PRIVACY POLICY

Reseller Shop

www.haba-reseller.de

Last updated: 07.04.2026

Table of contents

1. Controller

2. Contact for data protection inquiries

3. Purposes, categories of data and legal bases

4. Cookies, technologies & consent management (Cookiebot by Usercentrics)

5. Recipients – categories and specific service providers

6. Social media - integrations

7. International data transfers

8. Mandatory information & consequences of non-provision

9. Storage period

10. Automated decisions / profiling

11. Data security

12. Your rights

13. Source of data

14. Minors

15. Changes to the privacy policy

1. Controller

This company is also the operator of the website.

Habermaass GmbH & Co. KG, Bad Rodach, Germany, AG Coburg, HR A 5220 General partner: Habermaass Administration GmbH, Bad Rodach, AG Coburg, HR B 4746 Managing Director: Dr. Mario Wilhelm E-mail address: service@haba.de Phone: + 49 9564 929 60113 VAT ID No. DE 815 831 282 WEEE Reg. No.: DE 51463378

2. Contact for data protection inquiries

Habermaass GmbH & Co. KG, Data Protection Officer, August-Grosch-Str. 28-38, 96476 Bad Rodach or by e-mail: service@haba.com.

3. Purposes, categories of data and legal bases

We process personal data only to the extent necessary.

  • Webshop operation & IT security (server logs, IP address, timestamp, user agent, error logs) – Art. 6(1)(f) GDPR (legitimate interest in secure operation).

  • User account (name, e-mail, login metadata) – Art. 6(1)(b) GDPR.

  • Order & contract processing (name, billing/delivery address, contact, payment and transaction data, shopping cart/order history) – Art. 6(1)(b) GDPR ; legal obligations e.g. under HGB/AO – Art. 6(1)(c) GDPR.

  • Payment processing via selected payment service providers Art. 6(1)(b) GDPR.

  • Customer service & communication (inquiries, warranty, returns) – Art. 6(1)(b) and (f) GDPR.

  • Fraud prevention, credit checks (B2C/B2B) Art. 6(1)(f) GDPR (risk minimization); if applicable, Art. 6(1)(b) GDPR.

  • debt collection & legal enforcement Art. 6(1)(b), (c) and (f) GDPR.

  • Marketing/newsletter (optional) – only with consent – Art. 6(1)(a) GDPR (withdrawal possible at any time).

4. Cookies, similar technologies & consent management (Cookiebot by Usercentrics)

We use cookies/similar technologies:

  • Necessary cookies to provide the shop – § 25(2) TTDSG; subsequent processing – Art. 6(1)(f) GDPR.

  • Optional cookies (e.g. functional, analytics, marketing) – only with consent§ 25(1) TTDSG, Art. 6(1)(a) GDPR.

On first visit our cookie banner (Cookiebot by Usercentrics).

Manage consents / cookie overview: https://www.haba.de/cookies

There you will find all cookies used (purposes, providers, durations), change your choices at any time and withdraw consents. Cookiebot logs consents in a legally compliant manner.

5. Recipients – categories and specific service providers

We only pass on data when there is a legal basis (see above) or we are legally obliged to do so. These include in particular:

5.1 Payment service providers (PSP/acquirer/wallet)

  • Computop Paygate GmbH – Schwarzenbergstraße 4, 96050 Bamberg, DE; E-mail: sales@computop.com; Web: https://www.computop.com

  • Nexi Germany GmbH (formerly Concardis) – Helfmann‑Park 7, 65760 Eschborn, DE; E-mail:serviceDE@nexigroup.com; Web: https://www.nexi.de

  • PayPal (Europe) S.à r.l. et Cie, S.C.A. – 22-24 Boulevard Royal, L-2449 Luxembourg; E-mail:impressum@paypal.com; Web: https://www.paypal.com

5.2 Credit checks (depending on case, B2C/B2B)

  • CRIF GmbH (CRIF/CRIF Bürgel) – Victor‑Gollancz‑Straße 5, 76137 Karlsruhe, DE; E-mail:info.de@crif.com; Web: https://www.crif.de

  • Verband der Vereine Creditreform e. V. (Head office, for service provision via local branches) – Hammfelddamm 13, 41460 Neuss, DE; E-mail: kontakt@creditreform.de; Web: https://www.creditreform.de

Note on scoring: CRIF/Creditreform may provide probability values (score) that are incorporated into credit decisions (e.g. selection/limitation of payment methods). You can present your viewpoint and request a manual review (Art. 22, Art. 21 GDPR).

5.3 Debt collection service providers (depending on customer segment/region)

  • coeo Inkasso GmbH (private customers, DE) – Kieler Straße 16, 41540 Dormagen, DE; E-mail:info@coeo-inkasso.de; Web: https://www.coeo-inkasso.de

  • BID Bayerischer Inkasso Dienst GmbH (business customers DE/AT) – Weichengereuth 26, 96450 Coburg, DE; E-mail:info@bid-coburg.de; Web: https://www.bid-coburg.de

  • Profaktura Auslandsinkasso GmbH (business customers international) – Weichengereuth 26, 96450 Coburg, DE; E-mail:info@bid-coburg.de; Web: https://www.bid-coburg.de/inkasso-ausland/

5.4 Other recipient categories

Processors/IT, hosting, website analytics, cloud outsourcing, marketing service providers, shipping/logistics companies, payment and accounting providers, lawyers, authorities/courts (in case of legal enforcement). Affiliated companies, e.g. HABA Group B.V. & Co. KG.

6. Social media - integrations

Our website contains links to social media platforms, identifiable by their respective logos. These links are purely passiveno data transfer occurs, before you click on the respective icon. Only then does your browser establish a direct connection to the server of the respective network. Legal basis: Art. 6(1)(f) GDPR (interests in user-friendly communication and external presentation).

The following references are embedded:

Facebook

Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland Privacy: http://www.facebook.com/about/privacy/your-info#everyoneinfo

Instagram

Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland Privacy: https://instagram.com/about/legal/privacy

YouTube

Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Pinterest

Pinterest Europe Ltd., WeWork, 2 Dublin Landings, N Wall Quay, Dublin 1, D01 V4A3, Ireland Privacy: https://about.pinterest.com/de/privacy

Note on the Facebook fan page

Information on the processing of personal data in connection with our Facebook fan page can be found in our supplementary

Privacy notice – Facebook fan page.

7. International data transfers

We only pass on data when there is a legal basis (see above) or we are legally obliged to do so. These include in particular:

  • Within the EU/EEA: CRIF (DE), Creditreform (DE), Computop (DE), Nexi (DE) usually process within the EU/EEA.

  • Luxembourg: PayPal (Europe) is based in Luxembourg (EU).

  • Outside the EU/EEA: If subcontractors are used in third countries, we provide

    appropriate safeguards to ensure (in particular EU standard contractual clauses, Art. 46 GDPR), additional measures as needed and documented transfer assessments.

Details and links to safeguards are available upon request.

8. Mandatory information & consequences of non-provision

Data required for the conclusion of contract/delivery are usually name, address, e-mail, payment data.Order processing not possible. Data for optional offers (e.g. newsletter) are indicated as such.

9. Storage period

  • Contract/order data: statutory retention periods (usually 6 or 10 years).

  • Customer account: until deletion of the account.

  • Support/communication: case-related, typically 3–36 months.

  • Cookie consents: according to retention obligations; durations see cookie page.

  • Debt collection/legal data: until the expiry of the limitation period or completion of the measure plus retention periods for evidence.

10. Automated decisions / profiling

We do not use solely automated decision-making with legal effect.In the case of credit checks a score may be incorporated (see 5.2). You have the right to , present your viewpoint, to request human intervention to request and challenge the decision (Art. 22(3) GDPR). We use advertising scoring,

11. Data security

in order to inform and advise you about products in a targeted way, we use evaluation tools. These enable needs-based communication and advertising including market and opinion research

We take extensive technical and organizational measures to protect your data from loss, manipulation and unauthorized access. Our security measures are regularly reviewed and adapted to technological progress.

SSL encryptionAll data transmissions in our webshop are carried out using SSL/TLS encryption. You can recognize the secure connection by a padlock icon

in the address bar of your browser. Personal data (e.g. name, address, payment information) is transmitted encrypted and cannot be viewed by unauthorized parties during transmission.

Use of Google reCAPTCHA (Invisible reCAPTCHA)To protect our forms we use Google reCAPTCHA (Invisible reCAPTCHA)Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA of legitimate interest in IT and form security pursuant to Art. 6(1)(f) GDPR, to prevent automated abuse (bots).

Your IP address is transmitted to Google, however first truncated within the EU/EEA; only in exceptional cases a transfer to the USA occurs, where the IP address is then truncated. No merging with other Google data takes place.

Further information:

Legal basis: Art. 6(1)(f) GDPR (protection of network security).

12. Your rights

You have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20) and objection (Art. 21 GDPR).

A withdrawal of given consents is possible at any time with effect for the future (Art. 7(3) GDPR).

You can at any time lodge a complaint.

The supervisory authority responsible for us is:

Bavarian State Office for Data Protection Supervision

P.O. Box 606

91511 Ansbach

Germany

Telephone: +49 (0) 981 53 1300

Fax: +49 (0) 981 53 98 1300

E-mail: poststelle(at)lda.bayern.de

If you want to file a complaint, you can use the supervisory authority's online complaint form (available at: https://www.lda.bayern.de/de/beschwerde.html) use.

For this you will need the free Adobe Reader which can be downloaded here.

13. Source of data

We receive data directly from you (e.g. order) or from permissible third-party sources (e.g. address/credit service providers, debt collection in case of assignment; details see 5).

14. Minors

Our webshop is aimed at adult business operators.We do not knowingly process data

of children under 16 years.

15. Changes to this privacy policy We update this statement as necessary (e.g. changed legal situation, new service providers). The current current version