Data Protection Statement
Phone: +49 (0) 40 605 909 190
Trade Registry/Nr.: Hamburg, HRB 145319
Managing Director: Carlos Martins
Version: March 2018
This is an English copy. Please note that only the German original is legally valid and can be found here.
1 Basic Information on Data Processing and Legal Foundations
1.1. This data protection statement provides you with information regarding the manner, scope and purpose of processing of personal data within our online service and the associated websites functions and content (hereafter referred to as “online service” or “website”). The data protection statement applies independently of the domains, systems, platforms and devices employed (e.g. desktop or mobile) to run the online service.
1.2. The terminology used, such as “personal data” or “processing” of the personal data, refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
1.3. Personal user data processed in the context of this online service includes inventory data (e.g. customer name and address), contractual information (e.g. services used, names of contact persons, payment information), usage data (e.g. the websites visited in our online service, interest in our products) and content data (e.g. information entered on the contact form).
1.4. The term “user” covers all categories of persons affected by data processing. These include our business partners, customers, interested parties and other visitors to our online service. The terminology deployed, such as “user”, is intended to be gender neutral.
1.5. We process personal data only in compliance with the relevant data protection regulations. This means that user data is only processed when legal permission is given, i.e. in particular if data processing is necessary in order to provide our services (e.g. order processing) as well as other online services, or where user agreement is a statutory requirement, as well as due to our legitimate interests (i.e. analysis, improvement and security of our online service in the sense of Art. 6 (1) (f) GDPR, in particular for the assessment and creation of profiles for advertising and marketing purposes, as well as collection of access data and deployment of third-party services.
1.6. We draw your attention to the fact that the legal basis of the agreements is Art. 6 (1 lit a) and Art. 7 GDPR, the legal basis of data processing for the fulfillment of our services and the execution of contractual measures is Art 6 (1) letter b GDPR, the legal basis of data processing for the fulfillment of our legal obligations is Art. 6 (1 letter c) GDPR, and the legal basis of data processing for the protection of our rightful interests is Art 6 (1 letter f) GDPR.
2 Security Measures
2.1. We make organizational, contractual and technical security measures according to the latest technology in order to ensure that the rules of data protection laws are complied with and in order to protect the data that we process against incidental or intentional manipulations, loss, destruction or against access by unauthorized persons.
2.2. Security measures include in particular the encrypted transfer of data between your browser and our server.
3 Transfer of data to third parties and third-party providers
3.1. Any transfer of data to third parties shall only take place in the context of the statutory requirements. We shall only pass on user data to third parties if this is necessary for example on the basis of Art 6 (1) (b) GDPR for contractual purposes or on the basis of legitimate interests in accordance with Art 6 (1) (f) GDPR in the profitable and effective operation of our commercial business.
3.2. Where we utilize sub-contractors for the provision of our services, we shall make the appropriate legal arrangements and we will put in place relevant technical and organizational measures to ensure the protection of personal data in accordance with the relevant statutory provisions.
3.3. Where third-party content, tools or other means are deployed in the context of this data protection statement (hereafter summarized as “third-party providers”), whose registered offices are in a third country, it shall be assumed that a data transfer is made to countries of the third-party providers. Third countries are defined as countries in which the GDPR is not directly applicable law, meaning in principle countries outside of the EU or of the European Economic Area. The transfer of data to third countries shall be made either if an appropriate level of data protection, an agreement by the users, or otherwise a legal authorization has been given.
4 Provision of contractual services
4.1. We process inventory data (e.g. names and addresses as well as user contact information), contractual information (e.g. services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and service performance in accordance with Art. 6 (1) (b) GDPR.
4.2. Users can choose to create a user account. In the context of executing an order, the required obligatory information is provided to the users. The user accounts are not public and cannot be indexed by search engines. If users have given notice to terminate their user account, their data will be deleted with regard to the user account, subject to its storage being required for commercial or tax reasons in accordance with Art 6 (1) c) GDPR. It is the responsibility of the users to secure their data before the end of the contract once notice to terminate it has been given. We are entitled to permanently delete all user data stored during the term of the contract.
4.3. We store the IP address and the time of the relevant user action in the context of the registration and renewed registration as well usage of our online services. The storage is made on the basis of our legitimate interests, as well as the interest of the user in protection from misuse and other unauthorized uses. Data will not be forwarded to third parties, unless it is necessary for the pursuit of our claims or there is a statutory obligation to do so under Art 6 (1) c) GDPR.
4.4. We process usage data (e.g. the websites of our online service visited by the user, interest in our products) and content data (e.g. entries in the contact form or user profile) and for advertising purposes in a user profile in order, for example, to show the user product information based on the services they have used up to that point.
5.1. When contacting us (through the contact form or email), the user information is processed for the purpose of processing and fulfillment of the contact request in accordance with Art. 6 (1) (b) GDPR.
5.2. The user information can be stored in our Customer Relationship Management System (CRM System) or comparable reference system.
6 Collection of access data and log files
6.1. On the basis of our legitimate interests in the sense of Art. 6 (1) (f) GDPR, we collect data every time the server is accessed on which this service is located (known as server log files). The access data includes the name of the website accessed, file, date and time of the access, data volume transferred, notification of successful access, browser type and version, user operating system, referrer URL (previously visited sites), IP address and the provider making the access request.
6.2. Log file information is stored for a maximum of seven days and subsequently deleted for security reasons (e.g. to solve abuse or fraud offences). Data for which continued storage is required for evidence purposes is exempted from deletion until the investigation has been completed of the relevant incident.
7 Cookies & reach measurement
7.1. Cookies are information that are transferred to the users’ web browser by our web server or a third-party web server and stored there to be accessed at a later date. Cookies can be small files or other types of information storage.
7.2. We use “session cookies”, which are only filed for the duration of the actual visit on our site. A randomly generated clear identification number is filed in a session cookie, which is known as a Session ID. In addition, a cookie contains information about its origin and storage duration. These cookies cannot store any other data. Session cookies are deleted as soon as you have finished using our online service and have logged out or closed the browser.
7.4. If users do not want cookies to be stored out their computer, they will be asked to deactivate the relevant option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to restricted functionality of this online service.
7.5. You can object to the deployment of cookies that are used for reach measurement and advertising purposes by visiting the deactivation page of the network advertising campaign (http://optout.networkadvertising.org/) as well as the American website (http://www.aboutads.info/choices) or the European (http://www.youronlinechoices.com/uk/your-ad-choices/).
8 Cookies Settings
In addition, or as an alternative to cookies settings, you can stop tracking by Google Analytics on our pages by clicking this link. This installs an opt-out cookie on your device. This prevents future collection by Google Analytics for this website and for this browser, as long as the cookie remains installed on your browser.
Click on the lower button to switch off Google Analytics tracking.
• Only allow First-Party-Cookies
• Do not allow any cookies
9 Google Analytics
9.2. Google is certified by the Privacy-Shield Agreement and thus offers a guarantee to comply with the European data protection laws https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
9.3. Google will use this information on our behalf in our order to evaluate the use of our online service by the users, to draw up reports about activities within this online service and to provide us with additional services connected with the use of this online service and with Internet usage. For this purpose, pseudonymous usage profiles of the users can be created from the processed data.
9.4. We only use Google Analytics with activated IP anonymization. This means that the users’ IP address is abbreviated by Google within member states of the European Union or in other countries that are party to the European Economic Area treaty. The complete IP address is only transmitted to a Google server in the US in exceptional cases and is then abbreviated there.
9.5. The IP address transmitted by the user’s browser is not collated with other data by Google. Users can prevent the storage of the Cookies using a relevant setting of their browser software; users can moreover prevent the collection of the data generated by the Cookie and connected to their use of the online service by Google, by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=com.
9.6. You can find further information on data usage by Google, settings and opt-out options on Google web pages: https://safety.google.com/privacy/ (“Data use by Google when you use our partner websites or apps”), http://www.google.com/policies/technologies/ads (“Data used for advertising purposes”), http://www.google.de/settings/ads („Managing information that Google uses to show you advertising”).
10 Google Re/Marketing-Services
10.1. On the basis of our legitimate interests (i.e., reach measurement, improvement and profitable operation of our online service in the sense of Art. 6 (1) (f) GDPR), we use the marketing and re-marketing services (abbreviated to “Google Marketing Services”) of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”).
10.2. Google is certified under the Privacy Shield Agreement and thereby provides a guarantee of compliance with European data protection laws (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
10.3. Google Marketing Services allow us to display advertising for and on our website in a more targeted way in order to show users only advertising that will potentially be of interest to them. If a user is shown for example advertisements for products that they were interested in on other websites, this is called “Re-marketing”. For this purpose, when accessing our website and others on which Google Marketing Services are active, a Google code is executed directly by Google and (re)marketing tags are incorporated into the website (invisible graphics or code that is also known as “web beacons”). Through these, an individual cookie is stored on the user’s device, i.e. a small file (comparable technologies can be used instead of Cookies). Cookies can be set by different domains, amongst which google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file notes which websites the user visits, which content he is interested in and which offers he clicked on, as well as technical information on the browser and operating system, referring websites, visit duration and additional information on the use of the online service. The user IP address is also collected, although we notify in the framework of Google Analytics that the IP address is abbreviated in the member states of the European Union or in other countries that are party to the treaty on the European Economic Area, and it is only transmitted in full to a Google server in the US and abbreviated there in exceptional cases. The IP address is not collected with user data within other Google services. The above listed information can also relate to such information from other sources by Google. If the user subsequently visits other websites, he may be shown advertisements tailored to him according to his interests.
10.4. User data is processed pseudonymously in the framework of Google Marketing Services. This means that Google does not store and process for example the name or email address of the users, but processed the relevant data connected to the cookie within pseudonymous user profiles, i.e. from the point of view of Google, the advertisements are not administered and displayed for a specifically identified person, but for the cookie owner, regardless of who this cookie owner is. This does not apply if a user has explicitly permitted Google to process the data without this pseudonymization. The information collected about the user by Google Marketing Services are transmitted to Google and stored on Google servers in the US.
10.5. The online advertising program “Google AdWords” is one of the Google Marketing Services that we use. In the case of Google AdWords, each AdWords client receives a different “conversion Cookie”. Cookies can therefore not be traced via the websites of AdWords clients. The information obtained with the help of cookies is used to draw up conversion statistics for AdWords clients who have chosen conversion tracking. AdWords clients discover the total number of users who clicked on their advertisement and were forwarded to a page with a Conversion Tracking tag. They do not however receive any information with which users can be personally identified.
10.7. You can find additional information on data usage for marketing purposes by Google on the overview page: https://www.google.com/policies/technologies/ads, Google’s Data Protection Statement is available on https://www.google.com/policies/privacy.
10.8. If you would like to object to the interest-based advertising by Google Marketing Services, you can use the settings and opt-out options provided by Google: http://www.google.com/ads/preferences.
11.1. Here we provide you with information regarding the content of our newsletter as well as the registration, sending and statistical evaluation procedure as well your rights of objection. By subscribing to our newsletter, you agree to receipt of the newsletter and to the procedure described.
11.2. Newsletter content: we send newsletters, emails and additional electronic messages with commercial information (hereafter, “newsletter”) only with the agreement of the recipients or a legal authorization. If the content of the newsletter has been accurately described when registering, it is definitive for the agreement of the users. In addition, our newsletters contain information on our company, products, offers, and campaigns.
11.3. Double Opt-In and reporting: registering for our newsletter is made in a double opt-in procedure, which means that you receive an email after registration asking you to confirm your registration. This confirmation is required so that no one can register with email addresses that are not their own. Subscriptions to the newsletter are reported in order to be able to prove the registration process in compliance with legal requirements. This includes the storage of the registration and confirmation time, as well as the IP address. Changes to your data stored with the dispatch service provider are also reported.
11.4. Dispatch service provider: sending the newsletter is carried out by Infusionsoft, Inc. 1260 South Spectrum Boulevard, Chandler, Arizona 85286, hereafter described as “dispatch service provider”. You can view the data protection provisions of the dispatch service provider here: https://www.infusionsoft.com/legal/gdpr In order to ensure an appropriate level of data protection, we have agreed EU standard contractual clauses with the dispatch service provider.
11.5. The dispatch service provider can use data in a pseudonymous form according to their own information, i.e. without allocation to a user, for the optimization or improvement of their own services, e.g. for the technical optimization of the dispatch and the display of the newsletter or for statistical purposes, in order to determine which countries the recipients come from. However, the dispatch service provider shall not use the data of our newsletter recipients to write to them directly, nor will they pass the data on to third parties.
11.6. Registration data: in order to register for the newsletter, it is enough to provide your email address. We ask for your name so that we can personalize the greeting in the newsletter.
11.7. Statistical evaluation and analysis; the newsletter contains a Web Beacon, which is a pixel-sized file that is accessed by the server of the dispatch service provider upon opening the newsletter. In the context of this access, initially technical information on the browser and your system as well as your IP address and time of access is collected. This information is used to make technical improvements to the service using the technical data or the target groups and their reading behavior using their access locations (which can be determined using the IP address) or the access times. The statistical evaluation includes information on whether the newsletters are opened, when they are opened, and which links are clicked on. This information can be allocated to the individual newsletter recipients for the technical reasons. It is not however our intention, nor the intention of the dispatch service provider, to observe individual users. The evaluations instead are useful in order to understand the reading habits of our users, and to adapt our content to them or to send different content according to the interests of our users.
11.8. The use of the dispatch service provider, completion of statistical evaluations and analysis as well as reporting of the registration procedure are carried out based on our legitimate interests according to Art. 6 (1) (f) GDPR. Our interest lies in the use of a user-friendly and secure newsletter system that services both our business interests as well as fulfilling the expectations of the users.
11.9. Unsubscribe/revocation – you can unsubscribe from receiving our newsletters at any time, which means revoking your agreements. This simultaneously cancels your agreements to its dispatch by the dispatch service provider and the statistical analysis. A separate cancellation of dispatch by the dispatch service provider or statistical evaluation is unfortunately not possible. You can find a link to unsubscribe from the newsletter at the end of each newsletter. If users have only subscribed to the newsletter and have unsubscribed from it, their personal data will be deleted.