geobra Brandstätter Stiftung & Co. KG Data Protection Statement

Thank you for visiting our website and taking an interest in our company. We take the protection of your personal data very seriously. We process your data in compliance with the applicable legal specifications regarding the protection of personal data, in particular the EU General Data Protection Regulation (EU GDPR) and the country-specific implementation laws that apply for us. The purpose of this Data Protection Statement is to provide you with comprehensive information about the processing of your personal data by geobra Brandstätter Stiftung & Co. KG and the rights to which you are entitled.
Personal data is information that make it possible to identify a natural person. In particular this includes your name, date of birth, address, phone number and email address, as well as your IP address. Anonymous data is data that does not enable a user to be identified in any way.

The controller and data protection officer

Address (company address for service)
geobra Brandstätter Stiftung & Co. KG
Brandstätterstr. 2-10
90513 Zirndorf

Contact details
Phone: +49 911 9666 1976
Fax: +49 911 9666 1178

Data protection officer contact:

Your rights as a data subject

Firstly we would like to inform you of your rights as a data subject. These rights are standardised in Articles 15-22 of the European Union General Data Protection Regulation (GDPR). This includes:
  • The right to access (Art. 15 GDPR),
  • The right to erasure (Art. 17 GDPR),
  • The right to rectification (Art. 16 GDPR),
  • The right to data portability (Art. 20 GDPR),
  • The right to restriction of processing (Art. 18 GDPR),
  • The right to object to processing (Art. 21 GDPR).
In order to assert these rights, please contact The same applies if you have questions on how data is processed in our company. You are also entitled to lodge complaints with a supervisory authority for data protection.

Rights to object

In the context of rights to object, please note the following:

If we process your personal data for the purpose of direct advertising, you have the right to object to this data processing at any time without stating reasons. The same also applies for any profiling insofar as it is associated with the direct advertising.
If you object to processing for the purposes of direct advertising, we will no longer process your personal data for these purposes. Making an objection is free of charge and can be done via submission in any form; if possible, please submit any objection to
In the event that we process your data for the purpose of legitimate interests, you may at any time object to this processing on grounds relating to your particular situation; this also applies for any profiling supported by these provisions.
We will then no longer process your personal data unless we are able to demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if processing services the establishment, exercise or defence of legal claims.

Purposes and legal bases of data processing

When processing your personal data, the provisions of GDPR and all other applicable data protection law are complied with. The legal basis for data processing arises in particular from Art. 6, GDPR.
We use your data for initiating business; fulfilling contractual and legal obligations; implementing the contractual relationship; offering products and services; and strengthening the customer relationship, which may also include analysis for the purpose of marketing and direct advertising.
Your consent also represents a permission instruction under data protection law. We hereby inform you of the purposes of data processing and your right to object. If consent also relates to processing special categories of personal data, we will make explicit reference to this in the consent. Special categories of personal data, as defined by Art. 9 Para 1 GDPR, may only be processed when necessary due to legal specifications and when there is no grounds to suspect that your legitimate interest in the exclusion of processing takes precedence.

Disclosure to third parties

We will only disclose your data to third parties in the framework of legal provisions or in the event of corresponding consent. Otherwise we will not disclose your data to third parties unless we are required to do so due to compulsory legal stipulations (disclosure to external bodies such as supervisory authorities or law enforcement authorities).

Data recipients / categories of recipients

Within our company, we ensure that only individuals who require your data to fulfil contractual and legal obligations receive access to that data.
In many cases, service providers support our departments in performing their tasks. The necessary data protection contracts have been concluded with all service providers.
In order to process shipping orders with UPS, the recipient’s name, address, phone number and email address are recorded. This data is passed on to UPS so it can process shipping for this order. After the data are transferred, the recipient receives a shipping confirmation email from UPS, with shipping tracking information.

Transfer to third countries/intention to transfer to third countries

Data is transferred to third countries (outside the European Union and/or the European Economic Area) only in as far as this is: necessary for carrying out the contractual relationship; required by law; or you have provided us with your consent for us to do so.
We transfer your personal data to a service provider or group companies outside the European Economic Area: Salesforce (US states and Asia-Pacific). The Salesforce data privacy policies are available to view here:

Period of data storage

We store your data for as long as is needed for the respective purpose of processing. Please note that many retention periods exist requiring that data continues to be stored. This particularly relates to retention obligations under commercial or fiscal law (such as the Commercial Code (Handelsgesetzbuch, HGB), General Fiscal Law (Abgabenordnung, AbgO), etc.). Unless there are further-reaching retention obligations, the data will be routinely erased once the relevant purpose has been fulfilled.
In addition, we may retain data if you have provided your authorisation for us to do so, or if legal disputes arise within the statutory limitation period and we use pieces of evidence that become subject to legal limitation periods, which may be up to thirty years; the regular limitation period is three years.

Secure transfer of your data

We implement appropriate technical and organisational measures for the best possible protection of the data we store against accidental or deliberate manipulation, loss, destruction, or access by unauthorised individuals. Security levels are reviewed on an ongoing basis in collaboration with security experts, and adapted to new security standards.
Data exchange from and to our web server is encrypted in every case. We offer HTTPS as a transfer protocol for our web presence, in each case subject to the use of current encryption protocols. We also offer our users content encryption within the contact forms. We are the only party able to decrypt this data. There is also the option of using alternative channels of communication (e.g. post).

Obligation to provide data

Various personal data is required for the establishment, implementation, and termination of the contractual relationship, and the fulfilment of the associated contractual and legal obligations. The same applies for the use of our website and the various functions it offers.
We have summarised the details of this in the point above. In certain cases, data also needs to be collected or made available as a result of legal provisions. Please note that it is not possible to process your enquiry or execute an underlying contractual relationship without the provision of this data.

Categories, sources, and the origin of data

Which data we process is determined by the relative context: It depends, for example, on whether you place an order online or enter an enquiry into our contact form, or submitting a complaint.
Please note that we may also make information for particular processing situations separately available to an appropriate body, for example when a contact enquiry is sent.

We collect and process the following data when you visit our website:
  • The name of your internet service provider
  • Information about the website from which you reach our site
  • The web browser and operating system you are using
  • The IP address allocated by your internet service provider
  • The files requested, data volume transferred, and downloads/file export
  • Information about the webpages that you access on our site, including the date and time
We collect and process the following data when you submit a contact enquiry:
  • Surname and first name
  • Address
  • Email address
  • Title
  • Information on your requests and interests
We process the following data in the course of the order:
  • Title
  • Surname and first name
  • Company name
  • Date of birth
  • Delivery address
  • Invoice address
  • Email address
  • Phone number
  • Data that may legitimately be processed from other sources
We collect and process the following data for newsletters:
  • Surname and first name
  • Email address
  • Title
  • Postcode
  • Analytical data from the newsletter evaluation
We collect and process the following data for competitions:
  • Surname and first name
  • Postal address and/or address
  • Email address
  • Date of birth
  • Country

Contact form/making contact by email (Art. 6 Para. 1 lit. a, b GDPR)

Our website contains a contact form that can be used to make contact electronically. If you write to us using the contact form, we process the personal data you provide in the contact form in order to make contact and respond to your questions and requests.
The principle of data economy and data reduction is taken into account here, in that you only need to provide the data that we need in order to make contact with you. This comprises your email address, title, first name, surname, subject, and the message field itself. In addition, your IP address is processed for reasons of technical necessity and legal safeguarding. All other data fields are voluntary, and you have the option of filling them out (for example for a better-tailored response to your questions).
If you contact us by email, we will process the personal data you provide in the email purely for the purpose of processing your enquiry.

Newsletters (Art. 6 Para. 1 lit. a GDPR)

You can subscribe to a free-of-charge newsletter on our website. Your name and the email address provided during newsletter registration will be used for sending the personalised newsletter. The principle of data economy and data reduction is taken into account here, as only the email address (and where applicable a name for a personalised newsletter) is identified as a mandatory field. When you subscribe to the newsletter, your IP address will also be processed for reasons of technical necessity and legal safeguarding.
You may of course end your subscription at any time using the unsubscribe option provided in the newsletter, thereby revoking your consent. Furthermore, you may at any time also unsubscribe from the newsletter directly via our website.
We use the double opt-in procedure for sending newsletters by e-mail. This means that you will only receive advertising by e-mail if you have expressly confirmed beforehand that we should activate the newsletter service. This is done by sending you a notification e-mail and asking you to confirm that you would like to receive our newsletter at this e-mail address by clicking on a link contained in this e-mail.

The webshop (Art. 6 Para. 1 lit. b GDPR)

We process the data you provide in the context of the order form only for the purposes of implementing and/or transacting the contractual relationship, unless you agree to its further use.
The principle of data economy and data reduction is taken into account in that you only need to provide us with data that we require in order to implement the contract and/or to fulfil our contractual obligations (i.e. your name, address, email address, and the payment details required for the selected payment type) or which we are legally required to collect.
In addition, your IP address is processed for reasons of technical necessity and legal safeguarding. Without this data being provided, we must unfortunately refuse to enter into a contract as we will not then be able to implement it, or we may need to terminate an existing contract. You are of course also free to provide more data if you would like to.

Registration/customer account (Art. 6 Para. 1 lit. a, b GDPR)

On our website, we offer users the opportunity to register by providing their personal data. The advantage of this is that you are able to view your order history, and the data you provide is stored for the order form, meaning that you will not need to enter the information again the next time you place an order. Registration is therefore either necessary in order to fulfil a contract (via our online shop) with you or to implement pre-contractual measures, or possible if guest access is also made available.
The principle of data economy and data reduction is taken into account here as only the data required for registration is marked with an asterisk (*). These are, for example, an email address and password including a password confirmation.
If you wish to place an order in our shop, we also need information about the invoice address (title, first name, surname, postal address, phone number) for delivery. If the delivery address differs from the invoice address, the above information must also be provided for the delivery address.
Registering on our website also causes the user’s IP address, the date, and the time of registration to be stored (technical background data). By pressing the “Register now” button, you provide your consent for the processing of your data.
Please note: The password you allocate will be stored within our organisation in encrypted format. Employees of our company are not able to read this password. They are therefore unable to provide you with information if you forget your password.
Should this happen, use the “Forgotten password” function, which sends you a new, automatically generated password by email. No employee is entitled to ask you for your password during a phone call or in writing. So please never disclose your password if you receive any requests of this type. Completing the registration process causes your data to be stored within our organisation in order for you to use the protected customer area. As soon as you register on our website, with your email address as the username and with a password, this data will be made available for actions that you perform on our website (e.g. for placing orders in our online shop). Orders placed can be viewed in the order history. You can make changes to the invoice or delivery address here.
Registered individuals are free to independently change/rectify the invoice or delivery address in the order history. Our customer service team is also happy to change or rectify this information if you get in touch with them. You can of course also terminate or delete your registration and your customer account (under “My customer account”, “Delete customer account”).

Advertising purposes for existing customers (Art. 6 Para. 1 lit. f GDPR)

geobra Brandstätter Stiftung & Co.KG is interested in maintaining its customer relationship with you, and sending you information and offers relating to our products/services (catalogues and newsletters). We process your data for these reasons, in order to send you appropriate information and offers by email and post.
If you do not wish us to do so, you can object to the use of your personal data for the purposes of direct advertising at any time; this also applies for profiling in as far as it is associated with direct advertising. If you submit an objection, we will no longer process your data for this purpose.
The objection can be provided free-of-charge, in any form, and without stating reasons; you can submit your objection by calling +49 911 9666 1976, emailing or by post to geobra Brandstätter Stiftung & Co. KG, LECHUZA, Brandstätterstr. 2-10, 90513 Zirndorf, Germany.

Automated decision-making in individual cases

We do not use any purely automated processing procedures for making decisions.

Cookies (Art. 6 Para. 1 lit. f GDPR / Art. 6 Para. 1 lit a GDPR in the event of consent)

Our websites use cookies in various places. They are used to make our site more user-friendly, effective, and secure. Cookies are small text files which are stored on your computer and saved by your browser (locally and on your hard drive).
These cookies enables us to analyse how users use our websites. This means that we can design the content of the website to meet the needs of its visitors. Cookies also enable us to measure how effective a particular advertisement is, and for example to place it depending on thematic user interests.
Most of the cookies we use are session cookies which are automatically deleted after your visit. Permanent cookies are automatically deleted from your computer when their term of validity (generally six months) is reached, or if you delete them yourself before the term of validity expires.
Most web browsers accept cookies automatically. However, you can generally also change your browser settings if you would prefer not to send information. You can still continue to use our website without restrictions in this case (with the exception of configurators).
We use cookies to make our site more user-friendly, effective, and secure. In addition, we use cookies that enable us to analyse how users utilise our websites. This means that we can design the content to meet the needs of visitors. Cookies also enable us to measure how effective a particular advertisement is, and for example to place it depending on thematic user interests.
Cookies are stored on the user’s computer and transferred from it to our site. You as a user therefore also have full control over the use of cookies. You can deactivate or restrict the transfer of cookies by changing the settings in your web browser. Cookies that have already been set can also be deleted at any time using a web browser or other software programs. This is possible in all standard web browsers. Please note: If you deactivate the saving of cookies, you may no longer be able to use all of our website’s functions to the full extent.

User profiles/web tracking procedures

Data protection note for econda:
Solutions and technologies from econda GmbH are used to record and save anonymised data and to create usage profiles based on this data using pseudonyms, in order to support needs-appropriate design and optimisation of this website. Cookies that enable a web browser to be recognised on repeat visits may be used for this purpose. However, usage profiles are not brought together with data relating to the holder of the pseudonym without explicit approval from the visitor. In particular, IP addresses are made unrecognisable immediately after receipt, meaning it is not possible to allocate usage profiles to IP addresses. Pseudonymised data is used on the basis of the regulations of Article 15, Para. 3 of the German Teleservices Act (Telemediengesetz, TMG). Visitors to this website may at any time object to the recording and storage of data with immediate effect here. The objection applies only for the device and web browser on which it was set; if required, please repeat the process on all of your devices. If you delete the opt-out cookie, your enquiries will once again be transferred to econda.

Information about privacy in social media

The company geobra Brandstätter Stiftung & Co. KG maintains various appearances in "social media" in order to communicate with the users registered there and to inform them about our services.
We wish to point out that you are responsible for your use of these platforms and their included features. This applies in particular to your specific usage behaviour on these platforms. This is especially the case if you use interactive features (e.g. commenting, sharing, rating).
With regard to the processing of your personal data, however, we have a shared responsibility with Facebook towards all existing customers, prospective customers and users. We are aware of this responsibility and the protection of your data is important to us. Unfortunately, we are unable to fully meet our responsibilities in this context because Facebook does not provide us with the necessary transparency and the information required to fulfil the above-mentioned information obligations. Nevertheless, we strive to take all necessary measures to protect your data.
We further point out that when you use these platforms, your data may be processed outside the European Union. As a result of being certified under the EU-US Privacy Shield, US providers guarantee that EU data protection standards will be respected, including when data is processed in the United States.
In addition, your usage and user-related information may be processed for market-research and promotional purposes. For example, user profiles may be generated on the basis of your usage behaviour and associated interests. This makes it possible to activate ads both within and outside these platforms. As a general rule, cookies are stored on your device for this purpose. Regardless of this, the usage profiles may also be used to store data that is not collected directly from your device (especially if you are a member of the respective platforms and are logged in to them).

In addition, as the provider of this information service, we do not collect and process data resulting from your use of our service.

Our processing of users' personal data is based on our legitimate interest in effectively informing and communicating with users in accordance with. Art. 6 (1f) GDPR. If you are asked to consent to data processing by the respective providers (e.g. by checking a box or clicking on a button), the legal basis for the processing is Art. 6 (1a) and Art. 7 GDPR.

Right of objection
If you are a member of a social network and do not want the network to collect information about you via our website, or to link it to your stored membership data on the respective network, you must

  • log out of the respective network before visiting our website
  • delete the existing cookies stored on your device and
  • close and reopen your browser
The next time you log in, however, you will be recognised by the network again as a specific user.
For a detailed description of the respective processing and your right of objection (opt-out), please refer to the provider's information via the links below.
Should you wish to submit requests for information or to assert your rights as a data subject, we wish to point out that you should contact the providers directly. This is because only the providers have access to users' data and can respond directly to your requests and provide information. However, should you still need assistance, then please feel free to contact us.

Notice regarding copyright law and artists' rights

Should you wish to publish images, texts, plans, videos, music, etc. on our website, please be aware that you may be required to assign all associated usage rights to the network, which could ultimately have legal consequences for you if you are not the author or rights holder.

Online offers for children

Individuals under the age of 16 may not transfer personal data to us or issue a declaration of consent without the approval of their parent or legal guardian. We would like to invite parents and legal guardians to actively participate in their children’s online activities and interests.

Links to other providers

Our website also – clearly and identifiably – includes links to websites operated by other companies. Where links to other providers’ websites are provided, we have no influence over their content. For this reason, no guarantee can be provided and no liability can be accepted for this content. The respective provider or operator of the relevant pages is responsible for the content of these pages.
At the time that the link was placed, the linked pages were checked for possible legal violations and identifiable infringements of the law. No legal content was identifiable at the time that the link was placed. However, constant monitoring of the content of the linked pages is unreasonable without specific indication of an infringement of the law. In the event of infringements of the law becoming known, links of this type will be removed without delay.