According to § 5 TMG
Orangery Deutschland GmbH
Registration number: HRB 204880
Register court: Amtsgericht Hildesheim
CEO: Dominik Groenen
Phone: 0800 005 50 77
Data Protection Officer
Jakob J. Klement
Last Updated: 24.02.2020
Legal basis for our services and basic information on the use and disclosure of data.
The terms used, such as: "personal data" or their "processing" are explained in the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Persons affected by data processing include all visitors to our online offer, including business partners, interested parties and customers, hereinafter referred to as "users".
The terms used, such as "User", "Customer" or "Service Provider" are to be understood as gender-neutral.
All personal user data will be processed in compliance with the relevant data protection regulations. The basis for this is the existence of a legal permit and the consent of the user. The data processing is for the performance of our contractual services (eg order processing) or the online service (eg to ensure and comply with legal regulations), or due to our legitimate interest (eg for the security of our online offer within the meaning of Art. 6 (1) GDPR, analysis to optimize the safety and efficiency of our business, including profiling for advertising and marketing purposes, collection of reach and access data and third-party services), we will use the data in accordance with the legal permission framework.
Art. 6 (1) a. and Art. 7 GDPR form the legal basis for the consent, Art. 6 (1) b. GDPR serves as the legal basis for the processing of contracts and services. The legal basis for the processing of the data to fulfill our legal obligations is Art. 6 (1) c. GDPR, and as a basis for the processing of the data is tosafeguard our legitimate interests, according to Art. 6 (1) f. GDPR.
Disclosure of data to third parties and third party providers
A transfer of data to third parties takes place exclusively in accordance with legal requirements. It only takes place if this is necessary for the purpose of the contract (in accordance with Article 6 (1) (b) GDPR) or because of legitimate interests in our economic and effective business operations (pursuant to Article 6 (1) GDPR).
In order to comply with the legal requirements and for the protection of personal data, we also take appropriate legal, technical and organizational measures when using subcontractors. If third-party services, tools or other means are used and the named seat of this provider is located in a third country, data transfer to that country is also likely. The GDPR is an EU regulation and applies to all member states. Transmission to countries outside the EU or the European Economic Area is only permitted with legal permission, consent of the users, or at an adequate level of data protection in the respective third country.
Measures for protection and safety
In order to protect the data processed by us from accidental or intentional manipulation, destruction, loss or access by unauthorized persons, and to comply with the provisions of data protection laws, we
make technical, organizational and contractual security arrangements according to the state of the art.
The encrypted transmission of data between our server and your browser is one of the security measures used.
Fulfillment of contractual services
In order to fulfill our contractual and service obligations, we process stock data (for example name and address as well as contact data of the users) and data on concluded contracts (for example used services, information on payment and shipping) acc. Art. 6 (1) lit b. GDPR.
The required mandatory information for the creation of a user account will be communicated to the users during the registration. Indexing of user accounts by search engines is not possible because they
are not public. Data from terminated user accounts will be deleted unless storage is necessary for commercial or tax law reasons (according to Art. 6 (1) (c) GDPR). Upon termination, it is up to the users to secure their
data before the end of the contract. We are entitled to the irretrievable deletion of all data stored by the user during the term of the contract.
To protect against misuse or unauthorized use and to protect our legitimate interests, we store the IP address and time when registering, re-registering and using our online services. Basically, this data is not passed on to third parties, exceptions are the pursuit of our claims or a legal obligation under Art. 6 (1) c GDPR.
For advertising purposes, we create a user profile based on the usage data (eg visits to our web pages or specific product interests) as well as content data (entries in forms or information in the customer account) in order to be able to show users interesting product hints and offers.
Contact by the user
To process user requests (via email or contact form), the information of the user in accordance with. Art. 6 (1) b GDPR processed.
Online presence in social media
Based on our legitimate interests within the meaning of Art. 6 (1) f. GDPR we maintain online presence on social networks and platforms. There it tries to communicate with customers, interested parties and users, also there is informed about our services. When calling the respective networks and platforms, the terms and conditions and the data processing guidelines apply to their respective operators.
Insofar as this privacy statement does not specify any further processing of the data, the data of the users who communicate with us or interact with our content will be processed.
Cookies are small files that are stored on the users computer.
Collection of access data and records (logfiles)
Any access to our servers is subject to our legitimate interest within the meaning of Art. 6 (1) f. GDPR, corresponding data (so-called server log files), including date and time, amount of data, name of
the accessed website, success report on the call, the operating system including browser type and version, the previously visited website, the IP address and the provider.
For the purpose of fraud or misuse the logfile information is stored for security reasons for a maximum of seven days and then deleted. If certain data is necessary for evidence purposes, the deletion will be postponed until the final clarification of the incident.
Use and use of Google Analytics
Google produces reports on the use of our online offer on our behalf. For this and for further services on our behalf, information about the activities of the users are collected within our offer. This information can also be used to create pseudonymous usage profiles.
In general, Google shortens the user's IP address within the EU or the EEA (IP anonymization enabled).
A combination of the IP address of the user and other Google data does not take place. Users can prevent the collection and processing of user data by downloading and installing the browser plug-in available at this link: http://tools.google.com/dlpage/gaoptout?hl=de The storage of cookies can also be done by Settings in the respective browsers are avoided.
In addition to the browser settings and Google's additional software, we offer another function to prevent data collection. Here you can see if the collection of your views via Google Analytics is activated on our website. You can also prevent capture by clicking "Disable Now". If you click the button, an HTML5 storage object is saved on your computer, which then ensures that no script is loaded by Google Analytics. If the site data is deleted in this browser, the link must be clicked again. Furthermore, the opt-out applies only within the browser you use and only within our respective webdomain, on which the link was clicked.
For further information on settings and possibilities of appeal as well as for data collection by Google, please contact Google directly: https://www.google.com/intl/de/policies/privacy/partners, http://www.google.com/policies/technologies/ads, You can also view and edit your ad settings here, https://adssettings.google.com/.
Integration and use of Facebook marketing services (Facebook and Custom Audiences)
Due to our legitimate interests within the meaning of Art. 6 (1) f. GDPR we use the so-called "Facebook Pixel" for our online offer, which is from Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are located in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland is operated ("Facebook"). Facebook provides a guarantee that it complies with European data protection law, as evidenced by certification under the Privacy Shield Agreement ( https://www.privacyshield.gov/participant).
The Facebook Pixel is used by us to display the Facebook ads we have posted only to those Facebook users who have also shown an interest in our online offer, certain products or themes. In addition, with the help of the Facebook pixel, we want to make sure that our ads on Facebook meet the potential interest of users and not be annoying. The Facebook Pixel enables us to determine the effectiveness of our Facebook Ads and to compile statistics on how many users visit our online offer via an advertisement.
If one of our web pages is opened, the Facebook pixel is automatically integrated into the page and a cookie can be stored on the device of the user. If the user is logged into Facebook or logs-in later, the visit to our online offer will also be saved in the corresponding Facebook profile. The data collected are anonymous and do not allow any conclusions about the user identity by us. However, Facebook itself stores and processes the data, however, as a result of the connection to the respective Facebook profile, Facebook has the possibility to use it for advertising or market research purposes. Should a comparison of the data on our part be necessary with Facebook, these are first encrypted within the browser and only then sent by us via a secure connection to Facebook.
Scope and processing of the data are elaborated in Facebook's Data Usage Policy. You can also find basic tips for Facebook adverts at
For more information about Facebook Pixel and how it works, visit the help section of Facebook: https://www.facebook.com/business/help/651294705016616.
A appeal against the data collection by the Facebook pixel and against the use of your data to display Facebook ads is possible. To do this, visit the page set up by Facebook and follow the instructions for the usage-based advertising settings: https://www.facebook.com/settings?tab=ads. All settings are platform independent, the application is thus on all devices (such as mobile or desktop devices).
Whether the collection of your data via the Facebook pixel on our website is activated, you can see here. You can also prevent capture by clicking "Disable Now". When you click the button, an HTML5 storage object is stored on your computer. If the site data is deleted in this browser, the link must be clicked again. Furthermore, the opt-out applies only within the browser you use and only within our respective webdomain, on which the link was clicked.
Integration and use of Zendesk
You can see here whether your data is activated using the Zendesk tool on our website. You can also prevent the recording by clicking on "Deactivate now" click. If you click the button, a HTML5 storage object stored on your computer. If the website data is deleted in this browser, the link must be clicked again. Furthermore, the opt-out only applies within the browser you are using and only within our respective web domain the link was clicked on.
Integration of services and content of third parties
Our online offer also includes offers from third-party providers. This is also based on our legitimate interest within the meaning of Art. 6 (1) f. GDPR. Content and its presentation (such as videos or fonts) require that third parties recognize the user's IP address. For the transmission of the contents to the browser this is unavoidable. When selecting third-party vendors, we take care to only use those vendors who use the IP address only for delivery of the content. In addition, third parties may use web beacons or pixel tags to collect data for statistics and marketing. As a result, for example information about the visitors of the website will be evaluated. All data may be stored in cookies on the device used by the user, pseudonymised. These data include technical information about the operating system and browser, as well as data on the use of the offer. This data can also be linked to data from other sources.
Below you will find an overview of the third-party providers we include, including links to the corresponding data protection statements. These also contain further information on possibilities of objection, as well as opt-out options, if these are possible.
Personal rights of users
Upon request, every user can obtain information about their personal data stored by us.
In addition, users have the right to have incorrect data rectified and to limit the processing and deletion of their personal data. In addition, the right to data portability can be invoked. A complaint to the competent supervisory authority is possible at any time.
Any consent given by the user can always be revoked at any time, only with future effect.
Data that is not subject to a statutory retention period will be deleted as soon as it is no longer necessary for your purpose. If the deletion is not possible due to its purpose or other provisions, its
processing will be restricted. Blocking the data thus prevents processing for other purposes.
The storage takes place in accordance with § 257 exp. 1 HGB (for trading books, inventories, opening balance sheets, annual accounts, trade letters, accounting documents, etc.) for 6 years, as well as § 147 (1) AO (for books, records, management reports, accounting documents, trading and business letters, documents relevant to taxation, etc.) for 10 years.
Right to object
Users may object to the processing of their personal data in accordance with legal requirements at any time. The objection may in particular be made against processing for direct marketing purposes.