1. Name and contact details of the controller responsible for processing and the company data protection officer
This Data Protection Policy applies to data processing by:
Watch Rapport (hereinafter "Watch Rapport")
2029 Century Park East. Los Angeles, California 90067
Phone: +1 310-882-7838
The data protection officer of Watch Rapport is contactable at the above address, Attn: Data Protection Department and via firstname.lastname@example.org.
2. Collection and storage of personal data and the nature and purpose of its use
a) When visiting the website
When you visit the Watch Rapport website, the browser you are using on your device automatically sends information to the server for our website. This information is temporarily stored in a log file. The following information is automatically collected and subsequently automatically deleted after a period of 20 weeks:
- the IP address of the querying computer
- the date and time of access
- the name and URL of the retrieved file
- the website from which access is occurring (referrer URL),
- the session ID
- the user agent
- the browser used and in some cases the operating system of your computer and the name of your access provider.
We process the aforementioned data for the following purposes:
- to ensure a trouble-free connection with the website
- to ensure convenient use of our website and optimise our platform
- to monitor and ensure system security and stability.
- to detect and prevent attacks on our website, and
- for other internal statistical and administrative purposes.
We never use collected data to reference you as a person. In the event of an attack on our network infrastructure however, your IP address will be identified in order to assert or defend against legal claims.
We process data in accordance with our legitimate interests in line with Article 6 para. 1 sentence 1 item f of the General Data Protection Regulation (GDPR). Our legitimate interests proceed from the data collection purposes specified above.
b) Registering as a user on our platform
Buyers, private sellers and commercial merchants can create a user account on our platform. The mandatory data required to set up a user account must be entered under i), ii) and iii). This data is processed
- to identify you as our contract partner
- to enter into, structure, execute and amend contracts with you governing the use of our platform and services offered thereupon
- to assess the plausibility of the data entered
- to contact you as necessary for with any questions, and
- to assert any claims against you as necessary.
The data specified under points i), ii) and iii) are processed upon your placement of an inquiry for the purposes outlined above and are required for use of the platform in accordance with Article 6 para. 1 sentence 1 item b of the GDPR, and thus required for fulfilment of the contract and of pre-contractual actions.
You may have the option of providing voluntary information/data depending on the type of user account. We process voluntarily provided information/data in accordance with our legitimate interests in line with Article 6 para. 1 sentence 1 item f GDPR. This information/data is used to facilitate contact with you and ensure rapid clarification of any questions.
After deletion of your user account your data are automatically deleted to prevent further use unless, in accordance with Article 6 para. 1 sentence 1 item c GDPR, it must be stored for a longer period of time pursuant to retention and documentation requirements under tax or commercial code (HGB, StGB, AO), or if you have consented to storage for a longer period of time in line with Article 6 para. 1 sentence 1 item a GDPR.
i) Watch Rapport user accounts
The following mandatory data must be entered to register as a user (buyer) and set up a user account:
- a valid email address
- a password of your choice.
These constitute the login data for your user account.
You can also provide this voluntary user data:
- Your first and last name
- A profile picture
- Your address (street, post code, city/town, country)
- Your phone number.
ii) Private sellers
To place sale offers as a private seller you must first have a user account (see i)). To place a sale offer on the platform you must enter the following data:
- Your first name and last name,
- your address (street, postcode, city/town, country),
- your phone number and
- your date of birth.
Registering for the sale via the trustee service
In order to be able to sell your goods in the Trusted Checkout process, you must register for the sale as a private seller via the trustee service.
In accordance with laws on the prevention of money laundering and the financing of terrorist organisations, Watch Rapport. is obligated to identify each seller based on the documents and information specified.
When registering for the trustee service, the following data and documents are thus collected from you and forwarded onto Watch Rapport:
- Family name, first name, email address, date of birth as well as nationality and the country of residence.
- Information about which bank account should be used for the payments.
- A copy of a valid official ID document:
- German identity card (front and reverse) for Germans, passport for foreign resident in Germany or abroad.
- Within the EEA: Passport or national ID card or driving license. A residence permit for people from third-party countries.
- Outside of the EEA: Passport or driving license for the USA and Canada.
The following data must be entered to register as a commercial merchant:
- Your company name
- A contact person (first and last name)
- Your company address (street, postcode, city/town, country)
- A phone number
- A valid e-mail address
- A username of your choice
- A password of your choice.
You can also provide this voluntary user data:
- Your fax number
- A mobile phone number
- An internet address.
A) Automated customer profile creation
We create a customer profile for your user account in order for you to use our platform as a registered user/merchant. We categorize your customer profile and supplement it with additional data so that you only receive information likely to be of interest to you. To do so we utilize this data:
- Information about your person (e.g. basic data from your customer profile)
- The length of your membership
- Statistics (such as on the manner, frequency, and intensity of use of the website), and
- Your history of retrieved offers, manufacturer brands, and sellers.
We process the aforementioned data for the following purposes:
- For statistical evaluation
- For market research
- To ensure smooth functioning of the platform and to design the platform around user needs
- To personalize our services, and
- To deliver advertising to you which is exclusively targeted to your actual or predicted needs so as to eliminate irrelevant advertising.
We process data in accordance with our legitimate interests in line with Article 6 para. 1 sentence 1 item f GDPR. Data processing for the aforementioned purposes is a recognized legitimate interest in accordance with the GDPR.
You may file an objection to the creation of a user profile and/or the evaluation and personalization of our services or advertising at any time by contacting us, in which case processing will be stopped and your user profile will be immediately deleted unless you have consented to longer data retention per Article 6 para. 1 sentence 1 item a GDPR.
You may alternatively file an objection at any time via e-mail at email@example.com
e) Using the Trusted Checkout service
In order to initiate and conclude purchase agreements with dealers/private sellers via our Trusted Checkout Service, you will first need a user account (see section 2.b)i) ). Furthermore, it is necessary to specify the following information:
- Your first and last name,
- your address (street, postcode, city/town, country) and
- your phone number.
The listed information is processed by us for the following purposes:
- to check and identify who the dealer/private seller’s contract partner is;
- to support the justification, content design and execution of the purchase contracts; and
- where required to make the necessary contact with you in case of further queries.
In case you request a purchase offer with a dealer/private seller or conclude a purchase contract with the dealer/private seller, we also transfer your personal data to the dealer/private seller for the purposes stated above.
The processing of your aforementioned data takes place on your request and is required in accordance with Art. 6 (1) (1) (b) GDPR for the aforementioned purposes for the use of the platform and thus for the fulfillment of the contract and pre-contractual measures.
f) Registering for our newsletter
We use your e-mail address to send you our personalized regular newsletter if you have expressly consented thereto in accordance with Article 6 para. 1 sentence 1 item a GDPR. To receive the newsletter it suffices to provide your e-mail address.
To receive more personalized newsletter content you can create a customer profile about you based on your collected personal data. This data relates to personal preferences such as product affinities observed on the basis of orders, interests, purchase decisions, preferred shopping time, etc. and is automatically processed and analyzed so that relevant offers are predicted for you. Profiling may also be performed without consent on the basis of Article 6 para. 1 item f GDPR given a legitimate interest (see item 2.c) ).
We may also use your e-mail address without your express consent to send you information about similar products of our company if you are an existing customer and have not objected to the use of your e-mail address. Processing for purposes of marketing to existing customers is done on the basis of our legitimate interests in accordance with Article 6 para. 1 sentence 1 item f GDPR. The processing of your e-mail address for the purpose of direct marketing is a statutorily recognized interest under the GDPR.
In either case, you can unsubscribe at any time, such as via link at the end of each newsletter. Alternatively, you can unsubscribe at any time by e-mail at firstname.lastname@example.org.
In order to distribute our newsletter, we use Mailchimp, a tool provided by The Rocket Science Group LLC d/b/a Mailchimp, 675 Ponce de Leon Ave NE, Suite 5000 Atlanta, GA 30308 USA. The company is a member of the EU-US Privacy Shield.
Further information about how the provider processes data can be found at https://mailchimp.com/legal/privacy/.
g) Using our contact form
You can use a form provided on the website to contact us with questions or contact a merchant or private seller. If you wish to ask your question to a merchant or private seller, we forward your contact inquiry to them. For the use of the contact form, the following data is required, without exception:
- a valid e-mail address and
- Your specific question or message.
We process the aforementioned data for the following purposes:
- to identify you
- to answer your question, and
- for forwarding to the relevant merchant or private seller as necessary.
Additionally, you can voluntarily provide your name and telephone number to enable quicker contact.
When you use our contact form, we may scan and analyze your message. This is done for fraud prevention purposes and to generally improve communication and customer service.
Data is processed upon placement of your inquiry, and such processing is required for the above purposes to fulfill the contract and pre-contractual actions in accordance with Article 6 para. 1 p. 1 item b GDPR. Data from contact inquiries is also processed on the basis of our legitimate interests per Article 6 para. 1 sentence 1 item f GDPR. These interests proceed from the aforementioned purposes.
Personal data we collect when you use the contact form is automatically deleted upon completion of your inquiry.
i) Customer ratings via Trustpilot
Your opinion about our products and our service is important to us. We, therefore, offer you the option of submitting a rating about our platform via Trustpilot A/S's rating service at www.trustpilot.com (Pilestræde 58, 3rd floor, 1112 Copenhagen K, Denmark, hereinafter "Trustpilot"). If you submit a rating, it will be published on our website and on the Trustpilot website. We, however, reserve the right to delete or not publish the rating.
Upon successful completion of a purchase, you will receive an email from us requesting you to rate our platform and our service. The email will contain a "Business Generated Link" from Trustpilot that will allow you to access Trustpilot and submit a rating regarding your transaction. The "Business Generated Link" will include your first and last name, your country of origin (for example, Germany), your email address and the transaction ID. After you click on the link, your personal information will be transmitted to Trustpilot, so that we can assign your rating to your purchase and ensure the rating's authenticity.
We have signed a data processing agreement with Trustpilot for the use of the rating service. With this agreement, Trustpilot ensures that they process data in accordance with the General Data Protection Regulation and ensure the protection of the data subject's rights.
Ratings submitted directly to Trustpilot can also be published on our website, provided that we were able to ensure the rating's authenticity.
Data processing as part of customer rating via Trustpilot takes place on the basis of our legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. By doing so, we want to ensure the needs-based design and optimization of our website.
j) Collection of personal data from third parties
On rare occasions, users may communicate to us personal data from third parties (e.g. authorized representatives, contact persons, different account holders). In such instances where we collect personal data – not from the third-party data subjects themselves, but rather through our users – our contractual partners are required to provide information only with the knowledge of the third party data subject. In particular, this includes information about us as the data controller, as well as the disclosed data and the purpose of said disclosure. In all other respects, this data protection information applies to third party data subjects, to the extent that said information is not only relevant for contractual partners. This includes, in particular, information about us as the data controller and our data protection officer, as well as information about the rights of data subjects. Should we, as an exception, receive contact data for a third party data subject, we will inform the data subject directly. However, we do not typically request contact data from third parties. We will only use the third party information for the intended purpose (e.g. necessary contact, payment processing using the account details provided). The data of third party data subjects will be deleted at the latest upon the deletion of the data pertaining to the stated person, or if this person amends or deletes the data concerned. The legal basis for the processing of the data of third party data subjects is Article 6 (1) 1 f GDPR, where said processing is necessary for the pursuit of our legitimate interest in granting our contractual partners the opportunity to involve third parties.
3. Disclosure of data
We only disclose your personal data to third parties if:
- you have expressly consented thereto in accordance with Article 6 para. 1 p. 1 item a GDPR
- there is a legal disclosure obligation pursuant to Article 6 para. 1 sentence 1 item c GDPR
- disclosure is required pursuant to Article 6 para. 1 sentence 1 item f GDPR in order to assert or defend against claims or exercise legal rights and there are no grounds to assume that you have a prevailing legitimate interest in non-disclosure of your data.
Information in accordance with Article 26 (2) (2) GDPR
about joint responsibility for the processing of personal data
Watch Rapport and our subsidiaries (hereinafter jointly referred to as “parties” or “we”) work closely together in many areas due to our organizational structure. We use uniform EDP systems across all our businesses and operate joint databases in which, in particular, customer data from both parties is processed.
In doing so, we process the personal data of dealers and users of the online platforms of Watch Rapport as joint controllers in accordance with Article 26 GDPR. Due to this joint responsibility, we have concluded an agreement with regard to the personal data concerned.
Watch Rapport is responsible for the processing of personal data as far as this relates to the provision of EDP systems and internal databases to customers.
Both parties are responsible for entering data into the internal databases and maintaining the records of personal data of both registered and unregistered platform users, as well as personal data of registered dealers.
As part of our joint responsibility, we have in particular also agreed to the specific obligations under the GDPR that each party shall fulfill. This concerns, in particular, the exercise of the rights of data subjects and compliance with the information obligations under Articles 13 and 14 GDPR.
Both parties have agreed that Watch Rapport shall publish on its platforms the information required in accordance with Articles 13 and 14 GDPR relating to joint data processing and the essential content of the processing conditions.
Both parties shall also inform each other of data protection rights asserted by affected users. They shall provide each other with all the information necessary to respond to requests for information.
Data protection rights can be asserted against Watch Rapport as well as against the respective dealer. Watch Rapport undertakes to comply with the rights of data subjects to information about, correction, erasure or blocking of their personal data upon request.
4. Visibility of your data to third parties
a) As a user and private seller
Personal data stored in connection with your user account (myWatch Rapport, see items 2.b) i) and ii) ) cannot be viewed by third parties unless you have published offers on the platform. When you publish an offer on the platform as a private seller, registered and unregistered users will only be able to see your provider data on the platform if they have expressly consented to their publishing in accordance with Article 6 para. 1 sentence 1 item a GDPR.
b) As merchant
If you are registered as a merchant and publish offers on the platform, registered and unregistered users can view your provider data on the platform (as per item 2.b) iii)). You can restrict the visibility of your data during registration so that your address is not displayed, and thereafter in your profile settings.
The publication of the merchant data is required to fulfill and execute the contract between Watch Rapport and the merchant as part of the use of the platform in accordance with Article 6 para. 1 sentence 1 item b GDPR.
5. Cookies and pixels
We utilize ‘cookies’ and ‘pixels’ or ‘tracking pixels’ on our website to record statistics on website usage and evaluate these for the purpose of optimizing our offering (see item b).). These enable us to automatically recognize you have previously visited our website when you revisit it.
Your data are processed using cookies and pixels for the purposes specified above on the basis of our legitimate interests and those of third parties, in line with Article 6 para. 1 sentence 1 item f GDPR, according to which these interests qualify as legitimate.
Cookies are small files automatically created by your browser which are stored on your device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not harm your device and do not contain viruses, Trojans or other malicious software.
Cookies store data about the specific device used for the respective website visit. This does not mean that we are able to directly discern your identity.
Cookies are in part utilized to enable us to enhance our offer for you. For example, we utilize what is known as ‘session cookies’ to recognize that you have already visited individual pages of our website, or have already logged in to your user account. These cookies are automatically deleted when you leave our website.
We also use temporary cookies that are stored on your device for a specific period of time in order to improve the user experience. When you revisit our site to utilize our services, these automatically register that you have visited before and the entries and settings you have made so that you do not have to re-configure these.
Most browsers are configured by default to accept cookies. You can configure your browser so that cookies are not stored on your computer, or so you receive notification before each new cookie is created. Disabling cookies can, however, mean that you are unable to utilize some features of our website.
Tracking pixels or just ‘pixels’ are small 1x1-pixel GIF files that can be hidden in graphics, e-mails, etc. when visiting a website. Pixels do not harm your device and do not contain viruses, Trojans or other malware.
Pixels send your IP address, the referrer URL of the website visited, the time the pixel was viewed, the browser used, and previously set cookie information to a web server. This enables us to measure reach and conduct other statistical analyses for the purpose of optimizing our platform and offerings.
Most browsers automatically accept pixels. You can use certain tools and browser add-ons to block the use of pixels on our webpages (like the AdBlock add-on for the Firefox browser).
6. Analysis tools
a) Tracking tools
We utilize the tracking tools outlined below on the basis of Article 6 para. 1 sentence 1 item f GDPR. We deploy these tracking tools to optimize our website design on an ongoing basis to better meet user needs. In addition, we use tracking tools to record website usage statistics which we analyze in order to optimize our offering for you. These interests qualify as legitimate under the provision cited above.
The data processing purposes and data types are as per the respective tracking tools.
i) Google Analytics
- Browser type/version
- Operating system used
- Referrer URL (page last visited)
- The hostname of accessing computer (IP address)
- Server query time
are transmitted to a Google server in the US and stored there. Google is subject to the EU-US Privacy Shield, which guarantees an appropriate level of privacy.
This information is used to analyze the use of the website, compile reports on website activity and provide additional services related to website activity and internet usage for the purposes of market research and website design in accordance with user needs. This information may be forwarded to third parties as required by law, and to third parties functioning as data processors. Your IP address will never be compiled with any other data held by Google. IP addresses are anonymized to render cross-referencing impossible (IP masking).
You may refuse to accept cookies by changing the settings on your browser accordingly; in such cases, however, you may not be able to fully utilize the entire range of the features of this website.
You can also block the recording of data generated by the cookie concerning your use of the website (including your IP address) and prevent processing by Google by downloading and installing a browser add-on.
As an alternative to the browser add-on, particularly for browsers on mobile devices, you can opt-out of data collection by Google Analytics by clicking on this link. An opt-out cookie is set which blocks future collection of your data when visiting this website. The opt-out cookie is stored on your device and is only valid in that browser and for our website. If you delete the cookies for that browser, the opt-out cookie has to be reset.
For more information about privacy related to Google Analytics, see the Google Analytics Help Centre.
ii) Google Adwords Conversion Tracking
We utilize Google conversion tracking to record website usage statistics and analyze these for the purpose of optimizing our offerings. Google Adwords places a cookie on your computer (see item 5) when you navigate to our website via a Google ad. Google is subject to the EU-US Privacy Shield, which guarantees an appropriate level of data privacy.
These cookies expire after 30 days and are not used for personal identification. If a user visits certain pages of the website of the Adwords customer and the cookie has not yet expired, Google and the customer can observe that the user clicked on the ad and was redirected to this page.
Every Adwords customer receives a different cookie. Cookies thus cannot be tracked via the websites of Adwords customers. Information obtained via the conversion cookie is used to prepare conversion statistics for Adwords customers who have opted for conversion tracking. Adwords customers receive information on the total number of users who have clicked on their ad and were redirected to a page bearing a conversion tracking tag. They do not, however, receive any information with which the user can be personally identified.
iii) VWO (Visual Web Optimiser)
You can disable the collection and processing of your website usage data by VWO at any time with a non-retrospective effect. An opt-out cookie is utilized for this which contains the data you do not want VWO to collect. The data is not disclosed to third parties unless there is a legal obligation to do so or the third parties have been commissioned as a data processors (such as a data center).
We use the Hotjar analytics service (3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta, Europe) on our website. Hotjar is a tool for studying user behavior that enables us to measure and evaluate the behavior of visitors to our website (such as mouse movement, clicks, and scroll height).
Hotjar places cookies for this purpose (see item 5) on the devices of site visitors which can store their browser information, operating system, data on time spent on the site, etc. in anonymized form.
v) Bing Ads
We utilize Bing Universal Event Tracking (UET) from Microsoft Bing Ads. This is a service of the Microsoft Corporation ("Microsoft") that allows us to track user activity on our website when the user navigates to our website via Bing Ads advertisements.
A cookie is placed on your computer when you visit our website via a Bing Ads ad, (see item 5). A Bing UET tag is integrated into our website. This tag is a code which in combination with the cookie stores certain non-personally data about your use of the site. This includes the time spent visiting the website, the areas of the website that were visited and the ads via which the user navigated to the website. Information about your identity is not collected.
This information is transmitted to Microsoft servers in the US and stored there for a maximum of 180 days. Microsoft is subject to the EU-US Privacy Shield, which guarantees an appropriate level of privacy.
For more information on Bing analytics services, visit the Bing website.
See the Microsoft Data Privacy Policies for further information about data protection at Microsoft.
For fraud prevention purposes we transmit your IP address and data about the device used to the service provider MaxMind, Inc. (14 Spring Street, 3rd Floor Waltham, MA 02451, USA, hereinafter "MaxMind"). Your data is transmitted to a MaxMind server in the US and stored there. MaxMind is subject to the EU-US Privacy Shield, which guarantees an appropriate level of privacy. We use this service to receive statistical analysis of IP addresses, devices, and locations that we utilize to detect and prevent fraud.
Your data is processed exclusively for this purpose. This data is deleted when you end usage. Further information on data protection in connection with MaxMind can be found here.
You can prevent geolocalisation by blocking the placement of cookies by changing the settings on your browser accordingly; in such cases, however, you may not be able to fully utilize the entire range of the features of this website.
Our mobile app uses crashlytics analysis software of Google Ireland Limited with registered office at Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter "Crashlytics"). Crashlytics collects app usage data specifically relevant to system crashes and errors. Data is gathered about the device and app version installed as well as other information that facilitates troubleshooting, such as data relating to the user's software and hardware. For further information see the Crashlytics Data Protection Policy: https://try.crashlytics.com/terms/privacy-policy.pdf.
You can opt-out of the use of Crashlytics in the privacy settings of our Mobile App.
b) Targeting tools
We utilize the targeting tools outlined below on the basis of Article 6 para. 1 sentence 1 item f GDPR. Targeting tools are used to ensure that all advertising displayed on your devices is based on your actual or predicted interests. These interests qualify as legitimate under the provision cited above.
See the sections on the respective tracking tools regarding their data processing purposes and data types.
i) Google Adwords remarketing
We utilize Google Remarketing Tags, which are a service of Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA, hereinafter "Google"). Google utilizes ‘cookies’ (see item 5), which are text files stored on your computer allowing analysis of your website usage. The information generated by the cookie about your use of this website (including your IP address) is sent to a Google server in the US and stored there. Google is subject to the EU-US Privacy Shield, which guarantees an appropriate level of data privacy.
Google then removes the last three digits of the IP address, rendering definite cross-referencing of the IP address impossible. Google will use this information to evaluate your use of the website, compile reports on website activity for website operators and provide other websites and internet usage-related services.
Please be advised however that you may not be able to utilize all functionalities of this website in such a case. By using this site, you consent to Google processing data gathered about you in the manner and for the purpose outlined above. Further information about Google policies can be found here.
ii) Google Double Click
Cookies are used on our website to collect and evaluate data for the purpose of optimizing advertising (see item 5). For this, we use targeting technologies of Google Inc. (Double Click, Double Click Exchange Buyer, Double Click Bid Manager). These technologies enable us to serve advertising to you in targeted fashion based around your interests. The cookies are used, for example, to record information about which of our products you are interested in. Using this information we can market offers to you on our website or third-party websites which are oriented around your specific interests as predicted based on your historical user behavior. Data collected and evaluated pertaining to your user behavior exclusively on a pseudonymous basis so that it is not possible for us to identify you. In particular, this data is not merged with personal data about you.
Google is subject to the EU-US Privacy Shield, which guarantees an appropriate level of data privacy.
The cookie is automatically deleted after 30 days.
You can also configure the setting for the display of interest-based advertising via the Google Ads Settings Manager.
iii) Facebook Custom Audiences
We utilize Facebook Website Custom Audiences, a service of Facebook Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland). This Facebook marketing service allows us to display personalized and interest-based advertising on Facebook for particular groups of pseudonymized visitors to our website who use Facebook.
In an automated process there it is checked whether you have a Facebook cookie stored. The Facebook cookie automatically determines whether you belong to the target group relevant to us. If you belong to the target group, we then show you relevant ads of ours on Facebook. In this process, you are not personally identified, either by us or by Facebook.
You can opt-out of the use of the Custom Audiences service on the Facebook website. After logging in to your Facebook account, go to the Facebook ads settings.
This website utilizes technologies of Criteo SA (32 Rue Blanche, 75009 Paris, France) to collect and store data for marketing and optimization purposes. We determine the purposes and means of processing jointly with Criteo, and thus are jointly responsible for processing as controller.
When Criteo is used, additional pixels of partners of Criteo are loaded as well. An overview of all publishers and networks that load pixels are provided here.
You can opt-out of the pseudonymous analysis of your browsing behavior at any time via us. See the Criteo link below for instructions on disabling the Criteo service.
Please be advised that if you opt-out of displaying personalized ads from Criteo and other advertising affiliates, you will still receive advertisements but these will be less tailored to your interests and browsing behavior.
Information about your user behavior on our website is collected and evaluated via cookies on our website (see paragraph 5) by our service provider CrossEngage GmbH (Bertha-Benz-Strasse 5, 10557 Berlin). This allows us to tailor our marketing activities around your actual or predicted interests and display ads on other websites or advertising channels.
If you do not consent you can opt-out of such collection and use it with non-retrospective effect by e-mail notification to email@example.com. Further information on data protection in connection with CrossEngage can be found here.
7. Social Media Plug-ins
We utilize social plug-ins of the social media networks Facebook, Twitter and Instagram to promote our company on our website on the basis of Article 6 para. 1 sentence 1 item f GDPR. This promotional purpose is a legitimate interest within the meaning of the GDPR. The respective providers are responsible for ensuring operation in conformance with data protection laws.
The social media buttons are integrated with a self-developed solution. This solution prevents you from connecting to a social media network just by opening a web page with a social media button on it without pressing the button, i.e. data are not sent to the social media network unless you hit the button.
Our platform uses social media plug-ins of Facebook Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland) to personalize the experience through usage of "LIKE" and "SHARE" buttons. These are a Facebook offering.
When you visit a page of our website featuring such a plug-in and you activate that plug-in yourself, your browser establishes a direct connection to Facebook servers. The plug-in content is sent by Facebook directly to your browser and integrated into the page.
When a plug-in is integrated, Facebook receives the data the browser you used to access the page of our website in question even if you do not have a Facebook account or are currently not logged in to Facebook. This data (including your IP address) is transmitted by your browser directly to a Facebook server in the US and stored there.
If you are logged into Facebook, Facebook can directly reference your visit to our website your Facebook account. If you interact with a plug-in such as by pressing a "LIKE" or "SHARE" button, the corresponding information data is also transmitted directly to a Facebook server and stored. This data is posted on Facebook and displayed to your Facebook friends.
Facebook can use this data for the purposes of advertising, market research and structuring Facebook pages in line with user needs. This involves Facebook creating user, interest and relationship profiles, for example, to evaluate your use of our website in relation to advertisements displayed on Facebook, to inform other Facebook users of your activities on our website and to provide other services related to the use of Facebook.
If you do not want Facebook to reference information about you from our website to your Facebook account, you must log out of Facebook before visiting our website.
Please see the Facebook data privacy notices for information regarding the purpose and scope of data collection, further processing and use of data by Facebook, your data privacy rights and data privacy configuration settings.
Plug-ins of the news and social networking firm Twitter International Company (One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland, hereinafter "Twitter") are integrated into our web pages. Twitter plug-ins (Tweet button) bear the Twitter logo, making them identifiable on our website. An overview of Tweet buttons can be found here.
When you visit a page of our website featuring such a plug-in and you activate that plug-in yourself, a direct connection is established between your browser and a Twitter server. Twitter then receives the information that you have visited our page and your IP address. You can link content from our webpages with your Twitter account by clicking on the Twitter "Tweet" button while logged into your Twitter account. This enables Twitter to cross-reference your visit to our webpages to your user account. Please note that as website providers we have no knowledge of the content of the data transmitted or regarding its use by Twitter.
You should log out of your Twitter account first if you do not want Twitter to be able to cross-reference your visit to our webpages to your Twitter user account.
Our website utilizes Instagram social plug-ins ("plug-ins") operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram").
The plug-ins bear an Instagram logo, such as the “Instagram camera".
When you visit a page of our website featuring such a plug-in and you activate that plug-in yourself, your browser establishes a direct connection to Instagram servers. The plug-in content is sent by Instagram directly to your browser and integrated into the page. When a plug-in is integrated, Instagram receives the data the browser you used to access the page of our website in question even if you do not have an Instagram profile or are currently not logged in to Instagram.
This data (including your IP address) is transmitted by your browser directly to an Instagram server in the US and stored there. If you are logged into Instagram, Instagram can directly reference your visit to our website your Instagram account. If you interact with a plug-in such as by pressing an Instagram button, the corresponding information data is also transmitted directly to an Instagram server and stored.
This data is also published on your Instagram account and displayed to your contacts there.
If you do not want Instagram to directly reference information about you from our website to your Instagram account, you must log out of Instagram before visiting our website.
8. Tool for sending emails
In order to send transaction and service emails, we pass on your email address to an email service provider. We use the following service providers:
We use the Mailgun tool provided by Mailgun Technologies, Inc., 535 Mission St., San Francisco, CA 94105, USA. The company is part of the EU-US Privacy Shield and has therefore chosen to be subject to regulations that are similar to EU data protection regulations.
You can find out more about data processing by the provider at https://www.mailgun.com/privacy-policy.
We use the Sparkpost tool provided by Message Systems Inc., 301 Howard St. Suite 1330 San Francisco, CA 94105, USA. The company is part of the EU-US Privacy Shield and has therefore chosen to be subject to regulations that are similar to EU data protection regulations.
You can find out more about data processing by the provider at https://www.sparkpost.com/policies/privacy/.
Data processing as part of sending transaction and service emails takes place on the basis of our legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. By doing so, we wish to ensure that communication processes are automated in a needs-based manner, in particular with regard to those actions undertaken by you, or in order to be able to inform you about security-relevant matters as quickly as possible.
9. Rights as a data subject:
You have the right:
- to revoke the consent you have granted us at any time in accordance with Article 7 para. 3 GDPR. This applies non-retrospectively so that without your consent we are no longer allowed to process data thereafter
- to request information about the personal data of yours which we are processing in accordance with Article 15 GDPR. In particular, you are entitled to receive information about the processing purposes, the types of personal data, the types of recipients to whom your data has been disclosed, the intended storage retention period, about your rights to demand correction, deletion, processing restriction and to file objection, about your complaint rights, the source of your data if not collected by us, and whether automated decision-making is utilised, including profiling, along with relevant details as appropriate
- to demand the correction of incorrect personal data and the addition of incomplete personal data we have stored, in line with Article 16 GDPR
- to demand the deletion of your personal data stored by us, except if processing is necessary to exercise freedom of expression speech and information rights, to fulfil a legal obligation, for reasons of public interest or to assert or defend against legal claims or exercise rights, in line with Article 17 GDPR
- to demand the restriction of your personal data from processing in accordance with Article 18 GDPR if you dispute the correctness of the data or processing is unlawful but you reject its deletion and we no longer need the data yet you require the data in order to assert or defend against legal claims or exercise rights, or if you have filed objection to processing in accordance with Article 21 GDPR
- to receive your personal data from us in a commonly used, structured, machine-readable format, and to request such to be sent to a different data controller in line with Article 20 GDPR
- to lodge complaint with a supervisory authority in line with Article 77 GDPR. Generally, you should contact the supervisory authority for your primary place of residence, your place of work or our company headquarters.
10. Right to file an objection
If your personal data are processed on the basis of legitimate interests in accordance with Article 6 para. 1 sentence 1 item f GDPR, you have the right to file an objection against the processing of your personal data pursuant to Article 21 GDPR given reasons for doing so which pertain to your special circumstances or the objection pertains to direct advertising. In the latter case, you enjoy a general right to file objection which we will act upon without your having to outline any special circumstances.
To exercise your right to file objection it suffices to send a corresponding e-mail to firstname.lastname@example.org.
11. Data security
We utilize the widely used TLS (Transport Layer Security) method for our website in combination with the highest level of encryption supported by your browser. TLS is a secure and proven standard utilized in online banking, for example. A secure TLS connection is indicated among other things by the letter ‘s’ appended on the ‘http’ (i.e. https://..) in the address bar of your browser, and by a lock icon appearing at the bottom of your browser.
We furthermore implement appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction and unauthorized access by third parties. The security measures we implement are continuously upgraded to remain in line with technological progress.
If you register with us as a user, you can only access your user account after entering your personal password. You should always keep your access data confidential and close the browser window when you have finished communicating with us, especially if you share your computer with others.
We take company-internal data protection very seriously as well. We bind our staff and commissioned service provider firms to uphold confidentiality and comply with data protection regulations.
12. The version of and changes to this Data Protection Policy
This Data Protection Policy is the latest, valid version, last updated in December 2019.
Changes to our website and offers marketed via the website and changes in legal or regulatory requirements may necessitate updating of this Data Protection Policy. You can view and print out the latest updated version of this Data Protection Policy at any time on the website