Data protection

Welcome to the Website of Vertex GmbH

We appreciate your interest in our company. We take the protection and security of your personal data seriously and want you to feel safe and comfortable when visiting our website or using our online services.

It is important to us that you know which personal data is collected and how we use it.

If Vertex GmbH processes your personal data, it occurs for the purposes specified in this privacy policy.

This privacy policy informs you about the type, scope, and purpose of the processing of personal data (hereinafter referred to as "data") within our online offering and associated websites, functions, and content, as well as external online presences, such as our social media profiles (collectively referred to as "online offering"). For the definitions of terms used, such as "processing" or "responsible party," we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Responsible Party

Vertex GmbH
Sales Company for Textile Furnishing Needs
Managing Director: Dipl.-Kaufmann Christoph Grebe
Obere Waessere 3-7
D-72764 Reutlingen
Phone: +49 7121 62278-0
Email: info@vertex.de

Types of Processed Data

- Inventory Data (e.g., names, addresses)
- Contact Data (e.g., email, phone numbers)
- Content Data (e.g., text entries, photographs, videos)
- Usage Data (e.g., visited web pages, content interests, access times)
- Meta/Communication Data (e.g., device information, IP addresses)

Additionally, we process:

- Contract Data (e.g., contract subject, duration, customer category)
- Payment Data (e.g., bank details, payment history)

This processing is done for the purposes of providing contractual services, customer care, marketing, and market research.

Categories of Affected Persons

Visitors and users of the online offering (collectively referred to as "users").

Purpose of Processing

- Provision of Online Offering: We collect and store your computer's IP address to send you the content you visit on our website (e.g., texts, images, downloadable files) in accordance with Article 6 (1) (b) GDPR.
- Responding to Contact Inquiries: We process personal data that you voluntarily provide, such as when you submit a request or order informational materials (Article 6 (1) (b) GDPR).
- Security Measures
- Measurement of Reach/Marketing

Legal Bases for Processing

According to Article 13 GDPR, we inform you of the legal bases for our data processing. If the legal basis is not mentioned in the privacy policy, the following applies: The legal basis for obtaining consent is Article 6 (1) (a) and Article 7 GDPR; the legal basis for processing to fulfill our services and contractual obligations as well as responding to inquiries is Article 6 (1) (b) GDPR; the legal basis for processing to fulfill our legal obligations is Article 6 (1) (c) GDPR; and the legal basis for processing to protect our legitimate interests is Article 6 (1) (f) GDPR. If processing is necessary to protect vital interests, Article 6 (1) (d) GDPR serves as the legal basis.

Security Measures

We implement technical and organizational security measures to protect your data from accidental or intentional manipulation, loss, destruction, or access by unauthorized persons. The effectiveness of our security measures is regularly reviewed and adapted according to technological developments. When entering personal data, they are always transmitted in strong encryption.

Cooperation with Processors and Third Parties

If we disclose data to other persons and companies (processors or third parties) during processing, this occurs only based on legal permission (e.g., if the data must be transmitted to third parties, such as payment service providers, in accordance with Article 6 (1) (b) GDPR for contract fulfillment), your consent, a legal obligation, or based on our legitimate interests (e.g., when using contractors, web hosts, etc.).

We do not sell or market your data to third parties.

Transfer to Third Countries

If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)), this occurs only to fulfill our (pre)contractual obligations, based on your consent, legal obligations, or our legitimate interests.

Rights of Affected Persons

You have the right to request confirmation as to whether personal data concerning you is being processed and to obtain information about this data, as well as further information and a copy of the data in accordance with Article 15 GDPR.
You have the right to request the completion of your personal data or correction of inaccurate data according to Article 16 GDPR.
You have the right to request the immediate deletion of personal data concerning you according to Article 17 GDPR or, alternatively, to request a restriction of processing according to Article 18 GDPR.
You have the right to receive personal data concerning you that you have provided to us according to Article 20 GDPR and to request its transfer to other controllers.
You also have the right to file a complaint with the relevant supervisory authority according to Article 77 GDPR.

Right of Withdrawal

You have the right to withdraw consent you have given in accordance with Article 7 (3) GDPR with effect for the future.

Cookies and Right to Object to Direct Marketing

You can object to the future processing of your data at any time in accordance with Article 21 GDPR. The objection can particularly be against processing for the purposes of direct marketing.

To make our website user-friendly and optimally tailored to your needs, we use cookies in some areas. Cookies are small files that are stored on users' computers. Various information can be stored in the cookies. A cookie primarily serves to store information about a user (or the device on which the cookie is stored) during or after their visit to an online offering.

Temporary Cookies: These are deleted after a user leaves the online offering and closes their browser.
Permanent Cookies: These remain stored even after the browser is closed.

You can disable cookies in your browser settings. However, please note that this may lead to functional restrictions of this online offering.

Anonymous Website Tracking

To better adapt this website to our customers' needs, we analyze visits to our website. We use your IP address, which we anonymize beforehand, to analyze data such as the pages visited, your browser, and your computer. This data is only evaluated for statistical purposes.

Google Universal Analytics

This website uses Google Universal Analytics, a web analysis service by Google Inc. (“Google”). Google Universal Analytics uses cookies to analyze your use of the website. The IP anonymization feature is activated on this website.

Embedding of Third-Party Services and Content

Our website uses buttons for the following social networks: Facebook, Instagram, and LinkedIn. These buttons function as links, not standard plugins. They are activated only by specific actions (clicking). Clicking the buttons allows communication with the servers of the social networks.

Deletion of Data

The data we process will be deleted or restricted in processing in accordance with Articles 17 and 18 of the GDPR. Unless explicitly stated in this privacy policy, the data we store will be deleted as soon as they are no longer necessary for their intended purpose and there are no legal retention obligations opposing deletion. If the data is not deleted because it is necessary for other legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.

According to legal requirements in Germany, the retention period is generally 10 years in accordance with §§ 147 para. 1 AO, 257 para. 1 nos. 1 and 4, para. 4 HGB (books, records, management reports, booking documents, commercial books, documents relevant for taxation, etc.) and 6 years according to § 257 para. 1 nos. 2 and 3, para. 4 HGB (commercial correspondence).

Order Processing in the Online Shop and Customer Account

We process our customers' data in the context of order transactions in our online shop to enable them to select and order the chosen products and services, as well as their payment and delivery or execution.

The processed data includes master data, communication data, contract data, payment data, and the affected persons include our customers, interested parties, and other business partners. The processing takes place for the purpose of providing contractual services in the context of operating an online shop, billing, delivery, and customer services. We use session cookies to store the contents of the shopping cart and permanent cookies to store the login status.

The processing is based on Article 6 para. 1 lit. b (conducting order transactions) and c (legally required archiving) of the GDPR. The information marked as necessary is required to establish and fulfill the contract. We only disclose the data to third parties within the scope of delivery, payment, or as part of legal permissions and obligations towards legal advisors and authorities. Data will only be processed in third countries if necessary for contract fulfillment (e.g., at the customer's request for delivery or payment).

Users can optionally create a user account, where they can view their orders. During registration, the required mandatory information is communicated to the users. The user accounts are not public and cannot be indexed by search engines. If users cancel their user account, their data related to the user account will be deleted, unless retention is necessary for commercial or tax reasons according to Article 6 para. 1 lit. c GDPR. Information in the customer account will remain until its deletion, with subsequent archiving in the event of a legal obligation. It is the users' responsibility to back up their data before the end of the contract after cancellation.

During registration, re-logins, and the use of our online services, we store the IP address and the time of each user action. The storage is based on our legitimate interests, as well as the user's interest in protection against abuse and other unauthorized use. This data is generally not passed on to third parties unless necessary for enforcing our claims or there is a legal obligation according to Article 6 para. 1 lit. c GDPR.

Deletion occurs after the expiry of legal warranty and comparable obligations, and the necessity of data retention is reviewed every three years; in the case of legal archiving obligations, deletion occurs after their expiry (end of commercial (6 years) and tax (10 years) retention obligations).

Users can be informed via email about information relevant to their user account, such as technical changes. If users cancel their user account, their data related to the user account will be deleted, subject to any legal retention obligations. It is the users' responsibility to back up their data before the end of the contract after cancellation. We are entitled to irretrievably delete all data stored during the contract period.

In the context of using our registration and login functions as well as using the user account, we store the IP address and the time of each user action. The storage is based on our legitimate interests, as well as the user's interest in protection against abuse and other unauthorized use. This data is generally not passed on to third parties unless necessary for enforcing our claims or there is a legal obligation according to Article 6 para. 1 lit. c GDPR. The IP addresses will be anonymized or deleted no later than after 7 days.

When contacting us (e.g., via contact form, email, phone, or social media), the user's information will be processed to handle the inquiry and its processing according to Article 6 para. 1 lit. b GDPR. Users’ information may be stored in a Customer Relationship Management System ("CRM System") or a comparable inquiry organization.

We delete inquiries as soon as they are no longer necessary. We review the necessity every two years; furthermore, the legal archiving obligations apply.

Hosting and Email Dispatch

The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, email dispatch, security services, and technical maintenance services that we use for the operation of this online offering.

In this context, we, or our hosting provider, process master data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties, and visitors to this online offering based on our legitimate interests in efficient and secure provision of this online offering according to Article 6 para. 1 lit. f GDPR in conjunction with Article 28 GDPR (conclusion of a processing agreement).

Collection of Access Data and Log Files

We, or our hosting provider, collect data about each access to the server on which this service is located (so-called server log files) based on our legitimate interests in accordance with Article 6 para. 1 lit. f GDPR. Access data includes the name of the retrieved website, file, date and time of retrieval, amount of data transferred, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address, and the requesting provider.

Log file information is stored for security reasons (e.g., to clarify misuse or fraud) for a maximum of 7 days and then deleted. Data that must be retained for evidence purposes are exempt from deletion until the respective incident is fully clarified.

Changes to this Privacy Policy

We reserve the right to make additions or changes to this privacy policy. The current status of this declaration is March 4, 2019.

Contact

For questions regarding the processing of your personal data, requests for information, applications, or complaints, please contact Vertex GmbH Vertriebsgesellschaft für Textileinrichtungsbedarf, Obere Waessere 3-7, 72764 Reutlingen, Phone: +49 7121 62278-0, Email: info@vertex.de; we will be happy to assist you.

If you have questions or suggestions regarding data protection at Vertex, please let us know.