Privacy Policy
ZWILLING J.A. Henckels
UK Ltd
23.05.2018.
Introduction
ZWILLING
J.A. Henckels UK Ltd respects your privacy and is committed to protecting your
personal data. This Privacy
Policy informs you about the type, scope and purpose of the processing of
personal data (hereinafter referred to as
"data") in the context of the provision of our range of services and
on our websites, mobile applications, functions and contents connected with
them as well as external online representations, e.g. Social Media Profiles
(hereinafter collectively referred to as "Services"):
- In the second section you will find information
about your rights, the relevant legal standards and general information about
our data processing.
- The third section contains information on the
individual processing operations. This section is divided into further areas,
such as our key services, reach measurement or marketing.
- The fourth and final section contains a
glossary with explanations and descriptions of the terms used in this Privacy
Policy. This means that if you do not know the terms used (e.g. "personal
data" or "cookie"), please refer to the last section. All terms
used (e.g. "responsible" or "user") are to be understood
gender-neutral.
Section I –
Controller and Overview of Data Processing
Contact Data
Protection Officer:
Type of processed
data:
Processing of
special categories of Data (Art. 9 (1) GDPR)
Categories of data
subjects
Purpose of processing
Section II - Rights
of data subjects, legal basis for the processing and general information
Rights of Data
Subjects
Right of Withdrawal
Right to Object
Cookies and Right
to Object in Direct Marketing
Erasure of data and
archiving obligations
Changes and Updates
to this Privacy Policy
Relevant Legal
Basis for the Processing;
Security of Data
Processing
Disclosure and
Transmission of Data
Transfers to Third
Countries
Section III -
Processing operations
The Key Area of
Data Processing
Processing of
Orders in the Online Shop
Customer Account
Credit Assessment
Answering Inquiries
and Customer Service
Business and market
research
External online
profiles
Webserver and
Security
Server-Logs
Our own Global
Single Sign-On procedure
Embedded content
and functions
Google Services and
Content
Facebook Features
and Content
Instagram Features
and Contents
Pinterest features
and content
Marketing
Sweepstakes and
Competitions
Web analytics, online
marketing and technology partners
Google Display
Network
JustUno
Outbrain
Sovendus
Section IV -
Definitions
Section I – Controller and Overview of Data
Processing
Purpose of this privacy notice
This privacy notice aims to give you information on
how ZWILLING J.A. Henckels UK Ltd collects and processes your personal data
through your use of this website, including any data you may provide through
this website when you [sign up to our newsletter, purchase a product or service
or take part in a competition].
This website is not intended for children and we do
not knowingly collect data relating to children.
It is important that you read this privacy notice
together with any other privacy notice or fair processing notice we may provide
on specific occasions when we are collecting or processing personal data about
you so that you are fully aware of how and why we are using your data. This
privacy notice supplements the other notices and is not intended to override
them.
Controller
ZWILLING
J.A. Henckels UK Ltd
16 Handley Page
Way, Colney St, St Albans, AL2 2DQ
Managing
director: Matthew Dennison
Telephone: 0845
262 1731
Email:
compliance@zwilling.co.uk
Full legal
notice: https://uk.zwilling-shop.com/Legal-Notice/
Contact Data Protection Officer:
Email: compliance@zwilling.co.uk
You have the right to make a complaint at any time to the Information
Commissioner's Office (ICO), the UK supervisory authority for data protection
issues (www.ico.org.uk). We would, however, appreciate the chance to deal with
your concerns before you approach the ICO so please contact us in the first
instance.
Type of processed data:
- Inventory Data (e.g., names,
addresses).
- Contact details (e.g., email, phone
numbers).
- Content Data (e.g., text input,
photographs, videos).
- Contract Data (e.g., subject matter
of the contract, duration).
- Payment Data (e.g., bank details,
payment history).
- Usage Data (e.g., interests,
websites visited, purchasing behaviour, access times, log Data).
- Meta/contact data (e.g., device IDs,
IP addresses).
- Job candidate Data (e.g., names,
contact details, qualifications, job application documents).
We
also collect, use and share Aggregated Data such as statistical or demographic
data for any purpose. Aggregated Data may be derived from your personal data
but is not considered personal data in law as this data does not directly or
indirectly reveal your identity. For example, we may aggregate your Usage Data
to calculate the percentage of users accessing a specific website feature.
However, if we combine or connect Aggregated Data with your personal data so
that it can directly or indirectly identify you, we treat the combined data as
personal data which will be used in accordance with this privacy notice.
Processing of special categories of Data (Art.
9 (1) GDPR)
No special categories of
Data are processed.
Categories of data subjects
- Customers / prospective customers / business
partners.
- Visitors and users of the online service.
In the following, we will
also summarise the data subjects as "users".
Purpose of Processing
- Provision of our services, its contents and
functions.
- Provision of contractual services, customer
care and support.
- Response to contact requests and communication
with users.
- Marketing, advertising, analysis of consumer
behaviour, usage behaviour and market research.
- Security measures.
Automated
individual decision-making (Art. 22 GDPR):
- Assessment of creditworthiness
in the case of advance payment in accordance with Art. 22 GDPR.
As of: May 2018
Section II - Rights of data subjects, legal
basis for the processing and general information
Rights of Data Subjects
You have the right to obtain
from the controller confirmation as to whether personal data concerning you are
being processed, and, where that is the case, access to the personal data and
the further information and a copy of the data in accordance with Art. 15 GDPR.
In accordance with Art. 12
GDPR you will not have to pay a fee to access your personal
data (or to exercise any of the other rights). However, we may charge a
reasonable fee if your request is clearly unfounded, repetitive or excessive.
Alternatively, we may refuse to comply with your request in these
circumstances.
We may need
to request specific information from you to help us confirm your identity and
ensure your right to access your personal data (or to exercise any of your
other rights). This is a security measure to ensure that personal data is not
disclosed to any person who has no right to receive it. We may also contact you
to ask you for further information in relation to your request to speed up our
response.
We try to
respond to all legitimate requests within one month. Occasionally it may take
us longer than a month if your request is particularly complex or you have made
a number of requests. In this case, we will notify you and keep you updated.
You have correspondingly, in
accordance with Article 16 of the GDPR, the right to obtain from the controller
the rectification of inaccurate personal data concerning you, or the completion
of the data concerning you.
In accordance with Art. 17
GDPR, you have the right to demand that relevant data be erased without undue
delay or, alternatively, to demand a restriction of the processing of the data
in accordance with Art. 18 GDPR.
You have in accordance with
Art. 20 GDPR the right to receive the personal data concerning you, which you
have provided to us, in a structured, commonly used and machine-readable format
and have the right to transmit those data to another controller.
In accordance with Art. 77
GDPR, you also have the right to file a complaint with the supervisory
authority.
Right of Withdrawal
You have the right to withdraw consents granted pursuant to Art. 7 (3
GDPR with effect for the future.
Right to Object
You can object to the future processing of the data concerning you in
accordance with Art. 21 GDPR at any time. The objection may be lodged in
particular against processing for direct marketing purposes.
Cookies and Right to
Object in Direct Marketing
We use temporary and permanent cookies, i.e. small files that are stored
on the user's devices (for the explanation of the term and function, see last
section of this Privacy Policy). In part, cookies serve security purposes or
are required for the operation of our online services (e.g., for the appearance
of the website) or to save the user's decision when confirming a cookie banner.
In addition, we or our technology partners use cookies to measure the reach and
for marketing purposes, about which the users will be informed in the scope of
the Privacy Policy.
If users do not want cookies to be stored on their computer, they are
advised to deactivate the corresponding option in the system settings of their
browser. Stored cookies can be deleted in the system settings of the browser.
The exclusion of cookies can lead to functional restrictions of this online
services.
An objection to the use of cookies used for online marketing purposes
can be declared for many of the services, especially in the case of tracking,
via the US site http://www.aboutads.info/choices/ or
the EU site http://www.youronlinechoices.com/.
Erasure of data and archiving obligations
The data processed by us
will be erased or its processing restricted in accordance with Articles 17 and
18 GDPR. Unless expressly stated in this Privacy Policy, the data stored by us
will be erased as soon as it is no longer required for its intended
purpose and there are no legal obligations to retain it. If the data are not
erased because they are necessary for other and legally permissible purposes,
their processing is restricted. This means that the data is excluded and not
processed for other purposes. This applies, for example, to data that must be
retained for commercial or taxation reasons.
Hinweistext: Die Angaben gelten für Deutschland. Bitte ändern Sie diese
Angaben, wenn für Sie andere Aufbewahrungspflichten zutreffen:
In
accordance with statutory provisions in Germany, the records are kept in particular
for 10 years in accordance with Sections 147 (1) German Financial Act (AO) ,
Sections 257 (1) No. 1 and 4, (4) German Commercial Code (HGB) (books, records,
management reports, accounting documents, trading books, documents relevant to
taxation, etc.) and for 6 years in accordance with Sections 257 (1) No. 2 and
3, (4) HGB (commercial letters).
Changes
and Updates to this Privacy Policy
We ask you to keep yourself regularly informed about the contents of our
Privacy Policy. We will adapt the Privacy Policy as soon as any changes in data
processing carried out by us make this necessary. We will inform you as soon as
the changes require your cooperation (e.g. consent) or other individual
notification.
Relevant Legal Basis for the Processing;
In accordance with Art. 13
GDPR, we inform you of the legal basis of our data processing. If the legal
basis is not explicitly stated in the Privacy Policy, the following applies:
The legal basis for obtaining consents is Art. 6 (1) a and Art. 7 GDPR, the
legal basis for processing for the performance of our services and performance
of contractual measures as well as for answering inquiries is Art. 6 (1) b
GDPR, the legal basis for processing to fulfil our legal obligations is Art. 6
(1) c GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6 (1) f
GDPR. In the event that the vital interests of the data subject or another
natural person require the processing of personal data, Article 6(1)(d) GDPR
serves as the legal basis.
Hinweistext: Ob diese Angaben zu anderen Gesetzen (hier UWG)
erforderlich sind, ist nicht geklärt. D.h. wenn es ist empfohlen sie anzugeben,
aber es ist bisher nicht entschieden, ob deren Fehlen schädlich ist (nach der
hier vertreten Meinung, sind diese Hinweise auf andere Gesetze nicht
erforderlich, ansonsten wären kaum Grenzen zu ziehen, wann welche Gesetze nicht
genannt werden müssen, was in kaum hilfreichen sowie langen Paragraphenketten
ausarten würde).
The principles for commercial communications outside of business
relations, in particular by post, telephone, fax and email, are contained in §
7 of the German Unfair Competition Act (UWG).
Security of Data Processing
We
shall take appropriate technical and organisational measures to ensure a level
of protection appropriate to the risk in accordance with Article 32 GDPR,
taking into account the state of the art, the costs of implementation and the
nature, scope, context and purposes of processing as well as the risk of
varying likelihood and severity for the rights and freedoms of natural persons;
the measures include in particular ensuring the confidentiality, integrity and
availability of data by controlling physical access to the data, as well as the
access, input, transfer, integrity and pseudonymity. Furthermore, we have
established procedures that guarantee the assertion of data subjects' rights,
the erasure of data and the response to data hazards. Furthermore, we already
consider the protection of personal data during the development or selection of
hardware, software and procedures, in accordance with the principle of data protection by design of technology and by data
protection-friendly presettings (Art. 25 GDPR).
The security measures include in particular the
encrypted transmission of data between your browser and our server.
Hinweistext:
Die Angaben zu Mitarbeitern sind nur erforderlich, wenn Sie Mitarbeiter
beschäftigen.
Employees
are bound to confidentiality with regard to data protection, are instructed,
monitored, and informed of possible liability consequences.
Disclosure and Transmission of Data
If we disclose data to other persons and companies (processors or third
parties) within the scope of our processing, transfer the data to them or
otherwise grant them access to the data, this will only be carried out on the
basis of a legal permission (e.g. if a transfer of the data to third parties,
such as to payment service providers, is required for contract fulfilment
pursuant to Art. 6 (1) b GDPR), if you have consented, if a legal obligation
requires this or on the basis of our legitimate interests (e.g. when using
agents, web hosting services, etc.).
If we commission third parties with the processing of data on the basis
of a so-called " Data Processing Agreement", this is done on the
basis of Art. 28 GDPR.
If we disclose, transfer or otherwise grant access to data to other
companies in our Group of Companies (Undertakings), this is done in particular
for administrative purposes as a legitimate interest and in addition on the
basis of a Data Processing Agreement.
Transfers to Third Countries
If we process data in a third country (i.e. outside the European Union
(EU) or the European Economic Area (EEA)) or if this occurs in the context of
the use of third-party services or disclosure or transmission of data to third
parties, this only takes place if it is necessary to fulfil our
(pre)contractual obligations, on the basis of your consent, on the basis of a
legal obligation or on the basis of our legitimate interests. Subject to legal
or contractual permissions, we process or let the data being processed in a
third country only if the special requirements of Art. 44 ff. GDPR are met.
This means, for example, processing is carried out on the basis of special
guarantees, such as the officially recognised adequate data protection level
corresponding to the EU (e.g. for the USA by the "Privacy Shield") or
compliance with officially recognised special contractual obligations
(so-called "Standard Contractual Clauses").
Section III - Processing operations
The following section
provides an overview of our processing activities, which we have subdivided
into other areas of operation. Please note that the areas of operation are for
guidance only and that processing activities may overlap (e.g. the same data
may be processed in several operations).
We will only
use your personal data when the law allows us to. Most commonly, we will use
your personal data in the following circumstances:
· Where we
need to perform the contract we are about to enter into or have entered into with
you.
· Where it
is necessary for our legitimate interests (or those of a third party) and your
interests and fundamental rights do not override those interests.
· Where we
need to comply with a legal or regulatory obligation.
Generally we
do not rely on consent as a legal basis for processing your personal data other
than in relation to sending third party direct marketing communications to you
via email or text message. You have the right to withdraw consent to marketing
at any time by contacting
us.
For reasons of clarity and
comprehensibility, you will find the frequently repeated terms in Section IV of
this data protection declaration.
The Key Area of Data Processing
In this section you will
find information on our key services and operations, such as responding to
enquiries and providing our contractual services as well as the associated
ancillary tasks.
- their expiry (end of
commercial law, 6 J / tax, 10 J, storage obligation.
Processing of Orders in the Online Shop
We process the data of
our customers in the context of the online services in our online shop to
enable the customers to select and order the selected products and services, as
well as their payment and delivery, or performance.
Data processed: Inventory data, contact data,
contract data, payment data
- Data
processed: Inventory data, contact data, contract data, payment data.
- Data
subjects: customers, prospective customers, business partners.
- Purpose of
processing: Provision of contractual services in the context of operating an
online shop, invoicing, delivery, customer service.
- Type,
scope and mode of operation of the processing: Session cookies for shopping
cart and login status.
- Legal basis:
Art. 6 (1) b (execution of order processes) and c (archiving required by law).
GDPR.
- Necessity
/ interest in processing: The data is required to establish and fulfil the
contractual relationship.
- External
disclosure and purpose: No, only on delivery or payment (use of payment service
providers:
o Computop GmbH, Schwarzenbergstrasse 4, 96050 Bamberg,
Germany, Privacy Policy: https://www.computop.com/uk/data-privacy/
o PayPal (Europe) S.à r.l. et Cie, S.C.A. 22-24
Boulevard Royal, L-2449 Luxembourg, Privacy Policy: https://www.paypal.com/en/webapps/mpp/ua/privacy-full?locale.x=en_EN - as well as
banks and financial institutions).
o GB Group PLC, The Foundations, Herons Way, Chester
Business Park, Chester, CH4 9GB, Privacy Policy:
https://www.gbgplc.com/privacy-policy/
- Processing
in third countries: No, only on customer request upon delivery or payment.
- Retention
of data: The deletion takes place after the expiry of statutory warranty and
comparable obligations, the necessity of data retention is reviewed every three
years; in the case of statutory archiving obligations, the erasure takes place
after their expiry (end of commercial law (6 years) and tax law (10 years)
retention obligation). Data in the customer account remain up to its erasure.
Customer Account
A customer
account requires a registration, which can take place online.
We offer
our own single sign-on method for the customer account. This means that users
who register in one of the online services of the companies belonging to the
Zwilling-Group can also use the access data for other online services of
companies belonging to the Zwilling-Group.
- Data
processed: Inventory data (first name, last name; email address; password (will
be stored encrypted), contact data, contract data, payment data, product
data/product preference, usage data, referrer data.
- Data
subjects: customers, interested parties.
- Purpose of
processing: Creation and operation of a customer account to manage the
contractual relationship.
- Type,
scope and mode of operation of the processing: registration process,
cancellation possibility.
- Legal
basis: Art. 6 (1) b. GDPR.
- Special
security measures: The public account information of users is not visible to
external parties such as search engines or other users and cannot be searched
by them. Users are responsible for the secure custody of their access
credentials.
- Necessity
/ interest in processing: The customer account is optional, requested data for
its operation required. Mandatory fields are marked as such. In addition, each
user decides for himself on disclosing additional information.
- External
disclosure and purpose: No.
- Processing
in third countries: No.
- Retention
of data: Information remains in the customer account until it is deleted with
subsequent archiving in the event of a legal obligation (end of commercial law
(6 years) and tax law (10 years) retention obligation).
Credit
Assessment
If we make advance deliveries (e.g. when purchasing on account), we
reserve the right to obtain identity and creditworthiness information from
specialized service providers (credit agencies) for the purpose of assessing
credit risk on the basis of mathematical-statistical procedures in order to
safeguard our legitimate interests. We process the information received from
credit agencies on the statistical probability of non-payment within the
framework of an appropriate discretionary decision on the establishment,
execution and termination of the contractual relationship. We reserve the right
to refuse payment on account or any other advance payment in the event of a
negative result of the credit assessment.
- Data
processed: Name, postal address, date of birth, details of the type of
contract, bank details.
- Special categories
of personal data: no.
- Legal
basis: Art. 6 (1) f. GDPR; If based on user consent: Art. 6 (1) a., Art. 7
GDPR.
- Data
subjects: customers, interested parties.
- Purpose of
processing: Assessment of the probability of default of receivables.
- Type,
scope and mode of operation of the processing: We process the information
received from credit agencies on the statistical probability of non-payment
within the framework of an appropriate discretionary decision on the
establishment, execution and termination of the contractual relationship. We
reserve the right to refuse payment on account or any other advance payment in
the event of a negative result of the credit assessment.
- Necessity
/ interest in processing: Business interests.
- Credit agency: 1st Choice Reporting Ltd,
registered in England, no, 08663784 – 16 Langley Road, Sale, M33 5AY. Email – support@1stchoicereporting.co.uk | www.1stchoicereporting.co.uk
- Processing
in third countries: no.
- Automated
decision in individual cases according to Art. 22 GDPR: In this case, the
decision as to whether we make advance payments is made in line with Art. 22
GDPR solely on the basis of an automated decision in individual cases, which
our software makes on the basis of the information provided by the credit
agency without the involvement of employees.
Answering
Inquiries and Customer Service
- We process the information in the inquiries, which we
receive via our contact form and other means, e.g. via email, in order to
answer the inquiries. For these purposes, the inquiries may be stored in our
Customer Relationship Management (CRM) system or in similar procedures that
serve us to manage inquiries. For customer relationship management purposes
(CRM) we use so-called CRM software. With the help of the software we can
answer the inquiries more effectively and faster.
- Data processed: Inventory data, contact data, contract
data, payment data, usage data, metadata; e.g.
- Data subjects: customers, prospective customers, business
partners, website visitors.
- Purpose of processing: Answering inquiries.
- Type, scope and mode of operation of the processing:
registration process, termination option.
- Legal basis: Art. 6 (1) b./f. GDPR.
- Necessity / interest in processing: Necessary to
answer queries, optimization, user-friendliness, business interests.
- Guarantee when processing in third countries: Privacy
Shield https://www.privacyshield.gov/participant?id=a2zt0000000KzLyAAK&status=Active.
- Retention of data: We delete the requests if they are
no longer required. We review the requirement every two years; requests from
customers who have a customer account are stored permanently and are linked to
the customer account details for deletion. In the case of statutory archiving
obligations, the erasure takes place after their expiry (end of commercial law
(6 years) and tax law (10 years) storage obligation).
Business and market research
In order to operate our
business economically and to identify market trends, customer and user
requirements, we analyse the data available to us on business transactions,
contracts, enquiries, etc., in order to ensure that we are able to offer our
customers the best possible service. For this purpose, we combine the personal
data of customers from registrations and orders with the behaviour-related data
of customers.
In the context of the
economic evaluation we bring together the data of the users independently of the
used devices (e.g. if users use our on-line offer on a mobile or on a
stationary device).
- Data processed: Inventory data, contact data, contract
data, payment data, usage data and metadata, e.g. activity data from e-mails
via our online channels, e.g. data on the page accessed, the page history, the
device used, the approximate location and data for pseudonymous identification
of the user profile).
- Legal basis: Art. 6 (1) f. GDPR.
- Data subjects: customers, prospective customers,
business partners, visitors and users of the online offer.
- Purpose of processing: business analysis, marketing,
advertising, market research.
- Type, scope and mode of operation of the processing:
profiling, online behavioural advertising, first party cookies.
- Necessity / interest in processing: Increased
user-friendliness, optimization of the service, business efficiency.
- Retention of data: If a customer account was opened,
with its termination, otherwise after two years from conclusion of contract.
For the rest, macroeconomic analyses and general trend determinations are
carried out anonymously wherever possible.
- Retention of data: After the deadline of two years.
External online profiles
In this area you will find
information about our data processing in the context of operating external
online activities, e.g. in social media.
Online Presences in Social Media
We maintain online presences within social networks and platforms in order to communicate with the customers, interested parties and Users who are active there and to inform them about our services.
We point out that data of Users outside the area of the European Union can be processed. This can pose risks for Users because, for example, the enforcement of Users' rights could be made more difficult. With regard to US providers certified under the Privacy Shield, we would like to point out that they commit themselves to comply with the data protection standards of the EU.
Furthermore, User data is normally processed for market research and advertising purposes. Thus, for example, User profiles can be created from the User behavior and the resulting interests of the Users. The usage profiles can in turn be used, for example, to place advertisements inside and outside the platforms that presumably correspond to the interests of the Users. For these purposes, cookies are usually stored on the User's computer, in which the User's usage behavior and interests are stored. Furthermore, data can also be stored in the User profiles independently of the devices used by the Users (especially if the Users are members of the respective platforms and are logged in to these).
The processing of Users' personal data is based on our legitimate interests in effective User information and communication with Users. If the Users are asked by the respective providers for a consent to the data processing (i.e. declare their consent e.g. by ticking a checkbox or confirming a button), the legal basis of the processing is a consent.
For a detailed description of the respective processing and the possibilities of objection (opt-out), we refer to the information provided by the providers linked below.
Also in the case of requests for information and the assertion of User rights, we point out that these can be asserted most effectively with the providers. Only the providers have access to the data of the Users and can directly take appropriate measures and provide information. If you still need help, you can contact us.
The links/buttons to social networks and platforms (hereinafter referred to as "social media") used within our online services do not establish a data transmission between social networks and users until users click on the links/buttons and access the respective networks or their websites. This function corresponds to the function of a regular online link.
- Data processed: Inventory data, contact data, content data, usage data, metadata.
- Special categories of personal data: In principle, no, except as provided voluntarily by users.
- Legal basis: Art. 6 (1) lit a. / Art. 6 (1) lit f. GDPR.
- - Data subjects: Users of social media networks/ platforms (this can include customers and prospective customers).
- Purpose of processing: Information and communication.
- Type, scope and mode of operation of the processing: By providers of the respective platforms as a general rule: permanent cookies, tracking, targeting, remarketing, online behavioural advertising.
- Necessity / interest in processing: Expectations of users active on the platforms, business interests.
- External disclosure and purpose: To the social networks/platforms.
- Retention of data: The deletion policies of the respective networks/ platforms apply.
- Services used:
- Facebook (Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA or for Users within the European Union Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) – Privacy Policy: https://www.facebook.com/about/privacy/, Opt-Out: https://www.facebook.com/settings?tab=ads und http://www.youronlinechoices.com, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
- Google/ YouTube (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) - Privacy Policy: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
- Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) - Privacy Policy/ Opt-Out: http://instagram.com/about/legal/privacy/.
- Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) - Privacy Policy: https://twitter.com/privacy, Opt-Out: https://twitter.com/personalization, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000000TORzAAO&status=Active.
- Pinterest (Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA) - Privacy Policy/ Opt-Out: https://about.pinterest.com/privacy-policy.
- LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland) - Privacy Policy https://www.linkedin.com/legal/privacy-policy Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active.ex
Webserver and Security
Our services are
operated on web servers. In the following section we will inform you about
their use and data processed during the operation of our servers.
Server-Logs
The server on which this online service is
hosted collects so-called log files each time the online service is accessed,
in which user data is stored. The data is used for statistical analysis to
maintain and optimize server operation and for security purposes, e.g. to
detect potential unauthorized access attempts.
- Data processed: Usage data and metadata (name
of the accessed website, file, date and time of access, amount of data
transferred, notification of successful access, browser type and version, the
user's operating system, referrer URL (the previously visited website), IP address
and the requesting provider).
- Special categories of personal data: no.
- Legal basis: Art. 6 (1) f GDPR.
- Data subjects: customers, prospective
customers, visitors of the online service.
- Purpose of processing: Optimization of server
operation and security monitoring.
- Necessity / interest in processing: Security,
business interests.
- Processing in third countries: no.
- Deletion of data: After 7 days from the time of
the collection.
Our own Global Single Sign-On procedure
We use our own "single sign-on"
method, which allows our users with a user account within -
- Data
processed: Inventory data (name, email address, password (only processed on
Facebook), user ID, user handle);
- External
disclosure and purpose: Companies within our Zwilling Group.
- Privacy
Policy: Please refer to this Privacy Policy.
- Processing
in third countries: USA, within the limits of our US-Companies.
Embedded content and
functions
In this section we inform you which contents,
software or functions (briefly "contents") of other providers we embed
in the context of our website on the basis of Art. 6(1) f GDPR (so-called
"embedding"). The embedding is done to make our online offer more
interesting for our users or for legal reasons, e.g. to be able to present
videos or social media contributions within our online offer at all. Embedding
can also be used to improve the speed or security of online content, e.g. when
software elements or fonts are obtained from other sources. The processed data
includes in all cases the user's usage and metadata and also the IP address
necessarily transmitted to the provider for embedding the content, the data
subjects include the visitors to our website. The data subject categories
include the users of our website, customers and interested parties. Further
explanations can be found in the definitions of terms, in particular on the
functions and security measures, at the end of this Privacy Policy. The data
retention is determined by the data protection conditions of the providers of
the embedded content.
Google
Services and Content
We use
the following services and contents of the provider Google: YouTube - Videos;
Google Maps - Maps; Google Fonts - Fonts; Google - Recaptcha.
- Data
processed: Usage data, metadata.
- Type, scope and mode of
operation of the processing: Permanent cookies,
third party cookies, online behavioural advertising, tracking.
- Special security measures: Pseudonymization, opt-out.
- Opt-Out:http://tools.google.com/dlpage/gaoptout?hl=de, https://adssettings.google.com/.
- External
disclosure and purpose: Google LLC, 1600 Amphitheatre Parkway, Mountain
View, CA 94043, USA.
- Privacy
Policy: https://www.google.com/policies/privacy.
- Processing in third countries: USA.
- Guarantee when processing in third countries:
Privacy Shield https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
- Retention
of data: The data will be deleted in accordance with
Google's conditions.
Facebook Features and
Content
Functions and contents of the Facebook service
can be integrated within our online offer. This may include, for example,
content such as images, videos or texts and buttons with which users can
express their appreciation of the content, subscribe to the authors of the
content or our contributions.
- Data processed: Usage data,
metadata; if users are registered with the service, the above data can be
linked to their profiles and to the data stored with the service (in particular
inventory data).
- Type, scope and mode of operation of
the processing: Social plugins, permanent cookies, third party cookies, online
behavioural advertising, tracking, remarketing.
- Opt-Out:
https://www.facebook.com/settings?tab=ads,
http://www.youronlinechoices.com/uk/your-ad-choices/ (EU),
http://www.aboutads.info/choices (US).
- External disclosure and
purpose: Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA or for Users
within the European Union: Facebook Ireland Ltd., 4 Grand Canal Square, Grand
Canal Harbour, Dublin 2, Ireland
- Privacy Policy: https://www.facebook.com/policy
- Processing in third countries: USA.
- Guarantee when processing in third
countries: Privacy Shield www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
- Retention of data: The data will be
deleted in accordance with Facebook conditions.
Instagram Features and Contents
Functions and contents of the Instagram service
can be integrated within our online offer. This may include, for example,
content such as images, videos or texts and buttons with which users can
express their appreciation of the content, subscribe to the authors of the
content or our contributions.
- Data processed: Usage data, metadata; if users
are registered with the service, the above data can be linked to their profiles
and to the data stored with the service (in particular inventory data).
- Type, scope and mode of operation of the
processing: Social plugins, permanent cookies, third party cookies, online
behavioural advertising, tracking, remarketing.
- External disclosure and purpose: Instagram Inc,
1601 Willow Road, Menlo Park, CA, 94025, USA.
- Privacy Policy: https://www.google.com/policies/privacy.
- Processing in third countries: USA.
- Guarantee when processing in third countries:
Privacy Shield www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
- Retention of data: The data will be deleted in
accordance with Instagram's policies.
Pinterest features and content
Functions and contents of the Pinterest service
can be integrated within our online offer. This may include, for example,
content such as images, videos or texts and buttons with which users can
express their appreciation of the content, subscribe to the authors of the
content or our contributions.
- Data processed: Usage data, metadata; if users
are registered with the service, the above data can be linked to their profiles
and to the data stored with the service (in particular inventory data).
- Type, scope and mode of operation of the
processing: Social plugins, permanent cookies, third party cookies, online
behavioural advertising, tracking, remarketing
External disclosure and purpose: Pinterest Inc., 635
High Street, Palo Alto, CA, 94301, USA.
- Privacy
Policy: https://about.pinterest.com/de/privacy-policy.
- Processing
in third countries: USA.
- Retention of data: The data will be deleted in
accordance with Pinterest’s policies.
Marketing
In this section you will
find information on data processing carried out by us for the purpose of
optimising our marketing and market research activities.
Newsletter Mailing and
Performance Measurement
We will only send newsletters, emails and other
electronic notifications containing advertising information (hereinafter
"newsletters") with the consent of the recipients or a legal
permission. Subscribers' data is logged as we are required to provide
documentation of registrations. We also keep track of whether newsletters have
been opened and whether links have been clicked. This information is stored on
a per-user basis for technical reasons, but is not used to monitor individual
users, but rather, for example, to adapt content and services to users.
Information that we should collect in addition to the email address (e.g. name)
is used to personally address the users or to adapt the contents of the
newsletter to the users.
- Contents of the newsletter: As indicated in the
registration form, otherwise information about our services and our company.
- Data processed: Inventory data (email address),
usage data (registration time, confirmation time double opt-in, IP address,
opening of email, time and place, time and click on a link in the newsletter).
- Special categories of personal data: no.
- Legal basis: Art. 6 (1) a., Art. 7 GDPR and § 7
(2) no. 3 UWG (sending and performance measurement), Art. 6 (1) f GDPR
(logging).
- Data subjects: Email recipient
- Purpose of processing: newsletter dispatch,
optimization, proof of consent.
- Type, scope and mode of operation of the
processing: Web-Beacon.
- Necessity / interest in processing: Only the
email information is required for sending, the other information is voluntary
and serves to personalize and optimize the content based on the interests of
the user; the obligation to provide evidence of consent is the reason for
logging; performance measurement is based on legitimate interests in the
optimization of the content for users and based on business interests
- Opt-Out: A unsubscribe link is included in
every newsletter.
- External disclosure and purpose: Episerver GmbH, Wallstrasse 16, 10179,
Berlin, Germany. Privacy Policy: https://www.episerver.com/legal/privacy-statement/. Mailchimp, The
Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA
30308 USA. Privacy Policy: https://mailchimp.com/legal/privacy/
- Special security measures: Data Processing
Agreement.
- Guarantee when processing in third countries: Privacy
Shield
https://www.privacyshield.gov/participant?id=a2zt0000000KzLyAAK&status=Active.
- Retention of data: We may store the email
addresses we have unsubscribed for up to three years on the basis of our
legitimate interests before we delete them for the purpose of sending the
newsletter in order to be able to prove a previously given consent. The
processing of these data is limited to the purpose of a possible defence
against claims. An individual request for erasure is possible at any time,
provided that at the same time the former existence of a consent is confirmed.
Communication via Mail, Email, Fax or Telephone
Sending information
material, contacting us by telephone.
- Data processed: Inventory data, address and
contact data, contract data.
- Special categories of personal data: no.
- Legal basis: Art. 6 (1) a, Art. 7 GDPR, Art. 6
(1) f GDPR in connection with legal requirements for advertising
communications.
- Data subjects: customers, prospective
customers, communication partners.
- Purpose of processing: Commercial
communication.
- Type, scope and mode of operation of the
processing: Contact is only established with the consent of the contact
partners or within the scope of legal permissions.
- Necessity / interest in processing: Information
and business interests.
- External disclosure and purpose: No.
- Processing in third countries: No.
- Retention
of data: With objection / revocation or expiration of the legal basis of
eligibility.
Sweepstakes and
Competitions
In the course of sweepstakes and competitions ("sweepstakes"
for short) we processed the data of the participants for the execution of the
sweepstakes. Further information on the processing of your data within the
scope of the individual sweepstakes as well as any consent to the publication
of their names or contributions to the sweepstakes will be provided to the
users within the conditions of participation of the respective sweepstakes.
- content
data (e.g. contributions to competitions).
- Special
categories of personal data: no.
- Legal
basis: 6 (1) b GDPR.
- Data
subjects: Participants
- Purpose of
processing: Conducting lotteries, notification of prizes, sending prizes,
possibly presentation of winners.
- External
disclosure and purpose: Shipping companies for the purpose of sending the
prizes, possibly partners and sponsors of prizes.
- Processing
in third countries: No, except for sending prizes abroad.
- Retention
of data: As soon as the data is not required for the competition (e.g. for
inquiries regarding prizes); when winners or contributions to the competition are
published, they remain permanently online; otherwise, in the event of a legal
obligation (end of commercial law (6 years) and tax law (10 years) retention
obligation).
Web analytics, online marketing and technology
partners
In this section we inform you which services of
technology partners are used for web analytics and online marketing purposes.
Their application is based on Art. 6 (1) letter f GDPR and our interest in
increasing user convenience, optimizing our services and their economic
efficiency. The processed data includes in all cases the usage data and the
metadata. Further explanations can be found in the definitions of terms, in
particular on the functions and security measures, at the end of this Privacy
Policy. The retention of the data is determined, unless otherwise stated, in
accordance with the Privacy Policies of the technology partners.
Google Tag Manager
Google Tag Manager is a tool that allows us to
manage so-called website tags via an interface (and thus integrate Google
Analytics and other Google marketing services into our online serviced,). The
Tag Manager itself (which implements the tags) does not process any personal
data of the users. With regard to the processing of users' personal data,
reference is made to the following information on the Google services. Usage
guidelines: https://www.google.com/intl/de/tagmanager/use-policy.html.
Google Analytics
We use Google Analytics for purposes of range measurement
and target group building.
- Data
processed: Usage data, metadata.
- Type,
scope and mode of operation of the processing: permanent cookies, third party
cookies, tracking, online behavioural advertising, profiling, custom audiences,
remarketing.
- Special
security measures: pseudonymisation, IP masking, conclusion of Data Processing
Agreement, opt-out.
- Opt-Out: http://tools.google.com/dlpage/gaoptout?hl=en
(browser add-on), https://adssettings.google.com/ (setting for advertisements).
- External
disclosure: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043,
USA.
- Privacy
Policy: https://policies.google.com/privacy.
- Processing
in third countries: USA.
- Guarantee
when processing in third countries: Privacy Shield https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
- Retention
of data: 14 months.
Google AdWords
We use Google AdWords to place ads on Google's
and Google partner's websites and measure their performance.
- Data
processed: Usage data, metadata.
- Type,
scope and mode of operation of the processing: permanent cookies, third party
cookies, tracking, conversion measurement, online behavioural advertising,
profiling, cross-device-tracking.
- Special
security measures: Pseudonymisation, IP masking, conclusion of Data Processing
Agreement, opt-out.
- Opt-Out:
https://adssettings.google.com/.
- External
disclosure: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043,
USA.
- Privacy
Policy: https://policies.google.com/privacy.
- Processing
in third countries: USA.
- Guarantee
when processing in third countries: Privacy Shield
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
- Retention
of data: The data may be processed by Google for up to two years before it is
anonymised or deleted.
Google Display Network
Google's Double-Click
technology enables us to target visitors to our website with targeted
advertising as part of marketing campaigns for our products on our advertising
partners' websites.
- Data
processed: Usage data, metadata.
- Type,
scope, functioning of processing: permanent cookies, third party cookies,
tracking, conversion measurement, interest-based marketing, remarketing,
cross-device tracking, profiling.
- Special
protective measures: Pseudonymisation, IP masking, conclusion of Data
Processing Agreement, opt-out.
- Opt-Out:
https://adssettings.google.com/.
- External
disclosure: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043,
USA.
- Privacy
Policy: https://www.google.com/policies/privacy.
- processing
in third countries: USA.
- Guarantee
for processing in third countries: Privacy Shield www.privacyshield.gov/participant?id=a2zt00000000001L5AAI&status=Active.
Deletion of data: The data may be processed by Google for
up to two years before it is anonymised or deleted.
Facebook
Pixel and Facebook Customer Audience Pixel
We use the Facebook pixel to form target groups
and measure the success of the ads we place on Facebook and to build target
groups for ads.
- Data
processed: Usage data, metadata; if users are registered with Facebook, the
data is linked to their Facebook profiles and data belonging to them (in
particular inventory data).
- Type,
scope and mode of operation of the processing: Permanent cookies, third party
cookies, tracking, conversion measurement, online behavioural advertising,
profiling, cross-device-tracking, custom audiences from website, custom audiences from file.
- Special
security measures: Encrypted communication between Facebook and our website.
- Opt-Out:
https://www.facebook.com/settings?tab=ads, http://www.youronlinechoices.com/uk/your-ad-choices/ (EU),http://www.aboutads.info/choices (US).
- External
disclosure: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043,
USA.
- Privacy
Policy: https://www.facebook.com/policy.php.
- Processing
in third countries: USA.
- -
Guarantee when processing in third countries: Privacy Shield www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
- Retention
of data: The data will be deleted by Facebook and will be deleted if the
customer's data is deleted as part of the termination.
JustUno
We use the services of Justuno to optimize the
interaction of users with our online services and, for example, to encourage
subscriptions to our newsletter or the purchase of our products through
optimized interaction elements, such as input forms.
- Data
processed: Inventory data, contact data (e-mail address), usage data, metadata.
- Type,
scope and mode of operation of the processing: Permanent cookies, third party
cookies, tracking, conversion measurement, online behavioural advertising,
profiling, A/B testing.
- Special
security measures: Opt out.
- Opt-Out: http://www.aboutads.info/choices (US), http://www.networkadvertising.org/choices/ or contact help@justuno.com
- External
disclosure and purpose: Justuno, Inc, Pier 26, Mailbox 5, San Francisco, CA
94105, USA.
- Privacy Policy: https://www.justuno.com/privacy-policy.html.
- Processing
in third countries: USA.
Outbrain
We
use the Outbrain service for personalised marketing purposes, e.g. to display
advertisements within other online offers based on the presumed interests of
users.
- Data processed: Usage data, metadata.
- Type, scope and mode of operation of the
processing: Permanent cookies, third party cookies, tracking, remarketing,
online behavioural advertising, profiling.
- Special security measures: Opt-Out.
- Opt-Out:
https://www.outbrain.com/de/legal/privacy#advertising_behavioural_targeting.
- External disclosure and purpose: Outbrain Inc,
39 West 13th Street, 3rd floor, New York, NY 10011, USA.
- Privacy
Policy: https://www.outbrain.com/de/legal/privacy.
- Processing in third countries: USA.
- Guarantee when processing in third countries: < Please specify the guarantee on the basis
of which the data will be processed in the third country >.
- Retention of data: The data
will be deleted in accordance with Outbrain’s policies.
Sovendus
We use the Sovendus service to obtain consent
for our newsletters within other websites. We also participate in affiliate and
after-sale programs. In the context of online check-out processes, for example,
offers from other providers are displayed, which are selected on the basis of
the services purchased, the users' demographic data and their potential
interests.
- Data processed: Inventory data
(names and e-mail addresses in the case of obtaining consents), usage data,
metadata; the pseudonymised hash value of the e-mail address will be used to
take into account any existing objection to advertising by Sovendus. The IP
address is used by Sovendus exclusively for data security purposes and is
usually made anonymous after seven days. For billing purposes, we also send
Sovendus a pseudonymised order number, order value with currency, session ID,
coupon code and time stamp. If you are interested in a Sovendus voucher offer,
there is no advertising objection to your e-mail address, and you click on the
voucher banner only displayed in this case, we will encrypt the form of
address, name and your e-mail address and send it to Sovendus in preparation
for the voucher.
- Type,
scope, functioning of processing: permanent cookies, third party cookies,
tracking, interest-based marketing, profiling, affiliate links, after-sales.
- Special
protective measures: IP masking (Sovendus uses the IP address exclusively for
data security purposes and usually anonymizes it after seven days),
pseudonymization.
- External
disclosure: Sovendus GmbH, Moltkestr. 11, 76133 Karlsruhe, Germany.
- Privacy
Policy: https://www.sovendus.de/de/datenschutz/.
- processing
in third countries: no.
- Deletion
of data: All
personal data will be deleted after 180 days.
Section IV - Definitions
This section provides an
overview of the terms used in this Privacy Policy. Many of the terms are taken
from the law and defined above all in Art. 4 GDPR. The legal definitions are
binding. The following explanations, on the other hand, are intended primarily
for understanding. The terms are sorted alphabetically.
- A/B Tests - A/B
Tests are designed to improve the usability and performance of online services.
For example, users are shown different versions of a website or its elements,
such as input forms, on which the placement of the content or labels of the
navigation elements can differ. Subsequently, it is possible to determine which
of these websites or elements are more suited to the needs of the users on the
basis of the users' behaviour, e.g.
longer stays on the website or more frequent interaction with the elements of
the website.
- Affiliate Links -
Affiliate links are links that are used to refer users to websites with product
or other offers. The operators of the respective linking websites can receive a
commission if users follow the affiliate links and then take advantage of the
offers. For this it is necessary that the providers can track whether users who
are interested in certain offers subsequently purchase them at the initiative
of the affiliate links. Therefore, the functionality of affiliate links
requires that they be supplemented by certain values that become part of the
link or are otherwise stored, e.g. in a cookie. The values include in
particular the initial website (referrer), the time, an online identification
of the operator of the website on which the affiliate link was located, an
online identification of the respective offer, an online identification of the
user, as well as tracking specific values such as, for example, advertising
material ID, partner ID and categorisations.
- After-Sales - "After Sales" is a marketing procedure in which, for
example, customers of an online shop are presented with advertising offers from
other companies (which are usually based on the services or products purchased
in the online shop). Furthermore, the functionality of after-sales corresponds
to the functionality of affiliate links.
- Aggregated Data - Aggregated data is pooled data that cannot
be traced back to a person and is therefore not personal. For example, visit
times on a website can be saved as median values.
- Anonymous data - Anonymity occurs when a person cannot at
least be identified by the controller using the reasonable means at his
disposal on the basis of data. In particular, aggregated data may be anonymous.
- Click tracking - "Click tracking" allows to track
the movements of users within an entire website. Since the results of these
tests are more accurate if the user interaction can be monitored over a certain
period of time (e.g. if a user likes to return), cookies are usually stored on
the user's computers for these test purposes.
- Consent – “consent” of the data subject means any freely given, specific,
informed and unambiguous indication of the data subject’s wishes by which he or
she, by a statement or by a clear affirmative action, signifies agreement to
the processing of personal data relating to him or her.
- Conversion - "Conversion", or "Conversion measurement" refers
to a procedure with which the effectiveness of marketing measures can be
determined. As a rule, a cookie is stored on the user's devices within the
websites on which the marketing activities take place and then retrieved again
on the target website (e.g. this enables us to trace whether the ads we placed
on other websites were effective).
- Cookies - Cookies are small files that are stored on the user's computer.
Different data can be stored in the cookies. A cookie is primarily used to
store information about a user (or the device on which the cookie is stored)
during or after his or her visit to a website. Temporary cookies, or
"session cookies" or "transient cookies", are cookies that
are deleted after a user leaves a website and closes his browser. In such a
cookie, for example, the content of a shopping basket in an online shop or a
login status within a community can be stored. Cookies are referred to as
"permanent" or "persistent" if they are stored even after
the browser is closed. For example, the login status can be saved permanently. Likewise,
the interests of users used for web analytics or marketing purposes (see e.g.
"Remarketing") may be stored in such a cookie. As a "third party
cookie", cookies are offered by providers other than the operator of the
website (otherwise, if they are only the operators cookies, they are referred
to as "first party cookies").
- Cross-Device-Tracking - Cookies and fingerprints are device-related.
Cross-device tracking is required to evaluate the interests of users using
smartphones for advertising on desktop PCs. Logins in social networks such as
Facebook, for example, can be used for this purpose. Alternatively, location
data, IP addresses and user behaviour are used to achieve up to 98% more
precise user restriction. Cookies and web beacons are usually used for
cross-device tracking purposes.
- Custom Audiences - Custom audiences are people who are targeted
for advertising purposes, e.g. the display of advertisements. For example,
based on a user's interest in certain products or topics on the Internet, it
may be concluded that the user is interested in advertisements for similar
products or the online shop in which he has viewed the products.
"Lookalike audiences" are users whose profiles or interests
presumably correspond to the users for whom the profiles were created. Cookies
and web beacons are usually used for the purpose of creating custom audiences
and lookalike audiences. "Custom Audiences from Website" means that
the target groups are formed on the basis of visitors of the own website. "Custom
Audiences from File" means that, for example, a list of e-mail addresses
is uploaded to the respective advertising network or platform to form the
target group.
- Data subject - See "Personal data".
- Demographic Data - Demographic data are general information about
groups of people or persons, e.g. characteristics such as age, gender, place of
residence and social characteristics such as occupation, marital status or
income. Demographic data is collected within the scope of web analytics and in
online marketing for the purposes of online behavioural marketing or for
business analyses that are used, for example, to determine the target groups.
- Embedding - Embedding involves integrating external content or software functions
(see "Plug-ins") into one's own website in such a way that they are
displayed or executed on this website. No copy of the content is created
because it is called from the original server (e.g. videos, images, posts on
social networks, widgets with ratings). With embedding, it is technically necessary
for the provider of the content to obtain the IP address of the user in order
to display the embedded content in the user's browser. Furthermore, the content
provider may, for example, store cookies on the user's devices.
- Advanced matching - The "advanced matching" is a
Facebook pixel option, which means that inventory data such as phone numbers,
email addresses or Facebook IDs of users are transmitted to Facebook in
encrypted form to form target groups for Facebook ads and are used only for
this purpose.
- Error tracking - During error tracking, e.g. incorrectly
executed program code is detected in order to eliminate it and thus guarantee
the functionality and security of websites.
- Fingerprints and other online identifiers - "Fingerprints" correspond in their
function to cookies, whereby the storage of a file on the user's device is not
required. These digital fingerprints can be individually created as cross sums
of individual factors of devices, e.g. computing power or browser plug-ins for
devices, and thus used for web analytics, profiling, remarketing, online- and
behavioural advertising.
- First-Party Cookies – See “Cookies”.
- Heatmaps - "Heatmaps" are mouse movements of the users, which are
combined to an overall picture, with the help of which e.g. it is possible to
recognize which website elements are preferred and which website elements users
prefer less.
- IP address - The IP address ("IP" stands for Internet Protocol) is a
sequence of numbers that can be used to identify devices connected to the
Internet. When a user visits a website on a server, he informs the server of
his IP address. The server then knows that it must send the data packets
containing the content of the website to this address.
- IP Masking - IP masking is a method in which the last octet, i.e. the last two
numbers of an IP address, are deleted so that the IP address can no longer be
used to uniquely identify a person. Therefore, IP masking is a means of
pseudonymizing processing methods, especially in online marketing.
- Legitimate Interest – Legitimate interest means the interest of our
business in conducting and managing our business to enable us to give you the
best service/product and the best and most secure experience. We make sure we
consider and balance any potential impact on you (both positive and negative)
and your rights before we process your personal data for our legitimate
interests. We do not use your personal data for activities where our interests
are overridden by the impact on you (unless we have your consent or are
otherwise required or permitted to by law). You can obtain further information
about how we assess our legitimate interests against any potential impact on
you in respect of specific activities by contacting us.
- Lookalike Audiences – See “Custom Audiences”.
- Online behavioural advertising (OBA) - online behavioural advertising is the term
used when profiling is used to assess the potential interest of users in
advertising. Cookies and web beacons are usually used for these purposes.
- Opt-in - The term "opt-in" means, depending on the context, the same
as registration or consent.. If a registration (e.g. by entering an e-mail
address in an online form field) is confirmed by sending an e-mail with a
confirmation link to the owner of the e-mail address, this is referred to as a
Double-Opt-In (DOI).
- Opt-Out - The term Opt-Out means unsubscription and may be an objection (e.g.
against tracking) or a cancellation (e.g. for newsletter subscriptions).
- Opt-Out-Cookie - An
"Opt-Out-Cookie" is a small file (see "Cookies") which is
stored in your browser and in which it is noted that, for example, a tracking
service should not process your data. The "opt-out cookie" only
applies to the browser in which it was saved, i.e. in which you clicked the
opt-out link. If cookies are deleted in this browser, you must click the
opt-out link again. Furthermore, an opt-out link can only be limited to the
domain on which the opt-out link was clicked.
- Permanent Cookies – See “Cookies”.
- Personal Data - "Personal Data" means any information relating to an
identified or identifiable natural person ("data subject"); an
identifiable natural person is one who can be identified, directly or
indirectly, in particular by reference to an identifier such as a name, an
identification number, location data, an online identifier or to one or more
factors specific to the physical, physiological, genetic, mental, economic,
cultural or social identity of that natural person.
- Plugins/ Social Plugins - Plugins (or "Social Plugins" in
the case of social functions) are external software functions that are
integrated into a website. For example, they can be used to output interaction
elements (e.g., a "I like" button) or content (e.g., external
commenting function or postings in social networks).
- Processor - "Processor" means a natural or legal person, public
authority, agency or other body which processes personal data on behalf of the
controller;
- Profiling - "Profiling" means any automated processing of personal data
consisting in the use of such personal data to analyse, evaluate or predict
certain personal aspects relating to a natural person (depending on the type of
profiling, this includes information regarding age, gender, location and
movement data, interaction with websites and their contents, shopping
behaviour, social interactions with other people) (e.g. interests in certain
contents or products, click behaviour on a website or the location). Cookies
and web beacons are often used for profiling purposes.
- Privacy Shield - The EU-US Privacy Shield is an informal
agreement in the field of data protection law negotiated between the European
Union and the United States of America. It consists of a number of assurances
from the US government and a decision by the EU Commission. Companies certified
under the Privacy Shield offer a guarantee to comply with European data
protection law (https://www.privacyshield.gov).
- Pseudonymisation/ Pseudonyms - "Pseudonymisation" means the
processing of personal data in such a manner that the personal data can no
longer be attributed to a specific data subject without the use of additional
information, provided that such additional information is kept separately and
is subject to technical and organisational measures to ensure that the personal
data are not attributed to an identified or identifiable natural person; E.g.
if an exact interest profile of the computer user is stored in a cookie (a
"marketing avatar"), but not the name of the user, then data is
processed pseudonymously. If his name is stored, e.g. as part of his e-mail
address or his IP address is stored, then the processing is no longer
pseudonymous.
- Third countries - Third countries are countries in which the
GDPR is not directly applicable law, i.e. in general states that do not belong
to the European Union (EU) or the European Economic Area (EEA).
- Web Analytics - Web Analytics is used to evaluate the visitor flows of a website and
can include their behaviour, interests or demographic information, e.g. age or
gender. With the help of range analysis, website owners, for example, can see
what types of people visit their website at what time and what content they are
interested in. This enables them, for example, to better optimize the content
of the website to the needs of their visitors. Cookies and web beacons are
often used for Web Analytics purposes.
- Remarketing/ Retargeting - "Remarketing" or
"Retargeting" is used when, for example, for advertising purposes is
noted which products a user is interested in on a website in order to remind
the user on other websites of these products, e.g. in advertisements. Cookies
are usually used for retargeting purposes.
- Session Cookies – See “Cookies”.
- Single-Sign-On –
“Single-Sign-On" or "Single-Sign-On-Authentication" is a
procedure that allows users to log on to an online service, using other online
services, they are members with. A requirement for Single-Sign-On
authentication is that users are registered with the respective Single-Sign-On
provider and enter the required credentials on the web form provided for this purpose.
Authentication takes place directly with the respective single sign-on
provider. As part of such authentication, we receive a user ID with the
information that the user is logged in under this user ID at the respective
single sign-on provider and an ID that can no longer be used by us (so-called
"user handle"). Whether we receive further data depends solely on the
single sign-on procedure used, the selected data shares as part of
authentication and also which data users have authorised in the privacy or
other settings of the user account with the single sign-on provider. Depending
on the single sign-on provider and the choice of users, it can be different
data, usually the e-mail address and the user name. The password entered as
part of the single sign-on procedure is neither visible to us nor is it stored
by us. Users are asked to note that their data stored with us can be
automatically synchronized with their user account with the Single-Sign-On
provider, but this is not always possible or actually occurs. If, for example,
the e-mail addresses of users change, users must change these manually in their
user account at our site. If users decide that they no longer want to use their
user account link with the Single-Sign-On provider for the Single-Sign-On
procedure, they must cancel this link within their user account held with the
Single-Sign-On provider. If users wish to erase their data from our system,
they must cancel their registration at our service.
- Special categories of personal data - Data identifying racial or ethnic origin,
political opinions, religious or philosophical beliefs or trade union
membership, as well as genetic data, biometric data uniquely identifying a
natural person, health data or data relating to a natural person's sex life or
sexual orientation.
- Third Party - “Third party’ means a natural or legal person, public authority,
agency or body other than the data subject, controller, processor and persons
who, under the direct authority of the controller or processor, are authorised
to process personal data.
- Third-Party Cookies – See “Cookies”.
- Tracking - Tracking is defined as when the behaviour of users can be traced
across several online offers, e.g. for remarketing purposes. The behavioural
and interest information collected with regard to the online services used is
stored as user profiles in cookies or on the servers of marketing service
providers (e.g. Google or Facebook).
- Universal Analytics -
"Universal Analytics" is a Google Analytics process in which the user
analysis is based on a pseudonymous user ID and a pseudonymous profile of the
user with information from the use of various devices is created
("cross-device tracking").
- Controller –
“controller” means the natural or legal person, public authority, agency or
other body which, alone or jointly with others, determines the purposes and
means of the processing of personal data.
- Processing – “processing” means any operation or set of operations which is
performed on personal data or on sets of personal data, whether or not by
automated means, such as collection, recording, organisation, structuring,
storage, adaptation or alteration, retrieval, consultation, use, disclosure by
transmission, dissemination or otherwise making available, alignment or
combination, restriction, erasure or destruction;
- Tracking pixels – See Web-Beacons.
- Web beacons - Web beacons (or "pixels", "measuring pixels" or
"tracking pixels") are small, pixel-sized graphics that are
integrated into Web pages or HTML e-mails. For example, they allow to determine
whether an e-mail has been opened (at least if the image display in e-mails is
enabled) or how often a website is accessed by a user.
- Widgets – See Embedding.