Privacy Policy
We manage our websites according to the following principles:
We are committed to complying with the legal provisions on data protection and always strive to take into account the principles of data avoidance and data minimization.
1. Name and address of the controller and the data protection officer
a) The responsible person
The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states of the European Union as well as other data protection regulations is:
thws store
c/o University of Würzburg GmbH for
Education and campus services
Klinikstr. 3, 97070 Würzburg
Phone: 0931 329871-00
Email: datenschutz@uni-wuerzburg-gmbh.de
https://uni-wuerzburg-gmbh.de
b) The Data Protection Officer
You can contact the data protection officer of the controller as follows:
Insidas GmbH & Co. KG
Weidenstr. 66
94405 Landau an der Isar
Email: datenschutz@uni-wuerzburg-gmbh.de
2. Explanation of terms
We have designed our privacy policy based on the principles of clarity and transparency. Should there be any ambiguities regarding the use of certain terms, the corresponding definitions can be found here [ https://dsgvo-gesetz.de/art-4-dsgvo/ ].
3. Legal basis for the processing of personal data
We only process your personal data, such as your first and last name, email address, and IP address, if there is a legal basis for doing so. According to the General Data Protection Regulation, the following regulations apply in particular:
• Art. 6 (1) (a) GDPR: The data subject has given his or her consent to the processing of personal data concerning him or her for one or more specific purposes.
• Article 6 (1) (b) GDPR: Processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject.
• Art. 6 (1) (c) GDPR: Processing is necessary to fulfill a legal obligation to which the controller is subject
• Art. 6 (1) (d) GDPR: Processing is necessary to protect the vital interests of the data subject or of another natural person
• Art. 6 (1) (e) GDPR: processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
• Article 6 (1) (f) GDPR: processing is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject which require protection of personal data prevail, in particular if the data subject is a child
However, we will always remind you at the relevant points in this privacy policy of the legal basis on which your personal data is processed.
4. Disclosure of personal data
The transfer of personal data also constitutes processing within the meaning of the above section 3. However, we would like to inform you separately about the issue of transfer to third parties. The protection of your personal data is very important to us. For this reason, we are particularly careful when it comes to transferring your data to third parties.
Therefore, data will only be passed on to third parties if there is a legal basis for processing. For example, we pass on personal data to individuals or companies that act as processors for us in accordance with Art. 28 GDPR. A processor is anyone who processes personal data on our behalf – in particular, in a relationship of instruction and control with us.
In accordance with the requirements of the GDPR, we conclude a contract with each of our processors to oblige them to comply with data protection regulations and thus ensure comprehensive protection of your data.
5. Storage period and deletion
We will delete your personal data if it is no longer necessary for the purposes for which it was collected or otherwise processed, if the processing is not necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
6. SSL encryption
This website uses SSL encryption for security reasons and to protect the transmission of confidential content, such as the inquiries you send to us as the website operator. You can recognize an encrypted connection by the fact that the address line of your browser changes from "http://" to "https://" and by the lock symbol in your browser's address bar.
If SSL encryption is activated, the data you send to us cannot be read by third parties.
7. Cookies
We use cookies on our website. Cookies are small data packets that your browser automatically creates and stores on your device when you visit our website. These cookies are used to store information related to the device you are using.
When using cookies, a distinction is made between technically necessary cookies and "other" cookies. Technically necessary cookies are those that are absolutely necessary to provide an information society service you have expressly requested.
To make using our services more pleasant for you, we use so-called session cookies (e.g., language and font selection, shopping cart, etc.). These session cookies fall into the category of technically necessary cookies and are automatically deleted after you leave our site. The legal basis for these cookies is Art. 6 (1) (f) GDPR, our legitimate interest in the error-free operation of the website, and our interest in providing you with an optimized experience of our services.
8. Collection and storage of personal data and their type and purpose of use
a) When you visit the website
When you visit our website, the browser used on your device automatically sends information to our website server. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automatically deleted:
• IP address of the requesting computer
• Date and time of access
• Name and URL of the retrieved file
• Website from which access is made (referrer URL)
• browser used and, if applicable, the operating system of your computer as well as the name of your access provider
We process the above data for the following purposes:
• Ensuring a smooth connection to the website
• Ensuring comfortable use of our website
• Evaluation of system security and stability
• Error analysis
• for further administrative purposes
Data that allows us to identify you personally, such as your IP address, will be deleted after 7 days at the latest. If we store the data beyond this period, it will be pseudonymized so that it can no longer be associated with you.
The legal basis for data processing is Art. 6 (1) (f) GDPR. Our legitimate interest arises from the purposes for data collection listed above. Under no circumstances will we use the collected data to draw conclusions about you personally.
contractual relationship
1. Conclusion of contract
In the context of establishing the contractual relationship, only the personal data absolutely necessary for the execution of the contract will be processed in accordance with Art. 6 (1) (b) GDPR.
If you provide additional voluntary information, it will only be processed based on your consent in accordance with Art. 6 (1) (a) GDPR. We use this voluntary information to offer a customer-friendly service and to continually improve it.
2. Customer account
You have the option of creating a customer account with us. In addition to your personal data for contract processing, your other voluntary information and the purchases you have made with us in the past will be stored and processed. You can access this information at any time and thus obtain an overview of your purchases with us. This data will allow you to easily log in with your login details the next time you shop. It is also intended to help you manage your purchasing activities.
The legal basis is the consent you have given in accordance with Art. 6 (1) (a) GDPR.
You have the option to change or delete your data in your customer account at any time, and even delete the entire account. If you exercise this option, your customer account and all the data it contains will be deleted immediately.
3. Transfer of data for shipping
We pass on the data necessary for the dispatch of our goods (first name and surname, address, email address, telephone number if required due to freight forwarding) to the relevant shipping service provider for notification/coordination of the delivery of the goods and for the delivery of the goods.
The legal basis for the transfer is Art. 6 (1) (b) GDPR.
In this context, we will share your data with the following shipping service providers. They will then provide you with further information about how your data is processed:
DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, impressum.paket[at]dhl.com; https://www.dhl.de/de/toolbar/footer/datenschutz.html
4. Transfer of data when using online payment service providers
If you choose to pay with one of the online payment service providers we offer during your order process, your contact details will be transmitted to them as part of the order thus placed. The legality of the data transfer is based on Art. 6 (1) (b) GDPR, to process the payment method you have chosen, as well as our legitimate interests pursuant to Art. 6 (1) (f) GDPR to enable user-friendly and uncomplicated payment processing.
The personal data transmitted to the online payment service provider usually includes first name, last name, address, telephone number, IP address, email address, or other data required to process the order, as well as data related to the order, such as the number of items, item number, invoice amount and tax percentage, invoice information, etc.
This transmission is necessary to process your order using the payment method you have selected, in particular to confirm your identity, to administer your payment and the customer relationship.
Please note, however: Personal data may also be passed on by the online payment service provider to service providers, subcontractors or other affiliated companies if this is necessary to fulfil the contractual obligations arising from your order or if the personal data is to be processed on their behalf.
Depending on the selected payment method, e.g., invoice or direct debit, the personal data transmitted to the provider will be transferred by the provider to credit agencies. This transfer serves to verify your identity and creditworthiness in relation to the order you have placed. Information about these agencies and what data is generally collected, processed, stored, and shared by the respective provider can be found in the respective providers' privacy policies:
PayPal
PayPal (Europe) S.à.rl & Cie. SCA, 22-24 Boulevard Royal, L-2449 Luxembourg at https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Stripe
Stripe Payments Europe, Limited (SPEL), 1 Grand Canal Street Lower, Grand Canal Dock, Dublin D02 H210, Ireland, at https://stripe.com/de/privacy
c) Newsletter
Content of the newsletter and registration data
We will only send you a newsletter if you order it from us and have given your consent in accordance with Art. 6 (1) (a) GDPR. The contents of the newsletter will be described in detail when you register for the newsletter. Providing your email address is sufficient to subscribe to the newsletter. If you provide additional voluntary information, such as your name and/or gender, this information will be used exclusively to personalize the newsletter addressed to you.
Double opt-in and logging
For security reasons, we use the so-called double opt-in process to ensure that no one can register with someone else's email address. Therefore, after subscribing to our newsletter, you will first receive an email asking you to confirm your registration. Your registration will only become effective once you confirm it.
Furthermore, your newsletter registration will be logged. This includes the time of registration and confirmation, the data you provided, and your IP address. If you make changes to your data, these changes will also be logged.
Revocation
If you no longer wish to receive our newsletter, you can revoke your consent at any time. To do so, you can click the unsubscribe link at the end of each newsletter or send us an email to the following address: unishop@uni-wuerzburg-gmbh.de
The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation
Use of “MailChimp”
We send our newsletter using the newsletter service “MailChimp,” which is offered by Rocket Science Group, LLC (675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA).
The email addresses of our newsletter recipients, as well as their other data described in this notice, are stored on MailChimp's servers in the USA. MailChimp uses this information to send and evaluate the newsletter on our behalf. Furthermore, according to MailChimp's own information, MailChimp may use this data to optimize or improve its own services, e.g., to technically optimize the delivery and presentation of the newsletter or for commercial purposes, to determine which countries the recipients come from. However, MailChimp does not use the data of our newsletter recipients to contact them directly or to pass it on to third parties.
You can find MailChimp's privacy policy here. [https://mailchimp.com/legal/privacy/]
Statistical surveys and analyses
Newsletters sent via MailChimp contain a so-called "web beacon," a pixel-sized file that is retrieved from the MailChimp server when the newsletter is opened. During this retrieval, the following technical information is initially collected:
• Information about the browser
• Information about your system
• Your IP address
• Time of retrieval
This information is used to improve the services based on technical data, target groups and their reading behavior, their access locations (which can be determined using the IP address) and access times.
Statistical surveys also include determining whether and when newsletters are opened and which links within the newsletter are clicked. While this information can be assigned to individual newsletter recipients for technical reasons, it is neither our nor MailChimp's intention to monitor individual users. Rather, the evaluations serve to identify our users' reading habits and adapt our content to them, or to send different content based on our users' interests.
The use of the MailChimp newsletter service, the conduct of statistical surveys and analyses, and the logging of the registration process are based on our legitimate interests pursuant to Art. 6 (1) (f) GDPR. Our interest is in using a user-friendly and secure newsletter system that serves both our business interests and meets user expectations.
d) Contact form / email contact
We provide a form on our website so you can contact us at any time. To use the contact form, you must provide a name for personal address and a valid email address so we know who sent the inquiry and can process it.
If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there and your IP address, will be processed in accordance with Art. 6 (1) (b) and (f) GDPR to carry out pre-contractual measures that are carried out at your request or to protect our legitimate interest, namely the exercise of our business activities.
You are welcome to send us an email instead using the email address provided on our website. In this case, we will store and process your email address and the information you provided in the email in accordance with Art. 6 (1) (b) and (f) GDPR to process your message.
The inquiries and the associated data will be deleted no later than 3 months after receipt, unless they are required for a further contractual relationship.
9. Rights of the data subject
You have the following rights:
a) Information
According to Article 15 GDPR, you have the right to request information about your personal data processed by us. This right to information includes information about
• the purposes of processing
• the categories of personal data
• the recipients or categories of recipients to whom your data have been or will be disclosed
• the planned storage period or at least the criteria for determining the storage period
• the existence of a right to rectification, erasure, restriction of processing or objection
• the existence of a right of complaint to a supervisory authority
• the origin of your personal data, if it was not collected from us
• the existence of automated decision-making, including profiling, and, where appropriate, meaningful information on its details
b) Correction
According to Art. 16 GDPR, you have the right to have any incorrect or incomplete personal data stored by us rectified without delay.
c) Deletion
According to Art. 17 GDPR, you have the right to request that we delete your personal data immediately, unless further processing is necessary for one of the following reasons:
• the personal data are still necessary for the purposes for which they were collected or otherwise processed
• to exercise the right to freedom of expression and information
• to fulfil a legal obligation required by European Union or Member State law to which the controller is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller
• for reasons of public interest in the area of public health pursuant to Art. 9 (2) (h) and (i) and Art. 9 (3) GDPR
• for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89 (1) GDPR, insofar as the right referred to in section a) is likely to make the achievement of the objectives of this processing impossible or seriously compromises it
• to assert, exercise or defend legal claims
d) Restriction of processing
According to Art. 18 GDPR, you can request the restriction of the processing of your personal data for one of the following reasons:
• You dispute the accuracy of your personal data.
• The processing is unlawful and you refuse to delete the personal data.
• We no longer need the personal data for the purposes of the processing, but you need it to assert, exercise or defend legal claims.
• You object to the processing in accordance with Art. 21 (1) GDPR.
e) Informing
If you have requested the rectification or erasure of your personal data or a restriction of processing pursuant to Art. 16, Art. 17 (1) and Art. 18 GDPR, we will inform all recipients to whom your personal data was disclosed, unless doing so proves impossible or involves disproportionate effort. You may request that we inform you of these recipients.
f) Transmission
You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format.
You also have the right to request that this data be transmitted to a third party, provided that the processing was carried out using automated procedures and is based on consent in accordance with Art. 6 (1) (a) or Art. 9 (2) (a) or on a contract in accordance with Art. 6 (1) (b) GDPR.
g) Revocation
According to Art. 7 (3) GDPR, you have the right to revoke your consent at any time. Revoking your consent does not affect the legality of the processing carried out on the basis of your consent up to the time of revocation. In the future, we may no longer continue data processing based on your revoked consent.
h) Complaint
According to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR.
i) Objection
If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) (f) GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided there are reasons for doing so that arise from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right of objection, which we will implement without specifying your particular situation. If you wish to exercise your right of withdrawal or objection, simply send an email to datenschutz@uni-wuerzburg-gmbh.de
j) Automated decision-making in individual cases, including profiling
You have the right not to be subjected to a decision based solely on automated processing – including profiling – that produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
1. is necessary for the conclusion or performance of a contract between you and us
2. is permitted by European Union or Member State law to which we are subject and this law contains appropriate measures to safeguard your rights and freedoms as well as your legitimate interests
3. with your express consent
However, these decisions may not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2) (a) or (g) GDPR applies and appropriate measures to protect your rights and freedoms as well as your legitimate interests have been taken.
In the cases referred to in points (i) and (iii), we shall implement appropriate measures to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain human intervention on our part, to express your point of view and to contest the decision.
10. Changes to the privacy policy
If we change the privacy policy, this will be indicated on the website.
As of April 2025