Data protection

As of 25 May 2018, the requirements of the EU General Data Protection Regulation (GDPR) apply throughout Europe. This policy describes how Garpa Garden & Park Furniture Ltd (GARPA) collect and use your personal data during your use of the website in accordance with the new regulation (see Article 13 GDPR). Please read our information on data protection very carefully. Should you have any questions or comments about this privacy policy, you can always send them to the email address provided in section 2.

Content

  1. Overview
  2. The name and contact details of the data controller and of the data protection officer
  3. Purposes of processing data, legal bases and legitimate interests pursued by GARPA or a third party and categories of recipients
    1. 3.1. Accessing our site
    2. 3.2. Conclusion, performance or termination of a contract
    3. 3.3. Processing data for advertising purposes
    4. 3.4. Online presence and website optimisation
    5. 3.5. Contact
    6. 3.6. Access to the GARPA image archive/image database
    7. 3.7. Furnishing Planner
  4. Online social media presence
  5. Your rights
  6. Data security measures
  7. Changes to the Privacy Policy

1. Overview

This Privacy Policy informs you about the type and scope of personal data processed by GARPA. Personal data is information that is or can be directly or indirectly assigned to your person.

The manner in which data is processed by GARPA can essentially be divided into three categories:

  • All data necessary for performing a contract with GARPA are processed for this specific purpose. If external service providers are also involved in the processing of the contract, e.g. logistics companies or credit agencies, your data will be passed on to them to the extent necessary in each case.
  • We use the data collected from you within the framework of processing the contract not only for this specific purpose but also to inform you from time to time about new offers and campaigns.
  • When you access the GARPA website, various information is exchanged between your device and our server. This may also involve personal data. The information collected in this way is used, among other things, to optimise our website or to display advertising in your browser’s device.

We use tools, among other things, from companies based in the USA or other third countries that are not secure under data protection laws. When these tools are active, your personal data may be transferred to and processed in these third countries. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as the data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for surveillance purposes. We have no influence over these processing activities.

In accordance with the provisions of the GDPR, you have different rights which you can assert against us. This includes, among other things, the right to object to selected data being processed, in particular data processed for advertising purposes. The right to object to processing is highlighted typographically. Should you have any questions regarding our Privacy Policy, please feel free to contact our data protection officer at any time. You will find the contact details below.

2. The name and contact details of the data controller and of the data protection officer

This Privacy Policy applies to data processed by Garpa Garden & Park Furniture Ltd, 35, The Nurseries, Lewes BN7 2FF, United Kingdom (“Controller”) and by the website www.garpa.co.uk. The Data Protection Officer of Garpa Garden & Park Furniture Ltd can be contacted at the above address, the Data Protection Department or at data-protection@garpa.co.uk.

3. Purposes of processing data, legal bases and legitimate interests pursued by GARPA or a third party and categories of recipients

3.1. Accessing our site

When you access our website, the browser used on your device automatically sends information to the server of our website and temporarily saves it in a log file, over which we have no influence. The following information will be collected without your intervention and stored until automatically deleted:

  • the IP address of the Internet-enabled device making the requesting,
  • the date and time of the access,
  • the name and URL of the file accessed,
  • the website from which access was made (referrer URL),
  • the browser you are using and, if applicable, the operating system of your Internet-capable computer as well as the name of your access provider.

The legal basis for processing the IP address is Art. 6 (1) point f) GDPR. Our legitimate interest arises from the purposes of data collection listed below. We wish to point out that we are not able to draw any direct conclusions about your identity from the data collected, nor can any be drawn through us.

The IP address of your device and the other data listed above are used by us for the following purposes:

  • to ensure a smooth connection setup,
  • to ensure smooth use of our website, and
  • to evaluate system security and stability.

The data are stored only as long as is necessary to fulfil the purpose intended for storage and are deleted afterwards automatically. We also use cookies, tracking tools, targeting methods and social media plug-ins for our website. The exact methods involved and how their data are used for this purpose are explained in more detail in section 3.4 below.

If you accept geolocalization in your browser or operating system or other settings of your device, we use this function in order to be able to offer you individual services related to your current location. We process your location data in this way exclusively for this function. The data will be deleted once the use has ended.

3.2. Conclusion, Performance or Termination of a Contract

3.2.1. Processing data upon the conclusion of a contract

The scope of GARPA’s business is the distance selling of goods and services, retail trade within the framework of permits issued by the relevant authorities, and the serial production of goods to be offered. In this context, we process the data required for the conclusion, performance or termination of a contract with you. This includes:

  • Salutation, Title, First Name, Surname
  • Invoice and Delivery Address
  • Email Address
  • Billing and Payment Information
  • Date of Birth
  • Telephone Number

Art. 6 (1) point b) of the GDPR serve as the legal basis, i.e. you provide us with the data on the basis of the contractual relationship between you and us. In order to process your email address for online orders, we are also obliged to electronically confirm receipt of your order due to a provision in the German Civil Code (BGB). Art. 6 (1) point c) of the GDPR serve as the legal basis. We store the data collected for performing the contract at least until the expiry of the statutory or possible contractual warranty and guarantee rights, provided we do not use your contact data for advertising purposes (see 3.3. below).

The following data processing operations are also required to process the purchase agreement:

We work together with logistics companies for the purpose of processing the sales contract. The following data may be transmitted to these logistics companies commissioned by us for the purpose of delivering the ordered goods or for announcing them: Information about your delivery address (first name, surname, postal address) as well as your email address and telephone number. The logistics company will contact you prior to delivery to provide you with the time of delivery or to discuss delivery details with you.

3.2.2. Identity, Creditworthiness and Information to Credit Agencies

If necessary, we may verify your identity by consulting information from service providers. Art. 6 (1) points b) and f) of the GDPR serve as the legal basis. Authorisation to do so arises from ensuring the protection of your identity and the avoidance of fraud attempts at our expense. The circumstance and the result of our enquiry will be added to your customer account or your guest account for the duration of the contractual relationship.

During the ordering process, we also check your credit rating, provided that you select the payment method ‘on account’. For this purpose, we pass on the following types of data to credit agencies cooperating with us: name, address, date of birth. Art. 6 (1) point f) of the GDPR serve as the legal basis. The legitimate interest required under this provision arises from our interest in minimising the credit risk associated with these types of payments. The circumstance and the result of our enquiry will be added to your customer account for the duration of the contractual relationship.

If you have already made a purchase with us, your data stored by us about you can be supplemented by score values. Scoring is the process of making a forecast of future events based on information collected and past experiences. Such processing is based on Art. 6 (1) point f) of the GDPR. The preparation of such forecasts is to be regarded as a legitimate interest within the meaning of the aforementioned provision. Based on the data stored about your, you will be assigned to statistical groups of people with similar entries in the past. The underlying method used is a well-founded mathematical-statistical method for predicting risk probabilities that has long been tried and tested in practice.

In the event of a delay in payment, we reserve the right to pass on the necessary data to a company commissioned with asserting the claim if other legal requirements have been met. Art. 6 (1) point. b) and Art. 6 (1) point f) of the GDPR serve as the legal basis. The assertion of a contractual claim shall be regarded as a legitimate interest within the meaning of the second provision. Information about the delay in payment or a possible bad debt loss will also be forwarded to credit agencies cooperating with us if other legal requirements have been met. Art. 6 (1) point f) of the GDPR serve as the legal basis. The legitimate interest required here arises from our interest and that of third parties in reducing contractual risks for future contracts.

3.3. Processing Data for Advertising Purposes

The following explanations refer to the processing of personal data for advertising purposes. The DSGVO declares such processing of data based on Art. 6 (1) point f) of the GDPR to be generally conceivable and a legitimate interest. The duration of data storage for advertising purposes does not follow rigid principles and is based on the question of whether storage is necessary for advertising purposes. Please refer to Section 3.3.4 for the procedure to be followed should you wish to assert your right to object.

3.3.1. Advertising Purposes of GARPA and Third Parties

If you have concluded a contract with us, we will store you as a customer in our system. In this case, we process your postal contact details beyond a concrete consent, in order to send you information about products and services in this way. We process your email address, provided we have received it from you, in order to send you information about our own, similar products beyond a concrete consent.

3.3.2. Interest-Oriented Advertising

To ensure that you only receive advertising information that is of supposed interest to you, we categorise and supplement your customer profile with further information. Both statistical information and information about you (e.g. basic details from your customer profile) are used for this purpose. The aim is to provide you with advertising that is solely oriented to your actual or supposed needs and not to trouble you with useless advertising.

3.3.3. Referring friends

If our customers inform us of potential interested parties for our offers (e.g. catalogue request), we collect this personal data provided to us for the purpose of acquiring new customers. We process and use the name and postal address to send our catalogue. For this purpose, we may pass on the personal data provided to us to relevant service providers commissioned by us. We are also obliged to inform the person you have named that you have given us the address data. We store your details (details of the interested party and the fact that you recommended the interested party) as long as this is necessary to fulfil the purpose for reasons of proof. The processing of postal contact data for the purpose of “referring friends” takes place outside the existence of a concrete consent in order to provide interested parties with information about products and services in this way. The GDPR declares such processing of personal data for advertising purposes on the basis of Art. 6 para. 1 lit. f) GDPR as fundamentally conceivable and as a legitimate interest.

3.3.4. Participation in analytics union

As a participating partner in the analytics union, a cooperation of various distance-selling companies, we process your data within the scope of our legitimate interest pursuant to Art. 6 para. 1 lit. f of the GDPR for our own and third-party marketing activities.
In this process, your data is first analysed by selected and reliable service providers on a pseudonymised basis together with data from other participating companies in order to identify relevant marketing activities for you and to be able to generate any interested new customers. For more information, please visit info.analyticsunion.com or contact CUSTOMY GmbH & Co. KG, Klarissengasse 4, 48143 Münster, Germany.
The involvement of the trusted service providers and use of special encryption procedures as well as the conclusion of processing between joint controllers (Art. 26 of the GDPR) ensure that the data protection regulations of the GDPR are met.
You can object to the use of your data for these purposes directly to us or more easily at the following website info.analyticsunion.com in accordance with Art. 21 of the GDPR. In the event of an objection, your name and address will continue to be stored in pseudonymised form with the selected service providers in order to protect your rights and to ensure that you do not receive unsolicited advertising in the future or that your data is processed for these purposes. If, in addition to your objection, you also expressly request the complete deletion of this pseudonymised data, it can no longer be ensured that you will be excluded from marketing activities in the future, as no corresponding protective comparison can then be made with your pseudonymised data record created for this purpose.
You can assert all other data subject rights arising from the GDPR, in particular your rights to information, correction, deletion and transfer, directly against us. We will then process your request with the help of our cooperation partners.
In accordance with Art. 11 (1) of the GDPR, the possibility of your identification on the basis of the data concerning you will only be maintained for as long as it is necessary for the purpose of the respective data processing. Due to the complex encryption procedures, it is therefore possible that your data can no longer be linked to your identity afterwards. The data subject rights of Art. 15-20 of the GDPR can only be asserted in this case if you provide additional information that allows us or our cooperation partners to clearly identify you.

3.3.5. Right to object

You can object to your data being processed for the above-mentioned purposes at any time free of charge, separately for the respective communication channel, and with effect for the future. To do so, simply send an email or a letter by post to the contact details listed under Section 2.

If you object to your data being processed, the contact address concerned will be blocked for further processing for advertising purposes. We wish to point out that advertising material may still be sent temporarily in exceptional cases even after receipt of your objection. This is technically due to the necessary lead time of advertisements and does not mean that your right to object has not been considered. We ask for your understanding.

3.3.6. Information on the Newsletter

We offer you the possibility of subscribing to our newsletter via our website. In order to make sure that no errors were made when entering the email address, we use the double opt-in process. This means that we will send you a confirmation link after you have entered your email address in the registration field. Your email address will be added to our mailing list only after you click on this confirmation link. Your electronic contact details will be processed solely on the basis of your consent pursuant to Art. 6 (1) point a) of the GDPR. You may revoke your consent at any time with effect for the future. To do so, simply send an email to the email address provided under Section 2 or click on the “Unsubscribe” button at the end of each newsletter.

3.4. Online Presence and Website Optimisation

3.4.1. Cookies – General Information

We use cookies on our website. Cookies are small files that are automatically created by your browser and stored on your device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not cause any damage to your device, do not contain viruses, Trojans or other malware. Information is stored in the cookie that is generated in connection with the specific end device used. This does not mean, however, that we will gain immediate knowledge of your identity.

The use of cookies serves on the one hand to make using our offer more convenient for you. In this respect, we use temporary cookies to recognise that you have already visited individual pages on our website. These will be deleted automatically once you leave our site. These cookies required for the functionality of our website are essential and cannot be deactivated (e.g. session cookies).

In addition, we also use permanent cookies which are stored on your device for a specified period of time to make our website more user friendly. If you visit our site again to use our services, the site automatically recognises that you have previously visited it and which data you entered as well as the settings you have made, so that you do not have to enter these again.

The cookies are automatically deleted after a specific period of time. Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is generated. However, if you disable cookies completely, you may not be able to use all the features of our website. The length of time cookies are stored depends on their purpose and is not the same for everyone.

The marketing cookies used by us serve to display advertising that is in line with your interests. When you visit another website, the browser cookie will be recognised and advertisements selected based on the information stored in this cookie will be displayed.

The sue of statistic cookies helps us to measure the reach of our own offer. We can track which website was visited before calling our website and how our website was used, among other things. We use this data, among other things, to optimise our website by evaluating the campaigns we have carried out.

The legal basis on which we process your personal data using cookies depends on whether we ask you for your consent. If this is the case and you consent to the use of cookies, the legal basis for the processing of your data is the declared consent in accordance with Art. 6 para. 1 lit. a) of the GDPR. Otherwise, the data processed with the help of cookies will be processed on the basis of our legitimate interests (e.g. in the business operation of our online offer and its improvement) or, if the use of cookies is necessary, in order to fulfil our contractual or legal obligations.

Regardless of whether the processing is based on consent or legal permission, you have the option at any time to revoke your consent or to object to the processing of your data using cookie technologies.

Revoking consent shall not affect the lawfulness of processing data carried out on the basis of the consent up to the point of revocation.

You can exercise your right to object by using the settings of your browser, e.g. by deactivating the use of cookies (this can also restrict the functionality of our online offer)

You may revoke your consent or configure your settings for the cookies used on our website by clicking on the following link: Edit cookie settings.

3.4.2. Google Analytics

We use Google Analytics, a web analysis service provided by Google Ireland Limited (“Google”), to provide need-based design and continuous optimisation of our pages.

In this context, pseudonymised user profiles are created and cookies are used. The information generated by the cookie about your use of this site such as

  • Browser type/version,
  • Operating system used,
  • Referrer URL (the previously visited page),
  • Host name of the accessing computer (IP address),
  • Time of the server request,

are transferred to a Google server possibly in the USA or other third countries, and stored there. The information is used to evaluate the use of the website, to compile reports on website activities and to provide other services related to website and Internet use for market research purposes and to design these Internet pages in line with requirements. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of third parties. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymised so that it is not possible to associate them with a user (IP masking).

You can prevent the use of cookies by selecting the appropriate settings in the browser; however, please note that if you do this, you may not be able to use the full features of this website. You can also prevent data generated by the cookie and related to your use of the website (including your IP address) from being collected as well as from processing this data by Google by downloading and installing the browser plug-in available under the following link: As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking this link. An opt-out cookie is set to prevent your data from being collected in the future when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again. You can find further information on data protection in connection with Google Analytics on the Google Analytics website.

The legal basis for the processing of personal data described here is your consent in accordance with Art. 6 Para. 1 lit. a) of the GDPR.

You may revoke your consent or configure your settings for the cookies used on our website by clicking on the following link: Edit cookie settings.

3.4.3. Facebook Custom Audience via the Pixel Method

We use “Facebook pixels” on our website, a service provided by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter “Facebook”).

Facebook pixels enable Facebook to display our Facebook ads only to Facebook users who have visited our website, especially those who have shown interest in our online offerings or certain topics or products. Facebook pixels allow you to check whether a user has been redirected to our website after clicking on our Facebook ads. Facebook Pixel uses cookies, which are small text files that are stored locally in the cache of your web browser on your device.

If you have a Facebook user account and are registered, Facebook can associate the visit to your user account. The data collected about you is anonymous to us and does not give us any information about the identity of the user. However, Facebook may associate this data with your Facebook account. We have no control over the extent and further use of data collected by Facebook through the use of Facebook pixels. Even if you are not registered with Facebook or have not logged in, Facebook may collect and store your IP address and other identifying information.

We use Facebook pixels for marketing and optimisation purposes, in particular to place relevant and interesting ads on Facebook and thus improve our offer, make it more interesting for you as a user, and avoid annoying ads. This is also our legitimate interest in processing the above-mentioned data. For more information about Facebook’s collection and use of this information and your rights and choices regarding your privacy, please see Facebook’s Privacy Policy.

3.4.4. Targeting

We want to ensure that you only see advertising on your end devices that is oriented towards your actual or supposed interests through the targeting measures used. It is both in your and our interest to not bother you with uninteresting advertisements.

The legal basis for the processing of personal data described here is your consent in accordance with Art. 6 Para. 1 lit. a) of the GDPR.

You may revoke your consent or configure your settings for the cookies used on our website by clicking on the following link: Edit cookie settings.

3.4.4.1. Onsite-Targeting

Our website uses cookies to collect and evaluate information to optimise advertisements. This information includes, for example, information about which of our products you are interested in. Any recording or analysis is done exclusively under a pseudonym and does not enable us to identify you. In particular, the information will not be merged with your personal data. This information enables us to display offers on our site that are specifically tailored to your interests, such as those arising from your past user behaviour. The cookie is automatically deleted after 30 days.

3.4.4.2. Re-Targeting

We also use re-targeting technologies from Google. This enables us to make our online offer more interesting and tailored to your needs. For this purpose, a cookie is set with which data from interested customers is collected using pseudonyms. This information is used to display interest-related advertisements about our offers on the websites of our partners. No directly personal data will be stored and no user profiles will be merged with personal data on you. The cookie is stored for a period of 2 years and then automatically deleted.

3.4.4.3. Right to revoke/object/opt-out

In addition to the option to revoke your consent and the deactivation methods described above, you can also generally prevent the targeting technologies described above by setting the appropriate cookie in your browser (see also 3.4.1.). In addition, you can deactivate preference-based advertising with the help of the preference manager by accessing it here. 

3.4.5. Social Media Plug-Ins

We use social plug-ins from the social networks Facebook, Instagram, Pinterest and YouTube on our website on the basis of Art. 6 (1) point f) of the GDPR in order to make our company better known. The underlying advertising purpose is to be regarded as a legitimate interest within the meaning of the GDPR. The responsibility for operation that is compliant with data protection regulations is to be guaranteed by their respective providers. These plug-ins are integrated by the two-click method in order to protect visitors to our website in the best possible way.

3.4.5.1. Facebook

We use plug-ins from the social network Facebook on our website, which are offered by Facebook Inc. The Facebook plug-ins are marked with a Facebook logo or contain “Like” or “Share”. An overview of the Facebook plug-ins and their appearance can be found by clicking the following link.

When you activate such a plug-in (first click), your browser establishes a direct connection to Facebook’s servers. The content of the plug-in is transmitted directly from Facebook to your browser and integrated into the page. This integration provides Facebook with the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook account or are not logged in to Facebook. This information (including your IP address) is transmitted directly from your browser to a Facebook server in the USA where it is stored. If you are logged in to Facebook, Facebook can immediately associate your visit to our website with your Facebook account. If you interact with the plug-ins, for example by pressing the “Like” button, this information is also transmitted directly to a Facebook server where it is stored. The information will also be published to your Facebook account and displayed to your Facebook friends.

The purpose and scope of the collection of data and further processing including use of the data by Facebook as well as your rights in this regard and setting options to protect your privacy can be found in Facebook’s Privacy Policy.

If you do not want Facebook to associate the data collected about your visit to our site directly with your Facebook account, you must log out of Facebook before visiting our site.

3.4.5.2. Instagram

Our website also uses social network plug-ins from Instagram. The Instagram service is a Facebook product provided by Facebook Inc. The plug-ins are marked with an Instagram logo, for example in the form of an “Instagram camera”.

When you activate the plug-in (first click), your browser establishes a direct connection to Instagram’s servers. The content of the plug-in is transmitted directly from Instagram to your browser and integrated into the page. This integration provides Instagram with the information that your browser has accessed the corresponding page of our website, even if you do not have an Instagram account or are not logged in to Instagram.

This information (including your IP address) is transmitted directly from your browser to an Instagram server in the USA where it is stored. If you are logged in to Instagram, Instagram can immediately associate your visit to our website with your Instagram account. If you interact with the plug-ins, for example by pressing the “Like” button, this information is also transmitted directly to an Instagram server where it is stored. The information will also be published to your Instagram account and displayed to your Instagram contacts.

If you do not want Instagram to associate the data collected through our website directly with your Instagram account, you must log out of Instagram before visiting our website. For more information, see Instagram’s Privacy Policy.

3.4.5.3. YouTube

Our website uses plug-ins from YouTube which is operated by Google. YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA is the site operator.

When you activate the plug-in (first click), your browser establishes a direct connection to YouTube’s servers. This will tell the YouTube server which of our pages you have visited. If you are logged in to your YouTube account, you allow YouTube to directly associate your surfing behaviour with your personal profile. You can prevent this by logging out of your YouTube account beforehand. You can find further information about the handling of user data in YouTube’s Privacy Policy.

3.4.5.4. Pinterest

We also use social plugins on our website by the social network Pinterest, which is operated by Pinterest Europe Ltd. Palmerston House, 2nd Floor Fenian Street, Dublin 2, Ireland (“Pinterest”). If you visit a page that contains such a plug-in, your browser establishes a direct connection with the Pinterest servers. The plug-in transmits protocol data to the server of Pinterest. This log data may include your IP address, the address of the websites visited, which also contain Pinterest functions, browser type and settings, date and time of the request, your use of Pinterest, and cookies.

If you click the Pinterest “Pin it” button while logged into your Pinterest account, you can link the content of our pages to your Pinterest profile. This allows Pinterest to match the visit to our pages to your user account. We would like to point out that we have no knowledge of the content of the data transmitted or its use by Pinterest. Further information on the purpose, scope and further processing and use of the data by Pinterest as well as your rights and options to protect your privacy can be found in Pinterest’s privacy policy (https://about.pinterest.com/en/privacy-policy).

3.4.6. Blog

Users have the option of leaving individual comments on individual blog posts on a blog located on the website of the data controller. A blog is a portal, usually open to the public, on a website, in which one or more people can post articles or write down thoughts in blog posts. The blog posts can usually be commented on by third parties.

If a data subject leaves a comment in the blog published on this website, in addition to the comments left by the data subject, information on the time when the comment was entered and on the user name chosen by the data subject (pseudonym) are stored and published.

Furthermore, the email address is saved and the IP address assigned to the data subject by the Internet Service Provider (ISP) is also logged. This storage of the IP address is done for security reasons and in the event that the data subject violates the rights of third parties or posts illegal content through a comment submitted. The storage of these personal data is therefore in the own interest of the data controller, so that the data controller could, if necessary, be exculpated in the event of an infringement of the law. This personal data collected will not be passed on to third parties, unless such a transfer is required by law or serves the legal defence of the data controller.

3.4.7. Appointments via Microsoft Booking

We use Microsoft Bookings to book consultation appointments online.
The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA.
Microsoft Bookings is a service that allows appointment requests to be made. The data you enter for the purpose of your enquiry (name, email address, telephone number, address, customer number, website URL and notes or your request) are stored on the servers of Microsoft USA or Ireland.

The use of this tool is based on Art. 6 para. 1 lit. f of the GDPR. We have a legitimate interest in the appointment management in order to optimise our offer. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a of the GDOPR; consent can be revoked at any time.
For more information, please see Microsoft's Privacy Policy at: https://privacy.microsoft.com/de-de/privacystatement.

Please note that you are not obliged to use Microsoft Bookings to make an appointment. If you do not wish to use the service, please use a different contact option offered to make an appointment.
If consent is revoked, the intended contact with the user is no longer possible or communication that has already begun can no longer be continued.

3.4.8. Matterport

Our website includes a virtual showroom that enables visitors to browse through our collection individually. The operator of this portal is Matterport, Inc, 352 E. Java Dr. Sunnyvale, CA 94089, USA. When you visit one of our pages containing such a virtual tour, a connection to Matterport's servers is established. This will tell the Matterport server which of our pages you have visited. In addition, Matterport obtains your IP address. This also applies if you are not logged in to Matterport or do not have an account with Matterport. The information collected by Matterport is transmitted to the Matterport server in the USA. If you are logged in to your Matterport account, you allow Matterport to directly associate your surfing behaviour with your personal profile. You can prevent this by logging out of your Matterport account beforehand.

The use of Matterport serves the interest of presenting our online offers in an appealing way. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f of the GDPR. If corresponding consent has been requested (e.g. consent to the storage of cookies), processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a of the GDOPR; consent can be revoked at any time.

For more information on how Matterport implements the GDPR and handles user data, see: https://support.matterport.com/hc/en-us/articles/360000904267-Matterport-s-Plan-for-GDPR and in the Privacy Policy of Matterport at: https://matterport.com/legal/data-processing-agreement.

3.4.9. Typeform

We have integrated Typeform on this website. The provider is TYPEFORM S.L., Carrer Bac de Roda, 163, 08018 Barcelona, Spain (hereinafter “Typeform”).

Typeform enables us to create online forms and integrate them into our website. The data you enter in our Typeform forms is stored on Typeform’s servers until you ask us to delete it, revoke any consent you have given to store it, or the purpose for storing the data no longer applies (e.g., after we have finished processing your request). Mandatory legal provisions – in particular, retention periods – remain unaffected by this.

The use of Typeform is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in functioning online forms. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.

3.4.10. Microsoft Advertising

We use Universal Event Tracking (UET) on our website via the Microsoft Advertising (formerly Bing Ads) a service of Microsoft Corporation (USA). Microsoft stores a cookie in your browser via UET to enable an analysis of the use of our online offer.

Prerequisite for this is that you have reached our website via an advertisement from Microsoft Advertising. In this way, Microsoft and we can recognise that someone has clicked on an advertisement, been redirected to our online offer and reached a previously determined target page (so-called conversion measurement). No IP addresses are not stored during this process. No further personal information about the identity of the user is communicated.

Microsoft Advertising is only used with your consent. Art. 6 para. 1 lit. a of the GDPR serves as the legal basis. You can revoke your consent at any time in the data protection settings by deactivating conversion tracking.

You can find more information on data protection at Microsoft in the
Microsoft PrivacyPolicy at https://privacy.microsoft.com/de-de/privacystatement.

3.4.11. Matomo 

This website uses the open source web analytics service Matomo. Matomo uses technologies that make it possible to recognise users across pages to analyse user behaviour (e.g. cookies or device fingerprinting). The information collected by Matomo about the use of this website is stored on our server. The IP address is anonymised before storage.

Matomo helps us collect and analyse data about visitors’ use of our website. This enables us to find out, among other things, when which page views were made and from which region they come. We also collect various log files (e.g. IP address, referrer, browsers and operating systems used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.).

The use of this analysis tool is based on Art. 6 para. 1 lit. f of the GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and advertising. If a corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a of the GDPR and Section 25 para. 1 of the TTDSG (German Telecommunications Telemedia Privacy Act), insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

3.4.11.1. IP anonymisation

We use IP anonymisation for analyses with Matomo. Your IP address is shortened before analysis so that it can no longer be clearly assigned to you.

3.4.11.2. Hosting  

We host Matomo exclusively on our own servers so that all analysis data remains with us and is not passed on to third parties. 

3.5. Contact

We offer visitors to our websites the opportunity to contact us via a contact form or by email. We use the information you provide via the contact form or by email (required information is marked with an asterisk) exclusively for the purpose of processing your request. This is done on the basis of Art. 6 (1) point f) of the GDPR. Proper handling of your concerns is to be regarded as a legitimate interest within the meaning of the GDPR. If you contact us in connection with a contractual relationship between you and us, Art. 6 (1) point b) of the GDPR, i.e. this contractual relationship, is also the legal basis for processing data. The data provided will be deleted immediately after use, unless there is a legal retention period. Your data will not be used for another purpose or transferred to third parties unless you have consented to this.

3.5.1. Privacy policy on audio and video conferences

Data processing

We use online conference tools, among other things, to communicate with our clients. The tools we use in detail are listed below. If you communicate with us by video or audio conference via the Internet, your personal data will be collected and processed by us and the provider of the respective conference tool.

The conference tools collect all data that you provide/enter to use the tools (email address and/or your telephone number). Furthermore, the conference tools process the duration of the conference, start and end (time) of participation in the conference, number of participants and other ‘contextual information’ related to the communication process (metadata).

Furthermore, the provider of the tool processes all technical data required for handling of online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, and the type of connection.

If content is exchanged, uploaded or otherwise made available within the tool, this is also stored on the servers of the tool providers. Such content includes, but is not limited to, cloud recordings, chat/instant messages, voice mails uploaded photos and videos, files, whiteboards and other information shared while using the service.

Please note that we do not have full control over the data processing operations of the tools used. Our options are largely determined by the corporate policy of the respective provider. For further information on data processing by the conference tools, please refer to the privacy policies of the respective tools used, which we have listed below this text.

Purpose and legal basis
The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 para. 1 lit. b of the GDPR). Furthermore, the use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest within the meaning of Art. 6 para. 1 lit. f of the GDPR). Insofar as consent has been requested, the tools in question are used on the basis of this consent; consent can be revoked at any time with effect for the future.

Duration of storage
The data collected directly by us via the video and conference tools will be deleted from our systems as soon as you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies. Stored cookies remain on your end device until you delete them. Mandatory statutory retention periods remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details on this matter, please contact the operators of the conference tools directly.

Conference tools used

We use the following conference tools:

Microsoft Teams
We use Microsoft Teams. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 , USA. For details on data processing, please refer to the Microsoft Teams Privacy Policy:https://privacy.microsoft.com/en-gb/privacy.

3.6. Access to the GARPA image archive/image database

We use the double opt-in procedure to register to our database. This means that after you register, we will send you an email to the specified email address in which we ask you to confirm that you wish to have your data entered into the database. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and the time of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify any potential misuse of your personal data.

The functions of the database can be described as follows:

For press contacts: Providing free image and text files for editorial purposes only.

For architects & interior designers: Providing free technical drawings, image and text files for personal, educational and informative purposes, for preparing quotations/cost estimates to end customers in connection with the sale of GARPA products via the company itself and for use in training courses or seminars.

3.7. Furnishing Planner

The Furnishing Planner on this website uses HTML5 storage objects that are stored on your mobile device. These objects store the required data (current plans, saved plans) independently of your browser and do not have an automatic expiry date. No personal data is stored by the Furnishing Planner. You can prevent the use of HTML5 storage objects by using private mode in your browser.

4. Online social media presence

4.1. Facebook

We operate a fan page on the social media network Facebook Inc., 1601 Willow Road, Menlo Park, California, 94025, USA (“Facebook”) under joint responsibility to communicate with interested parties and followers and to inform them about our products and services. All products for customers from the European Economic Area and Switzerland are offered by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

We may receive statistics from Facebook on the use of our fan page (for example, information about the number, names, interactions, such as likes or dislikes, comments, and summarised demographic and other information or statistics based on certain parameters about our company and the content on our fan page that help us learn about interactions with our site). For more information on the nature and scope of these statistics, please refer to the Facebook Site Stats Insights and responsibilities in the Facebook Page Insights Supplement. The legal basis for this type of data processing is Art. 6 Para. 1 lit. f) GDPR based on our aforementioned legitimate interest.

We have no influence on data that Facebook processes on its own responsibility in accordance with Facebook’s terms of use. However, we would like to point out that when you visit the fan page, data on your usage behaviour is transmitted from Facebook and the fan page to Facebook. Facebook itself processes the aforementioned information in order to compile detailed statistics and for its own market research and advertising purposes over which we have no control. According to Facebook, the data collected will also transferred to the USA and other third countries. For more information, see the Privacy Policy of Facebook.

Should we have obtained personal data of users when operating the fan page, users are entitled to the rights stated in this Privacy Policy. If users also wish to assert rights against Facebook, the easiest way for users to do so is to contact Facebook directly. Facebook knows the details of the technical operation of the platform and associated data processing as well as the specific purposes of data processing and can implement appropriate measures upon request should users wish to exercise their rights. We are happy to support users in asserting their rights as far as possible and forward user requests to Facebook.

4.2. Instagram

We also have an Instagram account. This service is provided by Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland.

We have entered into an agreement with Facebook on joint processing. This agreement defines which data processing operations we or Facebook are responsible for when you visit our Facebook page. You can view this agreement by clicking the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

The legal basis for our social media presence at Instagram is Art. 6 para. 1 lit. f) of the GDPR based on our legitimate interest in the widest possible presence on the Internet.

Facebook Ireland Ltd. processes (personal) data when you use Facebook products -– including when you visit our Instagram page – even from people who are not logged into any of the Facebook services. What (personal) data this is in detail, how, for what purposes and on what legal basis it is processed is described by Facebook in its privacy policy, which applies to all Facebook products. There you will also find information on how to contact Facebook and on the settings for advertisements, cookies, etc. The data may be transferred to countries outside the European Union.

The link to Instagram’s privacy policy can be found by visiting: Instagram privacy policy.

4.3. Further online presences

We maintain further online presences in social networks to communicate with customers and interested parties and to inform them about our products and services.

User data is generally processed for market research and advertising purposes. In this way, user profiles can be created based on the interests of the users. For this purpose, cookies and other identifiers will be stored on users’ computers. Advertisements are then placed, for example, on social networks as well as on third-party websites based on these user profiles. When using social networks, personal data of users may be processed outside the European Economic Area. The legal basis for data processing is Art. 6 para. 1 lit. 1 f) of the GDPR, based on our legitimate interest in effective information of and communication with users. The legal basis for data processed by the social networks on their own responsibility can be found in the privacy policy of the respective social network. The following links will also provide you with further information on the respective data processing and the options for exercising your right to objection.

We would like to point out that requests for data protection can be made most efficiently with the respective provider of the social network, as only these providers have access to the data and can take appropriate measures directly.

Pinterest

Pinterest is operated by Pinterest Inc, 651 Brannan Street, San Francisco, CA 94107, USA (“Pinterest”). For EEA residents, the data controller is Pinterest Europe Ltd Palmerston House, 2nd Floor Fenian Street, Dublin 2, Ireland The link to Pinterest’s privacy policy can be found by visiting: Pinterest privacy policy.

YouTube

YouTube is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 Ireland. The link to Google’s privacy policy can be found by visiting: Google privacy policy

5. Your Rights

5.1. Overview

In addition to the right to revoke your consent given to us, you are entitled to the following further rights if the respective legal requirements are met:

  • Right of access to your personal data stored by us in accordance with Art. 15 of the GDPR; in particular, you can obtain information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the origin of your data, unless it has been collected directly from you;
  • Right to rectification of inaccurate or incomplete personal data in accordance with Art. 16 of the GDPR;
  • Right to erasure of your data stored by us in accordance with Art. 17 of the GDPR insofar as no legal or contractual retention periods or other legal obligations or rights for further storage are to be observed; 

  • Right to restriction of processing your data in accordance with Art. 18 of the GDPR if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it; the data subject no longer needs the data but you need it to assert, exercise or defend legal claims or you have objected to the processing in accordance with Art. 21 of the GDPR;
  • Right to data portability in accordance with Art. 20 of the GDPR, i.e. the right to receive selected data stored about you by us in a common, machine-readable format, or to request the transmission of those data to another controller;
  • Right of appeal to a supervisory authority You can generally contact the supervisory authority at your usual place of residence or workplace or at our company headquarters.

5.2. Right to object

Under the conditions of Art. 21 (1) of the GDPR, data processing may be objected to for reasons arising from the particular situation of the data subject.

The above general right to object applies to all processing purposes described in this data protection information which are processed on the basis of Art. 6 (1) point f) of the GDPR. In contrast to the special right to object directed to data processing for advertising purposes (see above under 3.3.3.), the GDPR requires us to implement such a general objection only if you provide us with reasons of overriding importance (e.g. a possible danger to life or health In addition, it is possible to contact a supervisory authority or a competent body if you have a reason for complaint.

6. Data Security Measures

All data transmitted by you personally will be transmitted using the generally accepted and secure standard SSL (Secure Socket Layer). SSL is a secure and proven standard, which is also used, e.g. for online banking. You can recognise a secure SSL connection among other things by the added s on the http (https://...) in the address bar of your browser or by the lock symbol at the bottom of your browser.

We also use suitable technical and organisational security measures to protect your personal data stored with us against manipulation, partial or complete loss and against unauthorised access by third parties. Furthermore, we strive to continuously improve our security measures in line with technological developments.

7. Changes to the Privacy Policy

Advancing technology, legal requirements or even changed processes can have an effect on this Privacy Policy. We therefore reserve the right to change this Privacy Policy at any time with effect for the future. You will find the current version of the Privacy Policy on this website. Please inform yourself each time you use our Internet activity about the current Privacy Policy valid at the time.

Status as of: 12.04.2022