Shopping Cart
no products

Data Protection

Data protection
This data protection declaration clarifies the type, scope and purpose of the processing of personal data
(hereinafter referred to as "data") within our online offer and the associated websites, functions and content
as well as external online presences, such as our social media profile. (hereinafter collectively referred to as
"online offer"). With regard to the terms used, such as “processing” or “responsible person”, we refer to
the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Grieger GmbH
Saarstr. 41
71282 Hemmingen
Telephone: +49 (0) 7150-36699-61
Fax: +49 (0)

Types of data processed:

  • Inventory data (e.g., names, addresses).
    - Contact details (e.g., email, telephone numbers).
    - Content data (e.g., text input, photographs, videos).
    - Usage data (e.g., websites visited, interest in content, access times).
    - Meta / communication data (e.g., device information, IP addresses).

Purpose of processing

  • Providing the online offer, its functions and content.
    - Answering contact requests and communicating with users.
    - Safety measures.
    - Range measurement / marketing

Terms used

"Personal data" is all information that relates to an identified or identifiable natural person (hereinafter "data
subject"); An identifiable person is a natural person who can be identified directly or indirectly, in particular by
assigning an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or
one or more special features, expressing the physical, physiological, genetic, psychological, economic, cultural or
social identity of this natural person.
"Processing" is any process or series of processes carried out with or without the help of automated processes in
connection with personal data. The term goes far and covers practically every handling of data.
The “person responsible” is the natural or legal person, public authority, agency or other body that alone or
together with others decides on the purposes and means of processing personal data.

Relevant legal bases

In accordance with Art. 13 GDPR, we will inform you of the legal basis for our data processing.
Unless the legal basis is mentioned in the data protection declaration, the following applies: The
legal basis for obtaining consent is Art. 6 Para. 1 lit. a and Art. 7 GDPR, the legal basis for
processing for the performance of our services and implementation of contractual measures as
well as answering inquiries is Art. 6 Para. 1 lit. b GDPR, the legal basis for processing to fulfill our
legal obligations is Art. 6 Para. 1 lit. c GDPR, and the legal basis for processing to protect our
legitimate interests is Art. 6 Para. 1 lit. f GDPR. In the event that vital interests of the data subject
or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR
serves as the legal basis.

Safety measures

We ask you to inform yourself regularly about the content of our data protection declaration. We
will adapt the data protection declaration as soon as the changes in the data processing carried
out by us make this necessary. We will inform you as soon as an act of cooperation on your part
(e.g. consent) or other individual notification becomes necessary as a result of the changes.

Cooperation with processors and third parties

If we disclose data to other people and companies (processors or third parties) as part of our
processing, transmit them to them or otherwise grant them access to the data, this will only be
done on the basis of legal permission (e.g. if the data is transmitted to third parties, as to
payment service providers, in accordance with Art. 6 Para. 1 b GDPR for the fulfillment of the
contract), you have consented, a legal obligation provides for this or based on our legitimate
interests (e.g. when using agents, web hosts, etc.).
If we commission third parties to process data on the basis of a so-called "order processing
contract", this is done on the basis of Art. 28 GDPR.

Transfers to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European
Economic Area (EEA)) or if this takes place within the scope of the use of third-party services
or disclosure or transmission of data to third parties, this will only take place if it happens to
fulfill our (pre) contractual obligations, based on your consent, on the basis of a legal obligation
or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process
or have the data processed in a third country only if the special requirements of Art. 44 ff. GDPR
are met. This means that processing takes place, for example, on the basis of special guarantees,
such as the officially recognized determination of a data protection level corresponding to the EU
(e.g. for the USA through the "Privacy Shield") or compliance with officially recognized special
contractual obligations (so-called "standard contractual clauses").

Rights of the data subjects

You have the right to request confirmation as to whether the data in question are being processed
and for information about this data and for further information and a copy of the data in
accordance with Art. 15 GDPR. You have accordingly. Art. 16 DSGVO the right to request the
completion of the data concerning you or the correction of the incorrect data concerning you.
Please contact
In accordance with Art. 17 GDPR, you have the right to request that the data in question be deleted
immediately or, alternatively, in accordance with Art. You have the right to request that the
data concerning you, which you have provided to us, be received in accordance with Art.
20 GDPR and to request their transmission to other responsible persons.
You have also gem. Art. 77 GDPR the right to file a complaint with the responsible
supervisory authority.

You have the right to give consent in accordance with Revoke Art. 7 Para.
3 GDPR with effect for the future

Right to object

You can object to the future processing of your data in accordance with Art. 21 GDPR at any time.
In particular, the objection can be made against processing for direct marketing purposes.

Cookies and right to object to direct mail

"Cookies" are small files that are stored on users' computers. Different information can be stored
within the cookies. A cookie is primarily used to store information about a user (or the device on
which the cookie is stored) during or after their visit within an online offer. Temporary cookies, or
“session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online
offer and closes his browser. Such a cookie can be used, for example, to store the contents of a
shopping cart in an online shop or a login status. Cookies are referred to as "permanent" or
"persistent" and remain saved even after the browser is closed. For example, the login status can
be saved if users visit it after several days. Such a cookie can also be used to store the interests of
users who are used for range measurement or marketing purposes. A "third-party cookie" refers to
cookies that are offered by providers other than the person responsible for the online offering
(otherwise, if they are only their cookies, we speak of "first-party cookies").
We can use temporary and permanent cookies and clarify this in the context of
our data protection declaration.
If users do not want cookies to be stored on their computer, they are asked to deactivate
the corresponding option in the system settings of their browser. Stored cookies can be
deleted in the system settings of the browser. The exclusion of cookies can lead to functional
restrictions of this online offer.
A general objection to the use of cookies used for online marketing purposes can be found on
a large number of services, especially in the case of tracking, via the
US website or the
EU website be explained. Furthermore, cookies can
be saved by switching them off in the browser settings. Please note that not all functions of
this online offer can then be used.

Deletionof data

The data processed by us is deleted in accordance with Art. 17 and 18 GDPR or its processing
is restricted. Unless expressly stated in this data protection declaration, the data stored by us
will be deleted as soon as they are no longer required for their intended purpose and there are
no legal retention obligations to prevent deletion. If the data is not deleted because it is required
for other and legally permissible purposes, its processing will be restricted. This means that the
data is blocked and not processed for other purposes. This applies, for example, to data that
must be kept for commercial or tax law reasons.
According to legal requirements in Germany, storage is carried out in particular for 6 years in
accordance with Section 257 (1) HGB (trading books, inventories, opening balance sheets,
annual accounts, trading letters, booking receipts, etc.) and for 10 years in accordance with
Section 147 (1) AO (books, records , Management reports, booking vouchers, commercial
and business letters, documents relevant for taxation, etc.).
According to legal requirements in Austria, storage is carried out for 7 years in particular
in accordance with Section 132 (1) BAO (accounting documents, receipts / invoices, accounts,
receipts, business papers, statement of income and expenses, etc.) for 22 years in connection
with land and for 10 years for documents in connection with electronically provided services,
telecommunication, radio and television services, which are provided to non-entrepreneurs in EU
member states and for which the mini-one-stop shop (MOSS) is used.

The hosting services we use serve to provide the following services:infrastructure and platform
services, computing capacity, storage
space and database services, security services and
technical maintenance services that we use for the purpose of operating this online offer.
Here, we or our hosting provider process inventory data, contact data, content data, contract
data, usage data, meta and communication data of customers, interested parties and visitors
to this online offer based on our legitimate interests in the efficient and secure provision of this
online offer in accordance with.
Art. 6 para. 1 lit. f GDPR in conjunction with Art. 28 GDPR
(conclusion of an order processing contract).

Collection of access data and log files

We, or our hosting provider, based on our legitimate interests within the meaning of Art. 6 Para. 1
lit. f. GDPR data about every access to the server on which this service is located
(so-called server log files). The access data includes the name of the website accessed, file,
date and time of access, amount of data transferred, notification of successful access,
browser type and version, the user's operating system, referrer URL (the previously visited page),
IP address and the requesting provider.For security reasons (e.g. to investigate misuse or fraud),
log file information is stored for a maximum of 7 days and then deleted. Data whose further
storage is necessary for evidence purposes are excluded from deletion until the respective
incident has been finally clarified.

Provision of contractual services
We process inventory data (e.g., names and addresses as well as contact details of users),
contract data (e.g., services used, names of contact persons, payment information) in order to
fulfill our contractual obligations and services in accordance with. Art. 6 para. 1 lit b. DSGVO.
The entries marked as mandatory in online forms are required for the conclusion of the contract.
When using our online services, we save the IP address and the time of the respective user
action. The storage takes place on the basis of our legitimate interests, as well as the user's
protection against misuse and other unauthorized use. This data is not passed on to third
parties, unless it is necessary to pursue our claims or there is a legal obligation to do so in
accordance with. Art. 6 para. 1 lit. c GDPR.
We process usage data (e.g., the websites of our online offer visited, interest in our products)
and content data (e.g., entries in the contact form or user profile) for advertising purposes in a
user profile in order to display the user, for example, product information based on their
previously used services.

The deletion of the data takes place after expiry of legal guarantee and comparable obligations,
the necessity of storing the data is checked every three years; in the case of statutory archiving
obligations, deletion takes place after its expiration. Information in any customer account
remains until it is deleted.

Administration, financial accounting, office organization, contact management
We process data in the context of administrative tasks as well as the organization of our company,
financial accounting and compliance with legal obligations, such as archiving. We process the
same data that we process as part of the provision of our contractual services. The processing
bases are Art. 6 Para. 1 lit. c. GDPR, Art. 6 Para. 1 lit. f. DSGVO. Customers, interested parties,
business partners and website visitors are affected by the processing. The purpose and our
interest in processing lies in the administration, financial accounting, office organization, archiving
of data, i.e. tasks that serve to maintain our business activities, perform our tasks and provide
our services. The deletion of the data with regard to contractual services and contractual
communication corresponds to the information mentioned in these processing activities.
We disclose or transmit data to the financial administration, consultants such as tax advisors or
auditors, as well as other fee agencies and payment service providers.
Furthermore, based on our business interests, we store information about suppliers, organizers
and other business partners, e.g. for the purpose of contacting you later. We generally store this
mostly company-related data permanently.

Data protection information in the application process
We process the applicant data only for the purpose and as part of the application process in
accordance with the legal requirements. The processing of the applicant data takes place to fulfill
our (pre) contractual obligations in the context of the application process within the meaning of
Art. 6 Para. 1 lit. b. GDPR Art. 6 Para. 1 lit. f. GDPR if data processing becomes necessary for us,
for example, as part of legal procedures (in Germany, § 26 BDSG also applies).
The application process requires applicants to provide us with the applicant data. If we offer an
online form, the necessary applicant data is marked, otherwise results from the job descriptions
and basically includes information about the person, postal and contact addresses and the
documents associated with the application, such as cover letter, curriculum vitae and certificates.
In addition, applicants can voluntarily provide us with additional information. By submitting the
application to us, the applicants consent to the processing of their data for the purposes of the
application process in accordance with the type and scope set out in this data protection
declaration. Insofar as special categories of personal data within the meaning of
Art. 9 Para. 1 GDPR are voluntarily communicated within the scope of the application process,
their processing is also carried out in accordance with Art. 9 Para. 2 lit. b GDPR
(e.g. health data, such as severely disabled status or ethnic origin). Insofar as special categories
of personal data within the meaning of Art. 9 Para. 1 GDPR are requested from applicants,
their processing is also carried out in accordance with Art. 9 Para. 2 lit. a GDPR
(e.g. health data if this is necessary for the exercise of a profession). If provided, applicants can
send us their applications using an online form on our website. The data is encrypted and
transmitted to us in accordance with the state of the art.
Applicants can also send us their applications via email. However, please note that emails
are generally not sent in encrypted form and applicants must ensure that they are encrypted
themselves. We can therefore not assume any responsibility for the transmission path of the
application between the sender and receipt on our server and therefore recommend using an
online form or sending by post. Because instead of applying via the online form and e-mail,
applicants still have the option to send us the application by post.
The data provided by the applicants can be processed by us in the event of a successful
application for the purposes of the employment relationship. Otherwise, if the application for a
job offer is unsuccessful, the applicant's data will be deleted. Applicant data will also be deleted
if an application is withdrawn, which applicants are entitled to do at any time.
The deletion takes place, subject to a justified revocation of the applicants, after a period of six
months, so that we can answer any follow-up questions to the application and meet our
obligations to provide evidence from the Equal Treatment Act. Invoices for any reimbursement of
travel expenses are archived in accordance with tax regulations.

Whencontacting us (e.g. via contact form, e-mail, telephone or via social media), the information
provided by the user for processing the
contact request and processing it in accordance with Art. 6 para. 1
lit. b) GDPR processed. The information provided by the users can be stored in a customer
relationship management system ("CRM system") or a comparable request organization. We delete the
requests if they are no longer necessary. We check the necessity every two years;
The statutory archiving
obligations also apply.

Comments and posts
If users leave comments or other contributions, their IP addresses can be based on our legitimate
interests within the meaning of Art. 6 Para. 1 lit. f. GDPR can be stored for 7 days. This is done for our security,
if someone leaves illegal content in comments and contributions (insults, forbidden political propaganda, etc.). In
this case we can be prosecuted for the comment or contribution and are therefore interested in the identity of the
author Furthermore, we reserve the right, based on our legitimate interests. Art. 6 para. 1 lit. f. GDPR to process
user information for spam detection.


With the following information we inform you about the content of our newsletter as well as the
registration, dispatch and statistical
evaluation procedure as well as your right to object. By
to our newsletter, you agree to the receipt and the procedures described.

Content of the newsletter: We send newsletters,e-mails and other electronic notifications with
advertising information (hereinafter "newsletter") only with the consent of the recipient or with a
legal permission. Insofar as the content of a newsletter is specifically described, it is decisive for
the consent of the user. Our newsletters also contain information about our services and us.
Double opt-in and logging: The registration for our newsletter takes place in a so-called double
opt-in procedure. This means that after registration you will receive an email asking you to
confirm your registration. This confirmation is necessary so that no one can register with
someone else's email address. The registrations for the newsletter are logged in order to be
able to demonstrate the registration process in accordance with the legal requirements. This
includes storing the time of registration and confirmation, as well as the IP address. Changes to
your data stored with the shipping service provider are also logged.Registration data: To register
for the newsletter, it is sufficient to provide your email address. Optionally, we ask you to enter
a name in the newsletter for a personal address. Germany: The newsletter is sent and the
success measurement associated with it is based on the consent of the recipient in accordance
with Art. 6 para. 1 lit. a, Art. 7 GDPR in conjunction with § 7 Para. 2 No. 3 UWG or on the basis
of the legal permission acc. Section 7 (3) UWG. The logging of the registration process is based
on our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR. Our interest is focused on
the use of a user-friendly and secure newsletter system that serves both our business interests
and the expectations of the users and also allows us to prove consent.
Cancellation / revocation - You can cancel the receipt of our newsletter at any time, ie revoke your
consent. You will find a link to cancel the newsletter at the end of each newsletter. Based on our
legitimate interests, we can save the e-mail addresses that have been removed for up to three
years before we delete them in order to be able to prove a previously given consent. The
processing of this data is limited to the purpose of a possible defense against claims. An
individual request for deletion is possible at any time, provided that the previous consent is

Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC (“Google”), based on our legitimate
interests (ie interest in the analysis, optimization and economic operation of our online offer within the meaning
of Article 6 (1) (f) GDPR). Google uses cookies. The information generated by the cookie about the use of the
online offer by the user is usually transmitted to a Google server in the USA and stored there. Google is certified
under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law
( ).
Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports
on the activities within this online offer and to provide us with other services related to the use of this online offer
and the internet. Pseudonymous user profiles can be created from the processed data. We only use Google
Analytics with activated IP anonymization. This means that the IP address of the user is shortened by Google
within member states of the European Union or in other contracting states of the Agreement on the European
Economic Area. The full IP address will only be transmitted to a Google server in the USA and abbreviated there
in exceptional cases. The IP address transmitted by the user's browser is not merged with other Google data.
Users can prevent cookies from being saved by making the appropriate settings in their browser software; Users
can also prevent Google from collecting the data generated by the cookie and relating to their use of the online
offer and from processing this data by Google by downloading and installing the browser plug-in available under
the following link:
http: // tools / dlpage / gaoptout? hl = de .

Further information on the use of data by Google, setting and objection options can be found in Google's data
protection declaration ( ) and in the settings for the display of
advertisements by Google
(https: // ).
The personal data of the users will be deleted or anonymized after 14 months.

Google Re / marketing services

On the basis of our legitimate interests (ie interest in the analysis, optimization and economic
operation of our online offer within the meaning of Art. 6 Para. 1 lit. GDPR), we use the marketing
and remarketing services (in short "Google Marketing Services ”) From Google LLC,
1600 Amphitheater Parkway, Mountain View, CA 94043, USA, (“ Google ”). Google is certified
under the Privacy Shield Agreement and thus offers a guarantee to comply with European
data protection law ( ).
The Google Marketing Services allow us to display advertisements for and on our website in a
more targeted manner in order to only present users with advertisements that potentially
correspond to their interests. If, for example, a user is shown advertisements for products
in which he was interested on other websites, this is referred to as "remarketing". For these
purposes, when you visit our and other websites on which Google marketing services are active,
Google immediately executes a code from Google and so-called (re) marketing tags
(invisible graphics or code, also called "web") Beacons ") in the website. With their help, an
individual cookie, ie a small file, is saved on the user's device (instead of cookies, comparable
technologies can also be used). Cookies can be set by various domains, including,,,, or
This file notes which websites the user visits, what content he is interested in and which offers
he has clicked on, as well as technical information on the browser and operating system,
referring websites, time of visit and other information on the use of the online offer. The IP address
of the user is also recorded, whereby we inform Google Analytics that the IP address is shortened
within member states of the European Union or in other contracting states of the Agreement on the
European Economic Area and only in exceptional cases entirely to one Google servers in the USA
and shortened there. The IP address is not merged with user data within other Google offers.
The above-mentioned information can also be linked by Google to such information from other sources.
If the user subsequently visits other websites, the ads tailored to his interests can be displayed.
The user data is processed pseudonymously as part of the Google marketing services. This
means that Google does not save and process, for example, the name or email address of the
user, but processes the relevant data in a cookie-related manner within pseudonymous user
profiles. From Google's point of view, the ads are not managed and displayed for a specifically
identified person, but for the cookie holder, regardless of who this cookie holder is. This does not
apply if a user has expressly allowed Google to process the data without this pseudonymization.
The information collected by Google Marketing Services about users is transmitted to Google
and stored on Google's servers in the United States. The Google marketing services we use
include the online advertising program "Google AdWords" . In the case of Google AdWords,
each AdWords customer receives a different "conversion cookie". Cookies cannot therefore
be tracked via the websites of AdWords customers. The information obtained using the cookie
is used to create conversion statistics for AdWords customers who have opted for conversion
tracking. AdWords customers find out the total number of users who clicked on their ad and
were redirected to a page with a conversion tracking tag. However, you will not receive any
information that can be used to personally identify users. We can integrate third-party
advertisements based on the Google marketing service "AdSense".AdSense uses cookies
that enable Google and its partner websites to place ads based on users'
visits to this website or other websites on the Internet. We can also use the
"Google Tag Manager" to integrate and manage the Google analysis and
marketing services in our website. Further information on the use of data by Google for marketing
purposes can be found on the
overview page: , Google's privacy policy
is available at available.
If you would like to object to interest-based advertising by Google marketing services, you can
use the setting and opt-out options provided by Google: .

Online presence in social media

We maintain online presences within social networks and platforms in order to communicate with the
customers, interested parties and users active there and to be able to inform them about our services.
When calling up the respective networks and platforms, the terms and conditions and the data
processing guidelines of their respective operators apply. Unless otherwise stated in our data
protection declaration, we process the data of users provided that they communicate with us within
social networks and platforms, e.g. write posts on our online presence or send us messages.

Integration of services and content from third parties

We use content or service offers from third-party providers within our online offer based on our
legitimate interests (ie interest in the analysis, optimization and economic operation of our online
offer within the meaning of Art. 6 Para. 1 lit. Integrate services such as videos or fonts
(hereinafter referred to as “content”). This always presupposes that the third-party providers of this
content perceive the IP address of the user, since without the IP address they could not send the
content to their browser. The IP address is therefore required to display this content. We strive to
only use content whose respective providers only use the IP address to deliver the content. Third-party
providers can also use so-called pixel tags (invisible graphics, also known as "web beacons") for
statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor
traffic on the pages of this website. The pseudonymous information can also be stored in cookies on
the user's device and contain, among other things, technical information about the browser and
operating system, referring websites, time of visit and other information on the use of our online offer,
as well as being linked to such information from other sources.


We integrate the videos of the platform “YouTube” from Google LLC, 1600 Amphitheater Parkway, Mountain View,
CA 94043, USA. Data protection declaration: , opt-out:

Google Maps

We integrate the maps of the service “Google Maps” from Google LLC, 1600
Amphitheater Parkway, Mountain View, CA 94043, USA. The processed data can
include, in particular, IP addresses and location data of the users, which, however, are
not collected without their consent (usually carried out as part of the settings of their
mobile devices).
The data can be processed in the USA. Data protection declaration:
, opt-out: