Privacy Policy

1) Introduction and contact information for the data controller

1.1We are pleased that you are visiting our website and thank you for your interest. Below, we provide information about how we handle your personal data when you use our website. Personal data refers to any information that can be used to personally identify you.

1.2The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Andreas Elbracht, Hohe Geest 169, 48165 Münster, Germany, Tel.: 025120805475, Email: info@rockwall-guitars.de. The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

1.3The controller has appointed a data protection officer, who can be contacted as follows: “Andreas Elbracht, Hohe Geest 169, 48165 Münster, Germany, Tel.: 025120805475, Email: info@rockwall-guitars.de”

1.4For security reasons and to protect the transmission of personal data and other confidential information (e.g., orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the "https://" prefix and the padlock icon in your browser address bar.

2) Data collection when you visit our website

When you use our website for informational purposes only—that is, if you do not register or otherwise provide us with information—we collect only the data that your browser transmits to the website server (so-called “server log files”). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:

The website we visited
Date and time of access
Amount of data sent in bytes
Source/link that brought you to this page
Browser used
Operating system used
IP address used (if applicable: in anonymized form)

The processing is carried out in accordance with Article 6(1)(f) of the GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be disclosed or used for any other purpose. However, we reserve the right to review the server log files retrospectively should there be concrete evidence of unlawful use.

3) Cookies

To make your visit to our website more enjoyable and to enable the use of certain features, we use cookies—small text files that are stored on your device. Some of these cookies are automatically deleted when you close your browser (so-called “session cookies”), while others remain on your device for a longer period and allow page settings to be saved (so-called “persistent cookies”). In the latter case, you can find the storage duration in the overview of your web browser’s cookie settings.

If personal data is processed through individual cookies we use, such processing is carried out in accordance with Article 6(1)(b) of the GDPR for the purpose of performing the contract, pursuant to Article 6(1)(a) of the GDPR in the event that consent has been given, or pursuant to Article 6(1)(f) of the GDPR to safeguard our legitimate interests in ensuring the best possible functionality of the website as well as a user-friendly and effective design of the site visit.

You can configure your browser to notify you when cookies are set, allowing you to decide on a case-by-case basis whether to accept them, or to block cookies in specific cases or generally.

Please note that if you do not accept cookies, the functionality of our website may be limited.

4) Contacting us

4.1When you contact us (e.g., via the contact form or email), we process your personal data solely for the purpose of handling and responding to your inquiry, and only to the extent necessary for that purpose.

The legal basis for processing this data is our legitimate interest in responding to your inquiry pursuant to Article 6(1)(f) of the GDPR. If your contact is aimed at entering into a contract, the additional legal basis for processing is Article 6(1)(b) of the GDPR. Your data will be deleted if the circumstances indicate that the matter in question has been conclusively resolved and provided that no legal retention obligations preclude this.

4.2WhatsApp Business

We offer visitors to our website the opportunity to contact us via the WhatsApp messaging service provided by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For this purpose, we use the so-called “Business Version” of WhatsApp.

If you contact us via WhatsApp in connection with a specific transaction (such as a completed order), we will store and use the mobile phone number you use for WhatsApp, as well as your first and last name (if provided), in accordance with Article 6(1)(b) of the GDPR to process and respond to your inquiry. On the same legal basis, we may ask you via WhatsApp to provide additional data (order number, customer number, address, or email address) so that we can assign your inquiry to a specific transaction.

If you use our WhatsApp contact for general inquiries (such as regarding our range of services, availability, or our website), we will store and use the mobile phone number you use on WhatsApp as well as—if provided – your first and last name in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in the efficient and timely provision of the requested information.

Your data will only be used to respond to your inquiry via WhatsApp. It will not be shared with third parties.

Please note that WhatsApp Business has access to the address book of the mobile device we use for this purpose and automatically transfers phone numbers stored in the address book to a server operated by our parent company, Meta Platforms Inc., in the United States. To operate our WhatsApp Business account, we use a mobile device whose address book contains only the WhatsApp contact information of users who have contacted us via WhatsApp.

This ensures that every person whose WhatsApp contact information is stored in our address book has already consented, upon first use of the app on their device by accepting the WhatsApp Terms of Service, to the transfer of their WhatsApp phone number from the address books of their chat contacts in accordance with Article 6(1)(a) of the GDPR. The transmission of data from users who do not use WhatsApp and/or have not contacted us via WhatsApp is therefore excluded.

For information on the purpose and scope of data collection, as well as the further processing and use of data by WhatsApp, and your related rights and privacy settings, please refer to WhatsApp’s Privacy Policy: https://www.whatsapp.com/legal/?eea=1#privacy-policy

5) Data processing when opening a customer account

In accordance with Article 6(1)(b) of the GDPR, personal data will continue to be collected and processed to the extent necessary if you provide it to us when opening a customer account. You can find out which data is required to open an account by referring to the input fields on the relevant form on our website.

You may delete your customer account at any time by sending a message to the contact address of the data controller listed above. Once your customer account has been deleted, your data will be deleted provided that all contracts concluded through the account have been fully fulfilled, there are no legal retention periods that prevent this, and we no longer have a legitimate interest in continuing to store the data.

6) Data processing for order fulfillment

6.1To the extent necessary for the performance of the contract for delivery and payment purposes, the personal data we collect will be disclosed to the contracted shipping company and the contracted financial institution in accordance with Article 6(1)(b) of the GDPR.

If we are obligated to provide you with updates for goods containing digital elements or for digital products based on a relevant contract, we will process the contact information you provided when placing your order (name, address, email address) to personally inform you of upcoming updates via an appropriate communication channel (such as by mail or email) within the legally prescribed timeframe, in accordance with our legal information obligations under Article 6(1)(c) of the GDPR. Your contact information will be used strictly for the specific purpose of notifying you about updates we are obligated to provide and will be processed by us for this purpose only to the extent necessary to provide the relevant information.

To process your order, we also work with the following service provider(s), who assist us, in whole or in part, with the fulfillment of contracts we have entered into. Certain personal data is transferred to these service providers in accordance with the information provided below.

6.2Use of Payment Service Providers (Payment Services)

6.3PayPal

This website offers one or more online payment methods from the following provider: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg

If you select a payment method offered by the provider that requires you to pay in advance (such as credit card payment), your payment details provided during the ordering process (including name, address, bank and payment card information, currency, and transaction number), as well as information about the contents of your order, will be shared with the provider in accordance with Article 6(1)(b) of the GDPR. In this case, your data is transferred exclusively for the purpose of processing the payment with the provider and only to the extent necessary for this purpose.

If you select a payment method that requires the seller to pay in advance (such as purchase on account, installment plan, or direct debit), you will also be asked during the ordering process to provide certain personal information (first and last name, street address, house number, ZIP code, city, date of birth, email address, phone number, and, if applicable, details for an alternative payment method).

To safeguard our legitimate interest in assessing our customers’ creditworthiness, we will forward this data to the provider in accordance with Article 6(1)(f) of the GDPR for the purpose of conducting a credit check. Based on the personal data you have provided, as well as additional data (such as shopping cart, invoice amount, order history, and payment history), the provider assesses whether the payment method you have selected can be granted in light of payment and/or credit default risks.

The credit report may contain probability values (so-called "scores"). To the extent that scores are included in the credit report, they are based on a scientifically recognized mathematical and statistical method. The calculation of these scores takes into account, among other things, but not limited to, address data.

You may object to this processing of your data at any time by contacting us or the provider. However, the provider may still be entitled to process your personal data if this is necessary for the contractual processing of payments.

7) Page features

7.1Facebook Plugins

Our website uses plugins from the social network provided by the following company: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”)

These plugins allow for direct interaction with content on the social network.

To enhance the protection of your data when you visit our website, the plugins are initially disabled and integrated into the page using a so-called “2-click” or “Shariff” solution.

This integration ensures that when a page on our website that contains such plugins is accessed, no connection is established with the provider’s servers.

Only when you activate the plugins and thereby give your consent to the data transfer in accordance with Article 6(1)(a) of the GDPR does your browser establish a direct connection to the provider’s servers. In this process, regardless of whether you are logged into an existing user profile, certain information about the device you are using (including your IP address), your browser, and your browsing history is transmitted to the provider and may be further processed there.

If you are logged into an existing user profile on the provider’s social network, information about interactions carried out via the plugins will also be published there and displayed to your contacts.
You can withdraw your consent at any time by clicking the plugin again to deactivate it. However, withdrawing your consent does not affect the data that has already been transmitted to the provider.

Data may also be transferred to: Meta Platforms Inc., USA

We have entered into a data processing agreement with the provider that ensures the protection of our website visitors' data and prohibits its unauthorized disclosure to third parties.

For the transfer of data to the United States, the provider relies on the European Commission’s standard contractual clauses, which are intended to ensure compliance with European data protection standards.

7.2Instagram Plugins

Our website uses plugins from the social network provided by the following company: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Instagram”)

These plugins allow for direct interaction with content on the social network.

To enhance the protection of your data when you visit our website, the plugins are initially disabled and integrated into the page using a so-called “2-click” or “Shariff” solution.

This integration ensures that when a page on our website that contains such plugins is accessed, no connection is established with the provider’s servers.

Data may also be transferred to: Meta Platforms Inc., USA

We have entered into a data processing agreement with the provider that ensures the protection of our website visitors' data and prohibits its unauthorized disclosure to third parties.

7.3YouTube

This website uses plugins to display and play videos from the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Data may also be transferred to: Google LLC, USA

When you visit a page on our website that contains such a plugin, your browser establishes a direct connection to the provider’s servers to load the plugin. In the process, certain information—including your IP address—is transmitted to the provider.

If playback of embedded videos is initiated via the plugin, the provider also uses cookies to collect information about user behavior, generate playback statistics, and prevent abusive behavior.

If you are logged into a user account with the provider while visiting the site, your data will be directly associated with your account when you click on a video. If you do not want your data to be associated with your account, you must log out before clicking the play button.

All of the aforementioned processing activities, in particular the use of cookies to collect information from the device you are using, will only take place if you have given us your explicit consent in accordance with Article 6(1)(a) of the GDPR. You may revoke the consent you have given at any time with future effect by deactivating this service via the “Cookie Consent Tool” provided on the website.

7.4– Google Web Fonts

This site uses web fonts from the following provider to ensure consistent font display: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

When you visit a page, your browser loads the necessary web fonts into its cache to display text and fonts correctly, and establishes a direct connection to the provider’s servers. In the process, certain browser information, including your IP address, is transmitted to the provider.

Data may also be transferred to: Google LLC, USA

The processing of personal data when connecting to the font provider will only take place if you have given us your explicit consent in accordance with Article 6(1)(a) of the GDPR. You may revoke your consent at any time with future effect by disabling this service via the “Cookie Consent Tool” provided on the website. If your browser does not support web fonts, a standard font from your computer will be used.

8) Tools and Miscellaneous

8.1Cookie Consent Tool

This website uses a so-called “cookie consent tool” to obtain valid user consent for cookies and cookie-based applications that require consent. The “Cookie Consent Tool” is displayed to users when they visit the site in the form of an interactive user interface, where they can grant consent for specific cookies and/or cookie-based applications by checking the appropriate boxes. Through the use of this tool, all cookies and services requiring consent are loaded only if the respective user grants the corresponding consent by checking the appropriate boxes. This ensures that such cookies are set on the user’s device only if consent has been granted.

The tool uses technically necessary cookies to save your cookie preferences. No personal user data is processed in this process.

If, in individual cases, the storage, assigning, or logging cookie settings, this is done in accordance with Art. 6(1)(f) of the GDPR on the basis of our legitimate interest in legally compliant, user-specific, and user-friendly consent management for cookies and, consequently, in the legally compliant design of our website.

Another legal basis for the processing is Article 6(1)(c) of the GDPR. As the data controller, we are legally required to make the use of non-technically necessary cookies contingent upon the user’s consent.

We have entered into a data processing agreement with the provider that ensures the protection of our website visitors' data and prohibits its unauthorized disclosure to third parties.

For more information about the operator and the settings options for the cookie consent tool, please refer directly to the relevant user interface on our website.

8.2Google Maps

This website uses an online map service provided by the following provider: Google Maps (API) by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

Google Maps is a web service that displays interactive maps to visually present geographic information. By using this service, you can see our location and easily find directions to us.

As soon as you visit any of the subpages that include a Google Maps embed, information about your use of our website (such as your IP address) is transmitted to Google’s servers and stored there; this may also involve a transfer to the servers of Google LLC in the United States. This occurs regardless of whether Google provides a user account through which you are logged in or whether a user account exists. If you are logged in to Google, your data will be directly associated with your account. If you do not wish for this association with your Google profile, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and analyzes them.

The collection, storage, and analysis of data are carried out in accordance with Article 6(1)(f) of the GDPR, based on Google’s legitimate interest in displaying personalized advertising, conducting market research, and/or tailoring Google websites to user needs. You have the right to object to the creation of these user profiles; to exercise this right, you must contact Google. If you do not consent to the future transmission of your data to Google in connection with the use of Google Maps, you also have the option to completely disable the Google Maps web service by turning off JavaScript in your browser. Google Maps and, consequently, the map display on this website will then no longer be available.

To the extent required by law, we have obtained your consent to the processing of your data described above in accordance with Article 6(1)(a) of the GDPR. You may withdraw your consent at any time with future effect. To exercise your right to withdraw consent, please follow the procedure for objecting described above.

8.3OpenStreetMap

This website uses an online map service provided by the following provider: OpenStreetMap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, UK

The online map service is a tool for displaying interactive (map) maps to visually present geographic information. Using this service shows you our location and makes geolocation easier.

As soon as you visit the subpages on which the provider’s map is embedded, information about your use of our website (such as your IP address) is transmitted to the provider’s servers and stored there.

Your personal data is processed in accordance with Article 6(1)(f) of the GDPR based on our legitimate interest in designing our website to meet user needs. If you do not consent to the future transmission of your data to the provider, you have the option to completely disable the provider’s online map service by turning off JavaScript in your browser. The online map service on this website will then no longer be available.

When data is transferred to the provider's location, an adequate level of data protection is ensured by an adequacy decision issued by the European Commission.

8.4FiboSearch

This website uses the search technology service provided by the following provider: Damian Góra Web Development, Dr. Adama Bilika 2/28, 42-500 Bedzin, Poland

To provide the search function for articles via the search field, as well as for navigation and filtering, the provider collects and stores certain user information (such as the user ID or session ID) in an anonymized form.

To the extent that personal data is processed in this context, such processing is carried out in accordance with Article 6(1)(f) of the GDPR on the basis of our legitimate interest in providing a fault-tolerant search function for products and, consequently, in optimizing the marketing of our offerings.

9) Rights of the Data Subject

9.1Under applicable data protection law, you have the following rights as a data subject (rights of access and rectification) with respect to the controller regarding the processing of your personal data; please refer to the cited legal basis for the respective conditions for exercising these rights:

Right of access pursuant to Article 15 of the GDPR;
Right to rectification under Article 16 of the GDPR;
Right to erasure under Article 17 of the GDPR;
Right to restriction of processing pursuant to Article 18 of the GDPR;
Right to information under Article 19 of the GDPR;
Right to data portability pursuant to Article 20 of the GDPR;
Right to withdraw consent pursuant to Article 7(3) of the GDPR;
Right to lodge a complaint under Article 77 of the GDPR.

9.2RIGHT TO OBJECT

IF, AS PART OF A BALANCING OF INTERESTS, WE PROCESS YOUR PERSONAL DATA BASED ON OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO SUCH PROCESSING ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA IN QUESTION. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, fundamental rights and freedoms, or if the processing serves to assert, exercise, or defend legal claims.

IF WE PROCESS YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH MARKETING. YOU MAY EXERCISE THIS RIGHT AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE RELEVANT DATA FOR DIRECT MARKETING PURPOSES.

10) Retention period for personal data

The length of time personal data is stored is determined by the applicable legal basis, the purpose of processing, and—where applicable—the relevant statutory retention period (e.g., retention periods under commercial and tax law).

When processing personal data based on explicit consent pursuant to Article 6(1)(a) of the GDPR, the data in question will be stored until you withdraw your consent.

If there are statutory retention periods for data processed in connection with contractual or quasi-contractual obligations pursuant to Article 6(1)(b) of the GDPR, such data will be routinely deleted upon the expiration of the retention periods, provided that it is no longer necessary for the performance or initiation of a contract and/or we no longer have a legitimate interest in continuing to store it.

When processing personal data on the basis of Article 6(1)(f) of the GDPR, this data will be stored until you exercise your right to object under Article 21(1) of the GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.

When processing personal data for the purpose of direct marketing pursuant to Article 6(1)(f) of the GDPR, this data will be stored until you exercise your right to object under Article 21(2) of the GDPR.

Unless otherwise specified in the other information contained in this statement regarding specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.