Privacy Policy

Introduction

This Privacy Policy explains to you the nature, scope and purpose of the processing of personal data (hereinafter “Data“) within our online offer and the websites, functions and contents associated with it as well as external online presentations, such as our Social Media Profile. (hereinafter collectively referred to as “Online offer“)

  • In the first section of the data protection statement you will find information on the data controller and an overview of our processing procedures.
  • In the second section you will find information about your rights, the relevant legal standards and general information about our data processing.
  • The third section contains information on the individual processing operations. This section is divided into further areas, such as our core services, range measurement or marketing.
  • The fourth and final section contains a glossary of terms used in the context of the provision of our services, including explanations and descriptions of the terms used in the data protection declaration. This means that if you do not know the terms used (e.g. personal reference or cookie), please refer to the last section. In general, all terms used (e.g. responsible person or user) are to be understood as gender-neutral.

 

Table of contents

Section I – Responsibility and overview of data processing >>

  1. Responsibility >>
  2. Contact Data Protection Officer >>
  3. Types of processed data >>
  4. Processing of special categories of data (Art. 9 para. 1 DSGVO) >>
  5. Categories of affected people >>
  6. Purpose of processing >>
  7. Automated decision in individual cases (Art. 22 DSGVO) >>

Section II – Rights of affected people, legal bases and general information >>

    1. Rights of affected people
    2. Right of revocation
    3. Right of objection
  1. Cookies and right of objection in direct marketing >>
    1. Deletion of data and archiving obligations
    2. Changes and Updates to the Privacy Statement
    3. Applicable legal bases
    4. Security of data processing
    5. Disclosure and transfer of data
    6. Transfers to third countries

Section III – Processes >>

  1. Core area of data processing >><
    1. Order processing in the online shop<
    2. Customer account
    3. Bonit check
  1. External Online Presentations >>
    1. Online Presentations in Social Media
  1. Webserver and Security >>
    1. Server logs
  1. Embedded content and features >>
    1. Google services and content
    2. Facebook features and content
    3. Instagram features and Contents
    4. Pinterest features and content
  1. Marketing >>
    1. Newsletter distribution and performance measurement
    2. Communication via mail, e-mail, fax or telephone
    3. Sweepstakes and competitions
  1. Reach measurement, online marketing and technology partners >>
    1. Google Tag Manager
    2. Google Analytics
    3. Google AdWords
    4. Facebook Pixels and Facebook Customer Audience Pixels

Section IV - Definitions >>

 

Section I – Responsibility and overview of data processing

I Responsibility

United Salon Technologies GmbH
Ketzberger Strasse 34
42653 Solingen

Managing Director: Thomas E. Wenzel
Phone: + 49 (0) 212 - 25 20 70
Fax: + 49 (0) 212 - 25 20 777

E-Mail: info@jaguar-solingen.com<
Full Legal Notice: https://jaguar-solingen.com/impressum/

 

II Contact Data Protection Officer

E-Mail: datenschutz@ust-germany.com

 

III Types of processed data

  • Inventory data (e.g., names, addresses).
  • Contact data (e.g., e-mail, telephone numbers).
  • Content data (e.g., text input, photographs, videos).
  • Contract data (for example, contract object, term, customer category).
  • Payment data (e.g., bank details, payment history).
  • Usage data (e.g., visited websites, interest in content, access times).
  • Meta/contact data (e.g., device information, IP addresses).

 

IV Processing of special categories of data (Art. 9 Para. 1 DSGVO)

No special categories of data are processed.

 

V Categories of affected people

  • customers / prospects / business partners.
  • visitors and users of the online offer.

In the following we will summarize the affected persons as "users".

 

VI Purpose of processing

  • Provision of the online offer, its contents and functions.
  • Provision of contractual services, service and customer care.
  • Response to contact requests and communication with users.
  • Marketing, analysis of purchasing behaviour, usage behaviour, advertising and market research.
  • Safety measures.

 

VII Automated decision in individual cases (Art. 22 DSGVO)

Bonit check in the case of advance payment in accordance with Art. 22 DSGVO.

 Status: May 2018

 

Section II - Rights of persons concerned, legal bases and general information

a) Rights of data subjects

You have the right to request confirmation as to whether the data concerned are processed and to request information about these data as well as further information and a copy of the data in accordance with Art. 15 DSGVO.

In accordance with Art. 16 DSGVO, you have the right to request the completion of data concerning you or the correction of incorrect data concerning you.

In accordance with Art. 17 DSGVO, you have the right to demand that relevant data be immediately protected or, alternatively, to demand a restriction on the processing of the data in accordance with Art. 18 DSGVO.

You have the right to request that the data concerning you that you have provided to us be received in accordance with Art. 20 DSGVO and to demand that it be passed on to other persons responsible.

In accordance with Art. 77 DSGVO, you also have the right to file a complaint with the competent supervisory authority.

 

b) Right of revocation

You have the right to revoke consents granted pursuant to Art. 7 para. 3 DSGVO with effect for the future.

 

c) Right of objection

You can object to the future processing of the data concerning you in accordance with Art. 21 DSGVO at any time. The objection may be lodged in particular against the processing for the purposes of direct marketing.

 

I Cookies and right of objection in direct marketing

We use temporary and permanent cookies, i.e. small files that are stored on the users' devices (explanation of the term and function, see last section of this data protection declaration). In part, cookies serve security purposes or are necessary for the operation of our online offer (e.g., for the presentation of the website) or in order to save the user's decision when selecting the cookie banner. In addition, we or our technology partners use cookies to measure reach and for marketing purposes, about which users will be informed in the course of the data protection declaration.

A general objection to the use of cookies for online marketing purposes may be raised for a large number of services, especially in the case of tracking, via the US site. http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by deactivating them in the browser settings. Please note that in this case not all functions of this online offer can be used.

 

a) Deletion of data and archiving obligations

The data processed by us will be processed in accordance with Articles 17 and 18 DSGVO or its processing will be restricted. Unless expressly stated within the scope of this data protection declaration, the data stored by us will be disclosed as soon as it is no longer required for its intended use and there are no legal storage obligations to the contrary. If the data are not protected because they are necessary for other and legally permissible purposes, their processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax law reasons.

In accordance with legal requirements, the data is stored, in particular for 6 years in accordance with §§ 257 (1) HGB (trading companies, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.).) as well as for 10 years in accordance with ä§ 147 para. 1 AO (invoices, records, management reports, accounting documents, commercial and business letters, documents relevant to taxation, etc.)

 

b) Changes and Updates to the Privacy Statement

We kindly ask you to inform yourself regularly about the contents of our data protection declaration. We will amend this privacy statement as soon as changes to the data processing we carry out make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.

 

c) Applicable legal bases

In accordance with Art. 13 DSGVO, we inform you of the legal basis of our data processing. If the legal basis is not stated in the data protection declaration, the following applies: The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 DSGVO, the legal basis for processing for the performance of our services and execution of contractual measures as well as answering inquiries is Art. 6 para. 1 lit. a and Art. 7 DSGVO. The legal basis for processing to fulfil our legal obligations is Art. 6 para. 1 lit. c DSGVO, and the legal basis for processing to safeguard our legitimate interests is Art. 6 para. 1 lit. f DSGVO. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d DSGVO serves as the legal basis.

The principles for commercial communications outside of business relations, in particular by mail, telephone, fax and e-mail, are contained in § 7 UWG. >/p>

 

d) Security of data processing

We take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk, taking into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of processing as well as the different probability of occurrence and severity of the risk to the rights and freedoms of natural persons, in accordance with Art. 32 DSGVO. Such measures shall in particular include ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, transmission, security of availability and its separation.  Furthermore, we have established procedures to ensure the exercise of rights of data subjects, deletion of data and reaction to endangerment of data. Furthermore, we take into account the protection of personal data already during the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and data protection-friendly presettings (Art. 25 DSGVO).

The security measures include in particular the encrypted transmission of data between your browser and our server.

Employees are bound to secrecy with regard to data protection, instructed and instructed, and informed of possible liability consequences.

 

e) Disclosure and transfer of data

If, in the course of our processing, we disclose data to other persons and companies (contract processors or third parties), transfer them to them or otherwise grant them access to the data, this shall only take place on the basis of a legal permit (e.g. if a transfer of the data to third parties, such as payment service providers, is required pursuant to Art. 6 para. 1 lit. b DSGVO for the performance of the contract), if you have consented, if a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

If we commission third parties with the processing of data on the basis of a so-called “order processing contract“, this is done on the basis of Art. 28 DSGVO.

 

f) Transfers to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if we do so in connection with the use of third-party services or disclosure or transfer of data to third parties, this will only take place if we do so in order to fulfil our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or leave the data in a third country only if the special requirements of Art. 44 ff. Process DSGVO. This means, for example, processing is carried out on the basis of special guarantees, such as the officially recognised determination of a data protection level corresponding to the EU (e.g. for the USA by the "Privacy Shield") or compliance with officially recognised special contractual obligations (so-called "standard contractual clause").

 

Section III – Processes

In the following presentation you will find an overview of our processing activities, which we have subdivided into further areas of activity. Please note that the areas of activity are for orientation purposes only and that processing activities may overlap (e.g. the same data may be processed in several processes).

For reasons of clarity and comprehensibility, you will find the frequently repeated terms in section IV of this data protection declaration.

.

 

I Core area of data processing

In this section you will find information on our core services and tasks, such as answering enquiries and providing our contractual services as well as the ancillary tasks associated with them.

 

a) Order processing in the online shop

We process the data of our customers as part of the order process in our online shop to enable them to select and order the products and services selected, as well as their payment and delivery or execution.

  • Data processed: Inventory data, contact data, contract data, payment data.
  • Affected parties: customers, interested parties, business partners.
  • Purpose of processing: Provision of contractual services in the context of operating an online shop, invoicing, delivery, customer service.
  • Type, scope, function of processing: Persistent cookies for shopping cart and login status.
  • Legal basis: Art. 6 para. 1 lit. b (execution of order procedures) and c (archiving required by law). DSGVO.
  • Necessity / interest in processing: The data are required to justify and fulfil the contract.
  • External disclosure and purpose: No, only on delivery or payment (use of payment service providers: Creditreform Solingen Kirschner KG, Kuller Str. 58, 42651 Solingen as well as banks and financial institutions). [TS1]  [FK2] Further information on data processing at Creditreform is available at www.creditreform-solingen.de/EU-DSGVO
  • Processing in third countries: No, only on customer request on delivery or payment.
  • data processing: The solution takes place after the expiry of statutory warranty and comparable obligations, the necessity of data storage is reviewed every three years; in the case of statutory archiving obligations, the solution takes place after their expiry (end of commercial law (6 years) and tax law (10 years) storage obligation). Data in the customer account remain up to its solution.

 

b) Customer account

A customer account (which also includes the wish list) requires registration. Subsequently, users can in particular track their orders after entering their login data and use other customer account functions.

We offer our own single sign-on procedure for the customer account. This means that users who register in one of the online offers of companies belonging to United Salon Technologies can also use the access data for other online offers of companies belonging to United Salon Technologies Unternehmen GmbH.

  • Data processed: Inventory data (first name, last name; email address; password (will be stored encrypted)), contact data, contract data, payment data, product data/ product preference, usage data, referrer data.
  • Affected: Customers, interested parties.
  • Purpose of the processing: Creation and operation of a customer account to manage the contractual relationship.
  • Type, scope and functioning of the processing: registration process, termination.
  • Legal basis: Art. 6 para. 1 lit. b. DSGVO.
  • Protective measures: The public account information of the users is not visible to external bodies such as search engines or other users and cannot be searched by them. Users are responsible for the secure storage of their access data.
  • Necessity / interest in processing: The customer account is optional, data required for its operation. Mandatory fields are marked as such. In addition, each user decides for himself on further details.
  • External disclosure and purpose: No.
  • Processing in third countries: No.
  • data processing: Data in the customer account remain up to its solution with subsequent archiving in the case of a legal obligation (end of commercial law (6 years) and tax law (10 years) storage obligation).

 

c) Bonit check

If we make advance payments (e.g. when purchasing on account), we reserve the right to obtain identity and creditworthiness information for the purpose of assessing credit risk on the basis of mathematical-statistical procedures from specialized service providers (business information agencies) in order to safeguard legitimate interests. We process the information received from the credit agencies on the statistical probability of non-payment within the framework of an appropriate discretionary decision on the establishment, execution and termination of the contractual relationship. We reserve the right to refuse payment on account or any other advance payment in the event of a negative result of the credit check.

  • Data processed: Name, postal address, date of birth, details of the type of contract, bank details.
  • Special categories of personal data: no.
  • Legal basis: Art. 6 para. 1 lit. f. DSGVO; If based on user consent: Art. 6 para. 1 lit. a., Art. 7 DSGVO.
  • Affected: Customers, interested parties.
  • Purpose of processing: Evaluation of the probability of default of receivables.
  • The nature, scope and functioning of the processing: We process the information received from the credit reporting parties on the statistical probability of non-payment within the framework of an appropriate discretionary decision on the establishment, execution and termination of the contractual relationship. We reserve the right to refuse payment on account or any other advance payment in the event of a negative result of the credit check.
  • Necessity / Interest in processing: Business interests.
  • External disclosure, purpose and data protection declaration: Creditreform Solingen Kirschner KG, Kuller Str. 58, 42651 Solingen, data protection declaration: www.creditreform-solingen.de/EU-DSGVO
  • Processing in third countries: no.
  • Automated decision in individual cases according to Art. 22 DSGVO: In accordance with Art. 22 DSGVO, the decision as to whether we make advance payments is made solely on the basis of an automated decision in individual cases, which our software makes on the basis of the information provided by the credit agency without the involvement of employees.

 

II External Online Presentations

In this section you will find information about our data processing in the context of operating external online presentations, e.g. in social media.

a) Online Presentations in Social Media

We maintain online presences within social networks and platforms in order to communicate with active customers, interested parties and users and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and the data processing guidelines of their respective operators apply. Unless otherwise stated in our privacy policy, users' data will be processed if they communicate with us within social networks and platforms, e.g. write articles on our websites or send us messages.

The links/switchboards to social networks and platforms (hereinafter referred to as "social media") used within our online offering do not establish contact between social networks and users until users click on the links/switchboards and access the respective networks or their websites. This function corresponds to the mode of action of a regular online link.

  • Social networks/platforms we use: Facebook, Instagram, Pinterest, Twitter, Xing, YouTube.
  • Data processed: Inventory data, contact data, content data, usage data, metadata.
  • Special categories of personal data: Basically no, except by users.
  • Legal basis: Art. 6 para. 1 lit f. DSGVO.
  • Affected: Users of social media presences (this can include customers and interested parties).
  • Purpose of processing: Information and communication.
  • Type, scope, function of processing: Usually: Permanent cookies, tracking, targeting, remarketing, content- and behavior-related advertising by the operator of the respective platforms.
  • Necessity / Interest in processing: Expectations of users active on the platforms, business interests.
  • External disclosure and purpose: To social networks/platforms.
  • Processing in third countries: USA.
  • Warranty for processing in third countries: Privacy Shield (except Pinterest).
  • Deletion of data: The solution rules of the respective platforms apply.

 

III Web server and security

a) Server logs

The server on which this online offer is located collects so-called log files each time the online offer is accessed, in which user data is stored. The data is used for statistical analysis to maintain and optimize server operation and for security purposes, e.g. to detect potential unauthorized access attempts.

  • Data processed: Usage data and metadata (name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider).
  • .
  • Special categories of personal data: no.
  • Legal bases: Art. 6 para. 1 lit. f DSGVO.
  • Affected persons: customers, interested parties, visitors of the online offer.
  • Purpose of processing: Optimization of server operation and safety monitoring.
  • Necessity / Interest in processing: Security, business interests.
  • Processing in third countries: no.
  • Deletion of data: After 30 days from collection.

 

IV Embedded content and functions

In this section we inform you which contents, software or functions (in short "contents") of other providers we embed in our online offer on the basis of Art. 6 para. 1 lit. f DSGVO. The embedding takes place in order to make our online offer more interesting for our users or for legal reasons in order to be able to present e.g. videos or social media contributions at all within our online offer. Embedding can also be used to improve the speed or security of online content, e.g. when software elements or fonts are obtained from other sources. The processed data includes in all cases the user's usage and metadata and also the IP address necessarily transmitted to the provider for embedding the content, the persons concerned include the visitors to our online offer. The categories affected include users of our online services, customers and interested parties. Further explanations can be found in the definitions of terms, in particular on the functions and protective measures, at the end of this data protection declaration. The deletion of the data is determined by the data protection conditions of the providers of the embedded content.

 

a) Services and content from Google

We use the following services and contents of the provider Google: YouTube - Videos; Google Maps; Maps; Google Fonts; Fonts; Google Recaptcha (recognition of bots when entering forms).

 

b) Facebook features and content

Functions and contents of the Facebook service can be integrated within our online offer. This may include, for example, content such as images, videos or texts and buttons with which users can express their appreciation of the content, subscribe to the authors of the content or our contributions.

  • Data processed: Usage data, metadata; if users are registered with the service, the above data can be linked to their profiles and to the data stored with the service (in particular inventory data).
  • Type, scope, functioning of processing: social plug-ins, permanent cookies, third party cookies, interest-based marketing, tracking, remarketing.
  • Opt-Out: https://www.facebook.com/settings?tab=ads, http://www.youronlinechoices.com/uk/your-ad-choices/ (EU), http://www.aboutads.info/choices (US).
  • External disclosure: Facebook Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA.
  • Privacy Statement: https://www.facebook.com/policy.php
  • Processing in third countries: USA.
  • Warranty for processing in third countries: Privacy Shield https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
  • Deletion of data: The data will be deleted in accordance with Facebook regulations.
  •  

    c) Functions and contents of Instagram

    Functions and contents of the Instagram service can be integrated into our online offer. This may include, for example, content such as images, videos or texts and buttons that users can use to show their appreciation of the content, to subscribe to the authors of the content or to our contributions.

    • Data processed: Usage data, metadata; if users are registered with the service, the above data can be linked to their profiles and to the data stored with the service (in particular inventory data).
    • Type, scope and functioning of processing: social plug-ins, permanent cookies, third party cookies, interest-based marketing, tracking, remarketing.
    • External disclosure: Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA.
    • Privacy Policy: https://help.instagram.com/155833707900388.
    • Processing in third countries: USA.
    • Warranty for processing in third countries: Privacy Shield https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
    • Deletion of data: The data will be deleted according to Instagram's regulations.

     

    d) Functions and contents of Pinterest

    Functions and contents of the Pinterest service can be integrated into our online offer. This may include, for example, content such as images, videos or texts and buttons that users can use to express their appreciation of the content, to subscribe to the authors of the content or to our contributions.

    • Data processed: Usage data, metadata; if users are registered with the service, the above data can be linked to their profiles and to the data stored with the service (in particular inventory data).
    • Type, scope, functioning of processing: social plug-ins, permanent cookies, third party cookies, interest-based marketing, tracking, remarketing.
    • External disclosure: Pinterest Inc, 635 High Street, Palo Alto, CA, 94301, USA.
    • Privacy Policy: https://about.pinterest.com/de/privacy-policy.
    • Processing in third countries: USA.
    • Deletion of data: The data will be deleted according to Pinterest's regulations.

     

    V Marketing

    In this section you will find information about the data processing carried out by us for the purpose of optimising our marketing and market research services.

a) Newsletter distribution and performance measurement

We will only send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter "newsletters") with the consent of the recipients or a legal permission. Subscribers' data is logged as we are required to provide proof of registration. We also keep track of whether newsletters have been opened and whether links have been clicked. This information is stored per user for technical reasons, but is not used to monitor individual users, but to adapt e.g. content and offers to the users. Information that we should collect in addition to the e-mail address (e.g. name) is used to address users personally or to adapt the contents of the newsletter to the users.

  • Newsletter content: As indicated in the registration form, otherwise information about our services and our company.
  • Data processed: Inventory data (e-mail address), usage data (registration time, confirmation time double opt-in, IP address, opening of the e-mail, time and place, time and click on a link in the newsletter).
  • Special categories of personal data: no.
  • Legal bases: Art. 6 para. 1 lit. a, Art. 7 DSGVO and § 7 para. 2 no. 3 UWG (dispatch, analysis), Art. 6 para. 1 lit. f  (recording).
  • Persons affected: E-mail recipients
  • Purpose of processing: newsletter dispatch, optimization, proof of consent.
  • Type, scope, functionality of processing: Zähl-Pixel (Web-Bugs)
  • Necessity / interest in processing: Only the e-mail information is required for sending, the other information is voluntary and serves to personalize and optimize the content based on the interests of the users; the obligation to provide proof of consent is the reason for logging; Success is measured on the basis of justified interests in optimizing the content for the users and based on business interests
  • .
  • Opt-Out: A cancellation link is included in every newsletter
  • External disclosure and purpose: Newsletter2Go GmbH, Köpenicker Str. 126, 10179 Berlin
  • Privacy Policy: https://www.newsletter2go.de/datenschutz/
  • Protective measures: order processing contract.
  • Processing in third countries: No.
  • After unsubscription from the newsletter, the e-mail addresses and the log data for registration (time, IP address) will be stored for two years for the purpose of proof of previous registration and will be deleted thereafter.

 

b) Communication via mail, e-mail, fax or telephone

Sending information material, making contact by telephone.

  • Data processed: Inventory data, address and contact data, contract data.
  • Special categories of personal data: no.
  • Legal basis: Art. 6 para. 1 lit. a, Art. 7 DSGVO, Art. 6 para. 1 lit. f DSGVO in conjunction with legal requirements for advertising communications.
  • Affected parties: customers, participants, interested parties, communication partners.
  • Purpose of processing: Advertising communication.
  • Type, scope, function of processing: Contact is only established with the consent of the contact partners or within the scope of legal permits.
  • Necessity / Interest in processing: Information and business interests.
  • External disclosure and purpose: No.
  • Processing in third countries: No.
  • Deletion of data: With objection/ revocation or omission of the authorization bases.

 

c) Sweepstakes and competitions

In the context of sweepstakes and competitions ("sweepstakes" for short) we processed the data of the participants for the execution of the sweepstakes. Further information on the processing of your data within the scope of the individual competitions and any consent to the publication of their names or competition contributions will be provided to the users within the conditions of participation of the respective competitions.

  • Data processed: Inventory data, contact data, content data (e.g. contributions to competitions).
  • Special categories of personal data: no.
  • Legal basis: 6 para. 1 lit. b DSGVO.
  • Affected: Participants
  • Purpose of the processing: Carrying out of the competitions, notification of prizes, dispatch of prizes, possibly presentation of winners.
  • External disclosure and purpose: Forwarding companies for the purpose of sending profits, possibly partners and sponsors of profits.
  • Processing in third countries: No, except sending prizes abroad.
  • Deletion of the data: As soon as the data is not required for the execution of the competition (e.g. for questions regarding prizes); when winners or competition entries are published, they remain permanently online; in the event of a legal obligation (end of commercial law (6 years) and tax law (10 years) storage obligation).

 

VI Reach measurement, online marketing and technology partners

In this section we inform you which services of technology partners are used for reach measurement and online marketing purposes. Their use is based on Art. 6 Para. 1 letter f DSGVO and our interest in increasing user-friendliness, optimizing our offer and its economic efficiency. The data processed in all cases includes usage and metadata. Special categories of data are not processed. Affected are customers, interested parties and other visitors to our online offer. Further explanations can be found in the definitions of terms at the end of this data protection declaration, in particular with regard to their functions and protective measures. The deletion of the data is determined, unless otherwise stated, in accordance with the privacy statements of the technology partners.

 

a) Google Tag Manager

Google Tag Manager is a solution with which we can manage so-called website tags via an interface (and thus integrate Google Analytics and other Google marketing services into our online offering, for example). The Tag Manager itself (which implements the tags) does not process any personal data of the users. With regard to the processing of users' personal data, reference is made to the following information on the Google services. Usage guidelines: https://www.google.com/intl/de/tagmanager/use-policy.html.

 

b) Google Analytics

We use Google Analytics for purposes of reach measurement and target group formation.

  • Data processed: Usage data, metadata, customer ID with us (Google receives the customer ID only as a pseudonymous date without the associated inventory data, such as name, address or e-mail of the customer).
  • Type, scope, functioning of processing: permanent cookies, third party cookies, tracking, interest-based marketing, profiling, custom audiences, remarketing.
  • Special protective measures: Pseudonymization, IP masking, conclusion of order processing contract, opt-out.
  • Opt-Out: http://tools.google.com/dlpage/gaoptout?hl=en (Browser-Add-On), https://adssettings.google.com/ (Setting for advertisements).
  • External disclosure: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
  • Privacy Policy: https://www.google.com/policies/privacy.
  • Processing in third countries: USA.
  • Warranty for processing in third countries: Privacy Shield https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
  • Deletion of data: 26 months.

 

c) Google AdWords

We use Google AdWords to serve ads on the websites of Google and Google partners and measure their success.

  • Data processed: Usage data (conversion data), metadata.
  • Type, scope, functioning of processing: permanent cookies, third party cookies, tracking, conversion measurement, interest based marketing, profiling.
  • Special protective measures: Pseudonymization, IP masking, conclusion of order processing contract, opt-out.
  • Opt-Out: https://adssettings.google.com/
  • External disclosure: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
  • Privacy Statement: https://www.google.com/policies/privacy.
  • Processing in third countries: USA.
  • Warranty for processing in third countries: Privacy Shield https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
  • Deletion of data: The data will be deleted according to Google's regulations.

 

d) Facebook Pixels and Facebook Customer Audience Pixels

We use the Facebook pixel to target and measure the success of the ads we place on Facebook.

Data processed: usage data, metadata; if users are registered with Facebook, the data will be linked to their Facebook profiles and to the data belonging to them (in particular inventory data).

 

Section IV - Definitions

This section provides an overview of the terms used in this privacy statement. Many of the terms are taken from the law and are defined above all in Art. 4 DSGVO. The legal definitions are binding. The following explanations, on the other hand, are intended primarily for the sake of understanding. The terms are sorted alphabetically.

  • A/B tests
    - A/B tests serve to improve the user-friendliness and performance of online offers. For example, users are shown different versions of a website or its elements, such as input forms, on which the placement of the content or labels of the navigation elements can differ. Subsequently, the behaviour of the users, e.g. longer stays on the website or more frequent interaction with the elements, can be used to determine which of these websites or elements rather meet the needs of the users.
  • Affiliate links
    - Affiliate links" are links with the help of which the linking websites refer users to websites with product or other offers. The operators of the respective linked websites can receive a commission if users follow the affiliate links and then take advantage of the offers. This requires providers to be able to track whether users who are interested in certain offers subsequently take advantage of the affiliate links. Therefore, the functionality of affiliate links requires that they be supplemented by certain values that become part of the link or are otherwise stored, e.g. in a cookie. The values include in particular the initial website (referrer), the time, an online identification of the operator of the website on which the affiliate link was located, an online identification of the respective offer, an online identification of the user, as well as tracking specific values such as, for example, advertising material ID, partner ID and categorisations.
  • .
  • After-Sales
    - After sales" are marketing procedures in which, for example, customers of an online shop are presented with advertising offers from other providers (which are usually based on the services or products purchased in the online shop). In addition, the functionality of after-sales corresponds to the functionality of affiliate links.
  • Aggregated data
    Aggregated data are aggregated data that do not allow any conclusion to a person and are therefore not personal. For example, visit times on a website can be saved as averages.
  • Anonymous Data
    - Anonymity is when a person cannot at least be identified by the responsible person with the means at his disposal on the basis of a date. In particular, aggregated data may be anonymous.
  • Order processing/contractor
    A "processor" is a natural or legal person, authority, institution or other body that processes personal data on behalf of the data controller.
  • Special categories of personal data
    Such data includes data revealing racial and ethnic origin, political opinions, religious or ideological beliefs or trade union membership, genetic data, biometric data to uniquely identify a natural person, health data or data on a natural person's sex life or sexual orientation.

.

  • Affected person/ concerning
    See "personal date".
  • Clicktracking
    "Clicktracking" allows you to keep track of the movements of users within an entire online offering. Since the results of these tests are more accurate if the interaction of users can be tracked over time (e.g. if a user likes to return), cookies are usually stored on users' computers for these test purposes.
  • Conversion
    "Conversion" or "conversion measurement" refers to a procedure with which the effectiveness of marketing measures can be determined. As a rule, a cookie is stored on the users' devices within the websites on which the marketing activities take place and then retrieved again on the target website (e.g. this enables us to determine whether the ads we placed on other websites were successful).
  • Cookies
    Cookies" are small files that are stored on the user's computer. Different data can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after his visit to an online offer. Temporary cookies, or "session cookies" or "transient cookies" are cookies that are deleted after a user leaves an online offer and closes his browser. In such a cookie, for example, the content of a shopping basket in an online shop or a login jam within a community can be stored. Cookies are defined as permanent or persistent and remain stored even after the browser is closed. For example, the login status can be saved in a community if users visit it after several days. Likewise, the interests of users used for range measurement or marketing purposes (see e.g. remarketing) may be stored in such a cookie. As a third party cookie, cookies will be offered by providers other than the person responsible for operating the online offer (otherwise, if they are only its cookies, we speak of first-party cookies).
  • Cross device tracking
    Cookies and fingerprints are device-related. Cross-device tracking is required to evaluate the interests of users using smartphones for advertising on desktop PCs. Logins in social networks such as Facebook can be used for this purpose. Alternatively, location data, IP addresses and user behavior are used to achieve up to 98% more precise user restriction. Cookies and web beacons are usually used for cross-device tracking purposes.
  • Custom Audiences
    Custom audiences (or user-defined target groups) are defined when target groups are intended for advertising purposes, e.g. insertion of advertisements. For example, based on a user's interest in certain products or topics on the Internet, it may be concluded that the user is interested in advertisements for similar products or the online shop in which he has viewed the products. Lookalike audiences (or similar target groups) are users whose profiles or interests presumably correspond to the users for whom the profiles were created. Cookies and web beacons are usually used for the purpose of creating custom audiences and lookalike audiences. Custom Audiences from Website means that the target groups are formed on the basis of the visitors of your own website. Custom Audiences from File means that e.g. a list with e-mail addresses is uploaded to the respective advertising network or platform to form the target groups.
  • Demographic data
    Demographic data are general information about groups of people or persons, e.g. characteristics such as age, gender, place of residence and social characteristics such as occupation, marital status or income. Demographic data is collected as part of range measurement and online marketing for the purposes of interest-based marketing or for business analyses that are used, for example, to determine target groups.
  • third
    A third party is a natural or legal person, authority, institution or other body other than the data subject, the data processor, the data processor and the persons authorised to process the personal data under the direct responsibility of the data processor or data processor.
  • third country
    Third countries are states in which the DSGVO is not directly applicable law, i.e. in principle states which are not members of the European Union (EU) or the European Economic Area (EEA).
  • Consent
    An “consent“ of the data subject is any voluntary statement of intent in the particular case, in an informed and unequivocal manner, in the form of a statement or other clear affirmative act, with which the data subject indicates that he/she agrees to the processing of personal data concerning him/her.
  • Embedding
    In embedding, external content or software functions (see plug-ins) are integrated into one's own online presence in such a way that they are displayed or executed on this website. No copy of the content is created because it is accessed from the original server (e.g. videos, pictures, posts on social networks, widgets with ratings). With embedding, it is technically necessary for the provider of the content to collect the IP address of the user in order to display the embedded content in the user's browser. Furthermore, the content provider may store e.g. cookies on the user's devices.
  • Extended comparison
    The advanced matching is an option of the Facebook pixel, which means that inventory data such as phone numbers, e-mail addresses or Facebook IDs of users are encrypted to Facebook to form target groups for Facebook ads and only used for this purpose.
  • Error tracking
    During error tracking, for example, incorrectly executed program code is recognized in order to eliminate it and thus ensure the functionality and security of online offers.
  • Fingerprints and other online identifiers
    Fingerprints correspond in their function to cookies, whereby the storage of a file on the user's device is waived. These digital fingerprints can be individually created as cross sums of individual factors of devices, e.g. computing power or browser plug-ins for devices and thus used for range measurement, profiling, remarketing, interest and behaviour-related advertising.
  • First party cookies
    See Cookies
  • Heatmaps
    Heatmaps are mouse movements of the users, which are combined to an overall picture, with the help of which e.g. it is possible to recognize which website elements are preferred and which website elements users prefer less.
  • IP address
    The IP address (IP stands for Internet Protocol) is a sequence of numbers that can be identified by the devices connected to the Internet. When a user visits a website on a server, he informs the server of his IP address. The server then knows that it must send the data packets with the content of the website to this address.
  • IP masking
    IP masking is a method in which the last octet, i.e. the last two digits of an IP address, are deleted so that the IP address can no longer be used to uniquely identify a person. Therefore, IP masking is a means of pseudonymizing processing methods, especially in online marketing.
  • Interest-based marketing and behavioral advertising
    Interest- and/or behaviour-related advertising is the term used when profiling is used to determine the potential interest of users in advertisements (Online Behavioral Advertising, OBA for short). Cookies and web beacons are usually used for these purposes.
  • Lookalike Audiences
    See Custom Audiences.
  • Opt-in
    The term opt-in means, depending on the context, as much as registration or consent. If a registration is confirmed (e.g. by entering an e-mail address in an online form field) by sending a confirmation e-mail to the owner of the e-mail address, one speaks of a Double-Opt-In (DOI).
  • .
  • Opt-Out
    The term opt-out means unsubscription and may represent an objection (e.g. against tracking) or a termination (e.g. for newsletter subscriptions).
  • Opt-out cookie
    An opt-out cookie is a small file (see cookies) that is stored in your browser and in which it is noted, for example, that a tracking service should not process your data. The opt-out cookie only applies to the browser in which it was saved, i.e. in which you clicked the opt-out link. If cookies are deleted in this browser, you must click the opt-out link again. Furthermore, an opt-out link can only be limited to the domain on which the opt-out link was clicked.
  • permanent cookies
    See Cookies
  • Personal date/ personal reference
    Personal data; all information relating to an identified or identifiable natural person (hereinafter referred to as the data subject); an identifiable person is a natural person who, directly or indirectly, in particular by assignment to an identification such as a name, to an identification number, to location data, to an online identification (e.g.B. Cookie) or to one or more special characteristics which are expressions of the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.
  • Plugins/ Social Plugins
    Plugins (or social plugins; in the case of social functions) are third-party software functions that are integrated into the online offering. They can be used to output interaction elements (e.g., a like button) or content (e.g., external commenting function or posts in social networks).
  • Profiling
    Profiling is defined as any type of automated processing of personal data consisting in the use of such personal data to analyse, evaluate or predict (e.g. to predict) certain personal aspects relating to a natural person (depending on the type of profiling, information regarding age, gender, location and movement data, interaction with websites and their content, shopping behaviour, social interactions with other people).B. the interests in certain contents or products, the click behaviour on a website or the location). Cookies and web beacons are often used for profiling purposes.
  • Privacy Shield
    The EU-US Privacy Shield is an informal agreement in the field of data protection law negotiated between the European Union and the United States of America. It consists of a number of assurances from the US government and a decision by the EU Commission. Companies certified under the Privacy Shield offer a guarantee to comply with European data protection law ( https://www.privacyshield.gov ).
  • Pseudonymization/ Pseudonyms
    Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is stored separately, it is ensured that the personal data is not assigned to an identified or identifiable natural person; D.h. if an exact interest profile of the computer user is stored in a cookie (quasi a “marketing avatar“), but not the name of the user, then data is processed pseudonymously. If his name is stored, e.g. as part of his e-mail address or his IP address, then processing is no longer pseudonymous.
  • range measurement
    The range measurement serves to evaluate the visitor flows of an online offer and can include their behaviour, interests or demographic information, e.g. age or gender. With the help of range analysis, website owners, for example, can identify what types of people visit their website at what time and what content they are interested in. This enables them, for example, to better optimise the content of the website to the needs of their visitors. Cookies and web beacons are often used for range analysis purposes.
  • Remarketing/ Retargeting
    Remarketing or retargeting is the term used, for example for advertising purposes, for which products a user is interested in on a website in order to remind the user on other websites of these products, e.g. in advertisements. Cookies are usually used for profiling purposes.
  • Session Cookies
    See Cookies
  • Single sign-on
    Single sign-on or single sign-on authentication is a procedure that allows users to log on to an online offer, including other online offers, with the help of a user account. A prerequisite for Single-Sign-On authentication is that users are registered with the respective Single-Sign-On provider and enter the required access data on the web form provided for this purpose. Authentication takes place directly with the respective single sign-on provider. As part of such authentication, we receive a user ID with the information that the user is logged in under this user ID at the respective single sign-on provider and an ID that can no longer be used by us (so-called user handle). Whether we receive further data depends solely on the single sign-on procedure used, the selected data releases as part of authentication and also which data users have released in the privacy or other settings of the user account with the single sign-on provider. Depending on the single sign-on provider and the choice of users, it can be different data, usually the e-mail address and the user name. The password entered as part of the single sign-on procedure is neither visible to us nor is it stored by us. Users are asked to note that their data stored with us can be automatically compared with their user account with the Single Sign-On provider, but this is not always possible or actual. If, for example, the e-mail addresses of users change, users must manually change these in their user account with us. Should users decide that they no longer wish to use their user account link with the Single-Sign-On provider for the Single-Sign-On procedure, they must cancel this link within their user account with the Single-Sign-On provider. If users whose data is stored with us, they must cancel their registration with us.
  • Third Party Cookies
    See Cookies.
  • Tracking
    Tracking is when the behaviour of users can be traced across several online offers, e.g. for remarketing purposes. The behavioral and interest information collected with regard to the online offers used is stored as user profiles in cookies or on the servers of marketing service providers (e.g. Google or Facebook).
  • Universal Analytics
    Universal Analytics is a process by Google Analytics in which the user analysis is based on a pseudonymous user ID and a pseudonymous profile of the user with information from the use of various devices is created (cross-device tracking).

.

  • responsible
    The person responsible is the natural or legal person, authority, institution or other body which alone or together with others decides on the purposes and means of the processing of personal data.
  • processing
    Processing means any operation or series of operations carried out with or without the aid of automated procedures in connection with personal data. The term goes far and covers practically every handling of data.
  • Web beacons
    see pixel-code
  • Widgets
    See Embedding.
  • pixel-code
    Counting pixels (also: pixels, measuring pixels, web beacon or web bug) are small, pixel-sized graphics that are integrated into web pages or HTML e-mails. For example, they allow you to determine whether an e-mail has been opened (at least if the image display in e-mails is activated) or how often a website is accessed by a user.

€0.00