Effective: 8 Apr. 2019
We are glad that you have visited our website and that you are interested in our company and our products. Protecting your data and information is a serious matter and thus we want you to feel secure when visiting our website. The section below provides in accordance with the applicable data privacy regulations information about the personal data that we collect when you
• visit our website: https://edwin-europe.com/
• place an order at EDWIN Online Shop
• use the EDWIN customer account
• subscribe to EDWIN email newsletters
(hereinafter collectively called “website”), for what purposes we use and how we utilise such data to optimise our services for you.
1. Controller, Data security officer
(1) Controller according to Art. 4 (7) of EU’s General Data Protection Regulation (GDPR) is
EDWIN Europe GmbH
D-79576 Weil am Rhein, Germany
Ph.: +49 (0)7621 966 333
hereinafter referred to with “EDWIN”, “we” or “us”. For more information about the vendor, refer to our à Legal notice.
(2) The data security officer can be reached at: firstname.lastname@example.org or by using the aforementioned postal address with attention to “z.Hd. Datenschutzbeauftragter” (Data security officer).
2. Types of data processed, data subject categories
2.1 Type of data processed
• Inventory data (e.g., customer master data, such as names, addresses)
• Contact detail (e.g., e-mail, phone numbers)
• Content data (e.g., text entries, photos, videos)
• Contractual data (e.g., subject matter, term, customer category)
• Payment data (e.g., bank information, payment history)
• Usage data (e.g., visited sites, interest in contents, access times)
• Meta / communications data (e.g., device information, IP addresses)
2.2 Data subject categories
• Visitors and users of the website and online offerings
• Customers, interested parties and business partners
• Newsletter subscribers
(The aforementioned persons are collectively referred to below as “User”.)
3. Purpose of processing
We use your personal data
• to provide our website and online offering, its functions and contents
• to create and manage your personal customer account
• to identify you as a contractual partner
• to process your online purchases. That includes your orders and return of products purchased from our webshop, payment processing as well as sending notices about delivery status or any problems relating to a delivery. Your personal data may also be processed for handling complaints or any warranty claims
• to respond to contact requests and communicate with Users
• to assert, enforce, maintain or defend against any legal claim(s) and legal dispute(s) as well as identify, investigate and prevent criminal act(s)
• for security measures
• to assess coverage
• for the purpose of direct marketing, e.g. in the form of an e-mail newsletter or postal advertising.
4. Provision of website and logfiles
(1) In case of using the website only for information purposes, i.e. when you are not registered or otherwise provide us with information, we collect only personal data that your browser automatically sends to our server. If you want to browse our website, we collect the following data which are technically necessary for us to show you our website and ensure its stability and security (this is legally permitted under Art. 6 Para. 1 (1) f) of GDPR):
• IP address
• Date and time of inquiry
• Time zone difference to Greenwich Mean Time (GMT)
• Content of request (specific page)
• Access status/HTTP status code
• Amount of data transmitted respectively
• Website, from which the request comes
• Operating system and its interface
• Language and version of browser software
(2) User IP addresses are deleted or anonymised after the end of website use. In the case of anonymisation, the IP addresses are changed in such a way that the individual details relating to personal or factual circumstances can no longer be assigned to a specific or identifiable natural person or can only be assigned subject to a disproportionate amount of time, cost and effort.
(1) In addition to the aforementioned logfile data, cookies are saved on your computer when you use our website. Cookies are small text files that are stored on your hard drive and assigned to your browser and which provide certain information to the entity setting the cookie (us in this case). Cookies cannot cause programs to run nor transmit viruses to your computer. They are used to make our internet offering more user-friendly and effective on a whole.
a) This website uses the following types of cookies, whose scope and functions are explained below:
• Session cookies (see b)
• Permanent cookies (see c).
b) Session cookies store a so-called session ID, with which different requests from your browser can be assigned to the shared session. Session cookies are deleted when you log out or close your browser. If you launch your browser again and return to the website, the website will not recognise you. You will need to log in again (if a login is required) or you must reset your templates and preferences when the website offers such functions. Then a new session cookie is generated that stores your information and which remains active until you leave the page or close your browser.
c) Permanent cookies are deleted automatically after a specified period, which can differ depending on the cookie. You can delete the cookies in your browser’s security settings at any time.
The cookies used individually and their course of action on the website can be identified using Cookiebot’s cookie manager (https://www.cookiebot.com/de). The overview is updated on a regular basis. Below is a simplified overview in table form.
Technically essential cookies
Technically essential cookies allow you to use our website, by enabling basic functions like site navigation and access to secure areas of the website. Accessing our website may not work correctly without such cookies.
Session cookies - are deleted when the browser is closed
Performance (e.g. User’s browser) and preferences
When using our website, cookies are implemented (e.g. to recognise the browser) in order to optimise performance (e.g. loading contents faster). If you visit our website, the country and language selection that is determined or set by you is stored in cookies in order to save you from having to select such again during subsequent visits. In advance we check whether your browser supports cookies and this information is stored in an additional cookie. You are then shown contact information that has been localised in accordance with your country and language settings and which is also stored. The legal basis in this regard is Art. 6 Para. 1 (1) f) of GDPR.
Session cookies - are deleted when the browser is closed.
Analytical cookies / tracking (statistics)
We use third-party analytical cookies in order to understand how visitors use our website. This helps us to improve the quality and contents of our website. The aggregated statistical information includes data such as total number of visitors. For instance, we find out how often and in what order the individual pages are viewed and how much time the visitors spend on average on our webpages. We also learn whether Users have already visited our website at an earlier date. This is legally permitted with the consent that you have given in accordance with Art. 6 Para. 1 (1) a) of GDPR. For more information, refer to Section 13 (Web analysis services).
Permanent cookies - remain, but are deleted automatically after a period of two years if a website has not been visited again.
Advertising cookies (Marketing)
We use advertising cookies in order to be able to assess the effectiveness of our advertising efforts and derive any possible improvements. This is legally permitted with the consent that you have given in accordance with Art. 6 Para. 1 (1) a) of GDPR.
Permanent cookies - remain, but are deleted automatically after a period of two years if a website has not been visited again.
(4) Control over cookies
You can set your browser to inform you about the setting of cookies and allow cookies only in individual cases, accept cookies for certain cases or generally exclude and enable the automatic deletion of cookies when closing your browser. Disabling cookies may limit the functionality of this website.
6. Contact form, e-mail contact
(1) Our website has a contact form, which makes it easier to contact us electronically. If a User makes use of this option, the data entered in the entry mask are sent to us and stored. The corresponding data, in particular personal data, address data and messages (free text field) can be seen directly on the respective entry mask.
At the time of submission, the following data are also stored:
- The User’s IP address
- Date and time of submission of the form
(3) The processing of data that are transmitted when using the contact form or sending an e-mail is legally permitted under Art. 6 Para. 1 (1) f) of GDPR. If the objective of the e-mail contact is to get support or enquire about current customer orders or to form an agreement, the additional legal basis for data processing is Art. 6 Para. 1 (1) b) of GDPR.
(4) Personal data collected from the entry mask is used solely for the purpose of facilitating contact. Contact by e-mail also presumes the necessary legitimate interest in the processing of data. Other personal data processed during the form submission process are used to prevent a misuse of our contact form and ensure the security of our IT systems.
(5) The data will be deleted as soon as they are no longer needed to achieve the purpose for which they are collected. For the personal data collected from the entry mask of the contact form and such data that are submitted by e-mail, this is the case when the respective conversation with the User has ended. The conversation has ended when it can be inferred based on the circumstances that the respective matter has been resolved conclusively. The personal data that are additionally collected during the form submission process will be deleted at the latest after a period of seven days.
7. E-mail newsletter
7.1 Subscribing to newsletter
(1) By giving your consent, you can subscribe to our e-mail newsletter (hereinafter referred to as “Newsletter”), which is sent to inform you about our products, sales and events.
(2) To register for our Newsletter subscription, we use a so-called double-opt-in process. That means that we will send an e-mail to the provided e-mail address after your registration, in which you are asked to confirm that you wish to receive our Newsletter. If you fail to confirm your registration within fourteen days, your information will be deleted automatically. In addition to that, we also store the IP addresses that you used to register and confirm as well as the times of registration and confirmation. The purpose of this process is to verify your registration and, if necessary, resolve any possible misuse of your personal data.
(3) The mandatory information required for sending the Newsletter is only your e-mail address. The provision of other information is voluntary and is used only in order to be able to address you personally. After receiving your confirmation, we save your e-mail address for the purpose of sending you the Newsletter.
(4) The aforementioned procedures during the Newsletter subscription process are legally permitted with your consent in accordance with Art. 6 Para. 1 (1) a) of GDPR.
(6) The data that you have provided while subscribing to our Newsletter will be deleted when you cancel your subscription.
7.2. Sending Newsletters after product purchase
(1) If you have purchased products in our webshop, we may possibly send you our Newsletter even without any prior subscription to our Newsletter, specifically to the e-mail address that you provide at the time of purchase. This applies to Newsletters used to promote products similar to those you have purchased in our webshop.
(2) To this end, we save this e-mail address in our Newsletter address database. To verify the legitimacy of the Newsletter delivery, we also save the IP address used during the purchase and the time of the purchase.
(3) The aforementioned procedures as part of sending Newsletters after a purchase are legally permitted under Art. 6 Para. 1 (1) f) of GDPR. Our legitimate interest in processing data is based on directly promoting our products to our customers and their interest in offers and promotions.
7.3. Newsletter tracking
(2) The above tracking is legally permitted with the consent that you have given in accordance with Art. 6 Para. 1 (1) a) of GDPR, provided that you have subscribed to our Newsletter.
(3) In the event that you receive our Newsletter after making a purchase without specifically subscribing to the Newsletter and giving your consent, the aforementioned tracking is legally permitted under Art. 6 Para. 1 (1) f) of GDPR. Our legitimate interest in processing data as part of tracking is our desire to tailor the Newsletter in order to better address the interests of our customers.
(5) Tracking is moreover not possible if you have by default turned off the display of images in your e-mail client. In such case, you will not be able to see the Newsletter in its entirety and you may not be able to use all features of the Newsletter. Manually unblocking the display of images activates the above-described tracking.
7.4. Newsletter service provider
(1) The aforementioned processing operations as part of our Newsletter are handled with the aid of services and IT systems of the following service provider, whom we have commissioned as our processor:
Emarsys eMarketing Systems AG
(2) The legality is guaranteed in contracts formed in accordance with Art. 28 of GDPR and the EU standard model clauses.
8. Online shop
8.1 Use of online shop
When ordering merchandise from our webshop, we collect and process your personal data which are necessary for processing your order. Mandatory information (name and address) which are necessary for processing orders are marked specifically; other information is provided voluntarily. The processing of such personal data is legally permitted under Art. 6 Para. 1 b) of GDPR.
8.2 Customer account
When registering for a customer account (creating an account under “Sign up”) which is not necessary to make a purchase at our webshop, we process the following personal data: E-mail address and a password that you generate. As registered customer you are able to access your profile and view your order history or your active orders. You can delete your customer account at any time by sending a message to the contact listed under 1.1. or an e-mail to email@example.com. The processing of such personal data is legally established in Art. 6 Para. 1 (1) b) of GDPR.
8.3 Electronic order and payment processes
After deciding to complete your purchase as a registered customer or guest, we collect the following data in order to carry out the order: First name and surname, phone and date of birth, address, possibly delivery address. With regard to type of payment, you can choose to pay by credit card, PayPal or cash in advance. If you should pay by credit card (Visa or MasterCard), we process the name, the card number, the expiration date and the card validation code.
The processing of your order and payment data is legally permitted under Art. 6 Para. 1 (1) b) of GDPR.
Your address, payment and order data are saved for a period of ten years after completion of the contract on the basis of archiving obligations under tax and commercial law and then deleted, unless you have consented to a more extensive storage period or the further processing of the data is necessary for the assertion, exercise or defence of legal claims. The processing of personal data for the purpose of fulfilling the statutory archiving and storage obligations is legally permitted under Art. 6 Para. 1 (1) c) of GDPR.
8.4 Disclosure of data as part of scope of order
9. Job postings (Work with us!)
(1) We do advertise job vacancies on our website. To process your online application, we process and use your personal data. This is legally permitted under Art. 6 Para. 1 (1) b) of GDPR in conjunction with Sect. 26 of BDSG (Federal Data Protection Law). Your online application data will be sent directly to the company's management. Suitable technical and organisational measures are taken to ensure that your personal data are treated in confidence within the scope of the statutory provisions.
(2) Note that data sent by e-mail are not encrypted and thus could be read or accessed and even falsified by unauthorised persons. You are also welcome to send us your documents by post. At the end of the application process, but no later than after six months, your personal data are automatically deleted, unless you expressly give your consent to a longer storage period.
10. Disclosure to third parties
(1) In order to be able to optimally process your order, we collect and save the data required for handling the transaction and, if necessary, provide such data to the companies involved in fulfilling the order within the framework of executed order processing agreements (payment, logistics, shipping). For processing payments, we rely on payment service providers which are shown on the order page where it is necessary to select the payment methods.
(2) Our Newsletters are sent with the involvement of services and IT systems of an external service provider (Emarsys eMarketing Systems AG), which we have commissioned within the framework of order processing.
(3) As part of hosting our website, your data that we process will be processed by the website hosting company commercetools GmbH which is active on our behalf on the basis of an order processing agreement.
(4) In the case of utilising web analytical services and third party providers, data will be transmitted within the scope described here. Third party providers participate in the Privacy Shield Agreement in accordance with Art. 45 Para. 1 of GDPR. This implies that such companies are able to demonstrate an appropriate level of data protection. For more information, see: www.privacyshield.gov.
11. Automated decision-making
In general, we do not utilise any fully automated decision-making system to justify and carry out business relations in accordance with Art. 22 of GDPR.
In order to be able to inform and advise you about products in a targeted manner, we or services providers acting on our behalf possibly make use of web analytical services, in particular tracking technology. These facilitate an appropriate communication and advertising. In this regard, we make reference to Art. 13 Web analytical services and advertising.
B. Data processing by third party providers
1. Registering with Facebook Connect
(1) Instead of registering directly on our website, you can also register with Facebook Connect. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
(2) If you decide to register with Facebook Connect and click the “Login with Facebook” / “Connect with Facebook” button, you will automatically be redirected to the Facebook platform. There you can login using your user data. Doing so links your Facebook profile with our website or our services. This link allows us to access your data stored at Facebook. That includes in particular:
• Facebook name
• Facebook profile and cover photo
• e-mail address saved by Facebook
• Facebook ID
• Lists of Facebook friends
• Facebook “likes”
• Date of birth
Such data are used to set up, prepare and personalise your account.
13. Web analytical services and advertising
13.1 Google Analytics
(1) This website uses Google Analytics, an online analytical service of Google Inc. ("Google"). Google Analytics implements cookies, i.e. text files, which are saved on your computer, and which allow for analyzing your use of the website. The information generated by the cookie based on your use of this website is usually transmitted to a Google server in the US and stored there. If the IP anonymisation function is enabled on this website, your IP address will be abbreviated by Google beforehand within the member states of the European Union or other signatory states of European Economic Area Treaty. A full IP address is only sent in exceptional cases to a Google server in the US and truncated there. Google will use this information on behalf of the operator of this website in order to evaluate your use of the website, to compile reports about website activities and offer the website operator other services linked with website use and Internet use.
(2) The IP address sent by your browser within the framework of Google Analytics is not compiled by Google with other data.
You may prevent the storage of cookies by implementing the corresponding settings in your browser; please note however that you may not be able to fully utilise all the functions of this website. In addition to that, you can prevent Google from collecting data generated by the cookie and associated with your use of the website (including your IP address) and Google's processing of such data by downloading and installing the browser plug-in provided by Google:
(4) This website uses Google Analytics with the “_anonymizeIp()” extension. As a result, IP addresses are only processed in a truncated form in order to prevent them from being linked to a specific person. If the data collected about you can be associated with a specific person, such data will be excluded immediately and the personal data are promptly deleted.
(5) We use Google Analytics in order to analyse and regularly improve our website. With the statistics we are able to improve our offering and make it more interesting for you as a user. For exceptional cases where personal data are sent to the US, Google has agreed to comply with the EU-US Privacy Shield, https://www.privacy-shield.gov/EU-US-Framework. The use of Google Analytics is legally permitted with the consent that you have given (Art. 6 Para. 1 (1) a) of DSGVO).
13.2 Google Tag Manager
(1) This website uses Google Tag Manager as part of Google Analytics. Tags are small code elements that are used on our website, among other things, to measure traffic and visitor behaviour, to record the impact of online advertising and social channels, to implement remarketing and target specific audiences as well as to test and optimise our website. Google Tag Manager is a solution that allows us to manage website tags using a single interface. The Tool Tag Manager itself (which implements the tags) is a cookie-free domain. The tool allows for the activation of other tags which may also collect data. Google Tag Manager does not access these data. If disabled at the domain- or cookie-level, this setting remains active for all tracking tags that are implemented with Google Tag Manager.
(2) This processing is legally permitted with the consent that you have given (Art. 6 Para. 1 (1) a) of GDPR). More information about Google Tag Manger can be found online at: https://www.google.de/tagmanager/use-policy.html
13.3 Google DoubleClick
(2) As a result of the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no control over the extent and the further use of data collected through Google’s use of this tool and therefore provide you with our knowledge level: By integrating DoubleClick, Google receives information that you have accessed a relevant part of our website or clicked on one of our advertisements. If you are registered with a service provided by Google, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a chance that the supplier will find out and store your IP address.
(3) You can prevent involvement in this tracking process in a number of ways:
a) by setting your browser accordingly; suppressing third-party cookies will prevent in particular the display of third-party advertisements;
b) by disabling conversion tracking cookies by setting your browser to block cookies from the “www.googleadservices.com” domain, https://www.google.de/settings/ads, whereas this setting is deleted when you delete your cookies;
c) by disabling interest-based advertisements of vendors that are part of the “About Ads” self-regulatory campaign via the link http://www.aboutads.info/choices, whereas this setting is deleted when you delete your cookies;
d) by permanently disabling in your browsers Firefox, Internet Explorer or Google Chrome using the link http://www.google.com/settings/ads/plugin. We point out that in such case you may not be able to fully use all functions of this offer.
The processing of your data is legally permitted with the consent that you have given in accordance with Art. 6 Para. 1 (1) a) of GDPR.
13.4 Google Audience
Our website uses, provided that you have given your consent in the cookie management tool, Google Audience, a service of Google Inc. Google Audience uses, among other things, cookies that are stored on your computer and other mobile devices (e.g. smartphones, tablets, etc.) and which enable an analysis of the use of the corresponding devices. The data in this context are evaluated in part across devices. Google Audience has access in this case to the cookies generated during the use of Google AdWords and Google Analytics. During use, data such as the User’s IP address and actions in particular are transmitted to a server of Google Inc. and stored there. Google Inc. may send this information to a third party if prescribed by law or such data are processed by a third party.
The processing of your data is legally permitted with the consent that you have given in accordance with Art. 6 Para. 1 (1) a) of GDPR.
14. Social media
14.1 Use of Facebook and Twitter plug-ins
(1) We currently use the following social media plug-ins: Facebook, Twitter. The provider of the plug-ins can be identified by the mark on the box above its first letter or the logo. We offer you the opportunity to directly communicate with the provider of the plug-in by using the button. The plug-in provider only receives information that you have accessed the corresponding website of our online offering if you click on the highlighted field, thus activating it. In addition, the data mentioned under Art. 2 of this Statement will also be transmitted. In the case of Facebook and Xing, IP addresses are anonymised immediately after their collection according to the relevant service providers in Germany. By activating the plug-ins, personal data are transmitted by you to the respective plug-in provider and stored there (at US providers in the US). Since the plug-in provider carries out the data collection with the aid of cookies in particular, we recommend you to delete all cookies using your browser's security settings prior to clicking on the greyed-out box.
(2) We have no control over the collected data and the data processing operations nor do we know the full extent of the data collection, the purpose of processing and the respective storage periods. We also do not have any information relating to the deletion of data collected by the plug-in provider.
(3) The plug-in provider stores the data collected about you as usage profiles and utilises these for advertising purposes, market research and/or to tailor its website to address requirements. Such an evaluation is carried out in particular (even for users not signed in) to provide requests-oriented advertising and to inform other users of the social network about your activities on our website. You are entitled to object to the creation of such user profiles, whereas you have to contact the respective plug-in provider to assert your objection. Plug-ins give us an opportunity to interact with social networks and other users, allowing us to improve our offering and make our presentation more interesting for you as a user. The use of plug-ins is legally permitted under Art. 6 Para.. 1 (1) b) of GDPR.
(4) The data disclosure takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, the data collected about you from us are directly assigned to your existing account with the plug-in provider. If you press the activated button and link, e.g., the page, the plug-in provider stores this information in your user account as well and publicly shares that with your contacts. We recommend that you regularly log out when you are done using a social network, especially prior to activating the button, since this will help to prevent an assignment to your profile with the plug-in provider.
(5) We hereby expressly point out that we as provider of this website have no knowledge about the contents and scope of the transmitted data nor their use by the plug-in provider. For more information about the purpose and scope of the data collection and their processing by the plug-in provider, consult the respective providers’ privacy policies listed below. There you will also find more information about your rights in this regard and possible settings to protect your privacy.
(6) Addresses of the respective plug-in suppliers and URLs with their privacy policies:
• Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; for more information about data collection: http.//vvww.facebook.cona/help/186325668085084, http://vvww.faceb-ook.cona/about/privacy/your-info-on-other#applications and http://www.face-book.com/about/privacy/your-info#everyoneinfo. Facebook has agreed to comply with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Frame-work.
• Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter has agreed to comply with the EU-US Privacy Shield, https://wyvvv.privacyshield.gov/EU-US-Framework.
14.2 Use of Instagram Social Plug-ins
(1) Our website makes use of so-called social plug-ins (“Plug-ins”) from Instagram, which is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). The plug-ins are marked by the Instagram logo, for instance, in the form of the “Instagram camera”. An overview of the Instagram plug-ins and their appearance can be found here: http://blog.instagram.com/post/36222022872/introducing-instagram-badges
(2) When you open a page of our website that contains such a plug-in, your browser sets up a direct connection to the Instagram servers. The contents of the plug-in are sent from Instagram directly to your browser and incorporated in the webpage. As a result of this integration, Instagram receives information that your browser has accessed the corresponding page of our website, even if you do not have an Instagram profile or are not currently logged into Instagram. This information (including your IP address) is sent by your browser directly to an Instagram server in the US and stored there. If you are logged into Instagram, Instagram is able to directly assign your visit to our website to your Instagram account. If you interact with the plug-ins, for instance actuating an Instagram button, this information is also directly sent to an Instagram server and stored there. The information is also posted to your Instagram account and shown to your contacts there.
14.3 Use of Pinterest Social Plug-ins
(1) Our website makes use of so-called social plug-ins (“Plug-ins”) from Pinterest, which is operated by Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, USA (“Pinterest”). These plug-ins can be identified, e.g., by the “Pin it” symbol on the white or red background on the buttons. An overview of the Pinterest plug-ins and their appearance can be found here: https://developers.pinterest.com/docs/getting-started/introduction/
(2) When you open a page of our website that contains such a plug-in, your browser sets up a direct connection to the Pinterest servers. The contents of the plug-in are sent from Pinterest directly to your browser and incorporated in the webpage. As a result of this integration, Pinterest receives information that your browser has accessed the corresponding page of our website, even if you do not have a Pinterest profile or are not currently logged into Pinterest. This information (including your IP address) is sent by your browser directly to a Pinterest server in the US and stored there.
If you are logged into Pinterest, Pinterest is able to directly assign your visit to our website to your Pinterest account. If you interact with the plug-ins, for instance actuating the "Pin it” button, this information is also directly sent to a Pinterest server and stored there. The information is also posted to Pinterest and shown to your contacts there.
15. Plug-Ins and tools
We use the following plug-ins and tools. The use of plug-ins is legally permitted under Art. 6 Para.. 1 (1) b) of GDPR.
(1) We have included YouTube videos in our online offering, which are stored at http://www.youtube.com and can be accessed directly for viewing on our website. These are all integrated in “enhanced privacy mode”; in other words, no data is sent to YouTube about you being a user if you do not play the videos. The data mentioned under Art. 2 are sent only if you play the videos. We have no control over the transfer of these data.
(2) By visiting the website, YouTube receives information about the fact that you have accessed the corresponding sub-page of our website. In addition, the data mentioned under Art. 2 (Visiting the website) of this Statement will also be transmitted. This happens regardless of whether you have a YouTube user account that are logged into it or do not have a user account. If you are logged into Google, your data are directly assigned to your account. If you would prefer the use not to be associated with your YouTube profile, you need to log out prior to actuating the button. YouTube stores the data collected about you as usage profiles and utilises such data for advertising purposes, market research and/or to tailor its website to address requirements. Such an evaluation is carried out in particular (even for users not signed in) to provide requests-oriented advertising and to inform other users of the social network about your activities on our website. You are entitled to object to the creation of such user profiles, whereas you have to contact YouTube in order to assert your objection.
(1) This website uses SoundCloud. SoundCloud is a service offered by SoundCloud Limited and its subsidiaries, which also includes SoundCloud, Inc., (hereinafter called “SoundCloud”).
• Usage data – That entails the collection of data relating to interaction with the platform, including sites visited and links clicked, streaming, offline listening to or downloading of tracks, uploading or recording of tracks, linking to a Facebook or Google+ account, sharing a track with other users, following or unsubcribing from other users, joining or leaving groups, posting comments, searches made, the timing, frequency and duration of visits to the platform and details about whether you interact with e-mail messages, in other words whether you have opened the e-mail message, clicked on it or forwarded it.
• Login information – We automatically collect login information when you visit the platform, even if you have not registered for an account or have signed into your account. Such data include, among other things, details as to how you have used the platform (including links to third-party pages or services), IP address, access time, type of browser used and your operating system, device data, device event data (e.g. crashes, browser type) and the pages that you have viewed or interacted with immediately before or after visiting the platform.
• Location data – When you use certain features of the platform, we may collect data about your general location (e.g. IP address). We use these data to provide you with location-based services (such as advertising and personalised contents). Most mobile devices allow you to control or disable the use of location services for applications in the device's settings.
• Device information – We collect information from and about the devices you use, including how you interact with the platform and information about the device itself, such as the hardware model, operating system, IP addresses, cookie information, device settings, mobile device and advertising identifiers, installed apps, browser type, language, battery level and time zone. Apple’s iOS advertising identifier (IDFA) and Google’s Android advertising ID (IDFA) are examples of device identifiers. This information allows us to recognise and associate your activities and provide personalised content and advertising, consistently across all of your devices.
• SoundCloud widget – Other websites may integrate SoundCloud widgets. When you visit a website with an embedded SoundCloud widget, we may receive certain information, including data about the website you visited. SoundCloud and the widget may be able to recognise you, and in some cases the widget may also be used to show personalised content. We know when you interact with a widget, and websites containing the widgets may receive this information as well.
15.3. Google fonts
(1) This site uses so-called web fonts provided by Google to ensure the uniform presentation of fonts. When accessing a page, your browser loads the necessary web fonts into your browser cache to facilitate the correct displaying of texts and fonts.
C. Customer’s rights
16. Your rights
If personal data relating to you are processed, you are within the meaning of GDPR a Data Subject and you are entitled to the following rights vis-a-vis us as the Controller. If you wish to exercise your rights or want to receive more information, please contact us or our data security officer:
a) Rights according to Art. 15 ff. of GDPR
(1) The Data Subject has the right to ask the Controller to confirm whether they have processed personal data relating to you; if that is the case, the Date Subject has a right to information about such personal data and to information listed in detail in Art. 15 of GDPR. Under certain legal requirements you have a right to correction in accordance with Art. 16 of GDPR, the right to restrict processing in accordance with Art. 18 of GDPR and the right to deletion (“Right to be forgotten”) in accordance with Art. 17 of GDPR. In addition, you have the right to request the receipt of data provided by you in a structured, common and machine-readable format (Right to data portability) in accordance with Art. 20 of GDPR, provided that the processing is implemented using automated procedures and based on consent under Art. 6 Para. 1 a) or Art. 9 Para. 2 a) or a contract in accordance with Art. 6 Para. 1 b) of GDPR.
b) Revoking consent in accordance with Art. 7 Para. 3 of GDPR
If processing is carried out on the basis of consent, you may revoke your consent for the processing of personal data at any time. Please note that a revocation only takes effect for the future. Data processing, which took place prior to the revocation, is not affected by this.
c) Right to lodge a complaint
You have the option of submitting a complaint to us or to a data protection supervisory authority (Art. 77 of GDPR). The competent supervisory authority in Baden Württemberg is: Landesbeauftragte für den Datenschutz und die Informationsfreiheit (State Commissioner for Privacy Protection and Freedom of Information), PO. Box 10 29 32, 70025 Stuttgart, Tel.: +49(0)711 / 615541 -0, Fax: +49(0)711/615541-15, e-mail: firstname.lastname@example.org.
d) Right to object in accordance with Art. 21 of GDPR
In addition to the aforementioned rights, you are also entitled to object as follows:
1) Case-based right to object
You have the right for reasons arising in connection with your particular situation to object at any time to the processing of personal data relating to you and based on Art. 6 Para. 1 (1) e) of GDPR (Data processing carried out for public interests) and Art. 6 Para. 1 1 f) of GDPR (Data processing for purposes of legitimate interests); this also applies to profiling based on this provision within the meaning of Art. 4 (4) of GDPR.
Should you object, we will no longer process your personal data, unless we are able to provide compelling legitimate grounds for such processing that outweigh your interests, rights and freedoms or the processing serves the assertion, exercising and defense of legal claims.
2) Right to object to processing of data for advertising purposes
In specific cases, we process your personal data for direct advertising purposes. You have the right to object at any time to the processing of personal data relating to you for the purposes of such advertising; this also applies to proﬁling, provided that it is associated with such direct advertising. If you object to processing carried out for direct advertising purposes, we will no longer process your personal data for such purposes.
D. Final provisions
(1) We have taken technical and organisational security measures in accordance with Art. 24, 32 of GDPR in order to protect your personal data from loss, destruction, manipulation or unauthorised access. All our employees and all third parties that are involved in the data processing are obligated to comply with the requirements of GDPR and the confidential handling of personal data.
(2) SSL or TLS encryption
This site uses SSL or TSL encryption for security reasons and to protect the transmission of sensitive contents, such as orders and inquiries that you send to us as site operator. You can recognize an encrypted connection by the fact that the browser’s address bar switches from “http://” to “https://” and a lock symbol appears there as well. If SSL or TSL encryption is enabled, the data that you send us cannot be read by third parties.
19. Online settlement of disputes
According to the Regulation on Online Dispute Resolution in Consumer Affairs (http://ec.europa.eu/consumers/odr/), we are obligated to inform you: We are not obligated nor willing to participate in settling a dispute in front of a consumer arbitration board.
20. General terms and conditions