Data protection

Privacy Policy
At FRANZIS we are very serious about data privacy and we are pleased that you are interested in the data processing carried out by us and our partners.
We strongly aim to protect your privacy in all our processes. The purpose of this document is to inform you about the data processing that takes place when you use our website, as well as other services and offering.
Where links are provided to websites of other companies, the privacy policy of that destination applies. Please inform yourself about the details of the data processing procedures on the corresponding web page.
We are subject to the provisions of the General Data Protection Regulation and national laws, in particular the Federal Data Protection Act.

The responsible party for data processing is

Richard-Reitzner-Allee 2
85540 Haar, Germany

Our data protection officer is
Dr. Jürgen Rotter,

General explanations
For a better understanding of the following privacy statements, we would like to explain some terms in advance:

IP address
When you are on the Internet, you are in principal always assigned a so-called IP address or IP number. This may differ or always be the same, it can be related personally to a device that you use or it can be shared by several devices (and persons) on one connection.
Data protection authorities classify the IP address as personal data because it can be traced back to a specific connection in the case of a court order. It can also potentially allow conclusions to be drawn about your approximate physical location.
This IP address is rendered anonymous by some services. In this case, digits are deleted from the IP address so that tracing is no longer possible.

Cookies are small files that are transferred to your computer primarily when you call up a website or log in to our site. This cookie is re-sent by your device with every further call-up, so that it is possible to track your visit to the website. In particular, this makes it possible for us to save your login status or to adapt our website to your interests.

Web beacons
Web beacons, also known as “tracking pixels”, are components of a document such as a web page or an email. Web beacons also allow us to check access to the document, for example, whether an email was of interest to you. This also serves to personalise our offer to you.

Personalised links
Personalised links contain an identification code. For example, if such a link is activated from an email, this can be linked to you. This also serves to personalise our offering to you further and to implement further functionalities, such as unsubscribe from a newsletter.

Contract processors and third parties
We do not carry out all processing ourselves, but engage contract processors and third parties for this purpose, including fulfilling obligations under the data protection law.
Contract processors carry out the processing for us on the basis of a separate order. They are not authorised to pursue other purposes, particularly their own, and have made a contractual commitment to that effect towards us. Contract processors are subject to our instructions. A typical example of a contract processor is our host, i. e. the company on whose servers our websites are stored.
We also make use of the services of third parties who are not contract processors. These third parties may also use the data for their own purposes. Typical examples of third parties are those with services related to the display of advertising or to adapt our website to your interests.

Order processing
When you order products from us, various master data such as the name, address and email address are requested. These are explicitly entered by you.
This data is linked to the order data with each order. Likewise, the payment data for the order is recorded and stored. Any communication related to an order is also saved and linked.
It is possible that this data is transmitted to shipping service providers as contract processors, including service providers, in order to provide digital content to be able to carry out the delivery. Furthermore, in the case of payments, we are obliged to commission approved payment service providers with the execution of the payment transaction. In this case, master data is transmitted from us to the payment service provider and in return, the successful payment. The respective payment service provider and the corresponding privacy policy is visible to you during the payment process.
Furthermore, companies engaged by us as contract processors to design and maintain the web shop have access to this data.
This data is stored until the expiry of any warranty periods – usually about 2 years – and until the expiry of any tax retention periods – usually about 10 years – depending on which period expires later and is subsequently deleted.
These processing operations are justified by Art. 6 (1) b) “fulfilment of a contract” and c) “legal permission” GDPR. In addition, we process this data in order to adapt our offering and thereby improve it. This processing is justified by Art. 6 (1) f) “legitimate interests” GDPR.

Processing in the case of a newsletter registration
If you register for the newsletter, the data you entered during registration will be processed. These are the email address as a mandatory field and master data as voluntary information.
This data is passed on to technical service providers for the transmission of the newsletter. In addition to your email address, this data may also include other master data.
The emails contain web beacons which our email service providers use in order to establish whether the email has been opened. This links the data from the newsletter registration, your IP address and your browser ID, however previously pseudonymized. Furthermore, there may be personalised links in the email, which may lead to the data being linked to your order data.
The service provider we engage is a contract processor who does not use this data for any other purpose, having made a contractual commitment to that effect towards us. Currently this is GetResponse S.A., Arkonska 6/A3 80-387 Gdansk, Poland.

This technology is used to select newsletters that are relevant to you and also to display products in the newsletters which are customised to you, as well as to measure the success of our newsletter.
You can unsubscribe from the service with future effect by means of a personalised link at the end of each email. In this case, the processing of your data will be immediately restricted (“blocked”) and your data is deleted after unsubscribing from the newsletter as long as the data is no longer required. If you re-register with the same email address before the deletion, the data will be unlocked and used further.
The processing of the data for other reasons, particularly after an order has been placed, is not affected by this.
This processing is justified by Art. 6 (1) a) GDPR.
“consent” and f “legitimate interests”.

Processing when using the contact form
Upon contact with us, whether via the supplied contact form on the website, by email or by post, your name, your message, and any contact details provided will be stored.
It is possible that we will engage contract processors to whom this data is subsequently transmitted in the process of communication. The service providers we may engage are contract processors and will use this data for any purpose other than that to which they have committed to us.
This processing takes place in order to facilitate the communication with you. It is justified by Art. 6 (1) b) “contractual relationship” and/or f).
“legitimate interests”.

Processing on our website
Even when you do not make use of the previously described functionalities on our website (shop, contact form, newsletter) and simply visit the website, the following processing is carried out:

Server logs
Every visit to our website is automatically logged by our hosting service provider in so-called server logs. Our hosting service provider is a contract processor and uses the data exclusively for our purposes, to which they have committed to us.
In addition to the address of the website (“…”), the data contains the time of access, your anonymized IP address, the access status, i. e. an indication of whether an error occurred during the call, the amount of data transferred, the last page in the case of a link, information about the browser you are using including the language version and the operating system.
These server logs are deleted automatically regularly after 10 days.
Processing takes place in order to maintain the servers used by us and to defend against attacks from the Internet. The information about your browser is also used to technically adapt our web pages to your requirements. The processing is justified by Art. 6 (1) f) “legitimate interests” GDPR.

Own cookies
We use various cookies that may be set when you enter the website.
On entering the website, the consent manager appears automatically and can be used to select the cookies you agree to. Cookies that enable the functionality of the website, including a cookie to save your selection, are mandatory. Others are utilised only after your consent.
The processing is justified by Art. 6 (1) b) “contractual relationship” and/or f) “legitimate interests” GDPR.

Third-party cookies
We integrate third-party services on our website to display advertising or adapt our offering according to your interests. Use thereof is only made after you have provided your consent and is therefore justified by Art. 6 (1) a) “consent” GDPR:
For our newsletter and registration thereof, we make use of the services of GetResponse S.A. Arkonska 6/A3 80-387 Gdansk Poland. GetResponse S.A.. receives the contact details from the registration form, the IP address, and the device information. Clicks in the newsletter are also tracked. You can find the data privacy policy of GetResponse S.A. here
Furthermore, we make use of the services of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. These comprise of Google AdWords, which displays advertising when using the Google search engine. We also use Google Analytics, a tool that allows us to track user behaviour on the website and is used to customise the website according to your interests. These services are enabled by Google Tag Manager. The data privacy policy of Google may be found here. At Google you can also customise the Google data privacy settings.

Secure connection
The connection to our website is secured with SSL/TLS. This prevents data between your computer and our servers from being “tapped”.

Data protection for children
It is important to us to protect the privacy of children. Therefore, we do not knowingly collect any data from children and young people.

No other disclosure
Your data will be securely processed and treated confidentially by us and our service providers. In particular, we do not sell any data (“address trading”). The contract processors we engage meet the highest standards of data security and data protection.
All service providers engaged by us have their registered office in the EU or the EEA, i. e. within the scope of the GDPR. As far as companies subject to US law are concerned, processing is only carried out on the basis of your consent.
No automated decision is made with legal or similar effects. Insofar as creditworthiness is checked as part of a purchase, this is only done on the basis of your consent to the payment service provider.

Your Rights
You have various rights under the GDPR, compliance with which is an important concern for us.
These are:
• Right of access, Art. 15 GDPR
• Right to rectification, Art. 16 GDPR
• Right to erasure, Art. 17 GDPR, and to restriction of processing, Art. 18 GDPR,
• Right to data portability, Art. 20 GDPR,
• Right to object, Art. 21 GDPR,
• Right to lodge a complaint with a supervisory authority, Art. 77 GDPR, and
• Right to withdraw your consent, Art. 7 (3) GDPR.

As a customer, you may partially exercise the right of access and rectification yourself by logging in with your customer account and retrieving or rectifying the relevant master and order data, for example on re-location.
You may object to processing for two reasons: Either you are in a special situation, which deserves more consideration than our interest in the data processing. Further details are provided by Article 21 (1) GDP. Furthermore, you may always raise an objection with regards to processing related to direct marketing purposes. We may only carry this out with your consent, which may be withdrawn.
If you consider our processing to be unlawful, you may complain to a supervisory authority. The supervisory authority responsible for your location may be found here. Our supervisory authority for data protection is the Bavarian State Office for Data Protection Supervision, Promenade 27, 91522 Ansbach, Tel: +49 981/53-1300, email:

Withdrawal of consent
You have the right to withdraw prior granted consent. However, this does not affect the lawfulness of processing until withdrawal but only with effect for the future. To do so, please contact us at the above-mentioned address or via email at
Consent to cookies can be revoked via our Consent Manager, which you can access under Privacy Settings.

You can download this document as a PDF here