Privacy Policy
The following information explains how we process your personal data when you visit this website dragonblood-original.de and when you use the available functions—especially the form used to check the authenticity of products.
1. Controller
The controller within the meaning of the General Data Protection Regulation (GDPR) is:
Boris Banaszak
An der Lehmkuhl 7
47495 Rheinberg
Germany
Email: kontakt@dragonblood-original.de
2. Purposes and legal bases of processing
2.1 Visiting the website
When you access this website, your browser automatically transmits information to the server and this information is stored temporarily in so-called log files. This includes in particular:
- IP address of the requesting device,
- date and time of access,
- name and URL of the file retrieved,
- website from which access is made (referrer URL),
- browser used and, if applicable, the operating system of your device and the name of your access provider.
This data is processed to ensure a smooth connection setup, to ensure a convenient use of our website, to evaluate system security and stability and for further administrative purposes. The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest follows from the purposes listed above.
2.2 Using the authenticity check form
When you use the authenticity check form, we process the data you provide (in particular your name, email address, product details, retailer/shop, batch information, reason for the request and any images you submit) in order to review and respond to your request.
The legal basis is Art. 6(1)(b) GDPR (processing necessary for the performance of a contract or to take steps at your request prior to entering into a contract), insofar as it concerns answering your specific enquiry, and Art. 6(1)(f) GDPR (legitimate interest) in clarifying suspected cases, ensuring product integrity and trademark protection.
2.3 Communication by email
If you contact us by email, the data you provide (e.g., email address, message content, contact details) will be processed for the purpose of handling your request. The legal basis is Art. 6(1)(b) GDPR where the communication relates to the performance of a contract or pre-contractual steps, otherwise Art. 6(1)(f) GDPR (legitimate interest in handling your request).
3. Recipients / processors
For operating this website and providing the content technically, we may use service providers (e.g., hosting providers) acting as processors under Art. 28 GDPR. Where required, corresponding data processing agreements have been concluded.
When handling authenticity requests, it may be necessary to share information with affiliated companies or external parties (e.g., manufacturers, shops, legal advisers) insofar as this is required to assess the facts or to assert or defend rights. The legal basis in such cases is Art. 6(1)(f) GDPR (legitimate interest) or Art. 6(1)(c) GDPR where a legal obligation exists.
4. Storage period
Log files created when visiting the website are generally stored for a limited period to ensure system security and are then deleted or anonymised.
Data from authenticity requests is stored as long as necessary to process the request and for any documentation of suspected cases or to assert or defend legal claims. The storage period is based on statutory limitation periods and any statutory retention obligations.
5. Cookies and tracking
This website currently does not use non-essential cookies or tracking tools requiring consent under Art. 6(1)(a) GDPR. If analytics or tracking services are added in the future, this privacy policy will be updated accordingly and—where necessary—consent will be obtained via a consent tool.
6. Transfers to third countries
Your personal data is generally only transferred to countries outside the European Union (third countries) if this is necessary for performing a contract, you have consented, or another legal permission applies. Where required, we ensure an adequate level of data protection at the recipient (e.g., by using EU Standard Contractual Clauses).
7. Your rights as a data subject
Under the GDPR, you have the following rights in particular with regard to the processing of your personal data:
- right of access (Art. 15 GDPR),
- right to rectification (Art. 16 GDPR),
- right to erasure (Art. 17 GDPR),
- right to restriction of processing (Art. 18 GDPR),
- right to data portability (Art. 20 GDPR),
- right to object (Art. 21 GDPR).
If processing is based on consent, you have the right to withdraw your consent at any time with effect for the future (Art. 7(3) GDPR).
To exercise your rights, you can contact us at any time using the contact details above.
8. Right to object under Art. 21 GDPR
Where we process your data on the basis of Art. 6(1)(f) GDPR (legitimate interest), you have the right to object at any time, on grounds relating to your particular situation. We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.
9. Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement (Art. 77 GDPR).
10. Security of processing
We implement appropriate technical and organisational measures to protect your data against loss, misuse, unauthorised access, unauthorised disclosure, alteration or destruction. These include, in particular, access restrictions, encryption techniques, regular system updates and privacy-conscious process design.
11. Updates to this privacy policy
This privacy policy may be updated from time to time to ensure it always meets current legal requirements or to reflect changes to our services. The version applicable at the time of your visit will apply.