Privacy Information

Since 25 May 2018, the uniform requirements of the EU General Data Protection Regulation (GDPR) have applied throughout Europe in the area of data protection. In the following privacy information, we inform you about the processing of personal data by Manufactum GmbH, Hiberniastraße 5, 45731 Waltrop, Germany ("Manufactum", "we" and/or "us") in the context of your use of our websites accessible at www.manufactum.dk ("website(s)") and our applications in accordance with the GDPR and the Federal Data Protection Act (BDSG).

Please read our data protection information carefully. If you have any questions or comments about our data protection information, please contact us at behling@buse.de

Content:

1 Name and contact details of the controller
2 Contact details of the data protection officer
3 Purposes of data processing, legal bases and legitimate interests pursued by the controller or a third party, as well as categories of recipients and origin of the data
3.1 Accessing our websites / applications
3.1.1 Log files
3.1.2 Cookies, tracking, social media plugins
3.2 Initiation, execution and/or termination of a contract
3.2.1 Data processing upon contract conclusion
3.2.2 Use of data for fraud prevention purposes
3.2.3 Transfer of data to transport service providers
3.2.4 Processors
3.2.5 Securing credit card payments / 3D-Secure
3.3 Data processing for advertising purposes
3.3.1 Postal advertising (including online advertising)
3.3.2 Newsletter and analysis of your usage behaviour
3.3.3 Email advertising for similar goods and services
3.3.4 Competitions
3.4 Online presence and website optimization (using cookies) including consent
3.4.1 Cookies - General information and consent requirement
3.4.2 Options for intervention / browser settings
3.4.3. Consent to the use of individual online services / the collection of tracking data
3.4.3.1 Onsite targeting
3.4.3.2 Consent for Meta retargeting (Website Custom Audience)
3.4.3.3 Consent for Pinterest retargeting (Pinterest tag)
3.4.3.4 Consent for Google Analytics
3.4.3.5 Consent for Google Remarketing
3.4.3.6 Revocation of all consents
3.4.4 Further processing of tracking data for legitimate interests
3.4.4.1 Manufactum internal tracking
3.4.5 Objection / opt-out option
3.5 Customer account / user account
3.5.1 General information on the customer account
3.5.2 Protection of the customer account
3.5.3 Warning about spoofing, spam and phishing emails
3.6 Contact
3.7 Applications
3.8 Origin of data
4 Recipients inside and outside the European Union
5 Your rights
5.1 Overview
5.2 Your rights in detail
5.3 Right of objection
5.4 Right of withdrawal
6 Duration of storage
7 Automated decision-making, including profiling (Art. 22 GDPR)
8 No obligation to provide your data

This data protection information applies to data processing by
Manufactum GmbH
Hiberniastraße 5
45731 Waltrop
Germany
E-Mail address: info@manufactum.dk

Manufactum is represented by its Managing Directors, Alexander Peters and Kai Steffan

You can contact our Data Protection Officer at the following contact details:
Prof. Dr. Thorsten B. Behling
BUSE Rechtsanwälte Steuerberater PartG mbB
Berliner Allee 41
40212 Düsseldorf
Germany
Email address: behling@buse.de

Every time our websites/applications are accessed, information is transmitted by the respective internet browser of your device to the server of our website and temporarily stored in log files. The data records stored in this process contain the following data, which are retained until automatic deletion:

• Date and time accessed
• Name of the accessed page
• IP address of the requesting device
• Referrer URL (URL of the page which directed you to our website)
• Data volume transferred
• Loading time
• Product and version information of the browser used, your operating system, and the name of your access provider.

The legal basis for processing this data is Art. 6 (1) (f) GDPR. Our legitimate interest arises from

• ensuring a smooth connection setup,
• ensuring convenient use of our website/application,
• evaluation of system security and stability.

This information does not enable us to, nor do we attempt to identify you directly. You can object to the processing of your personal data in our legitimate interests at any time as defined in sec. 5.3.

Data is stored and automatically erased after achieving the specified purposes. The standard retention periods for deletion are determined according to the criterion of necessity.

We use so-called cookies, tracking tools, targeting methods, and social media plugins for our website. The specific procedures involved and how your data is used for these purposes are explained in more detail below in section 3.4.

If you register on one of our websites and/or conclude an additional contract with us, we process the data required for the conclusion, execution, and/or termination of the contract with you. This includes:

• first name, last name
• billing and delivery address
• email address
• billing and payment data
• telephone number
• bank details and
• if applicable, date of birth.

The legal basis for this is Article 6 (1) (b) GDPR, meaning you provide us with your data based on the respective contractual relationship (e.g., management of your customer/user account, processing of a purchase contract) between you and us. Furthermore, we are required to check your data against personal sanctions lists/embargoes (in particular, financial sanctions against listed persons) in order to ensure that no economic resources or financial assets are made available to listed persons and to ensure compliance with foreign trade regulations (Article 6(1)(c) GDPR).

In addition, we are legally obliged under the Bürgerliches Gesetzbuch (German Civil Code, BGB) to send you an electronic order confirmation when you make a purchase via our websites, and therefore must process your email address for this purpose (Article 6(1)(c) GDPR).

Unless we use your data for advertising purposes (see 2.3. below), we store the data collected for contract processing for the duration of the contract and until the expiry of statutory or possible contractual warranty and guarantee rights. After this period, we retain the information required under commercial and tax law relating to the contractual relationship for the legally prescribed periods. During this period, the data is processed only in the event of an audit by the tax authorities.

The following data processing activities are also required to process a purchase contract via our websites/applications:
Your payment data is forwarded to payment service providers commissioned by us, who process the payment(s). Information on your delivery address is forwarded to logistics companies and shipping partners commissioned by us. To ensure that the delivery of goods is carried out according to your preferences, we may, where necessary, transmit your email address and, if applicable, your telephone number to the logistics company and/or shipping partner commissioned by us to handle the delivery. They may contact you in advance of delivery to coordinate details of the delivery. The respective data is transmitted solely for these purposes and is deleted after successful delivery.

The data you provide as part of an order may be used to check whether an atypical order process exists (e.g., simultaneous ordering of a large number of goods to the same address using different customer accounts). This review fundamentally constitutes our legitimate interest. The legal basis for processing is art. 6 sec. 1 f) GDPR. Our legitimate interest arises from the possibility of avoiding attempts at fraud at our expense and thus preventing economic disadvantages for us.

In order to prevent cases of fraud, we also use the services of Risk.Ident GmbH, Am Sandtorkai 50, 20457 Hamburg, when operating our website.
Risk.Ident collects and processes data using cookies and other tracking technologies in order to identify the device used by the user and further data regarding the use of the website. No assignment to a specific user takes place in this context. If Risk.Ident collects IP addresses, they are immediately encrypted.

The data is stored by Risk.Ident in a database for the purpose of fraud prevention. This database also stores data on devices provided by us to Risk.Ident, where attempted or actual fraud has already occurred using those devices. No assignment to specific users takes place in this context either.

As part of the order process on our website, we obtain a risk assessment for the user’s device from the Risk.Ident database. This risk assessment regarding the likelihood of an attempted fraud takes into account, among other factors, whether the device has logged in via various service providers, whether the device shows frequently changing geo-references, how many transactions have been carried out via the device, and whether a proxy connection is being used.

The legal basis for processing the data for the purpose of fraud prevention is Article 6 (1) (f) GDPR.

For the purpose of delivering ordered goods, we cooperate with logistics service providers/transport companies and/or shipping partners: The following data can be transmitted to these for the purpose of delivering the goods ordered or of notifying you: First name, last name, postal address, email address, telephone number (e.g. notification by the forwarding agent).

The legal basis for the processing is Article 6(1)(b) DSGVO (Datenschutz-Grundverordnung, General Data Protection Regulation).

We use processors within the scope of processing your data. A processor is a natural person or legal entity, public authority, agency or other body, who/which processes personal data on behalf of the controller. Processors do not use the data for their own purposes but merely process the data for the controller. Example: If you purchase an item from us, you transmit your email address to us, among other things, for the purpose of our sending you an order confirmation. Therefore, we are the controller for this data processing. Your email address is then transmitted to a service provider, for the purpose of sending an order confirmation. This service provider then sends you the order confirmation for the item purchased. For this purpose, the service provider processes your email address on our behalf.

To secure the payment process regarding a credit card payment we use the 3D Secure procedure. As part of this process, certain data relating to your order are transmitted to the card-issuing bank via our contractor. This way, the authorized use of the credit card you are using can be verified. In addition to technically required data for the assignment of the verification (e.g., merchant and transaction ID), information about the purchaser as well as the recipient of the goods (if different from the purchaser) is also affected by this transmission. In this context, we process the first name, last name, and if applicable, the company name of these individuals. Additionally, we transmit the buyer’s email address. On the basis of this data, the card-issuing bank will check the authorization to use the credit card you have provided. To the extent that the card-issuing bank cannot sufficiently verify the authorized use of the credit card, the card-issuing bank may request an additional security feature (e.g. password/TAN), depending on the type of card (e.g. Visa, MasterCard and American Express). This must then be entered. As a result of the check, we receive the information about the success of the payment. We won´t receive any further data.
The legal basis for this data processing is Sec. 6 para 1 letter f GDPR. We are legitimately interested in this type of data processing and want to make payment transactions by credit card secure, user- and customer-friendly. Securing credit card payments is also in the legitimate interest of the card-issuing bank.

We generally have a legitimate interest in using your data, which we have collected for example in the context of entering into a contractual relationship with you, for marketing purposes (e.g., advertising by post, newsletters, and further online advertising). We process the following data for our own marketing purposes and for third-party marketing purposes: First name, last name, title, postal address, if necessary year of birth and/or information regarding your registration, your first order and, if applicable, your last order with us as well as information on previously sent newsletters.

Furthermore, we are entitled to store additional personal data, collected in compliance with the law, along with said data for our own marketing purposes and for third-party marketing purposes. For instance, this additional data can include categories of goods (e.g. “clothing”) that you purchased from us. The goal is to provide you with advertising based solely on your actual or assumed needs and not to inconvenience you with useless advertising.

The additional data stored is not transmitted to third parties. Manufactum also pseudonymises/anonymises your personal data collected for the purpose of using the pseudonymised/anonymised data for their own marketing purposes and third-party marketing purposes (advertisers).

The pseudonymised/anonymised data can also be used to show you online advertisements tailored to your needs, in which case the advertising can be controlled by third-party service providers and/or agencies. The legal basis for using personal data for marketing purposes is art. 6 sec. 1 f) GDPR. Our legitimate interest is in enabling us to provide you with advertising tailored to your needs and therefore, presenting our company to you in accordance with your personal preferences.

On our websites/applications as well as, where applicable, on third-party sites (e.g., Facebook), we offer you the opportunity to subscribe to our newsletters. A newsletter will only be sent to you after you have consented to receiving it by providing your e-mail address. The text of the consent, from which the scope of the consent to be given can be derived, is as follows:

"I would like to receive the newsletter from Manufactum GmbH and be informed by e-mail about new products in the range, offers, events, trends, advice topics as well as promotions and personal benefits offered by Manufactum. This consent can be revoked at any time with effect for the future by sending a corresponding notification to info@manufactum.dk or by using the unsubscribe option at the end of each newsletter. I have taken note of the privacy information.”

To ensure that no errors have occurred when entering your e-mail address, we use the double opt-in procedure (DOI procedure): After you have entered your email address in the registration field and given your consent to receiving our newsletters, we will send a confirmation link to the specified address. Your email address will only be added to our newsletter distribution list once you have clicked on this confirmation link. The legal basis for this data processing is Art. 6(1)(a) GDPR.

If you register for our newsletter via third-party sites (e.g. Facebook), the respective site operator will transmit to us the data you provided during registration (e.g. your email address). The legal basis for this data processing is Art. 6(1)(a) GDPR. Insofar as the website operator of the third-party website uses the information you provided in line with the subscription process for its own purposes, the website operator is responsible for that. For more detailed information on data processing by the site operator, please refer to their privacy policy. Additionally, for the purpose of documenting your consent, we store not only your email address, but also the time at which you granted us your consent as well as the text of your consent. The legal basis for this data processing is Art. 6(1)(f) GDPR.

Moreover, in connection with sending newsletters, we can also use the types of data defined in sec. 3.3.1.

Our newsletters include an image one pixel in size (web beacon), which the server retrieves when opening the newsletter. Retrieving this results in the collection of technical information such as information about your browser or system as well as your IP address and the time of access. This information is used to make technical improvements to our services. These statistical measures include determining whether the newsletters are opened, when they are opened and which links are clicked. This serves the purpose of determining the reading behaviours of our users and tailoring our contents to them or of delivering different contents based on the interests of our users.

The legal basis for this data processing is Art. 6(1)(f) GDPR.

If you do not wish us to process usage data relating to newsletters you receive from us, as described above, you can ensure that we do not receive the relevant information and thus exercise your right to object or withdraw consent – without prejudice to the explanations in Sections 5.3 and 5.4 – by taking the following measures:

• Information on the delivery of the newsletter:

Unsubscribing to the newsletter (refer to information below)

• Information about opening the newsletter:

Deactivating the downloading of images in your email client. The help function of your email client usually provides detailed information related to this topic.

• Information on clicking within the newsletter:

Avoid clicking images and links in a newsletter.

• Your surfing behaviour on our website after clicking an offer in a newsletter:

1. Configure your browser so it will not store any cookies. You can obtain more detailed information in sec. 3.4.2. Please note that you may not be able to fully use the functions of our website if your browser does not accept cookies.
2. Alternatively, you can object to the recording of your browsing behaviour here (external link).

• End device used including email client and operating system:

Deactivating the downloading of images in your email client as well as preventing images and links from being clicked on in a newsletter. Please note that even after taking these measures, we still receive information about your operating system when visiting our website.

Notice on the right of withdrawal
You may withdraw your consent at any time with effect for the future by notifying info@manufactum.dk or by using the unsubscribe option at the end of each newsletter.

Manufactum may – even without your express consent – send you promotional content by email that includes goods or services similar to those you have previously purchased from Manufactum. You will be informed about the possibility of using your email address for this purpose and about your corresponding right of objection when you open a customer account at manufactum.de. The notice reads as follows:
“Manufactum GmbH (“Manufactum”) also uses your email address for product recommendations similar to your previous purchases from Manufactum.” You may object to this at any time at the end of each product recommendation email or by sending an email to info@manufactum.dk, without incurring any costs other than the transmission costs according to the basic rates.”

The legal basis for this data processing as described is Section 7 para 3 German Act Against Unfair Competition (UWG) as well as Article 6 (1) (f) GDPR.

If you register for prize draws organized by Manufactum, we will use the data you provide during the respective registration for the purpose of fulfilling the participation agreement, in particular to notify winners and, if applicable, for advertising our offers and/or offers from our prize draw partners. For detailed information please refer to the eligibility requirements for the respective contest. The legal basis for this data processing is Art. 6(1)(a) GDPR, Art. 6(1)(b) DSGVO, as well as Art. 6(1)(f) GDPR.

Cookies and pixels are used on this website. Cookies are small text files automatically generated by your browser and saved to your end device (laptop, tablet, smartphone or the like). In each case, information related to the specific end device used is saved to the cookie. However, this does not mean it provides us with direct knowledge concerning your identity. Some of the cookies we use are deleted at the end of the browser session (so-called session cookies). For instance, these allow us to show you your basket on different pages, which on the other hand shows you how many items are currently in your cart and what the current purchase value of the cart is. Other cookies remain on your computer and allow us to recognise your computer the next time you visit our website (so-called permanent or persistent cookies). In particular, these cookies serve, among other things, to make our offering more attractive for you. Thanks to these files, it is possible, for example, for you to see information on the manufactum.dk website that is specifically tailored to your interests.
According to legal requirements, the storage of information on end devices (desktops, mobile phones, tablets, etc.)—for example, by setting cookies—as well as the retrieval of information from end devices (tracking) is generally only permitted if you have given your prior consent. The legal basis for this is Section 25 para 1 sentence 1 TDDDG. However, consent does not need to be obtained if such storage/retrieval is necessary for the provision of the website's offering. The legal basis for this is Section 25 para 2 no 2 TDDDG. Necessity may arise, for example, in order to ensure the following functionalities or achieve the following purposes:

• Provision of individual "features" (display of the shopping basket, display of the wish list, enabling and maintaining log-in, integration of payment service providers, etc.).
• Ensuring system security / recognising and preventing fraud
• Checking the functionality of the service
• Carrying out billing processes (e.g., billing of partners)
• Compliance with legal requirements
• (including documentation of the granting or withdrawal of tracking opt-ins)
• General analysis of reach

With respect to data processing required for the operation of the website, you do not have a right to object.

The pixels mentioned above are pixel-sized images that are embedded in the HTML code of our web pages. These enable - similar to cookies - collecting access to our website and information in connection with the specifically used end device. These pixels are also only used - within the framework described below - if you have previously given your consent.

Of course, you can configure your browser so that it does not store our cookies on your device. The help function in the menu bar of most web browsers explains how you can prevent your browser from accepting new cookies, how to have your browser notify you when you receive a new cookie, or how to delete all cookies you have already received and block them for the future.

In Microsoft Edge:

1. Select the menu (three dots in the top right) and then select “Settings”.
2. Click on the “Privacy, search, and services” tab. You can now adjust the security settings for the Internet zone. Here you can specify whether and which cookies should be accepted or rejected. In addition, you can choose to completely prevent tracking or select different levels of tracking prevention. Furthermore, you can delete the cookies and browser data that have already been set here.
3. If you select “Cookies and site permissions” in the settings, you can also manage how cookies and website data are handled.

In Firefox:

1. Open the hamburger menu in the top right and select “Settings”.
2. Click on “Privacy & Security”.
3. Now, in the “Cookies and Site Data” section, select your preferred settings or the setting to delete all cookies and site data when the browser is closed.
4. Additionally, in the “Enhanced Tracking Protection” section, you can choose between the settings “Standard”, “Strict”, and “Custom”, each of which includes different cookie settings. You can also select “Tell websites not to sell or share my data” under “Website Privacy Preferences”.

In Google Chrome:

1. Click on the three dots in the browser toolbar and then select “Settings”.
2. Click on “Privacy and security”.
3. You can find various functions in this tab, for example:

• under “Delete browser data” you can delete cookies that have been placed
• under “Third-party cookies” you can implement specific settings for third-party cookies, such as blocking them by default,
• under “Ad privacy” you can adjust settings for advertisements suggested by websites (e.g. blocking them).

If you wish to delete individual cookies set in your browser or find out which service providers or vendors have set cookies in your browser, you can also do this via a "preference manager." Such a tool is, for example, available at https://www.youronlinechoices.com.

If you use apps in addition to a browser, your device (smartphone, tablet, etc.) offers a function that allows you to control tracking by apps. For example, you can deactivate the transmission of tracking data by

• deactivating the setting “Allow apps to request to track” on your iOS device,
• or enabling the setting “Opt out of Ads Personalization” on your Android device.

To find out more about how these opt-out functions work, please consult your device settings.

Manufactum is entitled to further process tracking data collected following the granting of consent on the basis of legitimate interests. This further processing is based on the legal basis set out in Art. 6(1) lit. f) GDPR (balancing of interests). If Manufactum further processes tracking data on the basis of Art. 6 (1) lit. f) GDPR, this will be done exclusively for purposes in which Manufactum has a legitimate interest. Such legitimate interests include, among others, the processing of tracking data for the purpose of delivering personalised advertising on third-party websites as well as making product suggestions on manufactum.dk. Manufactum does not process any data in connection with this further processing of tracking data that is classified by law in Art. 9 GDPR as particularly sensitive (e.g. health data). Furthermore, Manufactum does not use the tracking data to generate analysis results that could be assigned to the areas particularly protected by Art. 9 GDPR. Nor does Manufactum make any automated decisions based on the tracking data that would have legal effects for you as a user of the manufactum.dk website or affect you in a similarly significant way (e.g. individualised price adjustments based on your usage behaviour). In addition, depending on the scope of the tracking data and the risks arising from the processing of tracking data for your rights to be protected, Manufactum subjects the tracking data to pseudonymisation, preventing the data from being linked to your person.

Manufactum has developed its own web tracking technology or uses external tracking technologies offered under a data processing agreement. Manufactum processes the data about your user behaviour on the manufactum.dk/Manufactum app website (tracking data) collected through the use of these technologies – on the basis of your consent – for various purposes. These purposes, for which Manufactum pursues legitimate interests, include, among others: managing product recommendations on manufactum.dk/Manufactum app/newsletter; analysing the functionality of the manufactum.dk website/Manufactum app; improving search results on manufactum.dk; identifying potential for improvement or optimising campaigns.
The data collected via Manufactum’s own web tracking technology is processed exclusively in a pseudonymized form or using a pseudonym. This means that it is not possible to trace the data directly back to your person without using separately stored information.
The legal basis for this further processing of data is Article 6(1)(f) GDPR (legitimate interest). You may object to the collection and further processing of data by Manufactum here. Your objection will be implemented by Manufactum in such a way that it will also be forwarded to service providers who are used for the delivery of individualized advertising on third-party sites based on the data collected by the web tracking developed by Manufactum. Furthermore, your objection will result in these services no longer collecting data for the stated purposes about the device you used for submitting the objection on manufactum.dk.

In addition to the deactivation methods already described, you can generally prevent the use of the technologies explained above by adjusting the cookie settings in your browser. You also have the option to deactivate preference-based advertising using the preference manager available here (external link).

To provide you with the highest possible level of convenience, we offer you the option to permanently store your personal data in a password-protected customer account / user account.

Creating a customer account is basically voluntary. When creating a customer account, the data collected in this respect is processed based on art. 6 sec. 1 b) GDPR. After creating a customer account you do not need to re-enter your data. You can view and change the personal data saved in your customer account at any time.

Creating a customer account is only required for performance of contract when placing an order through our website/application.

You can delete your customer account at any time. To do so, please contact us or our data security officer. Please refer to sec. 1 and sec. 2 for the respective contact information. However, please note if you have already purchased from us, this will not delete the data shown in the customer account. Your data is deleted after the expiration of the retention periods under commercial and tax law to which we are subject. The legal basis for this further data processing is Art. 6(1)(c) GDPR as well as Art. 6(1)(f) GDPR, whereby our legitimate interest lies in retaining the data for any legitimate retention reasons that may exist.

To set up a customer account, you must specify a password of your own choosing. Together with your email address, this password will grant you access to your customer account. However, your data can only be protected effectively if keep your access data in a safe place and protect it against unauthorized third-party access. Users often use the same password for different services. This should be strictly avoided. Furthermore, there is the phenomena that third parties try obtaining log-in data and other information (e.g. credit card information) without authorization using so-called “phishing mails”. Please check requests for their authenticity that want you to specify personal data, particularly if these requests are sent via email. We can inform you if significant changes are made to your customer account (e.g. change in postal address or email address), so that you can check whether these changes are legitimate or have been made by an unauthorized third party. Please also observe that you will automatically remain logged in after leaving our website unless you log out of your account.
Please observe all information below in connection with protecting your data:

The following basically applies: Protect your customer account and your computer, laptop or mobile device using secure passwords and PIN codes that only you know! Furthermore, always remember to log off our website after every online purchase.

Make sure that you only use your passwords for one account! Never use just one password for different suppliers or portals. Check whether the password you selected for our website may also be in use for other websites. If this is the case, we strongly advise you change all passwords immediately.

Do not write down the passwords in a place freely accessible to others. Here too, ensure that only you have access to your passwords.

How to create a secure password!
You should choose passwords that cannot be easily guessed, i.e. no common everyday words, your own name or the name of relatives for instance. To make a password even more secure, it is recommended to use a combination of upper and lower case letters, numbers and special characters.

Is there anything else I need to observe?
If you ever use a publicly accessible computer, always ensure that you log out after visiting our website.

Unfortunately, in this type of scam, Manufactum can also be misused as the purported sender. Specifically, this means that consumers may receive fake emails appearing to come from Manufactum. These emails often even comply with the sender’s brand layout and under circumstances, it can be extremely difficult to distinguish these from real emails from Manufactum.

These cybercriminals or hackers want to exploit the position of trust between us and our customers and in doing so, steal sensitive data (e.g. log-in, customer data, payment information) or install malware (such as viruses or Trojans) on your computer or smartphone.

The creation and sending of these emails is not carried out by Manufactum, even if our name should be used as the sender. Unfortunately, we do not have any influence on the sending of these illegal emails.

How to properly deal with spam, phishing and spoof emails properly:

• We recommend you immediately delete suspicious emails.
• Never open links or attachments included in suspicious emails and do not reveal any personal data.
• However, if you accidentally clicked on links in the email, immediately change your Manufactum password in My Account. Furthermore, we recommend you scan your computer for viruses.
• In the event that the email contains unusual or suspicious information regarding orders or your customer information, log-in under My Account. There, you can find a list of all orders your actually placed and you can check the order status and the respective invoice numbers. To do so, enter the address www.manufactum.dk manually in your browser’s address bar. This prevents you from being led to fraudulent websites when using the link in the email.

Our tip and service for you: If you are ever uncertain, please send us an email at: info@manufactum.dk.

You have the option to contact us in several ways. Via email, telephone, using the contact form, or by post. If you contact us, we use the personal data you voluntarily provide us with in this respect for the sole purpose of contacting you and processing your inquiry.
The legal basis for this data processing is art. 6 sec. 1 a), art. 6 sec. 1 b), art. 6 sec. 1 c) GDPR and art. 6 sec. 1 f) GDPR. In cases where data processing is based on Article 6(1)(f) GDPR, our legitimate interest required for this purpose lies in responding to your inquiry in order to present our company in a positive light and achieve a high level of customer and prospect satisfaction.

If you decide to apply for a position advertised by us in the 'Job Offers' section by post or email, we will process your personal master data (e.g. salutation and name), your contact details (e.g. email address, telephone number), your address data, as well as your application data (e.g. cover letter, CV, certificates) in order to decide on the establishment of an employment relationship as well as, if applicable, for the initiation, execution, and termination of such a relationship. We will only process data beyond the above types of data if and where suitable, to establish your qualification for the position. The legal basis for this is art. 88 GDPR in conjunction with § 26 sec. 1 sentence 1 German Data Protection Act (BDSG).

When submitting your application by email (preferably in PDF format), please ensure it is encrypted adequately, as data transmission by email is not secure and can therefore be intercepted by third parties. Please also note the maximum file size of 7MB.

If you send us application documents of a third party, for example because you are acting as a recruitment consultant, you are required to comply with all data protection requirements in this regard. For details, please refer to section 3.8 below.

As a rule, we collect personal data about you only from you directly. In the case of exceptions where this is not the case, we will notify you separately. However, we may also receive data from another person, namely the person entering it in the respective areas on our website (e.g. creating an account, using the contact form).

If you transmit personal data concerning a third party to us through our website, you are obligated to comply with all the requirements under data protection laws, particularly under art. 5 to 9 as well as 12 GDPR. Otherwise, we have no intention of collecting the specified data and reserve the right to take legal action against you.

Your personal data may, under certain circumstances, also be disclosed to specific recipients. In the process, your data, without prejudice to other information related to recipients in this Privacy Policy, can be transmitted to the following bodies:

• Public authorities to which data must be transmitted by virtue of statutory provisions (e.g. fiscal and supervisory authorities)
• Internal departments involved in carrying out tasks (e.g. Sales, IT, IT Security)
• Processors (e.g. IT service providers) (also refer to sec. 3.2.4)
• Shipping partners (e.g. forwarding agents)
• If applicable, partners we use to display advertisements (e.g. Facebook, Pinterest - also refer to sec. 3.4.3.2 and 3.4.3.3).
• Our data protection officer

Except for processing activities where we inform you in this privacy notice about the possibility of transferring data to recipients located outside the EU, we do not transfer your data to recipients located outside the European Union or the European Economic Area. Such data transfers are carried out on the basis of the Standard Contractual Clauses (SCC) issued by the European Commission.

The rights set out in section 5, which you may exercise against us, can be asserted either directly with us or with our Data Protection Officer. The relevant contact details can be found in section 1 and section 2.

In addition to the right to revoke any consent you have given us, you are entitled to the following additional rights, provided the respective legal requirements are met:

• the right of access to your personal data stored by us (Art. 15 GDPR); in particular, you may request information regarding the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, and the origin of your data, if not collected directly from you;
• the right to rectification of inaccurate data or completion of incomplete data (Art. 16 GDPR);
• the right to erasure of your data stored by us (Art. 17 GDPR), provided there are no statutory or contractual retention periods or other legal obligations or rights that require us to continue storing the data;
• the right to restriction of processing of your data (Art. 18 GDPR), where the accuracy of the data is contested by you, the processing is unlawful but you oppose the erasure, we no longer need the data but you require it for the establishment, exercise, or defence of legal claims, or you have objected to processing pursuant to Art. 21 GDPR;
• the right to data portability pursuant to Art. 20 GDPR, i.e., the right to have selected data stored about you provided to you in a commonly used, machine-readable format or to request the transfer of such data to another controller;
• the right to lodge a complaint with a supervisory authority. As a rule, you may contact the supervisory authority at your usual place of residence or work or the location of our company headquarters for this purpose.

If we process data on the basis of consent you have given, you have the right to withdraw this consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of the consent before its withdrawal.

The duration of the storage of data collected about you depends on the purpose for which we process the data. Data will be stored for as long as it is necessary to achieve the intended purpose. If we are legally obliged (e.g. due to tax regulations) to retain certain categories of data for a specific period, the continued storage of the data after it is no longer required for the original purpose will be solely for the purpose of meeting the legal obligation. In such cases, access to the data will be restricted.

The personal data you provide will not be used for automated decision-making that produces legal effects concerning you or similarly significantly affects you.

However, your processed personal data will be used to provide you with personal recommendations on our website and in the newsletter using pseudonymised usage profiles. The legal basis for the creation of profiles and the usage thereof for the purpose of individualization is art. 6 sec. 1 lit. f GDPR (legitimate interest); sending the newsletter itself is on the legal basis in art. 6 sec. 1 lit. a GDPR (consent). Our legitimate interest in this context is to recommend suitable products to you, thereby promoting our sales and presenting our company more favorably in the market.

You are not obliged to provide us with your data. However, we may require your data for performance of contract, e.g. if you wish to purchase one or multiple products from our website. Without the required personal data outlined in this Privacy Policy, which you will be prompted to provide, we may not be able to enter into the contract with you or execute a previously concluded contract.

Moreover, should you use e.g. technical measures to prevent us from receiving data required to use our website (in particular, refer to sec. 3.4), you may not be able to use our website or use it to its full extent.

In other cases in which you do not provide us with the data required (e.g. in line with establishing contact or participating in a contest), we will also not be able to provide you with the respective service.