Analytics 4

Provider: Google Ireland Limited

  • Uses cookies
  • IP addresses are anonymized
  • Data stored for 2 months

Processing only occurs with your consent (Art. 6(1)(a) GDPR).

You can withdraw consent anytime via the cookie tool.

Additional features:

  • Demographics (age, gender, interests)
  • Google Signals (cross-device tracking)
  • UserIDs (cross-device analysis for logged-in users)

Data may be transferred to the USA under the EU-US Data Privacy Framework.

More info:
https://business.safety.google/intl/de/privacy/

8) Website Functionalities

8.1 YouTube

Provider: Google Ireland Limited

  • Loads videos via direct server connection
  • Transfers IP address
  • Uses cookies for analytics

Processing only occurs with consent (Art. 6(1)(a) GDPR).

8.2 Google Web Fonts

  • Ensures consistent font display
  • Requires connection to Google servers
  • Transfers browser data (including IP)

Processing only occurs with consent (Art. 6(1)(a) GDPR).

9) Rights of the Data Subject

You have the following rights:

  • Access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction (Art. 18 GDPR)
  • Notification (Art. 19 GDPR)
  • Data portability (Art. 20 GDPR)
  • Withdraw consent (Art. 7(3) GDPR)
  • Lodge a complaint (Art. 77 GDPR)

9.2 Right to Object

You may object at any time to processing based on legitimate interest (Art. 6(1)(f) GDPR).

If you object:

  • Processing will stop unless compelling legal reasons exist

For direct marketing, you can object at any time → processing will stop immediately.

10) Storage Duration of Personal Data

Storage duration depends on:

  • Legal basis
  • Purpose
  • Legal retention periods

Key rules:

  • Consent-based data → stored until withdrawn
  • Contract-related data → stored per legal retention laws
  • Legitimate interest → stored until objection
  • Marketing data → stored until objection

Otherwise, data is deleted when no longer necessary.

Copyright Notice

This privacy policy was created by the law firm IT-Recht Kanzlei and is protected by copyright:
https://www.it-recht-kanzlei.de