All personal information will be handled confidentially. Our data protection practice is in accordance with the Federal Data Protection Act and the General Data Protection Regulation (GDPR). Below we inform you about the details of privacy:
RESPONSIBLE WITHIN THE MEANING OF THE GDPR AND THE BDSG babymarkt.de GmbH Wulfshofstraße 22, 44149 Dortmund Tel.: 0231/53471100 Fax: 0231/53471110 E-Mail: email@example.com
DATA PROTECTION OFFICER The Data Protection Officer can be reached at: E-Mail: firstname.lastname@example.org
1. THE REASONS OF DATA COLLECTION
We collect and process your information to provide our website and to provide you with the best possible service through convenient access to our services.
2. WHICH DATA WILL BE COLLECTED, PROCESSED OR UTILIZED?
2.1 VISITING OUR WEBSITE
When you access our website, our servers automatically collect information of a general nature, especially for the purposes of connection setup, functionality and system security. This includes the type of browser used, the operating system used, the domain name of the Internet service provider, the connection data of the computer used (IP address), the website from which you visit us (referrer URL), the pages you visit on our website and the date and duration of the visit. Conclusions from this data on certain persons are not possible for us due to a pseudonymization.
2.2 CONTACT FORM
If you contact us via a contact form, personal data will be collected. Which data are collected in each case can be found in the contact form. The data will be stored for the purpose of processing your request. Mandatory information is indicated by an asterisk (*). All other details are optional. We delete the data we recieved from the contact form after the storage is no longer required, or restrict the processing if there are statutory retention requirements. Legal basis for processing your personal information is Art. 6 para. 1 lit. b) GDPR when it comes to contacting us in the context of a contract. Incidentally, it is our legitimate interest to answer your inquiries, so in this case Art. 6 para. 1 lit. f) GDPR is the legal basis.
2.3 NEWSLETTER- SIGN UP
With your consent, you can subscribe to our free e-mail newsletter, which will inform you about current interesting offers. To register for the newsletter, we use the so-called double opt-in procedure. This means that after you have registered, we will send you an e-mail to the e-mail address specified in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and times of registration and confirmation. The purpose of the procedure is to prove your registration and, if necessary, to inform you about possible misuse of your personal data. The only requirement for sending the newsletter is your e-mail address. All other details are optional. After your confirmation, we will store your data for the purpose of sending you the newsletter. You can unsubscribe from the newsletter at any time by notifying the person responsible, see at the beginning of our data protection instructions, e.g. by e-mail to email@example.com. The legal basis is Art. 6 para. 1 sentence 1 lit. a) GDPR.
2.4 SENDING OUR E-MAIL NEWSLETTERS TO OUR CUSTOMERS
2.5 DATA PROCESSING WHEN OPENING A CUSTOMER ACCOUNT/REGISTRATION
We collect and process personal data if you provide us with this data when executing a contract or opening a customer account. The legal basis is Art. 6 para. 1 lit. b) GDPR. Which data is collected can be taken from the respective input forms. The deletion of your customer account is possible at any time and can be done by sending a message to the contact address of the responsible person. We store and use the data provided by you for contract processing between you and us. After complete processing of the contract or deletion of your customer account, your data will be blocked in consideration of tax and commercial retention periods and deleted after expiry of these periods, unless you have expressly consented to further use of your data or a legally permitted further use of data has been reserved by our site, about which we inform you in this data protection policy.
2.6 DATA PROCESSING FOR GUEST ORDERS
You can place your order without registering a customer account. Here too, personal data are collected and processed in accordance with Art. 6 para. 1 lit. b GDPR. Which data are collected and processed can be seen from the respective input forms. We store and use the data provided by you within the scope of the guest order for contract processing. After complete processing of the contract your data will be blocked in consideration of tax and commercial retention periods and deleted after expiry of these periods, unless you have expressly consented to further use of your data or a legally permitted further use of data has been reserved by us, about which we inform you within the scope of this data protection policy.
2.7 DATA PROCESSING FOR THE HANDLING OF THE ORDER - DATA TRANSFER TO THIRD PARTIES DATA TRANSFER TO SHIPPING SERVICE PROVIDERS
The personal data collected by us will be passed on to the transport company commissioned with the delivery (e.g. DHL-Deutsche Post AG, GLS-General Logistics Systems Germany GmbH & Co. OHG) within the scope of contract processing, insofar as this is necessary for the delivery of the goods. For the purpose of arranging the delivery date for forwarding goods, we will also provide the carrier with your telephone number. The legal basis for the transfer of the data is Art. 6 para. 1 lit. b) and f) GDPR.<4>DATA TRANSFER TO PAYMENT SERVICE PROVIDERS AND CREDIT ASSESSMENT 4>
3. INTEGRATION OF YOUTUBE VIDEOS
4. INTEGRATION OF GOOGLE MAPS
From time to time you have the opportunity to take part in competitions on our website. Within the scope of these competitions, personal data (e-mail address, name, address and, if applicable, other data necessary for the competition) may also be collected and stored for the purpose of handling the competition. The personal information you provide to us will only be used for the purposes of the competition (e.g. to determine the prize, notify you of the prize and hand over the prize). Within the scope of the competition, we will inform the participant specifically about data processing on the occasion of the concrete competition. After the end of our competitions the data of the participants will be deleted.
Personal data will be deleted or blocked as soon as the purpose of storage ceases to apply or you request deletion. The data will also be deleted if a storage period prescribed by the aforementioned standard expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract or you have given your consent to this.
Cookies are used to make the use of the websites and the preferences of website visitors attractive. For example, this saves your entries for the selection of a language. Cookies are text files that are created on your hard drive to enable the identification of the browser when you visit the website again. You can prevent cookies from being stored on your hard drive by making the appropriate browser settings. Cookies that have already been set can be deleted at any time. For information on how to delete cookies or prevent them from being saved, please refer to the respective browser instructions. If you do not accept cookies, this can lead to an impairment of the use of our Internet offer. The legal basis for the processing of cookies is Art. 6 para. 1 lit. f) GDPR.
8. DATA SECURITY
We protect our website and other systems by technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons. Depending on the browser used, data is transmitted using 128-bit to 256-bit SSL encryption. Despite regular controls and constant improvement of our safety measures, complete protection against all dangers is not possible.
9. FACEBOOK CUSTOM AUDIENCE VIA THE PIXEL METHOD
10. GOOGLE AdWords REMARKETING
Our website operates in collaboration with the AdWords Remarketing in order to advertise on Google and its third-party bodies. The provider of AdWords Remarketing is Google LLC., with headquarter in 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Implementation of cookies in one’s browser enables to automatically collect an interest-based data. The data creates a user ID based on the pages that one has previously visited and therefore enables more personalized advertising. The aim of the process is advertising optimization and more customer-adjusted content provision within the meaning of Art. 6 para. 1 lit. f) GDPR. Any further data processing will be allowed only after one’s explicit consent to one’s web browser’s data usage. Google will use the information provided by the browser and one’s Google Account to furthermore personalize the advertising used on visited websites. In this case, when one will log in to one’s Google Account when visiting our website, Google will send the allowed data to Google Analytics in order to further define the audiences visiting our website. One is allowed to disable the settings of cookies by installing a browser plug-in available on the following link: https://www.google.com/settings/ads/onweb/.
11. GOOGLE AdSense
The data controller collaborates with Google Adsense, which is an online service providing a third-party advertising intermediation. Google AdSense uses an algorithm that selects advertisements displayed on third-party websites. The interest-based retargeting of advertising is specified by the prior collected information of user’s website activity. The company operating Google AdSense components is Alphabet Inc., with headquarters in 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. The aim of Google AdSense components is to integrate the advertising on our website. Google AdSense implements cookies on one’s Internet Browser in order to later carry out an analysis of users’ activities on our website. The functioning of cookies has been explained in detail in the previous points of the policy. Agreement on cookies policy allows the information about one’s activity on our website to be sent to Google AdSense in order to improve our online advertising strategies. As a part of the process, Alphabet Inc. collects some of user’s information, such as the IP address, which is crucial to settle the origins of customers’ visits and therefore the commission agreements. Every person visiting our website has the right to deactivate the cookies on one’s browser through the browser’s settings. Such settings of the browser will prevent Alphabet Inc. from any data collection. In addition to this, cookie that has previously been agreed on may be deleted from the Alphabet Inc. data base at any time by specific browser settings.
12. THE USE OF GOOGLE ANALYTICS FOR ANALYSIS PURPOSES
This website operates with Google Analytics, which is an internet analysis service provided by Google Inc. (www.google.de). Google Analytics uses the so-called cookies that collect data about one’s activity on the website and therefore allow the analysis of Internet users‘ activities on our website.
The information generated by the cookies is transmitted to and stored by the Google server in the USA. In case of the IP anonymization on user’s website, the IP address will be beforehand shortened by Google following the Member of States of the EU or other responsible Parties within the European Economic Area Agreement .
In exceptional cases the IP address may be sent to the Google server in the USA and shortened there. On behalf of this website’s operator, Google will use the collected information to evaluate the use of the website. The website’s operators will then be provided by Google with the report on related to our website users’ activities that will help us provide the Internet users with more personalized website services.
13. USE OF SOCIAL MEDIA PLUG-INS
13.1 WHO ARE OUR SUPPLIERS?
We are currently using Facebook as our social media plug-in. We use the so-called two-click solution. In other words, when you visit our website, no personal data is initially provided to our plug-in providers. On the bottom of our website you can find the logo of the plug-in provider, which gives you an opportunity to move to the provider’s website with only one click. Only when you move to the plug-in provider’s website, the information about your activity is passed to the provider’s data base. The data collected by the plug-in are: the IP address, date and time of access, time zone difference to the Greenwich Mean Time (GMT), requested page, HTTP status code, amount of data transferred, used browser, the operating system and its interface, language and version of the browser. In case of Facebook, the IP address will be immediately anonymized. Any personal data collected by the plug-in providers will be transmitted to their data bases (in case of US providers, the data will be stored in USA). For safety reasons, we recommend you to delete all cookies before clicking on the providers’ plug-ins.
13.2 NO INFLUENCE BY US
We have no influence on the data collected and data processing operations, nor are we aware of the full extent of data collection, the purposes of processing, the storage periods. We also have no information on the deletion of the data collected by the plug-in provider.
13.3 DATA USE BY PROVIDER
The plug-in providers collect and store data connected with users‘ profiles and their activities on websites for marketing and advertising purposes. Evaluations of Internet users’ activities are carried out, even if the person has not been logged in to any social media platform. Every Internet user has a right to disagree with the data collection. The plug-ins offer Internet users to interact with other users on social media platforms and give us a chance to improve our website and offered services. The plus-ins operate in compliance with Art. 6 Par. 1(f) of GDPR.
13.4. DATA TRANSFER
The data ransfer takes place regardless of whether you have an account on the social media platform, or not. If you are logged in, the data collected will be assigned to the existing account. For complete safety, we advise you to log out of every social media account regularly in order to avoid assigning your personal profile to any social media plug-ins.
More information on the purpose and use of the data collected will be provided below. There are also further information on your rights and data protection privacy.
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; more information: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications as well as http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook operates in accordance with the EU-US-Privacy-Shield, https://www.privacyshield.gov/EU-US-Framework.
Our website also contains AddThis plug-ins that allow you to share an interesting content with other social media users. The legal basis for the use of the plug-ins is Art. 6 para. 1 sentence 1 lit. f) GDPR. The data collected by the plug-in are: the IP address, date and time of access, time zone difference to the Greenwich Mean Time (GMT), requested page, HTTP status code, amount of data transferred, used browser,the operating system and its interface, language and version of the browser. In case of Facebook, the IP address will be immediately anonymized. Any personal data collected by the pug-in providers will be transmitted to their data bases (in case of US providers, the data will be stored in USA). We have no influence on the data collected or processed by the plug-in providers and we are not aware entirely of the purposes or the extent of the data collected. Generally, the data are stored and used for marketing and advertising purposes. You have the right not to agree on the data collection and in order to avoid any further data collection, you should contact the plug-in provider personally. You can also deactivate the cookies on your browser by the use of the link: http://www.addthis.com/privacy/opt-out. For more information on the purpose of data collection please contact the following provider: AddThis LLC, 1595 Spring Hill Road, Sweet 300, Vienna, VA 22182 , USA, www.addthis.com/privacy.
14. PROVIDER AND PRODUCT ASSESMENT
The website is integrated with the web analysis tool econda in accordance to the Art. 1 Par. 1 (f) of the GDPR. Web analysis services provided by econda include collection and analysis of data regarding Internet users’ activities on our website. Econda collects such information as the approximate time spent by the users on the website and its subpages. The main aim of the analysis is to optimize and improve our website and define the efficiency of our advertising strategies.
The entity in charge of econda services is econda GmbH with headquarter in Eisenlohrstr. 43, 76135 Karlsruhe, Germany. Econda uses the cookie technology that has been explained above. Each time you visit our website, your web browser sends information about your activity on the website to econda. The obtained information is used mainly for marketing optimization purposes. As a part of the technical process, econda receives information that will further be used to create a general profile of the website’s users. The profile will be later used to analyze the behavior of the users who have accessed the website. The data will only be collected after an explicit consent of the subject and will be used to improve and optimize the website. The data will in no way identify the subject’s personal information.
Every user of the website may decide not to share any information collected by cookies. As explained above, these changes may be introduced through Internet browser settings at any time. Deactivating cookies will remove already collected information from the econda data base and prevent econda from collecting any further data. Every website user may decide not to agree on the data collection related to the use of the website. To prevent any information processing, click on the link Link. The information about cookie deactivation will be transferred to the econda data base.
16. JOB APPLICATIONS
We also collect and process personal data from applicants for the purpose of handling our application process. Processing can also be carried out electronically. This is always the case if the applicant submits application documents to us electronically, i.e. by e-mail or via a web form implemented on our website. If we conclude an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. However, if no employment contract is concluded between us and the applicant, the application documents will be deleted four months after the decision of rejection has been announced, provided that no other legitimate interests of the person responsible stand in the way of deletion. Another legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Act on Equal Treatment. We would like to evaluate all applicants only on the basis of their qualifications and therefore ask that information on racial and ethnic origin, political opinions, religious or ideological beliefs or any trade union membership, genetic data, biometric data to clearly identify a natural person, health data or data on sexual life or sexual orientation in the application should be avoided if possible.
Our website uses software technology from epoq internet services GmbH, Am Rüppurer Schloß 1, 76199 Karlsruhe ("epoq"). With epoq's software technology, it is possible for us to display targeted and individual product recommendations on the start, product detail, shopping cart or category page. Product recommendations are displayed based on a cookie-based analysis of previous and current click and purchase behaviour, but no personal data is stored. In these cases, a cookie is stored on your computer or mobile device to collect pseudonymised data about your interests and thus adapt the advertising individually to the stored information. You will be shown advertisements that most likely correspond to your product and information interests. If the information collected is personal, it is processed in accordance with Art. 6 Para. 1 letter f) GDPR on the basis of our legitimate interest in the insertion of personalised advertising and market research. You can permanently deactivate the setting of cookies for advertising preferences by setting your Internet browser so that cookies can no longer be stored on your computer in the future or cookies that have already been stored are deleted. However, deactivating all cookies may mean that some functions on our Internet pages can no longer be executed.
18. RIGHTS OF THE PERSON CONCERNED
If your personal data is processed, you are affected within the meaning of the GDPR and you have the following rights against the person responsible:
18.1 RIGHT TO DISCLOSUREYou can ask the person in charge to confirm whether personal data concerning you will be processed by us.
If such processing has taken place, you can request the following information from the person responsible:
- the purposes for which the personal data are processed;
- the categories of personal data processed;
- the recipients or categories of recipients to whom the personal data concerning you have been or are still being disclosed;
- the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
- the existence of a right to rectification or deletion of personal data concerning you, a right to limitation of the processing by the controller or a right to object to such processing
- Right of appeal to a supervisory authority;
- any available information on the origin of the data if the personal data are not collected from the data subject.
18.2 RIGHT TO RECTIFICATION
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
18.3 RIGHT TO RESTRIKTION OF PROCESSINGThe data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
- the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
- the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims or;
- the data subject has objected to processing pursuant to 21 Abs. 1 GDPR (1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
If the processing of personal data concerning you has been restricted, such data may only be processed - apart from being stored - with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State. If the processing restriction has been restricted according to the above conditions, you will be informed by the person responsible before the restriction is lifted.
18.4 RIGHT TO DELETION
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
• Information to third partiesIf the data controller has made the personal data concerning you public and is obliged to delete it pursuant to Art. 17 para. 1 GDPR, he shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data processors who process the personal data that you as the data subject have requested the deletion of all links to this personal data or of copies or replications of this personal data.
• ExeptionsThe right to cancellation does not exist insofar as the processing is necessary
18.5 RIGHT TO INFORMATION
If you have exercised your right to have the data controller correct, delete or limit the processing, he/she is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort. The person responsible shall have the right to be informed of such recipients.
18.6 RIGHT TO DATA TRANSFER
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
- processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. 6 para. 1 lit. b) GDPR and
- the processing is carried out by automated means.
In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one data controller to another data controller, insofar as this is technically feasible. The freedom and rights of other persons must not be affected by this.
18.7 RIGHT TO OBJECT
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you under Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. The data controller no longer processes the personal data concerning you, unless he can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. You have the possibility to exercise your right of objection in connection with the use of Information Society services by means of automated procedures using technical specifications, notwithstanding Directive 2002/58/EC.
18.8. RIGHT TO REVOKE THE DATA PROTECTION DECLARATION OF CONSENT
You have the right to revoke your data protection declaration of consent at any time. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.
18.9 AUTOMATED DECISION IN INDIVIDUAL CASES INCLUDING PROFILING
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. Paragraph 1 shall not apply if the decision:
- is necessary for entering into, or performance of, a contract between the data subject and a data controller;
- is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests; or
- is based on the data subject's explicit consent.
However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a) or g) GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.
18.10 RIGHT TO COMPLAIN TO A SUPERVISORY AUTHORITY
Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation.
The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR. Last updated: May 2018