Data protection rules

Data Protection Declaration of the shop.geeny.io Website

I. General information (including contact details, data protection officer, right of objection, other rights)
II. Visiting our website 

I. General information

Information on the processing of personal data during your visit to our website is provided here. However, this information does not apply to websites of other companies, even if a link to this website or another website of our company has been placed there. The details are not of a regulatory nature: they are for your information only.

To find out which personal data we process, for example in the context of a telecommunications contract, please refer to our data protection information sheet.

Personal data means any information relating to an identified or identifiable natural person (“data subject”). 

1. Controller contact details

Telefónica Germany GmbH & Co. OHG, Georg-Brauchle-Ring 50, 80992 Munich, Germany, encrypted contact form: https://www.telefonica.de/datenschutz-kontakt

2. Data Protection Officer contact details

Telefónica Germany GmbH & Co. OHG, Data Protection Officer, Georg-Brauchle-Ring 50, 80992 Munich, Germany, encrypted contact form: https://www.telefonica.de/datenschutz-kontakt

3. Your rights

As per the EU General Data Protection Regulation, data subjects have the following rights:

  • You have the right to obtain information on the personal data being processed (Article 15 GDPR).
  • You have the right to have inaccurate personal data rectified or incomplete personal data completed (Article 16 GDPR).
  • You have the right to the erasure of your personal data under certain legal conditions (Article 17 GDPR).
  • You have the right to restriction of processing under certain legal conditions (Article 18 GDPR).
  • You have the right to receive or transmit the personal data concerning you under certain legal conditions (Article 20 GDPR).
  • You have the right to revoke your consent for the processing of your personal data at any time with effect for the future. This does not affect the lawfulness of processing based on consent prior to being revoked. When you give your consent, you are also informed of how you can revoke your consent. Alternatively, please use our form https://www.telefonica.de/datenschutz-kontakt.
  • You have the right to object under certain legal conditions. Information on this can be found in the following section of this data protection declaration.

To exercise your right to information, please use our form https://meine-daten.telefonica.de. For all other rights, please use our form https://www.telefonica.de/datenschutz-kontakt.

Alternatively, you can write to us at:

Telefónica Germany GmbH & Co. OHG, Data Protection department, Georg-Brauchle-Ring 50 80992 Munich

You also have the right to lodge a complaint with a supervisory authority (Article 77 GDPR). You can do so by contacting the data protection authority.

4. Your right to object (Article 21 GDPR)

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Article 6(1) (f) GDPR, including profiling based on those provisions. In this case, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. Such objections can be lodged at https://www.telefonica.de/datenschutz-kontakt or in writing (Telefónica Germany GmbH & Co. OHG, Data Protection department, Georg-Brauchle-Ring 50, 80992 Munich). 

5. Location of data processing

We only process your personal data in Germany and within the European Union. 

Personal data are only processed in countries outside the European Union (“third countries”) when there is an “adequacy decision” from the European Commission for the respective third country (Article 45 GDPR) or the recipient has established “appropriate safeguards” (Article 46 GDPR) or “corporate rules” (Article 47 GDPR). Additional procedures are arranged with the recipient in the third country if necessary. General information on adequacy decisions: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en; General information on appropriate safeguards: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en; General information on corporate rules: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/binding-corporate-rules_en. You can contact the officer in charge for further information.

Furthermore, your personal data are processed in third countries if you have consented to this or there is a legal obligation. 

6. Data recipients

Employees of our company and service providers that help us with data processing in the context of order processing (service providers for IT operations, customer service) have access to your personal data to the extent required in order to fulfil the purposes stated under section II. In individual cases, we are required by law to transfer personal data to authorities (e.g. information requests from investigating authorities) or natural/legal persons (e.g. for copyright claims). 

7. Secure communication

For the transmission of confidential information, we advise you to choose contact by telephone, letter or encrypted contact form. If you contact us, for example, by e-mail, social media, messenger services (such as WhatsApp) or other channels, the confidentiality of communication cannot be guaranteed as it cannot be ruled out that the providers of these channels can access the communication (possibly on the basis of the terms of use agreed you). The confidentiality of communication may also depend on your privacy settings with these providers.

8. Hyperlinks to other providers’ websites

Our website contains links to other providers’ websites. We are not responsible for data processing on these websites. Please consult the respective providers’ data protection policies for information on their handling of data protection.

9. Amendment of the data protection declaration

Changes in the law or changes to our internal processes can necessitate the revision of this Data Protection Declaration. The current Data Protection Declaration can be accessed under the link “Data protection”. 

II. Visiting our website 

Information on the personal data that we process when you visit our website is set out below.

You can enter personal data at various places on our website (e.g. contact forms). Mandatory information has been identified as such; we are unable to provide you with the requested service without this information. 

1. Website provision/access 

When you access our website, the following data must be processed in order to provide the website (Article 6(1) (f) GDPR): the requested website URL, the website from which the URL was requested, the cookies stored, date and time of website access, type and version of the browser used, language used, file types accepted, name of the Internet service provider and your IP address. These data are processed but not stored – unless different storage periods are stipulated below.

2. Log files when accessing the website 

When our website is accessed, the following data are stored in a log file unless stated otherwise elsewhere in this data protection declaration: the requested website URL and the website from which the file was requested, the cookies stored, access status (file transferred, file not found, etc.), date and time of access, data volume transferred during connection, type and version of the browser used, language used, destination of automatic browser forwarding and your IP address. We process these data to identify and fix technical faults (Article 6(1) (f) GDPR). 

If you use our website as an end customer of our services and products (e.g. telecommunication services, purchase in webshop, use of customer account) [hereinafter “customer”], these data can also be processed for the purposes of detecting and preventing misuse and fraud if there are specific technical indications (Article 6(1) (f) GDPR). Log files from various systems may be compiled and aggregated for this purpose. Analysis may also be performed using other customer data, e.g. from the customer account or webshop.

Log files are deleted no more than seven (7) days after they are created. However, in isolated cases, in the event that legal interests are breached or if this is suspected, the log files in question can be stored for investigation or possibly further prosecution (e.g. in the event of criminal acts such as fraud). This also applies to errors and disruptions until they are fixed.

3. Contract formation in the webshop

If you acquire our products on our website, we process your personal data from the order form in order to process your order and enter into a contract with you (Article 6(1) (b) GDPR). We cannot enter into a contract with you unless the data requested are provided. Further information on this (e.g. recipients, erasure periods) can be found in our data protection information sheet for customers.

In order to detect and prevent fraud, we also implement the procedures described below and process your personal data to the extent necessary during the order process. 

4. Customer account

You can create a customer account on our website. Through this customer account, you can use any personal services available. We process the data that you provide when creating a customer account to activate and set up the requested customer account (Article 6(1) (f) GDPR). 

Every login or attempted login to the customer account is logged (IP address, time at which customer account is accessed, cookies sent, the requested website URL and the website from which the file was requested, the cookies stored, access status (file transferred, file not found, etc.), date and time of access, data volume transferred during connection, type and version of the browser used, language used, destination of automatic browser forwarding). The purpose of logging is to help identify and fix technical disruptions and to detect and prevent misuse and fraud if there are specific technical indications (Article 6(1) (f) GDPR). The IP address is anonymised after seven (7) days.

Your customer account will be deleted after one (1) year of inactivity. The logs relating to access of the customer account are erased one (1) year after being created. 

Whenever you use the customer account, please log out afterwards in order to prevent unwanted data changes by subsequent users of your browser, for example.

5. Contact form 

You can also reach us using a contact form. We process your data in order to handle your concern and for internal purposes, e.g. managing and improving our business processes, business analysis, refinement of services and products (Article 6(1) (f) GDPR). If you are a customer of ours, your inquiry will be stored in our customer database (see data protection information sheet). If you are not a customer, your inquiry will be erased immediately after your concern has been processed.

6. Information on the use of cookies 

Our website uses two technically necessary cookies that are essential for the smooth operation of our website (section 25(2) no. 2 of the Telekommunikation-Telemedien-Datenschutz-Gesetz (TTDSG – German Telecommunications-Telemedia Data Protection Act)). The cookies serve to maintain the browser session and shopping cart function. The cookie for maintaining the browser session is deleted when the browser is closed. The cookie for maintaining the shopping cart function is deleted after no more than seven (7) days. You can also delete cookies using the following link.