Data protection

THE ZWILLING JA HENCKELS AG


As of: June 21, 2018

1 Introduction

This privacy policy explains the nature, scope and purpose of the processing of personal data (hereinafter referred to as "data") within our online offer and the related websites, functions and content as well as external online presence, such as our social media profiles. (collectively referred to as "online offer")

Please note that the ZWILLING Online Shop has been managed by ZWILLING JA Henckels Deutschland GmbH since 01.07.2017. For further information on the processing of personal data by ZWILLING JA Henckels Deutschland GmbH, please refer to the privacy policy of the website of the online shop.

In the first section of the privacy policy, you will find details of the person responsible for processing and an overview of our processing operations.

In the second section, you will find information about your rights, the relevant legal norms and general information about our processing of data.

The third section contains details of the individual processing operations. This section is divided into other areas, such as the core services, range measurement or marketing.

The fourth and last section contains a glossary in the context of providing our services with explanations and descriptions of the terms used in the privacy policy. This means that if you are unfamiliar with the terms used (such as "personal reference" or "cookie"), please refer to the last section and all terms used (eg "responsible person" or "user") are gender-neutral.

contents


Section I - Data Controller and Surveyor
 Responsible:
 Contact Data Protection Supervisor:
 Types of data processed:
 Processing of special categories of data (Article 9 (1) GDPR):
 Categories of data subjects :
 Purpose of processing:
 Automated decision on a case by case basis ( Art. 22 GDPR):

Section II -  Data  subjects , legal bases and general information
 Rights  of data subjects Right of
 withdrawal Right of
 objection
 Cookies and right of objection in direct marketing
Deletion of data and archiving  obligations
Changes and updates to the data protection
declaration Relevant legal basis
 Data processing security
Disclosure and transmission of data
 Transfers to third countries


Section III - Processing Processes
 Core Data Processing
 Responding to Inquiries and Customer Care
 Business Analytics and Market Research
 External Online Presence
 Online Social Media
 Sites Web Server and Security
 Server Logs
 Own Global Single Sign-On Process
 Embedded Content and Features
 Google Services and Content
 Features and Content of Facebook
 Features and Content of Instagram
 Features and Content of Pinterest
 Marketing
 Newsletter Sending and Measuring Success
 Communication via Post, Email, Fax or Phone
 Sweepstakes and Contests
 Reach  Measurement, Online Marketing and Technology Partners
 Google Tag Manager
 Google Analytics
 Google AdWords
 Google Double Click
 Facebook Pixel
JustUno

Section IV - Definitions

Hints

Section I - Responsible and overview of the data processing


Responsible:
ZWILLING JA Henckels AG
Grünewalder Strasse 14-22, 42657 Solingen
Represented by the Management Board: Dr. Ing . Erich Schiffers (Speaker / CEO), Klaus Kuhl, Dr. Ing. René Schmitz, Achim Wolfgarten
Phone: + 49 (0) 212 - 88 2 0
Fax: + 49 (0) 212 - 88 2 300
E-Mail: info@zwilling.com
Complete imprint: https://www.zwilling.com /de/de/pages/impressum.html

Contact Data Protection Officer:
E-Mail: datenschutz@zwilling.com


Types of processed data:

  • Inventory data (eg, names, addresses).
  • Contact details (eg, e-mail, telephone numbers).
  • Content data (eg, text input, photographs, videos).
  • Usage data (eg, websites visited, interest in content, access times).
  • Meta / contact data (eg, device information, IP addresses).
  • Applicant data (eg, name, contact details, qualifications, application documents).

Processing of special categories of data (Article 9 (1) GDPR):

No special categories of data are processed.

Categories of data subjects:

  • Customers / prospects / business partners.
  • Visitors and users of the online offer.

In the following, we refer to those affected as "users".

Purpose of processing:

  •  Provision of the online offer, its contents and functions.
  •  Service and customer care.
  •  Answering contact requests and communicating with users.
  • Marketing, analysis of buying behavior, usage behavior, advertising and market research.
  • Safety measures.

As of May 2018

Section II - Affected rights, legal bases and general advice

Rights of data subjects

You have the right to request a confirmation as to whether the data in question is being processed and for information about this data as well as for further information and a copy of the data in accordance with Art. 15 GDPR.

You have accordingly. Art. 16 DSGVO the right to demand the completion of the data concerning you or the correction of the incorrect data concerning you.

In accordance with Art. 17 GDPR, they have the right to demand that the relevant data be deleted without delay, or, alternatively, to require a restriction of the processing of data in accordance with Art. 18 GDPR.

You have the right to demand that the data relating to you, which you have provided to us, be obtained in accordance with Art. 20 GDPR and request their transmission to other responsible persons.

You have gem. Art. 77 DSGVO the right to file a complaint with the competent supervisory authority.

Withdrawal

You have the right to consent according to. Art. 7 para. 3 DSGVO with effect for the future.

right to

You may at any time object to the future processing of your data in accordance with Art. 21 GDPR. The objection may in particular be made against processing for direct marketing purposes.

Cookies and right of objection in direct marketing

We use temporary and permanent cookies, ie small files stored on users' devices (explanation of term and function, see last section of this privacy policy). In part, the cookies are used for security or to operate our online offer (eg, for the presentation of the website) or to save the user decision in the confirmation of the cookie banner. In addition, we or our technology partners use cookies for measuring reach and marketing purposes, which users are informed about in the course of the privacy policy.

A general objection to the use of cookies used for online marketing purposes can be found in a variety of services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/ be explained. Furthermore, the storage of cookies can be achieved by switching them off in the settings of the browser. Please note that not all features of this online offer may be used.

Deletion of data and archiving obligations

The data processed by us are deleted or limited in their processing in accordance with Articles 17 and 18 GDPR. Unless explicitly stated in this privacy statement, the data stored by us will be deleted as soon as they are no longer necessary for their intended purpose and the deletion does not conflict with any statutory storage requirements. Unless the data is deleted because it is required for other and legally permitted purposes, its processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be kept for commercial or tax reasons.

According to legal requirements in Germany, the storage takes place in particular for 10 years according to §§ 147 Abs. 1 AO, 257 Abs. 1 Nr. 1 and 4, Abs. 4 HGB (books, records, management reports, accounting documents, trading books, documents relevant for taxation , etc.) and 6 years in accordance with § 257 (1) Nos. 2 and 3, para. 4 HGB (commercial letters).

Changes and updates to the privacy policy

We ask you to inform yourself regularly about the content of our privacy policy. We will adjust the privacy policy as soon as the changes to the data processing we make require it. We will inform you as soon as the changes require your participation (eg consent) or other individual notification.

Relevant legal bases

In accordance with Art. 13 GDPR, we inform you about the legal basis of our data processing. Unless the legal basis in the data protection declaration is mentioned, the following applies: The legal basis for obtaining consent is Article 6 (1) lit. a and Art. 7 GDPR, the legal basis for the processing for the performance of our services and the execution of contractual measures as well as the answer to inquiries is Art. 6 para. 1 lit. b DSGVO, the legal basis for processing in order to fulfill our legal obligations is Art. 6 (1) lit. c DSGVO, and the legal basis for processing in order to safeguard our legitimate interests is Article 6 (1) lit. f DSGVO. In the case, that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d DSGVO as legal basis.

The basics for commercial communications outside of business relationships, in particular via post, telephone, fax and e-mail are included in § 7 UWG.

Security of data processing

We take appropriate technical measures in accordance with Art. 32 GDPR, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different likelihood and severity of the risk to the rights and freedoms of natural persons and organizational measures to ensure a level of protection commensurate with the risk; Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as their access, input, disclosure, availability and disconnection. Furthermore, we have set up procedures to ensure the enjoyment of Ensure data erasure and data vulnerability. Furthermore, we consider the protection of personal data already in the development, or selection of hardware, software and procedures, according to the principle of data protection by technology design and by privacy-friendly default settings considered (Article 25 GDPR).

The security measures include in particular the encrypted transmission of data between your browser and our server.

Employees will be required to maintain confidentiality, to be instructed and instructed with regard to data protection, as well as to possible liability consequences.

Disclosure and transmission of data

If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transmit them to them or otherwise grant access to the data, this is done only on the basis of a legal permission (eg if the data is transmitted to third parties , as to payment service providers, in accordance with article 6 paragraph 1 letter b DSGVO is necessary for the fulfillment of the contract), you have consented to a legal obligation or on the basis of our legitimate interests (eg the use of agents, web hosts, etc.) ,

Insofar as we commission third parties to process data on the basis of a so-called "contract processing contract", this is done on the basis of Art. 28 GDPR.

If we disclose, transmit or otherwise grant access to data to other companies in our group of companies, this is done in particular for administrative purposes as a legitimate interest and, in addition, on the basis of a contract processing contract.

Transfers to third countries

If we process data in a third country (ie outside the European Union (EU) or the European Economic Area (EEA)) or in the context of the use of third party services or disclosure or transmission of data to third parties, this will only be done if it is to fulfill our (pre) contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only in the presence of the special requirements of Art. 44 et seq. DSGVO. This means that the processing takes place eg on the basis of special guarantees, such as the officially recognized statement of a data protection level corresponding to the EU (eg

 

Section III - Processing

The following presentation gives you an overview of our processing activities, which we have subdivided into other areas of activity. Please note that the activities are for guidance only and that the processing activities may overlap (eg the same data may be processed in multiple procedures).

For clarity and comprehensibility, see the frequently repeated terms in Section IV of this Privacy Policy.

Core area of ​​data processing

In this section, you will receive information about our core services and tasks, such as answering inquiries and providing our contractual services as well as the related ancillary tasks.

Answering inquiries and customer care

The information in the requests, which we receive via our contact form and other ways, eg via e-mail, we process to answer the requests. For these purposes, requests may be stored in our Customer Relationship Management (CRM) system or similar procedures that serve us to manage requests. For the purposes of customer relationship management (CRM system) we use a so-called CRM software. With the help of the software we can answer the inquiries more effectively and faster.

  • Processed data: inventory data, contact data, usage data, metadata; eg
  • Affected: Customers, prospects, business partners, website visitors.
  • Purpose of processing: answering inquiries.
  • Type, scope, functioning of the processing: registration process, termination possibility.
  • Legal basis: Art. 6 para. 1 lit. a. / b. DSGVO.
  • Necessity / interest in processing: necessary to answer inquiries, optimization, user-friendliness, business interests.
  • External disclosure and purpose: CRM system operator, salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich.
  • Privacy Policy: https://www.salesforce.com/en/company/privacy/ .
  • Protective measures: Contract processing contract.
  • Processing in third countries: USA.
  • Guarantee when processing in third countries: Privacy Shield https://www.privacyshield.gov/participant?id=a2zt0000000KzLyAAK&status=Active .
  • Deletion of data: We delete the requests, if these are no longer necessary. We check the requirement every two years; Inquiries from customers who have a customer account, we store permanently and refer to the deletion on the details of the customer account. In the case of legal archiving obligations, the deletion takes place after its expiration (end of commercial law (6 years) and tax law (10 years) retention obligation).

Business analysis and market research

In order to operate our business economically, to recognize market trends, customer and user requirements, we analyze the data we have on business transactions, contracts, inquiries, etc. For this purpose, we collect the personal data of customers from applications and orders with the behavioral data of the Customers together.

As part of the business evaluation, we bring together the data of users regardless of the devices used (for example, if users use our online services on a mobile or stationary device).

  • Processed data: inventory data, contact data, usage data and metadata, eg activity data emanating from emails via our online channels, eg. Data about the accessed page, the page history, the device used, geo-data and data for pseudonymized identification of the user profile).
  • Legal basis: Art. 6 para. 1 lit. f. DSGVO.
  • Affected: Customers, prospects, business partners, visitors and users of the online offer.
  • Purpose of processing: business analysis, marketing, advertising, market research.
  • Creation and operation of a customer account for the administration of orders.
  • Type, scope, functionality of processing: profiling, interest-based advertising, first-party cookies.
  • Necessity / interest in processing: increase user-friendliness, optimization of the offer, business management.
  • External disclosure and purpose: analysis and market research by salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich.
  • Privacy Policy: https://www.salesforce.com/en/company/privacy/ .
  • Protective measures: Contract processing contract.
  • Processing in third countries: USA.
  • Guarantee when processing in third countries: Privacy Shield https://www.privacyshield.gov/participant?id=a2zt0000000KzLyAAK&status=Active .
  • Deletion of data: If a customer account was created, with its termination, otherwise after two years from the conclusion of the contract. Incidentally, the overall business analyzes and general trend provisions are created anonymously if possible.

External online presence

In this area you will receive information about our data processing in the context of the operation of external online sites, eg in social media.

Online presence in social media

We maintain online presence within social networks and platforms in order to communicate with customers, prospects and users active there and to inform them about our services.

We point out that data of the users outside the area of ​​the European Union can be processed. This can result in risks for the users, because for example the enforcement of the rights of the users could be made more difficult. With respect to US providers certified under the Privacy Shield, we point out that they are committed to respecting EU privacy standards.

Furthermore, the data of the users are usually processed for market research and advertising purposes. For example, user profiles can be created from the user behavior and resulting user interests. The usage profiles can in turn be used, for example, to place advertisements inside and outside the platforms that are supposedly in line with the interests of the users. For these purposes, as a rule, permanent cookies are stored on the computers of the users, in which the user behavior and the interests of the users are stored. Furthermore, in the usage profiles, data can also be stored independently of the devices used by the users (in particular if the users are members of the respective platforms and logged in to them).

The processing of personal data of users is based on our legitimate interests in an effective information of users and communication with users in accordance with. Art. 6 para. 1 lit. f. DSGVO. If the users are asked by the respective providers for a consent in the data processing (ie their agreement eg by ticking a check box or confirmation of a button explain) is the legal basis of the processing Art. 6 para. 1 lit. a., Art. 7 GDPR.

For a detailed description of the respective processing and the possibilities of contradiction (opt-out), we refer to the following linked information of the provider.

Also in the case of requests for information and the assertion of user rights, we point out that these can be claimed most effectively from the providers. Only the providers have access to the data of the users and can directly take appropriate measures and provide information. If you still need help, then you can contact us.

The links / buttons to social networks and platforms (hereinafter referred to as "social media") used within our online offer fundamentally only establish contact between social networks and the users when users click on the links / buttons and select the respective networks or networks whose websites are called up. This function corresponds to the operation of a regular online link.

Web server and security

Server logs

The server on which this online offer is located, collects with each access to the online offer so-called. Log files in which users' data is stored. The data serve on the one hand for statistical analysis to maintain and optimize server operation and on the other hand for security purposes, eg to detect potential unauthorized access attempts.

  • Processed data: Usage data and metadata (name of the retrieved web page, file, date and time of retrieval, amount of data transferred, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (previously visited page), IP address and the requesting provider).
  • Special categories of personal data: no.
  • Legal basis: Art. 6 para. 1 lit. f DSGVO.
  • Affected: Customers, prospects, visitors to the online offer.
  • Purpose of processing: Optimization server operation and security monitoring.
  • Necessity / interest in processing: safety, business interests.
  • Processing in third countries: no.
  • Deletion of data: After 30 days from the survey.

Own global single sign-on procedure

We use our own "single sign-on" method, which allows our users to log in with a user account within the online presence of our group of companies.

 

Embedded content and features

In this section we inform you, which content, software or functions (in short "content") of other providers we offer in the context of our online offer on the basis of Art. 6 para. 1 lit. f Embed DSGVO (so-called "embedding"). The embedding is done to make our online offer more interesting for our users or for legal reasons, to be able to present eg videos or social media contributions within our online offer. Embedding can also be used to improve the speed or security of the online offer, such as when software items or fonts are sourced from other sources. The processed data in all cases include the usage and metadata of the users and also the IP address necessarily transmitted to the provider for embedding the content, to the persons concerned the visitors of our on-line offer. The categories Affected include users of our online offer, customers and prospects. Further explanations are to be found in the definitions of terms, in particular regarding the functioning and protective measures, at the end of this Privacy Policy. The deletion of the data is determined by the privacy conditions of the providers of the embedded content.

Features and content of Facebook

Within our on-line offer functions and contents of the service Facebook can be integrated. This may include, for example, content such as images, videos or text and buttons, with which users can announce their favor regarding the content, the authors of the content or our contributions can subscribe.

Features and content of Instagram

Within our online offer functions and contents of the service Instagram can be integrated. This may include, for example, content such as images, videos or text and buttons, with which users can announce their favor regarding the content, the authors of the content or our contributions can subscribe.

  • Processed data: usage data, metadata; If users are registered with the service, the above data can be linked to their profiles and to data stored in the service (in particular inventory data).
  • Type, scope, functionality of processing: social plugins, permanent cookies, third party cookies, interest-based marketing, tracking, remarketing.
  • external: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA.
  • Privacy Policy: https://help.instagram.com/155833707900388 .
  • Processing in third countries: USA.
  • Guarantee when processing in third countries: Privacy Shield https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active .
  • Deletion of data: The data will be deleted according to the terms of Instagram.

Features and content of Pinterest

Within our online offer functions and contents of the service Pinterest can be integrated. This may include, for example, content such as images, videos or text and buttons, with which users can tell their favor regarding the content, the authors of the content or subscribe to our contributions.

  • Processed data: usage data, metadata; If users are registered with the service, the above data can be linked to their profiles and to data stored in the service (in particular inventory data).
  • Type, scope, functionality of processing: social plugins, permanent cookies, third party cookies, interest-based marketing, tracking, remarketing.
  • External disclosure: Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA.
  • Privacy Policy: https://about.pinterest.com/privacy-policy .
  • Processing in third countries: USA.
  • Deletion of data: The data will be deleted in accordance with the terms of Pinterest.

 

marketing

This section contains information about the data processing we conduct for the purpose of optimizing our marketing and market research activities.

Newsletter delivery and success measurement

We send newsletters, e-mails and other electronic notifications with advertising information (hereinafter "newsletter") only with the consent of the recipient or a legal permission. The data of the subscribers are logged because we are obliged to prove registrations. We also keep track of whether newsletters have been opened and links have been clicked. This information is stored per user for technical reasons, but not used to observe individual users, but to adapt content and offers to the users. Information that we should collect in addition to the e-mail address (eg name), serve the personal address of the users or adaptation of the contents of the newsletter to the users.

  • Content of the newsletter: As stated in the registration form or in the e-mail preferences, otherwise information about our services and our company.
  •  Processed data: inventory data (e-mail address), usage data (time of registration, confirmation time Double-Opt-In, IP address, opening of the e-mail, time and place, time and click on a link in the newsletter, referrer data, usage of the online shop, Thematic preferences).
  • Special categories of personal data: no.
  • Legal basis: Art. 6 para. 1 lit. a, Art. 7 DSGVO and § 7 Abs. 2 Nr. 3 UWG, Abs. 3 (Dispatch), Art. 6 Abs. 1 lit. c in conjunction with Art. 7 para. 1 DSGVO (logging), Art. 6 para. 1 lit. f DSGVO (Success Measurement).
  • Affected: E-mail recipients
  • Purpose of processing: Newsletter delivery, optimization, proof of consent.
  • Type, extent, functionality of the processing: Web beacon.
  • Necessity / interest in processing: Only the e-mail address is required for shipping, the other information is voluntary and serves to personalize and optimize content based on the interests of users; the obligation to prove consent is the reason for the logging; The measurement of success is based on legitimate interests in the optimization of content for users and based on business interests
  • Opt-Out: A cancellation link is available in every newsletter.
  • Disclosure external and purpose: episerver GmbH, Wallstr. 16, 10179 Berlin
  • Privacy Policy: https://www.episerver.de/legal/privacy-statement
  • Protective measures: Contract processing contract.
  • Processing in third countries: USA.
  • Guarantee for processing in third countries: Privacy Shield https://www.privacyshield.gov/participant?id=a2zt0000000PD4sAAG&status=Active
  • Deletion of data: After unsubscribing from the newsletter, the e-mail addresses for the purpose of proving the previous application including log-in data for the registration (time, IP address) are stored for two years and then deleted.

Communication via mail, e-mail, fax or telephone

Delivery of information material, telephone contact.

  • Processed data: usage data, inventory data, address and contact data, contract data.
  • Special categories of personal data: no.
  • Legal basis: Art. 6 para. 1 lit. a, Art. 7 GDPR, Art. 6 para. 1 lit. f DSGVO in connection with legal requirements for advertising communications.
  • Affected parties: Customers, participants, interested parties, communication partners.
  • Purpose of processing: Advertising communication.
  • Type, extent, mode of operation of the processing: The contact takes place only with consent of the contact partners or in the context of the legal permissions.
  • Necessity / interest in processing: information and business interests.
  • Disclosure external and purpose: no.
  • Processing in third countries: no.
  • Deletion of data: With objection / revocation or elimination of the authorization basis.

Raffles and competitions

In the context of competitions and competitions (short "competitions") we processed the data of the participants for the realization of the competitions. Further information on the processing of your data in the context of the individual prize draws as well as any consent to the publication of their names or sweepstakes will be given to the users within the terms and conditions of the respective sweepstakes.

  • Processed data: inventory data, contact data, content data (eg contributions to sweepstakes).
  • Special categories of personal data: no.
  •  Legal basis: 6 para. 1 lit. b DSGVO.
  • Affected: Participants
  • Purpose of processing: Conducting the lotteries, winning notification, sending of winnings, possibly presentation of winners.
  • Disclosure external and purpose: Forwarding company for the purpose of sending profits, possibly partners and sponsors of profits.
  • Processing in third countries: No, except for shipping of profits abroad.
  • Deletion of data: as soon as the data is not needed for the raffle (eg for inquiries about winnings); in the case of the publication of winners or sweepstakes, they generally remain permanently online; in addition, archiving in the case of a legal obligation (end of commercial law (6 years) and tax law (10 years) retention).

Reach measurement, online marketing and technology partners

In this section, we'll let you know which services technology partners use to measure reach and for online marketing. Their use is based on Art. 6 para. 1 lit. f DSGVO and our interest in increasing usability, optimizing our offer and its business efficiency. The processed data includes usage and metadata in all cases. Special categories of data are not processed. Affected are customers, prospects and other visitors to our online offer. Further explanations can be found in the definitions of terms, in particular regarding the functioning and protective measures, at the end of this Privacy Policy. The deletion of the data is determined

Google Tag Manager

Google Tag Manager is a solution that allows us to manage so-called website tags through a single interface (including integrating Google Analytics and other Google marketing services into our online offering). The tag manager itself (which implements the tags) does not process users' personal data. With regard to the processing of users' personal data, reference is made to the following information about the Google services. Usage Policy: https://www.google.com/intl/en/tagmanager/use-policy.html .

Google Analytics

We use Google Analytics for purposes of measuring reach and targeting.

Google AdWords

We use Google AdWords to serve ads on Google and Google partners' websites and measure their success.

  • Processed data: usage data (conversion data), metadata.
  • Type, scope, functionality of processing: Permanent cookies, third-party cookies, tracking, conversion measurement, interest-based marketing, profiling.
  • Special protective measures: pseudonymisation, IP masking, conclusion of contract processing contract, opt-out.
  • Opt-Out: https://adssettings.google.com/ .
  • External disclosure: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
  • Privacy Policy: https://www.google.com/policies/privacy .
  • Processing in third countries: USA.
  • Guarantee when processing in third countries: Privacy Shield https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active .
  • Deletion of data: The data will be deleted in accordance with the terms of Google.

Google Display Network

Google's Double-Click technology allows us to target visitors to our website through targeted advertising campaigns through our product marketing campaigns.

  • Processed data: usage data, metadata.
  • Type, scope, functionality of processing: Permanent cookies, third-party cookies, tracking, conversion measurement, interest-based marketing, remarketing, cross-device tracking, profiling.
  • Special protective measures: pseudonymisation, IP masking, conclusion of contract processing contract, opt-out.
  • Opt-Out: https://adssettings.google.com/ .
  • External disclosure: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
  • Privacy Policy: https://www.google.com/policies/privacy .
  • Processing in third countries: USA.
  • Guarantee when processing in third countries: Privacy Shield https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active .
  • Deletion of data: The data will be deleted in accordance with the terms of Google.

Facebook Pixel and Facebook Customer Audience Pixel

We use the Facebook pixel for target group formation and success measurement of the ads we have placed on Facebook.

Processed data: usage data, metadata; If users are registered on Facebook, the data will be linked to their Facebook profiles and their associated data (especially inventory data).

JustUno

We use the services of Justuno to optimize the interaction of users with our online offer and, for example, to promote the registration for our newsletter or the purchase of our products through optimized interaction elements, such as input forms.

  • Processed data: inventory data, contact data (e-mail address), usage data, metadata.
  • Type, scope, functionality of processing: Permanent cookies, third-party cookies, tracking, conversion measurement, interest-based marketing, profiling, A / B testing.
  • Special protective measures: Opt-Out
  • Opt-Out: http://www.aboutads.info/choices (US), http://www.networkadvertising.org/choices/ or contact help@justuno.com
  • External disclosure: Justuno, Inc, Pier 26. Mailbox 5, San Francisco, CA 94105, USA.
  • Privacy Policy: https://www.justuno.com/privacy-policy.html .
  • Processing in third countries: USA.

 

Section IV - Definitions

This section provides an overview of the terms used in this Privacy Policy. Many of the terms are taken from the law and defined above all in Art. 4 GDPR. The legal definitions are binding. The following explanations, on the other hand, serve above all to understand. The terms are sorted alphabetically.

A / B Testing - A / B testing is designed to improve the usability and performance of online offerings. For example, users are presented with different versions of a website or its elements, such as input forms, on which the placement of the content or labels of the navigation elements may differ. Subsequently, based on the behavior of the users, eg prolonged lingering on the website or more frequent interaction with the elements, it can be determined which of these websites or elements correspond more to the needs of the users.

Affiliate links - "Affiliate links" are links with the help of which the linking websites direct users to websites with product or other offers. The operators of the respective linking websites can receive a commission if users follow the affiliate links and then take advantage of the offers. For this, it is necessary that the providers can track whether users who are interested in certain offers, then perceive this on the occasion of the affiliate links. Therefore, the functionality of affiliate links requires that they be supplemented with certain values ​​that become part of the link or otherwise stored, eg in a cookie. The values ​​include in particular the source website (Referrer), time,

After-Sales - "After Sales" are marketing processes in which, for example, customers of an online shop are presented with advertising offers from other providers (which are generally based on the services or products purchased in the online shop). Incidentally, the way in which after-sales work works is the same as how affiliate links work.

Aggregated Data - Aggregated data is aggregated data that does not allow for inference to a person and is therefore not personally identifiable. For example, visit times can be stored on a website as averages.

Anonymous data - Anonymity occurs when a person is at least not identifiable by means of a date by the person responsible with the means at his disposal. In particular, aggregated data may be anonymous.

Order Processor / Contractor - "Contractor" means a natural or legal person, public authority, body or body that processes personal data on behalf of the controller.

Specific categories of personal data - data identifying racial and ethnic origin, political opinions, religious or ideological beliefs or trade union membership, as well as genetic data, biometric data for the unambiguous identification of a natural person, health or sex life data, or the sexual orientation of a natural person.

Affected person (s) - See "Personal Date".

Clicktracking - "Clicktracking" allows to survey the movements of the users within an entire online offer. Since the results of these tests are more accurate, if users 'interaction can be tracked over a period of time (eg, if a user likes to return), cookies are usually stored on users' computers for these purposes.

Conversion - "Conversion" or "Conversion Measurement" refers to a process by which the effectiveness of marketing measures can be determined. As a rule, a cookie is stored on users' devices within the websites where the marketing activities are carried out and then called up again on the target website (eg we can see if the advertisements we have posted on other websites have been successful).

Cookies - "Cookies" are small files that are stored on users' computers. Different information can be stored within the cookies. A cookie serves primarily to store the information about a user (or the device on which the cookie is stored) during or after his visit to an online offer. Temporary cookies, or "session cookies" or "transient cookies", are cookies that are deleted after a user leaves an online service and closes his browser. In such a cookie, for example, the content of a shopping cart in an online shop or a login jam within a community can be saved. "Persistent" or "persistent" refers to cookies that remain stored even after the browser has been closed. So can eg the login status will be stored in a community when users visit it after several days. Likewise, in such a cookie the interests of the users can be stored, which are used for range measurement or marketing purposes (eg Remarketing). As a "third-party cookie", cookies will be offered by providers other than the person responsible for the online offer (otherwise, if only their cookies are called "first-party cookies").

Cross-Device Tracking - Cookies and fingerprints are device-related. In order to evaluate the interests of the users in the context of smartphone use for ads on desktop PCs, cross-device tracking is required. For example, logins can serve in social networks such as Facebook. Alternatively, location data, IP addresses, and user behavior are used to achieve up to 98% more accurate user confinement. For purposes of cross-device tracking, cookies and web beacons are generally used.

Custom Audiences - "Custom Audiences" (or "custom audiences") is when audiences are targeted for promotional purposes, such as insertion of advertisements. For example, based on a user's interest in certain products or topics on the Internet, it can be concluded that this user is interested in advertising for similar products or the online store where he or she viewed the products. Again, "lookalike audiences" (or similar audiences) are referred to as content deemed appropriate to users whose profiles or interests are believed to correspond to the users to whom the profiles were made. For the purposes of creating custom audiences and lookalike audiences, cookies and web beacons are typically used. "Custom Audiences from Website" means that the target groups are formed on the basis of the visitors of their own website. "Custom Audiences from File" means that, for example, a list of email addresses are uploaded to the respective ad network or platform to form the target groups.

Demographic Data - Demographic data is general information about groups of people or persons, such as age, gender, place of residence and social characteristics such as occupation, marital status or income. Demographic data are collected in the scope of reach measurement and in online marketing for the purposes of interest-based marketing or for business analysis, which are used eg to determine the target groups.

Third party - "Third party" means a natural or legal person, public authority, body or body other than the data subject, the controller, the processor and the persons authorized under the direct responsibility of the controller or processor to process personal data.

Third country - Third countries are states in which the GDPR is not a directly applicable law, ie in principle states that do not belong to the European Union (EU) or the European Economic Area (EEA).

Consent - A "consent" of the data subject is any expression of intent, in an informed and unequivocal manner, in the form of a statement or other unambiguous confirmatory act, which indicates to the data subject that he / she is involved in the processing of the data personal data concerning them.

Embedding - See "Embedding".

Embedding - When embedding (also "embedding") foreign content or software functions (see plugins) are integrated into their own online presence so that they are displayed on this online presence or executed. No copy of the content is created because it is called from the original server (eg videos, pictures, posts on social networks, widgets with ratings). When embedding, it is technically necessary that the provider of the content collects the IP address of the users to output the embedded content in the user's browser. Furthermore, cookies may be stored on users' devices by the content provider.

Enhanced Matching - "Enhanced Matching" is an option on the Facebook Pixel, meaning that users' inventory data, such as phone numbers, email addresses, or Facebook IDs, are encrypted to Facebook for targeting Facebook Ads, and only to that Purpose to be used.

Error tracking - Error tracking, for example, identifies incorrectly executed program code in order to eliminate it and thus ensure the functionality and security of online offers.

Fingerprints and other online identifiers - "Fingerprints" correspond in their function to the cookies, whereby the storage of a file on the device of the user is waived. These digital fingerprints can be created individually as cross-checks of individual factors of devices, such as computing power or browser plug-ins for devices, and thus be used for range measurement, profiling, remarketing, interest and behavioral advertising.

First-Party Cookies - See "Cookies".

Heatmaps - "Heatmaps" are mouse movements of the users, which are combined to form an overall picture, with the help of which it can be recognized, for example, which web page elements are preferentially accessed and which web page elements users prefer less.

IP Address - The IP address ("IP" stands for Internet Protocol) is a sequence of numbers that can be identified by the devices connected to the Internet. When a user calls a Web site on a server, it tells the server its IP address. The server then knows that it has to send the data packets containing the content of the website to this address.

IP masking - "IP masking" refers to a method in which the last octet, ie the last two digits of an IP address are deleted, so that the IP address can no longer be used to uniquely identify a person. Therefore, IP masking is a means of pseudonymizing processing techniques, especially in online marketing.

Interest-based Marketing and Behavioral Advertising - Interesting and / or behavioral advertising is when profiling is used to determine the potential interest of users in advertisements ("Online Behavioral Advertising", OBA for short). As a rule, cookies and web beacons are used for these purposes.

Lookalike Audiences - See Custom Audiences.

Opt-in - The term "opt-in" means much like registration or consent, depending on the context. If an application (eg by entering an e-mail address in an online form field) is confirmed by sending a confirmation e-mail to the owner of the e-mail address, this is called a Double-Opt-In (DOI).

Opt-Out - The term opt-out means as much as cancellation and can, for example, a contradiction (eg against tracking) or a termination (eg newsletter subscriptions) represent.

Opt-Out Cookie - An "opt-out cookie" is a small file (see "Cookies") that is stored in your browser and that states that, for example, a tracking service should not process your data. The "opt-out cookie" only applies to the browser in which it was stored, ie where you clicked the opt-out link. If cookies are deleted in this browser, then you have to click the opt-out link again. Furthermore, an opt-out link can only be restricted to the domain on which the opt-out link was clicked.

Permanent Cookies - See "Cookies".

Personal Date / Personal Reference - "Personal Data" means any information relating to an identified or identifiable natural person (hereinafter the "Data Subject"); a natural person is considered as identifiable, which can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, to an identification number, to location data, to an online identifier (eg cookie) or to one or more special features, are the expression of the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.

Plugins / Social Plugins - Plugins (or "social plugins" in the case of social functions) are third-party software functions that are integrated into the online offer. You can, for example, serve the output of interaction elements (eg, a "Like" button) or content (eg external commenting function or posts in social networks).

Profiling - "Profiling" refers to any type of automated processing of personal data that involves the use of such personal information to identify certain personal aspects pertaining to a natural person (depending on the nature of the profiling, this includes information relating to that person) Age, gender, location data and activity data, interaction with websites and their content, shopping behavior, social interactions with other people), to analyze, to evaluate or to predict (eg interests in certain content or products, click behavior on a website or the whereabouts). For profiling purposes, cookies and web beacons are often used.

Privacy Shield - The EU-US Privacy Shield is an informal agreement in the field of data protection law negotiated between the European Union and the United States of America. It consists of a series of assurances from the US government and a decision by the European Commission. Companies that are certified under the Privacy Shield are guaranteed to comply with European privacy legislation (https://www.privacyshield.gov).

Pseudonymisation / Pseudonyms - "Pseudonymisation" is the processing of personal data in such a way that the personal data can not be assigned to a specific data subject without additional information being provided, provided that this additional information is stored separately not assigned to an identified or identifiable natural person; This means that if an exact interest profile of the computer user is saved in a cookie (quasi a "marketing avatar"), but not the name of the user, then the data is processed as a pseudonym. If his name is saved, eg as part of his e-mail address or his IP address, the processing is basically no longer pseudonymous.

Reach measurement - Reach measurement is used to evaluate the flow of visitors to an online offer and can include their behavior, interests or demographic information, such as age or gender. With the help of the range analysis, website owners can for example identify which types of people visit their website at what time and which content they are interested in. As a result, they can, for example, better optimize the contents of the website for the needs of their visitors. For purposes of reach analysis, cookies and web beacons are often used.

Remarketing / Retargeting - "Remarketing" or "retargeting" is when, for example, it is noted for advertising purposes, which products a user has been interested in on a website, the user on other websites to these products, eg in advertisements , to remember. For the purposes of profiling, cookies are generally used.

Session Cookies - See "Cookies".

Single sign-on - A single-sign-on or single-sign-on authentication is a process that allows users to sign up for an online offer using a user account, as well as other online offers. The prerequisite for single sign-on authentication is that users are registered with the respective single sign-on provider and enter the required access data on the web form provided for this purpose. Authentication takes place directly with the respective single sign-on provider. In the context of such an authentication, we receive a user ID with the information that the user is logged in under this user ID with the respective single sign-on provider and an ID which we can not continue to use (so-called "user handle"). Whether we receive further data, Depends solely on the single sign-on method used, the selected data releases in the context of authentication and also what data users have released in the privacy or other settings of the user account at the single sign-on provider. Depending on the single sign-on provider and the choice of users, it can be different data, usually the email address and the username. The password entered as part of the single sign-on process is neither visible to us nor stored by us. Users are kindly requested to note that their information stored with us can be automatically reconciled with their user account with the single sign-on provider, but this is not always possible or actually occurs. Change eg the e-mail addresses of the users, Users must manually change them in your user account with us. If users decide to stop linking their user account to the single sign-on provider for the single sign-on process, they will need to unlink that user from their single sign-on provider account. If users want to delete their data from us, they must cancel their registration with us.

Third-party cookies - See "Cookies".

Tracking - "Tracking" is when the behavior of users across multiple online offers can be traced, for example, for purposes of remarketing. The behavioral and interest information collected with regard to the online offers used are stored as user profiles in cookies or on servers of marketing service providers (eg Google or Facebook).

Universal Analytics - "Universal Analytics" means a process of Google Analytics, in which the user analysis is based on a pseudonymous user ID and thus a pseudonymous profile of the user is created with information from the use of different devices ("cross-device tracking ").

Responsible - "Responsible" means the natural or legal person, public authority, body or body that alone or jointly with others decides on the purposes and means of processing personal data.

Processing - Processing "means any process performed with or without the aid of automated procedures or any such process associated with personal data. The term goes far and includes virtually every handling of data.

Web beacons - "Web beacons" (or "pixels", "measuring pixels" or "counting pixels") are small, pixel-sized graphics called, which are incorporated into web pages or HTML emails. For example, they allow you to determine if an e-mail has been opened (at least if the image display in e-mails is activated) or how often a website is called up by a user.

Widgets - See Embedding.

Count pixels - See web beacons.

 

The privacy policy can be downloaded here as a PDF.