Data Privacy

The responsible party within the meaning of Art. 4 (7) of the General Data Protection Regulation (DSGVO) and other national data protection laws of the member states as well as other data protection regulations is:


Dragon e-Commerce GmbH


Ms Franziska Schneider


Südring 215


55128 Mainz


E-mail: franziska.schneider@dragon-ec.com


Internet: www.dragon-ec.com


Scope of the processing of personal data


Dragon e-Commerce processes personal data of its users only to the extent necessary to provide a functional website and its contents and services. The processing of personal data is carried out in order to fulfil the specified purposes, legal obligations or on the basis of the user's consent. An exception applies in those cases in which it is not possible to obtain prior consent for actual reasons.


Legal basis for the processing of personal data


Insofar as we obtain your consent for processing operations of personal data, Art. 6 (1) lit. a EU Data Protection Regulation (DS-GVO) serves as the legal basis.


When processing personal data that is necessary for the performance of a contract with the data subject, Art. 6 (1) (b) DS-GVO serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures. If processing of personal data is necessary for compliance with a legal obligation, Art. 6 (1) c DS-GVO serves as the legal basis. If processing is necessary to protect a legitimate interest of the Sparkassenakademie NRW or a third party and if the interests, fundamental rights and freedoms of the data subject do not override the former interest, Article 6 (1) (f) DS-GVO serves as the legal basis for the processing.


Data deletion and storage period


The personal data will be deleted or blocked as soon as the purpose of the storage no longer applies. Storage may take place beyond this if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a necessity for the continued storage of the data for the conclusion or fulfilment of a contract.


Provision of the website and creation of log files


Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.

The following data is collected:


- Information about the browser type and the version used,


- the user's internet service provider,


- the user's IP address,


- date and time of access,


- websites accessed by the user's system via our website.


The log files contain IP addresses or other data that allow an assignment to a user. This could be the case, for example, if the link to the website from which the user accesses the website, or the link to the website to which the user goes, contains personal data. This data is also stored in the log files of our system. This data is not stored together with other personal data of the user.


The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.


The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. f DS-GVO, our legitimate interest in optimising the operation of the website.


The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated so that an assignment of the calling client is no longer possible.


Data transfer to third parties


We may disclose your personal data to third parties if the relevant processing operations so require. In this case, you will be informed separately about the transfer of your data to third parties before it is passed on.


In some cases, we use external service providers to process your data. These have been carefully selected by us and commissioned in writing. They are bound by our instructions and are regularly monitored by us. The service providers will not pass on this data to third parties. If these service providers are located in the USA, we will inform you of this in connection with the respective functions.


Use of cookies


Furthermore, cookies are stored on your computer when you use the website. Cookies are small text files which are stored on your end device by the browser used and which provide us with certain information. Cookies cannot execute programs or transfer viruses to your computer. They are used to make the website as a whole more user-friendly and effective.


This website uses cookies to the following extent:


a) Transient cookies (temporary use).


Transient cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This enables your computer to be recognised when you return to the website. Session cookies are deleted when you log out or close your browser.


b) Persistent cookies (time-limited use)


Persistent cookies are automatically deleted after a set period of time, which may vary depending on the cookie. You can delete the cookies at any time in the security settings of your browser.

This stored information is stored separately from any further data you may provide to us. In particular, the cookie data is not linked to your other data.

The legal basis for the processing of personal data using cookies is Art. 6 (1) lit. f DS-GVO.


The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognised even after a page change.


You have control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transfer of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.


We also use the solution Cookiebot from the Danish provider Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter Cookiebot) for cookie consent management. By using this tool, you can control the consent within the meaning of Article 6 (1) sentence 1 lit. a DSGVO for the processing of cookies and obtain an overview of the use and function of the cookies used.


The collected data will be stored until you request us to delete it or until you delete the Cookiebot cookie yourself or until the purpose for storing the data no longer applies. Mandatory legal retention periods remain unaffected. Details on data processing by Cookiebot can be found at https://www.cookiebot.com/de/privacy-policy/.

Cookiebot is used to obtain the legally required consent for the use of cookies in accordance with Art. 6 para. 1 p. 1 lit. c DSGVO .

You can adjust the consents you have confirmed here:


Contact form


The data you enter in the contact form will only be used for correspondence with you. Your data will not be passed on to third parties.

You have the option to revoke your declaration of consent at any time. To do so, please send an e-mail to info@dragon-ec.com.


Use of Google ReCAPTCHA


To ensure that an entry on our website is made by a natural person or is misused by machine and automated processing, we use the ReCAPTCHA functionality of the provider Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google") in some areas (e.g. in the contact form). The service includes the sending of the IP address and possibly other data required by Google for the NoCAPTCHA service to Google and is carried out in accordance with Art. 6 (1) lit. f DSGVO on the basis of our legitimate interest in preventing abuse and spam. The use of Google reCAPTCHA may also involve the transmission of personal data to the servers of Google LLC. in the USA. Further information on Google reCAPTCHA as well as Google's privacy policy can be found at: https://www.google.com/intl/de/policies/privacy/.


Rights of the data subject


You have the right


Pursuant to Art. 7 (3) DSGVO, to revoke your consent once given to us at any time. This means that we may no longer process the data based on this consent in the future;

in accordance with Art. 15 DSGVO, to request information about your personal data processed by us In particular, you may request information about the processing purposes, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of appeal, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling (Art. 22 DSGVO) and, if applicable, meaningful information on its details;

in accordance with Art. 16 DSGVO, to demand the immediate correction of inaccurate or incomplete personal data stored by us;

in accordance with Article 17 of the Regulation, to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;

in accordance with Art. 18 DSGVO, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you; the processing is unlawful, but you object to its erasure; we no longer need the data, but you require it for the assertion, exercise or defence of legal claims; or you have objected to the processing in accordance with Art. 21 DSGVO;

pursuant to Art. 20 DSGVO, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller; and

complain to a supervisory authority in accordance with Art. 77 DSGVO. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.



Right of objection


You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on this provision of Article 4(4) of the GDPR.


If you object, we will no longer process the personal data relating to you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.


If you object to the processing of data for the purpose of direct marketing, we will immediately stop the processing. In this case, it is not necessary to specify a particular situation.


If you would like to exercise your right of withdrawal, you can send us an e-mail at info@dragon-ec.com or contact us by post using the above contact details.


Right to complain to a supervisory authority


Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.


The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 of the GDPR.