Director: Arne Schubert
T 0800 085 6660
Entry in the Commercial Register
Register court: Hamburg Local Court
Registration number: HRB 120773
Object of the company: Trade in promotional items and all and all related business.
Information on data protection
With this data protection notice we inform you about how we handle your personal data, as well as about your rights under the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). Allbranded GmbH (hereinafter referred to as "we" or "us") is responsible for the respective data processing.
- I. General information
- 1. Contact details
- 2. Legal basis
- 3. Term of retention
- 4. Categories of the respective data of the recipients
- 5. Transfer of data to third countries
- 6. Processing whilst exercising your rights as per Art. 15 to 22 GDPR
- 7. Your rights
- 8. Right of objection
- 9. Data protection officer
- II. Data processing via our website
- 1. Processing of server log files
- 2. Cookies
- 3. Consent management tool
- 4. Contact options and requests
- a. Contact form
- b. Reviews and feedback
- 5. Customer login
- 6. Data processing for the purpose of purchase transactions
- a. Credit card payments
- b. Payment via PayPal
- c. instalments
- 7. Google Tag Manager
- 8. Google Marketing Services
- III. Data processing via our social media sites
- 1. Visiting social media pages
- a. Facebook and Instagram page
- b. LinkedIn company page
- c. Twitter
- d. Xing
- e. YouTube
- 2. Comments and direct messages
- IV. Additional data processing
- 1. Contact via email
- 2. Data of customers and interested parties
- 3. Utilisation of email addresses for marketing purposes
- 4. Job applications
I. General information
1. Contact details
Should you have any questions or suggestions about this information, or should you wish to contact us regarding the assertion of your rights, please send your request to
- allbranded GmbH
- Stahltwiete 21a, 22761 Hamburg
- Tel. 0800 085 6660
- E-Mail Info@allbranded.ie
2. Legal basis
The term "personal data" under data protection law refers to all information relating to a specific or identifiable person. We process personal data in compliance with the relevant data protection regulations, and in particular in line with the GDPR and BDSG. We only process data on the basis of legal permission. We process personal data only with your consent (Section 15 (3) TMG or Article 6 (1) (a) GDPR), to fulfil a contract to which you are a party, or at your request to carry out pre-contractual measures (Article 6 Paragraph 1 Letter b GDPR), to fulfil a legal obligation (Art. 6 Paragraph 1 Letter c GDPR) or if processing is necessary to safeguard our legitimate interests or the legitimate interests of a third party, unless your interests or fundamental rights and fundamental freedoms that require the protection of personal data prevail (Art. 6 Paragraph 1 Letter f GDPR).
3. Term of retention
Unless otherwise stated below, we only store the data for as long as is necessary to achieve the processing purpose or to fulfil our contractual or legal obligations. Such statutory retention requirements can arise in particular from commercial or tax law regulations. From the end of the calendar year in which the data was collected, we will keep the personal data stored as part of our accounting data for ten years and keep personal data available in business letters and contracts for six years. In addition, we will store data in connection with declarations of consent that require verification, as well as with complaints and claims for the duration of the statutory limitation periods. We will delete any data stored for marketing purposes, should you object to the processing for this purpose.
4.Categories of recipients of the respective data
We use contracted processing service providers to process your data. The processing operations carried out by such processors include, for example, hosting, maintenance and support of IT systems, customer and order management, order processing, bookkeeping and billing, marketing measures and the destruction of files and data carriers. A processor is a natural or legal person, authority, institution or other body that processes personal data on behalf of the person responsible for data processing. Processors do not use the data for their own purposes, but carry out the data processing exclusively on behalf of the person responsible and are contractually obliged to guarantee suitable technical and organisational measures for data protection. In addition, we may transfer your personal data to offices such as postal and delivery services, house banks, tax advisors / auditors or financial authorities. Further recipients may be identified as per the information lined out below.
5. Transfer of data to third countries
Visiting our website may involve the transmission of certain personal data to third countries, i.e. countries in which the GDPR does not apply. Such transfers take place in a permissible manner, if the European Commission has determined that an adequate level of data protection is required in such a third country. If there is no such adequacy decision by the European Commission, personal data will only be transferred to a third country if there are suitable guarantees in accordance with Art. 46 GDPR or as long as one of the requirements of Art. 49 GDPR is met.
Unless otherwise stated below, we use standard EU contractual clauses as suitable guarantees for the transmission of personal data to processors in third countries: https://eur-lex.europa.eu/legal-content/DE/TXT/?uri= CELEX% 3A32010D0087. As far as we consent to the transfer of personal data to third countries, the transfer takes place on the legal basis of Art. 49 Paragraph 1 Letter a GDPR.
6.Processing whilst exercising your rights as per Art. 15 to 22 GDPR
As far as you choose to exercise your rights as per Art. 15 to 22 GDPR, we will process the transmitted personal data for the purpose of us implementing these rights and in order to be able to provide evidence of the same. For the purpose of providing information and preparing it, we will only process data stored for this purpose and for data protection control purposes and otherwise restrict processing in accordance with Art. 18 GDPR. This processing of data is based on the legal basis of Art. 6 Paragraph 1 Letter c GDPR in conjunction with Art. 15 to 22 GDPR and Section 34 Paragraph 2 BDSG.
7. Your rights
As a data subject, you have the right to assert your data subject rights against us. In particular, you have the following rights:
- In accordance with Art. 15 GDPR and Section 34 BDSG, you have the right to request information about whether or not, and, if so, to what extent we process personal data about you.
- You have the right to ask us to correct your data in accordance with Art. 16 GDPR.
- You have the right to request that we delete your personal data in accordance with Art. 17 GDPR and Section 35 BDSG.
- You have the right to have the processing of your personal data restricted in accordance with Art. 18 GDPR.
- In accordance with Art. 20 GDPR, you have the right to receive the personal data relating to you, and which you have provided to us, in a structured, common and machine-readable format and to transmit this data to another responsible party.
- If you have provided a separate declaration of consent to data processing, you may revoke this declaration of consent at any time in accordance with Art. 7 Para. 3 GDPR. Such a revocation does not affect the legality of the processing of such data up until the revocation on the basis of the respective declaration of consent.
- If you are of the opinion that the processing of your personal data violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR.
8. Right of objection
In accordance with Art. 21 Paragraph 1 GDPR, you have the right to object to the processing of data based on the legal basis of Art. 6 Paragraph 1 Letter e or f of the GDPR for reasons that arise from your particular situation . If we process personal data about you for the purpose of direct marketing, you may object to such a processing in accordance with Art. 21 Paragraph 2 and Paragraph 3 GDPR.
9.Data protection officer
You may contact our data protection officer as per the contact details below: Email: email@example.com Herting Oberbeck Datenschutz GmbH Hallerstr. 76, 20146 Hamburg https://www.datenschutzkanzlei.de
II. Data processing via our website
When using the website, we collect the information provided by you. In addition, certain information about your use of the website is automatically recorded by us during your visit to the website. Under data protection law, the IP address is generally considered to be personal data. An IP address is assigned to every device connected to the Internet by the Internet provider so as to send and receive data.
1. Processing of server log files
When using our website for information purposes only, general information is initially stored automatically (i.e. not via registration), which your browser transmits to our server. This includes by default: browser type / version, operating system used, page accessed, the previously visited page (referrer URL), IP address, date and time of the server request and HTTP status code. The processing takes place so as to safeguard our legitimate interests and is based on the legal basis of Art. 6 Paragraph 1 Letter f GDPR. The processing of such data serves the purpose of technical administration and the security of the website. The stored data will be deleted after 14 days at the latest, if there is no justified suspicion of illegal use based on concrete indications and further examination and processing of the information is necessary for this reason. We are not able to identify you as a data subject based on the stored information. Articles 15 to 22 of the GDPR therefore do not apply in accordance with Article 11 (2) of the GDPR, unless you provide additional information that enables you to be identified in order to exercise your rights as set out in these articles.
3. Consent management tool
The consent management tool "Usercentrics" from Usercentrics GmbH (Germany / EU) enables users of our website to give consent to certain data processing processes, to revoke consent given or to object to data processing. The Consent management tool also helps us to provide proof of your declarations of consent. For this purpose, log data is processed for your declarations of consent. The processing of this data is necessary in order to be able to prove that consent was granted. The legal basis is Article 6 Paragraph 1 Letter c GDPR in conjunction with Article 7 Paragraph 1 GDPR. Further information may be found in the settings of the consent management tool.
4. Contact options and requests
a. Contact form
Our website contains a contact form, which you may use to send us a message. The transfer of your data is encrypted (recognisable by the "https" in the address line of the browser). All data fields marked as mandatory are required so as to process your request. Failure to provide such data means that we cannot process your request. The provision of further data is voluntary. Alternatively, you may send us a message using our contact email address. We will process the data for the purpose of answering your request. If your request is aimed at concluding or executing a contract with us, Article 6 (1) (b) GDPR shall be the legal basis for data processing. Otherwise, we will process the data on the basis of our legitimate interest in getting in contact with a person sending an enquiry. In that case, the legal basis for data processing shall be Article 6 Paragraph 1 Letter f GDPR.
b. Reviews and feedback
We participate in the review process Trustpilot, a service of the provider Trustpilot A / S (Denmark / EU). Trustpilot offers our customers the opportunity to rate our services. If you, as a customer, have made use of our services, we will ask for your consent to send you a rating request. If you as a user have given your consent, you will receive a rating request with a link to a rating page. In order to ensure that you have actually used our services, we transmit the necessary data to Trustpilot (this includes your name, email address and a reference number). This data is used solely so as to verify the authenticity and address of the user. Your data will only be passed on with your consent in accordance with Article 6 (1) (a). GDPR.
In order to submit a review, it is necessary to open a customer account with Trustpilot. Trustpilot is responsible for the associated data processing. In this case, Trustpilot's terms and conditions and the following privacy terms shall apply: https://de.legal.trustpilot.com/end-user-privacy-terms.
We may also integrate the Trustpilot widget into our website to display the current review status. The corresponding content is displayed within our online offer, but at the moment it is retrieved from the Trustpilot servers. For this purpose, it is necessary to transmit your IP address. Furthermore, Trustpilot shall be responsible for the processing of your data and will receive a notification that you as a user have looked at our online offer. This information may be stored as part of a cookie and used by Trustpilot so as to recognise which online offers that qualify for the Trustpilot evaluation process have been looked at by you as a user. The information may be saved in a user profile and used for advertising or market research purposes. Further information may be found in the Trustpilot privacy terms at https://de.legal.trustpilot.com/end-user-privacy-terms.
The installation of cookies and the processing of your data as part of the integration of the widget only takes place with your consent in accordance with Section 15 Paragraph 3 TMG or Article 6 Paragraph 1 Letter a GDPR.
5. Customer login
You have the option of creating a customer account on our website and logging in as a customer on our website. To do this, you must first register on our website. The information required is specified in the registration form. The provision of any data marked as mandatory is mandatory, so as to complete the registration. The data provided will be processed for the purpose of providing the respective service. The processing is based on the legal basis of Article 6 Paragraph 1 Letter b GDPR.
6. Data processing for the purpose of purchase transactions
Should you order a product via our website, we will process your personal data exclusively for the purpose of processing the respective contract or to be able to provide you with the product you have ordered. As part of the booking or ordering process, we only process the data that you provide in the input mask. In order to be able to deliver the ordered products to you, we will transmit the data required for the delivery to one of our shipping service providers as stated in the order. The legal basis for the processing is Article 6, Paragraph 1, Letter b GDPR, provided that you act as a contractual partner yourself. If you place an order on behalf of your company, we will process your data on the basis of our legitimate interest in accordance with Art. 6 Paragraph 1 Letter f GDPR. All data fields marked as mandatory are required so as to process your booking or order. Failure to provide such data means that we cannot process your booking or order. The provision of further data is voluntary.
a. Credit card payments
You have the option of paying by credit card. Please note that the respective payment service providers shall be responsible for collecting and processing the respective payment information.
b. Payment via PayPal
You may also pay via PayPal. Please note that the relevant payment information is collected and processed by PayPal (Europe) S.à r.l. et Cie, S.C.A. (Luxembourg / EU) independently. PayPal forwards the address data you have stored with PayPal to us, which we then process exclusively for the purpose of processing the contract. The legal basis is Article 6, Paragraph 1, Letter b GDPR, provided that you act as a contractual partner. If you place an order on behalf of your company, we will process your data on the basis of our legitimate interest in accordance with Art. 6 Paragraph 1 Letter f GDPR. Further information on PayPal’s privacy terms may be found at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE#r5.
c. Purchase by invoice and instalments
The option of payment by invoice and instalments is offered in cooperation with payolution GmbH (Austria / EU). For the service to be provided, payolution must carry out an identity and credit check. For this purpose, we will collect further data (such as your date of birth, your gender and your telephone number) and transmit the respective information to payolution for purchases by invoice and instalments, the specific terms of which you may find in payolution’s general terms and conditions. The legal basis for the transmission to payolution is Art. 6 Paragraph 1 Letter b GDPR, provided you act as a contractual partner. Otherwise, payolution shall process the data independently. Further information on payolution’s privacy terms can be found at https://www.unzer.com/de/privacy-payolution-consumers/.
7. Google tag manager
We use the Google tag manager from Google Ireland Limited (Ireland / EU). The Google tag manager is used to manage our website tags via an interface. The Google tag manager is a cookie-free domain that does not collect or store any personal data. The Google tag manager only triggers other tags, which in turn may collect data without accessing the respective data themselves. If a deactivation is made at domain or cookie level, this remains in effect for all tracking tags that are implemented with the Google tag manager.
8. Google marketing services
We use the Google Ads Conversions marketing service from Google Ireland Limited (Ireland / EU). With Google Ads, we can place ads that are relevant to users in the Google advertising network (e.g. in search results or on other websites), improve reports on campaign performance and prevent users from being shown ads multiple times. Each Ads customer places a different conversion cookie. These cookies can therefore not be tracked across the websites of different Ads customers. A cookie ID is used to record which advertisements are displayed in which browser. This can prevent the same campaign from being displayed multiple times. In addition, cookie IDs can be used to record what are known as conversions, i.e. whether a user sees an advertisement and later visits the advertiser's website and purchases something there.
Through Remarketing we can appeal to users who have already interacted with our website. Our ads are delivered when this target group visits a Google website or a website within the Google advertising network. For these purposes, when our website is called up, Google executes a code and so-called (re) marketing tags are integrated into the website. With their help, an individual cookie is stored on the user's device. The cookies can be set by various domains, including google.com, doubleclick.net, googlesyndication.com or googleadservices.com. This file records which websites users have visited, which content they are interested in and which offers have been used. In addition, technical information on the browser and operating system, referring websites, visiting times and other information on the use of the online offer are stored. All user data is only processed as pseudonymous data and does not contain any information with which we can personally identify users. The displayed advertisements are therefore not displayed specifically to a person, but to the owner of the cookie.
Further information on these processing activities, the technologies used, stored data and the storage period may be found in the settings of our consent management tool. Google Marketing Services can only be used with your consent in accordance with Section 15 (3) TMG or Article 6 (1) (a) GDPR.
In the case of Google services, the transmission of data to Google Inc. in the USA cannot be ruled out. Please note the information contained in the section "Data transfer to third countries". Further information on Google’s privacy terms can be found in the data protection statement provided by Google: https://www.google.com/policies/privacy
III. Data processing on our social media sites
We have company pages on several social media platforms. This way, we would like to encourage further opportunities regarding the sharing of information on our company and exchange. Our company has corporate pages on the following social media platforms:
When visiting or interacting with profiles on social media platforms, your personal data may be processed. The information associated with any social media profiles used is also regularly classified as personal data. This also includes messages and statements made using such profiles. In addition, certain information is often automatically collected during your visit to social media profiles, which may also be classified as personal data.
1. Visiting social media pages
a. Facebook and Instagram page
When visiting our Facebook or Instagram page, through which we present our company or individual products from our range, certain information about you is processed. Facebook Ireland Ltd (Ireland / EU – “Facebook”) is solely responsible for the respective processing of personal data. Further information on the processing of personal data by Facebook may be found at https://www.facebook.com/privacy/explanation. Facebook offers the option of objecting to certain data processing; relevant information and opt-out options may be found at https://www.facebook.com/settings?tab=ads.
Facebook provides us with statistics and insights for our Facebook and Instagram pages in an anonymised form, by means of which we obtain information about the types of actions that people take on our page (so-called "page insights"). These page insights are created based on certain information about people who have visited our site. The respective processing of personal data is carried out by Facebook and us with joint responsibility. The processing of such data serves our legitimate interest in evaluating the types of actions taken on our site and improving our site based on this knowledge. The legal basis for such processing is Article 6 Paragraph 1 Letter f GDPR. We cannot assign the information obtained via these page insights to individual Facebook profiles that interact with our Facebook page. We have reached an agreement with Facebook about the processing and being jointly responsible, in which the distribution of the data protection obligations between us and Facebook is stipulated. Details about the processing of personal data for the creation of page insights and the agreement concluded between us and Facebook may be found at https://www.facebook.com/legal/terms/information_about_page_insights_data. With regard to the respective processing of data, you have an option to assert your rights as a data subject (see “Your rights”) against Facebook. Further information may be found in Facebook's data protection declaration at https://www.facebook.com/privacy/explanation.
Please note that according to the Facebook privacy terms, user data is also processed in the USA or other third countries. Facebook only transfers user data to countries for which the European Commission has issued an adequacy decision in accordance with Art. 45 GDPR or on the basis of suitable guarantees under Art. 46 GDPR.
b. LinkedIn company page
The LinkedIn Ireland Unlimited Company (Ireland / EU - "LinkedIn") is solely responsible for the processing of personal data when visiting our LinkedIn page. Further information on the processing of personal data by LinkedIn is available at https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.
When visiting our LinkedIn company page, following that page or dealing with that page, LinkedIn processes personal data in order to provide us with statistics and insights in an anonymous form. This gives us information about the types of actions that people take on our site (so-called page insights). For this purpose, LinkedIn processes, in particular, such data that you have already made available to LinkedIn via the information stored in your profile, such as data on functions, country, industry, seniority, company size and employment status. In addition, LinkedIn will process information about how you interact with our LinkedIn company page, e.g. whether you are a follower of our LinkedIn company page. As part of these page insights, LinkedIn does forward any personal data about you. We only have access to the aggregated page insights. It is also not possible for us to draw conclusions about individual members from the information in the page insights. This processing of personal data in the context of the respective page insights is carried out by LinkedIn and us with joint responsibility. The processing of such data serves our legitimate interest in evaluating the types of actions taken on our LinkedIn company page and to improve our company page on the basis of this knowledge. The legal basis for this processing is Article 6 Paragraph 1 Letter f GDPR. We have reached an agreement with LinkedIn on processing data with joint responsibility, in which the distribution of data protection obligations between us and LinkedIn is specified. The agreement is available at: https://legal.linkedin.com/pages-joint-controller-addendum. Thereafter, the following applies:
- LinkedIn and us have agreed that the Irish Data Protection Commission will act as the lead supervisory authority overseeing the processing for page insights. You may always lodge a complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or any other regulatory authority.
Please note that according to the LinkedIn privacy guidelines, personal data is also processed by LinkedIn in the USA or other third countries. LinkedIn only transfers personal data to countries for which the European Commission has issued an adequacy decision in accordance with Art. 45 GDPR or on the basis of suitable guarantees under Art. 46 GDPR.
Twitter Inc. (USA) is solely responsible for the processing of personal data when visiting our Twitter profile. Further information on the processing of personal data by Twitter Inc. is available at https://twitter.com/de/privacy.
New Work SE (Germany / EU) is solely responsible for the processing of personal data when visiting our Xing profile. Further information on the processing of personal data by New Work SE is available at https://privacy.xing.com/de/datenschutzerklaerung.
In principle, Google Ireland Limited (Ireland / EU) is solely responsible for the processing of personal data when visiting our YouTube channel. Further information on the processing of personal data by YouTube or Google Ireland Limited may be found at https://policies.google.com/privacy.
2. Comments and direct messages
We also process information made available to us by you via our company page on the respective social media platform. Such information could be the respective username, contact details or a message to us. We are solely responsible for the processing of such data. We process this data on the basis of our legitimate interest in establishing contact with enquiring persons. The legal basis for data processing is Article 6 Paragraph 1 Letter f GDPR. Further data processing may take place if you have given your consent (Art. 6 Paragraph 1 Letter a GDPR) or if this is necessary to fulfil a legal obligation (Art. 6 Paragraph 1 Letter c GDPR).
IV. Additional data processing
1. Contact via email
If you send us a message via the contact email provided, we will process the transmitted data for the purpose of answering your request. We will process this data on the basis of our legitimate interest in contacting enquiring persons. The legal basis for data processing is Article 6 Paragraph 1 Letter f GDPR.
2. Data of customers and interested parties
Should you contact our company as a customer or as an interested party, we will process your data so as to establish or implement the contractual relationship to the necessary extent. This regularly includes the processing of personal master data, as well as contract and payment data provided to us, and contact and communication data of our contact persons for commercial customers and business partners. The legal basis for such processing is Article 6, Paragraph 1, Letter b GDPR, provided you are acting as a direct contractual partner. Should you contact us as a commercial customer on behalf of a company, we will process your data in accordance with Art. 6 Para. 1 Letter f GDPR and the processing is based on our legitimate interest. We will also process data of customers and interested parties for evaluation and marketing purposes. Such processing takes place on the legal basis of Art. 6 Paragraph 1 Letter f GDPR and serves our interest in further developing our offer and informing you specifically about our offers. Further data processing may take place should you have provided your consent (Art. 6 Paragraph 1 Letter a GDPR) or should this be necessary so as to fulfil a legal obligation (Art. 6 Paragraph 1 Letter c GDPR).
3. Utilisation of email addresses for marketing purposes
We may use the email address you provided upon registering or ordering to inform you about similar products and services that we offer. The legal basis is Article 6 Paragraph 1 Letter f GDPR in conjunction with Section 7 Paragraph 3 UWG. You may object to this at any time without incurring any costs other than the transmission costs as per the basic tariffs. To do so, you may unsubscribe by clicking on the unsubscribe link contained in the respective email.
4. Job applications
Should you apply to work for our company, we will only process your application data for purposes related to your interest in current or future employment with us and the processing of your application. Your application will only be processed and acknowledged by the relevant contact persons within our company. All employees entrusted with data processing shall be obliged to maintain the confidentiality of your data. If we are unable to offer you employment, we will keep the data you provided for up to six months following a possible rejection for the purpose of answering questions in connection with your application and rejection. This does not apply if statutory provisions prevent a deletion, if further storage is necessary for the purpose of providing evidence or if you have expressly consented to a longer retention period. The legal basis for data processing is Section 26 Paragraph 1 Sentence 1 BDSG. If we keep your application data for more than six months and you have given your express consent, we would like to point out that this consent may be freely revoked at any time in accordance with Art. 7 Para. 3 GDPR. Such a revocation does not affect the legality of any processing of data, which took place up to the point of revocation on the basis of the respective consent provided.