Privacy Policy

This Privacy Policy was last updated on 6 July 2020.

It can be modified by us at any time by publication on this website. The current version published on this website applies.

1. Who is responsible for processing your personal data?

The primary controller within the meaning of Regulation (EU) 2016/679 (General Data Protection Regulation; "GDPR") is 

TFL Ledertechnik GmbH, Peter-Krauseneck-Strasse 16, 79618 Rheinfelden, Germany.
phone: +49 7621 9400
fax: +49 7621 940 10 00
e-mail: dataprotection@tfl.com 
website: www.tfl.com

- Hereinafter referred to as "we", “our” or “us” -

2. Data Protection Officer

You can contact our data protection officer at: 

e-mail address: seitz@ernaehrung.net; By mail at: VdE Service GmbH, Eduard-Pfeiffer-Strasse 48, 70192 Stuttgart, Germany, Tel.: +49 (711) 22 333 24; FAX: +49 (711) 22 333 99

3. For what purposes and on what legal basis do we process personal data?

3.1 In General

We generally process personal data concerning you in order to offer products and services and to deliver or provide them, for advertising and marketing, to enable full access to our websites and online shops, to operate, improve and further develop them, to analyse the use of our websites, online shops and our offers, to detect, investigate and ward off attacks on our websites, online shops and our infrastructure, to communicate with you and to defend and enforce legal claims.

We process personal data on the basis of the following legal bases, which supplement the legal bases listed in Section 3.2 and following:

  • Art. 6 para. 1(a) GDPR serves as the legal basis for the processing of personal data for which we obtain the consent of the data subject.
  • Art. 6 para. 1(b) GDPR serves as the legal basis for the processing of personal data necessary for the performance of a contract with the data subject and for the implementation of appropriate pre-contractual measures.
  • Art. 6 para. 1(c) GDPR serves as the legal basis for the processing of personal data required to fulfil a legal obligation to which we are subject under any applicable law of the EU or any applicable law of an EEA state.
  • Art. 6 para. 1(d) GDPR serves as the legal basis for the processing of personal data necessary to protect vital interests of the data subject or another natural person.
  • Art. 6 para. 1(f) GDPR serves as the legal basis for the necessary processing of personal data in order to safeguard the legitimate interests of us or of third parties, unless the fundamental freedoms and rights and interests of the data subject outweigh these. Legitimate interests include, in particular, our commercial interest in being able to provide, analyse and further develop our websites, online shops, advertising and marketing, the sale of goods and the provision of services, information security, defence and enforcement of legal claims and compliance with applicable laws.
3.2. Websites

When you visit our websites in general or our online shop at https://tfl.shop/ (“eShop”) in particular, each time you access our websites/eShop, a range of general information is transmitted from your browser to the website hosting servers and stored in log files.

For example, your internet protocol address (IP address), the date and time of your visit, the referring website and the website you are visiting, your browser, operating system and internet service provider, certain cookies (see also Section 3.5), location data and other similar information that serves to prevent security risks in the event of attacks on our information technology systems.

The purpose of processing and analysing of this general information is (a) to display our websites/eShop, their respective contents, services and offers correctly and to ensure data traffic, (b) to optimise the attractiveness and functionality of our websites/eShop and its contents, services and offers, (c) to ensure the stability and security of our websites/eShop and systems on a permanent basis and (d) to enable the detection, defence and investigation of cyberattacks, spam and other unlawful actions in relation to our websites/eShop and systems and to enforce claims in this respect. This is our legitimate interest in processing in the sense of Art. 6 Para. 1(f) GDPR.

For the hosting of the website, we may use the services of third parties in the European Union (“EU”)/European Economic Area (“EEA”) and in third countries outside of the EU/EEA who carry out the above-mentioned processing on our behalf.

Currently, our websites/eShop are hosted on servers in the European Union.

3.3. eShop

Access to and use of our online shop at https://tfl.shop/ (“eShop”) is available to select customers (“CUSTOMERS”) only and requires a customer account. The customer account enables you to process orders in a simplified manner, to obtain services, request offers, order goods, check out faster, keep more than one item in the basket and to manage and track your orders and your details.

We store and process the information that you enter in the registration input mask or within the customer account. For the registration, you will be asked to enter all the necessary information. We will use the provided information to verify, together with our affiliates, whether you are authorised by the CUSTOMER to register for a customer account and to use the eShop. For the verification, we may contact the CUSTOMER and share with the CUSTOMER the information you entered. We will further use the information entered by you upon registration or at a later time to open, operate and maintain your customer account, manage operate and maintain the eShop, manage and grant access to secure areas, process orders and offers, or provide any other services requested by you. We will also use the provided information to contact you from time to time in connection with the eShop and your use thereof either directly or through third parties. You may in particular be contacted for security reasons, notably in case of any (suspected) breaches or threats. Furthermore, you may be contacted by the affiliate conducting business with the CUSTOMER that authorised you. If you do not enter the required information, we will not be able to, among other things, perform the verification, open, operate and maintain your account, grant you access to the eShop, process orders and offers or provide any services.

To combat abuse, such as identity theft and spam in particular, we also store your IP address and the time and date of registration.

We may use the services of third parties in Germany, other countries of the EU/EEA, or third countries outside of the EU/EEA notably for the operation, maintenance and hosting of the eShop, provision of support services, ordering and shipping and for this purpose, we may pass on your personal data to these third parties.

By registering for or accessing or using the eShop, you give us your consent to store and process the information we collect from you for the purposes mentioned above. Your consent constitutes a legal basis for processing within the meaning of Art. 6 para. 1(a) GDPR. Additionally or alternatively, Art. 6 para. 1(b) GDPR serves as a legal basis for the processing of personal data necessary for the performance of a contract with you and for the implementation of appropriate pre-contractual measures. Additionally or alternatively, Art. 6 Para. 1(f) GDPR serves as a legal basis for verifying your authority to open a customer account, for any processing necessary to process any orders and offers or provide any services in relation to the CUSTOMER, or for security reasons or the fight against abuse.

Once you have access to the customer account, you can check your details at any time via a password-protected access. You can modify some of the information by yourself. Note that the modification of certain information requires you to contact customer services using the information provided in the eShop. Closing your account will also require you to contact customer services.

3.4. Contact Forms

On our websites, in general and in the eShop in particular we may enable you to get in touch with us via contact forms or via contact details provided. When contacting us via a contact form, you will be asked to enter all the necessary information that we need to process the contact and communicate with you. Without this required information, we will not be able to communicate with you. We store or process the information that you enter in the input masks or otherwise communicate to us. When contacting us by e-mail, we store the information transmitted with the e-mail. In order to combat abuse such as identity theft and spam, we also store your IP address and the time and date of your contact.

If you use contact forms on our websites or in the eShop, they are encrypted. If you contact us by e-mail or enter your e-mail address in the contact form, you agree that we can also communicate with you by e-mail. Please note that our e-mail messages may not be encrypted.

By contacting us, you consent to the processing of your personal data for the purpose of communication with you and the handling of your possible request. Your consent constitutes a legal basis for processing within the meaning of Art. 6 para. 1(a) GDPR. In communicating with you, dealing with any concerns you may have and combating abuses, we also have a legitimate interest in processing in accordance with Art. 6 para. 1(f) GDPR. If the purpose of the contact is to conclude a contract, Art. 6 para. 1(b) GDPR provides an additional legal basis for the processing.

3.5. Cookies

We use so-called "cookies" on our websites and in the eShop. Cookies are small text files that are stored by your browser on your computer or mobile device. They are used to collect certain information while navigating a website and to retrieve it during your current browser session or during future visits. Cookies make it possible to recognize the browser you are using or to temporarily save the entries you have made. Cookies also help us to make our website work or work more efficiently or user-friendly.

We distinguish between so-called "session cookies" and "persistent cookies". Session cookies store information that is used during your current browser session. They are automatically deleted after closing your browser. Persistent cookies, are only deleted after a certain period of time or remain stored on your device until you delete them. Persistent cookies make it possible, for example, to recognise your browser on your next visit, to support the filling in of forms, to save your user settings or to display advertising and offers tailored to your needs. We then differentiate between necessary cookies and unnecessary cookies. Necessary cookies are required to make our websites and the functions they contain (such as the eShop) available. This is our legitimate interest in processing in the sense of Art. 6 para. 1(f) GDPR.

When you visit our websites or the eShop, you will be informed about the use of cookies. You have the option to consent to the use of cookies. Your consent constitutes a legal basis for processing within the meaning of Art. 6 para. 1(a) GDPR.

Please note that cookies other than necessary cookies only become active after you have given your consent to the use of cookies.

You can adjust the settings of your browser to disable the storage of cookies on your device. However, this may impair the functionality of our websites and the eShop. You can furthermore delete cookies already stored in your browser.

You can find out how to manage and delete cookies for the following popular browsers by following the below links:

To find information relating to other browsers, visit the browser developer's website. Furthermore, you can visit www.aboutcookies.org or www.allaboutcookies.org to learn more about cookies and how to manage and delete them.

The table below explains the cookies we use in the eShop and the reason why we use them:

Cookie Name Purpose
mage-messages Tracks error messages and other notifications that are shown to the user, such as the cookie consent message, and various error messages. The message is deleted from the cookie after it is shown to the shopper.
mage-translation-storage (local storage) Stores translated content when requested by the shopper. Used when Translation Strategy is configured as “Dictionary (Translation on Storefront side)”.
mage-translation-file-version (local storage) Tracks the version of translations in local storage. Used when Translation Strategy is configured as Dictionary (Translation on Storefront side).
product_data_storage (local storage) Stores configuration for product data related to Recently Viewed / Compared Products.
recently_compared_product (local storage) Stores product IDs of recently compared products.
recently_viewed_product (local storage) Stores product IDs of recently viewed products for easy navigation.
recently_viewed_product_previous (local storage) Stores product IDs of recently previously viewed products for easy navigation.
X-Magento-Vary Configuration setting that improves performance when using Varnish static content caching.
form_key A security measure that appends a random string to all form submissions to protect the data from Cross-Site Request Forgery (CSRF).
mage-cache-sessid The value of this cookie triggers the cleanup of local cache storage. When the cookie is removed by the backend application, the Admin cleans up local storage, and sets the cookie value to true.
mage-cache-storage Local storage of visitor-specific content that enables ecommerce functions.
mage-cache-storage (local storage) Local storage of visitor-specific content that enables ecommerce functions.
mage-cache-storage-section-invalidation (local storage) Forces local storage of specific content sections that should be invalidated.
persistent_shopping_cart Stores the key (ID) of persistent cart to make it possible to restore the cart for an anonymous shopper.
private_content_version Appends a random, unique number and time to pages with customer content to prevent them from being cached on the server.
It is set in multiple places: in PHP, in JavaScript as a cookie, and in JavaScript to local storage.
For the HTTP Only Yes (based on request) means that the cookie Secure if set during HTTPS request and unsecure if set during HTTP request.
section_data_ids Stores customer-specific information related to shopper-initiated actions such as display wish list, checkout information, etc.
store Tracks the specific store view / locale selected by the shopper.

Note that if you do not consent to the use of cookies or disable them, you may not be able to access and use the full functionality of our websites and the eShop.

3.6. Analytics

We use web analytics services on our websites and the eShop for which we may use the services of third parties in Germany, other countries of the EU/EEA, or third countries outside of the EU/EEA. Web analytics services use cookies (see also section 3.5) to analyse the use of our websites and the eShop, to compile reports and statistics on website and eShop activities and to provide us with other services related to the use of our websites and the eShop. The web analysis provides us with information about which sub-pages and contents of our websites and the eShop are accessed or how visitors move within a website and the eShop. This enables us, for instance, to optimise our websites and the eShop, adapt them to the needs of the users and increase security. This is our legitimate interest in processing in the sense of Art. 6 para. 1(f) GDPR. Furthermore, your consent to the use of cookies constitutes a legal basis for processing within the meaning of Art. 6 para. 1(a) GDPR.

On our websites and the eShop we currently use Google Analytics, a web analytics service provided by Google, Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). The information generated by the Google Analytics cookies is transferred to Google's servers in the USA and stored there. We ourselves do not have access to this information and receive from Google only information without personal reference about the use of our websites and the eShop.

We use an IP anonymization (IP masking) function of Google Analytics. With this function, the IP address is shortened and thereby made anonymous before it is stored and further processed by Google.

As described above (see section 3.5), cookies of the web analytics service Google Analytics are only stored after you have given your consent to the use of all cookies.

You can prevent the storage of cookies by not accepting them or by changing the settings of your browser accordingly. Please note, however, that in this case you may not be able to access and use the full functionality of our websites and the eShop.

You can also limit the information processed by Google Analytics by downloading and installing the Google Analytics opt-out add-on available for certain browsers at https://tools.google.com/dlpage/gaoptout?hl=en.

For more information about Google's terms of service and privacy policy, please visit
https://support.google.com/analytics/topic/2919631?hl=en,
https://policies.google.com/?hl=en and
https://policies.google.com/technologies/partner-sites?hl=en.

3.7. Social Media

Our websites and the eShop contain links to various social networks, such as, for example, Facebook, LinkedIn, YouTube and Instagram.

We do not use so-called social plug-ins (such as a "Like" button), as such social plug-ins can establish a direct connection to the server of the social network as soon as a page on which a social plug-in is integrated is opened.

Instead, we use links to the social networks that are marked with the symbol/icon of the respective social network. If you click on such a link, you will be connected to the website of the respective social network. The privacy policy of the respective social network applies there.

3.8 Maps

We have embedded on our websites and the eShop the online map service Google Maps provided by Google, Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). We can thus easily generate added value for our websites and the eShop in terms of quality and content. This is our legitimate interest in processing in the sense of Art. 6 Para. 1(f) GDPR.

When you open a website on which Google Maps content is embedded, Google Maps will store a cookie. This cookie is usually not deleted by closing the browser, but expires after a certain time period, unless you delete it manually.

If you do not agree with this processing of your information, you have the option of deactivating the Google Maps service. To do so, you must deactivate the Java-Script function in your browser. However, this may also affect other functions of our websites and the eShop.

For more information about Google's terms of service and privacy policy, please visit
https://policies.google.com/?hl=en and
https://www.google.com/help/terms_maps/?hl=en.

3.9. Web Fonts

Our websites and the eShop use so-called web fonts. Web fonts enable a uniform display of fonts on our websites and the eShop and do not require that the corresponding fonts are installed on your device. This is our legitimate interest in the processing in the sense of Art. 6 para. 1(f) GDPR.

We use web fonts provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google”). When you visit our websites or the eShop, your browser will connect to the servers of Google and load the required web fonts into your browser cache. In the process, Google will obtain knowledge that one of our websites or the eShop has been accessed via your IP address.

If your browser does not support web fonts, a default font from your computer will be displayed instead.

For further information about Google Web Fonts and Google's terms of service and privacy policy, please visit
https://developers.google.com/fonts/faq and
https://policies.google.com/?hl=en.

4. What categories of personal data do we process?

We process general contact data and data concerning you, such as your name, e-mail address, (mobile) phone number, and information linking you to the CUSTOMER that authorized you, such as the CUSTOMER’s name and contact details and the CUSTOMER’s SAP Customer ID.

When you visit our websites or the eShop the web servers that are used, collect and store the following general information by default:

  • Your browser and operating system
  • The website from which you visited us (referring website)
  • The websites and webpages which you visit when you are with us
  • The date and time of your visit
  • Your IP address

5. What categories of recipients of data exist?

Within the scope of our business activities and the processing or purposes described in this privacy policy, we will - if permitted - transfer personal data to third parties or disclose personal data to such third parties. Third parties, who may process this data for us or for their own purposes or who may take note of it in the course of their work for us, include in particular:

  • Our affiliates
  • CUSTOMERS provided by you in the registration and/or their respective affiliates and representatives
  • (IT) service providers and processors employed by us (these include, for example, the providers of programming, support and hosting services and the providers of analytics, social media, map and web font services mentioned above)
  • fiduciary companies, auditors, lawyers
  • Shipping companies for the delivery of goods
  • Advertising partners
  • persons authorised by us (such as employees entrusted with the processing)
  • other recipients with your permission, or if this is necessary to enforce our rights, in particular to enforce claims arising from the relationship with you

Third parties may be located in the European Union, in the EEA (EU plus Norway, Liechtenstein and Iceland) or in a third country outside of the European Union/EEA.

6. Is transfer of the data to a third country intended?

Any data you enter in the registration input mask or within the customer account of the eShop will be received, processed and stored in the European Union and be subject to the rules of the GDPR. The data may be transferred within the European Union and the EEA (EU plus Norway, Liechtenstein and Iceland). 

Your data may be transferred outside of the European/EEA, but only in compliance with the rules of the GDPR. This means that we transfer (or give access to) personal data only (i) to countries for which there exists a valid adequacy decision of the European Commission; (ii) to countries for which we have provided appropriate guarantees, in particular by ensuring an adequate level of protection by means of standard contractual clauses of the European Commission (which can be downloaded here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en) or by means of recognised binding corporate rules. You can request a copy of such contractual guarantees from the controller mentioned in Section 1 above, including by e-mail to dataprotection@tfl.com. However, we reserve the right to black out corresponding copies for reasons of secrecy protection or to make them available only in part; (iii) in the absence of any of the above, to countries or third parties for which you have explicitly consented to the proposed transfer, after having been informed of the possible risks of such transfers due to the absence of an adequacy decision and appropriate safeguards.

7. How long will your data be stored?

We process and store personal data for the time necessary to achieve the respective purposes or for the time for which you have granted permission. In addition, we process or store personal data in order to comply with statutory storage and documentation obligations, such as in the case of retention periods required by trade or tax regulations, or if our legitimate business interests so require (in particular to assert, exercise or defend legal claims).

8. What data protection rights can you assert as a data subject?

Using the address mentioned in section 2 above or the customer service contact provided in the eShop, you can request information about the data stored concerning your person. In addition, under certain circumstances you may request the correction or deletion of your data. The deletion of your personal data will be completed, unless we are legally obligated to store the information. In your account in the eShop, you can also directly check the information that you have entered and modify some of the information by yourself. Note that the modification of certain information requires you to contact customer services using the information provided in the eShop. Closing your account will also require you to contact customer services. You may further have a right to receive the information you have provided in a structured, commonly used, machine-readable and interoperable format. 

If we process your data to pursue legitimate interests, you may object to such processing for reasons arising from your particular situation. We will then no longer process your personal information, unless we can demonstrate compelling legitimate grounds for its processing that outweigh your interests, rights and freedoms, or the processing is intended to assert, exercise or defend legal claims. 

If the processing is based on consent, you have the right to revoke your consent at any time without affecting the legality of the processing carried out on the basis of the consent until revocation. You can also close your customer account. In the event of a revocation or deletion of your customer account, we can no longer operate the customer account. It may furthermore not be possible for us to conclude a contract with you or the CUSTOMER that has authorised you, or to fulfil any existing contract with you or the CUSTOMER. This can lead to premature termination of the contract and/or cost consequences. You can contact us about this at any time using the above data.

Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you reside, work or where the infringement is suspected, if you believe that the processing of personal data that concerns you is in contravention of the GDPR.

9. Necessity of providing personal data

You are free to provide your personal data or not. However, as mentioned above, the provision of personal data is in particular required for registration and verification as well as access to and use of the eShop. This means that if you do not provide us with the required personal data, we will not be able to, among other things, perform the verification, open, operate and maintain your account, grant you access to the eShop, process orders and offers or provide any services.

10. Automated decision making, including profiling

There is no automated decision in individual cases, including profiling, within the meaning of Art. 22 GDPR. The verification of the eShop registration in particular is not based exclusively on automated processing. As described in section 3.6 above, while we do use web analytics services, we use the IP anonymization function of Google Analytics.

11. Security

TFL deploys technical and organisational security measures to protect the information you have made available from being manipulated unintentionally or intentionally, lost, destroyed or accessed by unauthorized persons. Where personal data is being collected and processed, the information will be transferred in encrypted form in order to prevent misuse of the data by a third party. Our security measures are continuously reviewed and revised in line with the latest technology.

12. Links

We endeavour to ensure that the information on our websites or in the eShop is correct, but we do not undertake any obligation to ensure this, nor do we guarantee that the content is complete, correct and up-to-date and/or that the websites/eShop or their content will remain accessible.

Our websites/eShop may contain links to other websites. We assume no responsibility for the content of linked websites or for their data protection standards. To the fullest extent permitted by law, we disclaim all liability to you or any third party for any loss or damage resulting from the use or inability to use, or reliance on any content on our websites/eShop or external websites and any content linked or referred to from our websites/eShop by means of links or otherwise.