DATA PROTECTION DECLARATION
I. Name and address of the person responsible
The responsible person within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
mydeck GmbH
Falkensteiner Str. 6b
61462 Königstein i. Ts.
Germany
T +49 61 74 / 92 43 30
info@MYDECK.de
www.MYDECK.de
II. General information on data processing
1. Scope of the processing of personal data
In the following we inform you about the collection of personal data when using our website. Personal data is all data that can be related to you personally, such as name, address, e-mail address or user behaviour.
As a matter of principle, we collect and use personal data of our users only to the extent that this is necessary for the provision of a functional website as well as our contents and services. The collection and use of our users’ personal data regularly only takes place with the user’s consent. An exception applies, for example, in cases where it is not possible to obtain prior consent for actual reasons and the processing of the data is permitted by legal regulations.
2. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing operations involving personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Art. 6 (1) c DSGVO serves as the legal basis.
In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) (d) DSGVO serves as the legal basis.
If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) lit. f DSGVO serves as the legal basis for the processing.
3. Data deletion and storage period
The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage no longer applies. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
4. Passing on of data to third parties and third-party providers
Data is only passed on to third parties within the framework of legal requirements, i.e. e.g. on the basis of Art. 6 Para. 1 lit. b DSGVO if this is necessary for contractual purposes or on the basis of Art. 6 Para. 1 lit. f DSGVO due to legitimate interests.
If we use third parties to provide our services, we take suitable legal precautions and appropriate technical and organisational measures to protect the personal data. The third parties have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored.
A transfer of data to third countries in which the GDPR is not directly applicable law only takes place if there is an appropriate level of data protection, user consent or otherwise legal permission.
III. Provision of the website and creation of log files
1. Description and scope of data processing
During the mere informative use of the website, i.e. if you do not register or otherwise transmit information to us, our system automatically collects data and information from the computer system of the calling computer.
The following data is collected:
(1) the IP address of the visitor
(2) the visitor’s login name if http authentication is used
(3) time of the request (server time)
(4) Time zone difference to Greenwich Mean Time (GMT)
(5) The user’s operating system
(6) The user’s Internet service provider
(7) The content of the web page request sent by the visitor’s browser
(8) Websites from which the user’s system accessed our website
(9) The result status code of the request
(10) Content of the web page request sent by the visitor’s browser
(11) File size of the request response
(12) referrer (if one is transmitted by the visitor’s browser)
(13) voluntary information provided by the visitor’s browser, e.g. regarding the browser used, which is usually used, for example, to optimise the presentation of the website.
This data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
2. Legal basis for data processing
The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. f DSGVO.
3. Purpose of the data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.
The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
These purposes are also our legitimate interest in data processing according to Art. 6 Para. 1 lit. f DSGVO.
4. Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.
5. Possibility of objection and removal
The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.
IV. Use of cookies
1. Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When a user calls up a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. Cookies cannot execute programs or transmit viruses to your computer. They are used to make the website as a whole more user-friendly and effective.
We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.
The following data is stored and transmitted in the cookies:
(1) Items in a shopping cart
(2) Log-in information
We also use third-party cookies on our website. These are cookies from partner companies which are placed on our site. These cookies only contain pseudonymous, mostly even anonymous data. For example, this is data about which products you have viewed, whether something was purchased or which products were searched for. Some of our advertising partners also collect information beyond the web pages about which pages you have previously visited or which products you were interested in, for example, in order to be able to show you advertising that best matches your interests. This pseudonymous data is never merged with your personal data.
2. Legal basis for data processing
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f DSGVO.
The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 para. 1 lit. a DSGVO if the user has consented to this.
The legal basis for the processing of personal data using third-party cookies is Art. 6 para. 1 lit. f DSGVO.
3. Purpose of the data processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognised even after a page change.
We require cookies for the following applications:
(1) Shopping cart
The user data collected through technically necessary cookies are not used to create user profiles.
The use of third-party cookies has the sole purpose of enabling our advertising partners to address you with advertising that might actually interest you.
On the websites of Facebook, Google Plus, Pinterest and Ekomi, you have the opportunity to view further image material from us, to collect it in albums, to rate it or to contact us via the portals.
These purposes are also our legitimate interest in processing the personal data in accordance with Art. 6 (1) lit. f DSGVO.
4. Duration of storage, possibility of objection and removal
Cookies are stored on the user’s computer and transmitted from it to our site. Therefore, you as a user also have full control over the use of cookies. Some cookies are only used temporarily (so-called transient cookies). These are automatically deleted when you close the browser. Some cookies are not only used temporarily (so-called persistent cookies). These are automatically deleted after a predefined period of time, which may differ depending on the cookie. By changing the settings in your internet browser, you can deactivate or restrict the transfer of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.
5. Cookiebot
V. Newsletter
1. Description and scope of data processing
On our website and our Facebook page, you can subscribe to a free newsletter with your consent. For the registration to our newsletter, we use the so-called double-opt-in procedure. This means that after your registration, we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the newsletter. When you register for the newsletter, the data from the input mask is transmitted to us. Only your e-mail address is required for sending the newsletter. Your name is optional and will be used to address you personally.
For the processing of the data, your consent is obtained during the registration process and reference is made to this data protection declaration.
In addition, the following other data is collected in the course of registration:
The following data is collected in this process:
(1) the IP address of the visitor
(2) the visitor’s login name if http authentication is used
(3) time of the request (server time)
(4) Time zone difference to Greenwich Mean Time (GMT)
(5) The user’s operating system
(6) The user’s Internet service provider
(7) The content of the web page request sent by the visitor’s browser
(8) Websites from which the user’s system accessed our website
(9) The result status code of the request
(10) Content of the web page request sent by the visitor’s browser
(11) File size of the request response
(12) referrer (if one is transmitted by the visitor’s browser)
(13) voluntary information provided by the visitor’s browser, e.g. regarding the browser used, which is usually used, for example, to optimise the presentation of the website.
This data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
We would like to point out that we evaluate your user behaviour when sending the newsletter. For this evaluation, the e-mails sent contain so-called web beacons or tracking pixels, which are single-pixel image files stored on our website. For the analyses, we link the web beacons with your e-mail address and an individual ID. Links contained in the newsletter also contain this ID. The data is only collected pseudonymously, i.e. the IDs are not linked to your other personal data, a direct personal reference is excluded.
No data is passed on to third parties in connection with the data processing for sending newsletters. The data is used exclusively for sending the newsletter.
1.2 Use of the third-party provider MailChimp
The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose, a corresponding link can be found in each newsletter.
This website uses the services of MailChimp for sending newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.
MailChimp is a service with which, among other things, the sending of newsletters can be organised and analysed. When data is entered for the purpose of receiving newsletters (e.g. email address), it is stored on MailChimp’s servers in the USA. MailChimp has a certification according to the “EU-US Privacy Shield”. The “Privacy Shield” is an agreement between the European Union (EU) and the USA, which is intended to ensure compliance with European data protection standards in the USA. MailChimp offers us the possibility to analyse our newsletter campaigns. When you open an email sent via MailChimp, a file contained in the email (a so-called web beacon) connects to MailChimp’s servers in the USA. This makes it possible to analyse whether a newsletter message has been opened and which links, if any, have been clicked on. In addition, technical information is recorded (e.g. time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for the statistical analysis of our newsletter campaigns. By analysing our newsletters, we can better adapt the results to the interests of the recipients and thus optimise them.
To avoid analysis by Mailchimp, the newsletter must be unsubscribed. This can be done via the link attached to each newsletter. It is also possible to unsubscribe by email (info@MYDECK.de).
The data processing is based on consent (Art. 6 para. 1 lit. a DSGVO). This consent can be revoked at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.
The data deposited with us for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of MailChimp after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. email addresses for the member area) remain unaffected by this.
For more details, please refer to the data protection provisions of MailChimp at: https://mailchimp.com/legal/terms/.
1.3 Conclusion of a data processing agreement
We have concluded a so-called “Data-Processing-Agreement” with MailChimp, in which we oblige MailChimp to protect the data of our customers and not to pass them on to third parties. This agreement can be viewed at the following link: https://mailchimp.com/legal/forms/data-processing-agreement/sample-agreement/.
2. Legal basis for data processing
The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 para. 1 lit. a DSGVO if the user has given his consent. The collection of other personal data within the scope of the registration process as proof of registration is based on Art. 6 para. 1 lit. f DSGVO.
The legal basis for the processing of data in the context of newsletter tracking is Art. 6 para. 1 lit. f DSGVO.
3. Purpose of the data processing
The collection of the user’s e-mail address is used to deliver the newsletter.
The voluntary provision of your name is used to address you personally in the newsletter. Further data transmitted to me during the newsletter registration will be used separately to the newsletter in order to fulfil your requests (preparation of an offer, etc.) This data will not be transmitted to Mailchimp.
The collection of other personal data as part of the registration process serves to prove your registration and, if necessary, to be able to clarify any misuse of the services or the email address used.
Newsletter tracking serves to tailor the newsletter to your individual interests and to make it more user-friendly. These purposes are also our legitimate interest in data processing according to Art. 6 Para. 1 lit. f DSGVO.
4. Duration of storage
If you do not confirm your registration within 24 hours after receiving our confirmation e-mail as part of the double-opt-in procedure for newsletter registration via our website, your information will be blocked and automatically deleted after one month.
If you have registered, the data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. The user’s e-mail address is therefore stored for as long as the subscription to the newsletter is active. The other personal data collected as part of the registration process is then usually deleted after a period of seven days.
The information collected during newsletter tracking is stored for as long as you are subscribed to the newsletter. After unsubscribing, we store the data purely statistically and anonymously.
5. Possibility of objection and removal
The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose, there is a corresponding link to click on in each newsletter.
This also allows the user to revoke the consent given and to object to the storage of the personal data collected during the registration process.
This also means that you object to newsletter tracking. Such tracking is also not possible if you have deactivated the display of images by default in your e-mail programme. In this case, the newsletter will not be displayed in full and you may not be able to use all the functions. If you display the images manually, the above-mentioned tracking will take place.
VI. Registration
1. Description and scope of data processing
On our website, we offer users the opportunity to register by providing personal data. The data is entered in an input mask and transmitted to us and stored. The data is not passed on to third parties. The following data is collected during the registration process:
(1) Name
(2) Your e-mail address
(3) House address, additional delivery address if applicable
(4) Telephone number
(5) Customer group (end customer/reseller)
(6) A freely selectable password
As part of the registration process, the user’s consent to the processing of the data is obtained.
At the time of registration, the following additional data is also stored:
(1) The IP address of the user
(2) Date and time of registration
To prevent unauthorised access by third parties to your personal data, in particular financial data, the connection is encrypted using TLS technology.
2. Legal basis for data processing
The legal basis for the processing of the data provided by you is Art. 6 (1) lit. a DSGVO if the user has given his consent.
The legal basis for processing the data you have provided in accordance with commercial and tax law requirements is Art. 6 (1) lit. c DSGVO.
If the registration serves the fulfilment of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 para. 1 lit. b DSGVO.
The storage of the further collected data is based on legitimate interests according to Art. 6 para. 1 lit. f DSGVO.
3. Purpose of data processing
Registration of the user is necessary for the provision of certain content and services on our website. After registration, the full freight costs can be seen, as these depend on the delivery address, which must be entered in the course of registration.
Registration serves to conclude a contract with the user.
Registration of the user is necessary for the fulfilment of a contract with the user or for the implementation of pre-contractual measures.
The registration in our shop serves to be able to place the order of MYDECK floorboards and to manage the orders in the user account. After login/registration, the full freight costs are visible, as these depend on the delivery address.
The other personal data processed during the registration process serve to prevent misuse of the registration process and to ensure the security of our information technology systems. These purposes also constitute the legitimate interest in data processing according to Art. 6 Para. 1 lit. f DSGVO.
4. Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.
This is the case for the data collected during the registration process when the registration on our website is cancelled or modified.
This is the case for data collected during the registration process for the fulfilment of a contract or for the implementation of pre-contractual measures when the data is no longer required for the implementation of the contract. Even after the conclusion of the contract, there may be a need to store personal data of the contractual partner in order to comply with contractual or legal obligations. We are obliged by commercial and tax law to store your address, payment and order data for a period of 10 years.
5. Possibility of objection and removal
As a user, you have the option to cancel your registration at any time. You can have the data stored about you changed at any time by sending a short e-mail, a telephone call or by post.
If the data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, premature deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion.
VII. Contact form and e-mail contact
1. Description and scope of data processing
Our website contains a contact form which can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask is transmitted to us and stored. These data are:
(1) Name (mandatory field)
(2) Your e-mail address (mandatory field)
(3) Postal address (optional)
(4) Telephone (optional)
(5) Customer group (end customer/reseller) (optional)
(6) A message to us (optional)
(7) Information as to how you became aware of us (optional).
For the processing of the data, your consent is obtained during the sending process and reference is made to this privacy policy.
The following data is also stored at the time the message is sent:
(1) The IP address of the user
(2) Date and time of registration
Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail will be stored.
In this context, the data is not passed on to third parties. The data is used exclusively for processing the conversation.
2. Legal basis for data processing
The legal basis for the processing of the data is Art. 6 para. 1 lit. a DSGVO if the user has given his consent.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f DSGVO. If the contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.
The storage of the further collected data is based on legitimate interests according to Art. 6 para. 1 lit. f DSGVO.
3. Purpose of the data processing
The processing of the personal data from the input mask serves us solely to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems. These purposes also constitute the legitimate interest in data processing according to Art. 6 Para. 1 lit. f DSGVO.
4. Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified.
The additional personal data collected during the sending process will be deleted at the latest after a period of thirty days.
5. Possibility of objection and removal
The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued. Please inform us of the deletion request by e-mail, telephone, fax or post.
All personal data stored in the course of contacting us will be deleted in this case.
4. Duration of storage
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. This is the case when the data is no longer required for the performance of the contract. Even after the conclusion of the contract, there may be a need to store personal data of the contractual partner in order to comply with contractual or legal obligations. We are obliged by commercial and tax law to store your address, payment and order data for a period of 10 years.
5. Possibility of objection and removal
The user has the possibility to object to the storage of his personal data at any time. To do so, you can contact us by e-mail or by any other means of contact.
All personal data stored in the context of the conclusion of a contract will be deleted in this case. As the data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, early deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion.
If we have passed on data to third parties, we will inform these third parties of your objection. We regularly monitor third parties bound by instructions. We take suitable legal precautions as well as appropriate technical and organisational measures to protect personal data.
6 Hosting by Shopify
We use the shop system of the service provider Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”), for the purpose of hosting and displaying the online shop on the basis of processing on our behalf. All data collected on our website is processed on Shopify’s servers. As part of Shopify’s aforementioned services, data may also be transferred to Shopify Inc, 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc, Shopify Payments (USA) Inc or Shopify (USA) Inc as part of further processing on our behalf. In the event that data is transferred to Shopify Inc. in Canada, the appropriate level of data protection is guaranteed by adequacy decision of the European Commission. Further information on Shopify’s data protection can be found on the following website: https://www.shopify.de/legal/datenschutz.
Further processing on servers other than the aforementioned servers of Shopify only takes place within the framework communicated below.
IX. Use of social media plug-ins
1. Description and scope of data processing
We currently use the following social media plug-ins: Facebook, Google+, Pinterest, Ekomi.
We use the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to the providers of the plug-ins. You can recognise the provider of the plug-in by marking the box with its initial letter or logo. We give you the opportunity to communicate directly with the provider of the plug-in via the button. Only if you click on the marked box and thereby activate it, the plug-in provider receives the information that you have called up the corresponding website of our online offer. In addition, the following data is transmitted:
(1) Information about the type of browser and the version used.
(2) The user’s operating system
(3) The user’s Internet service provider
(4) The user’s IP address
(5) Date and time of access.
In the case of Facebook, according to the respective providers in Germany, the IP address is anonymised immediately after collection. By activating the plug-in, your personal data is transmitted to the respective plug-in provider and stored there (in the case of US providers, in the USA). Since the plug-in provider collects the data in particular via cookies, we recommend that you delete all cookies via your browser’s security settings before clicking on the greyed-out box.
We have no influence on the data collected and data processing operations, nor are we aware of the full extent of the data collection.
The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider, the data we collect is directly assigned to your account with the plug-in provider. If you click the activated button and, for example, link to the page, the plug-in provider also saves this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this will help you to avoid an assignment to your profile with the plug-in provider.
More about the Pinterest plugin
On this website, we use social plugins from the social network Pinterest, which is operated by Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.
When you call up a page that contains such a plugin, your browser establishes a direct connection to the Pinterest servers. The plugin transmits log data to the Pinterest server in the USA. This log data may contain your IP address, the address of the websites visited that also contain Pinterest functions, the type and settings of the browser, the date and time of the request, how you use Pinterest and cookies. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
Further information on the purpose, scope and further processing and use of the data by Pinterest, as well as your rights in this regard and options for protecting your privacy, can be found in the Pinterest data protection information: https://policy.pinterest.com/de/privacy-policy.
2. Legal basis for data processing
The legal basis for the use of the plug-in is Art. 6 para. 1 lit. f DSGVO.
3. Purpose of the data processing
Via the plug-ins, we offer you the opportunity to interact with the social networks and other users so that we can improve our offer and make it more interesting for you as a user. We do not know the full purpose of the data collection by the plug-in provider. The plug-in provider stores the data collected about you as a usage profile and uses this for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) for the display of needs-based advertising and to inform other users of the social network about your activities on our website.
These purposes also constitute the legitimate interest in data processing in accordance with Art. 6 Para. 1 lit. f DSGVO.
4. Duration of storage
We do not know the exact storage periods of the data. We have no information on the deletion of the collected data.
5. Possibility of objection and removal
You have the right to object to the creation of user profiles, whereby you must contact the respective plug-in provider to exercise this right.
Further information on the purpose and scope of the data collection and its processing by the plug-in provider can be found in the data protection declarations of these providers provided below. There you will also receive further information on your rights in this regard and setting options for protecting your privacy:
Facebook Inc: 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications as well as http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Google Inc: 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Pinterest: Users located outside the US should contact Pinterest Europe Ltd. as data controller, an Irish company registered in Dublin at the following address: Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. https://policy.pinterest.com/de/privacy-policy, message to data protection officer Pinterest: https://help.pinterest.com/de/data-protection-officer-contact-form
Ekomi Europe (Germany): eKomi, Ltd, Markgrafenstraße 11, 10969 Berlin, Germany, privacy policy: http://www.ekomi.de/de/datenschutz/, data protection officer: dataprotection@ekomi.de
X. Use of Google Tag Manager
1. Description and scope of data processing
We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The Google Tag Manager is a tool that enables us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies and does not perform any independent analyses. It only serves to manage and play out the tools integrated via it. However, the Google Tag Manager records your IP address, which may also be transferred to Google’s parent company in the United States.
2. Legal basis for data processing
The Google Tag Manager is used on the basis of Art. 6 (1) lit. f DSGVO. The website operator has a legitimate interest in a quick and uncomplicated integration and management of various tools on his website. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
3. Purpose of data processing
Google Tag Manager is a tool that enables us to integrate tracking or statistical tools and other technologies on our website in order to analyse and regularly improve the use of our website.
4. Objection and removal options
- 4.1 IP anonymisation
We have activated the IP anonymisation function on this website. This means that your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
- 4.2 Browser plugin
You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
You can find more information on how Google Analytics handles user data in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.
X. Use of Google Analytics
1. Description and scope of data processing
This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyse the behaviour of website visitors. In doing so, the website operator receives various usage data, such as page views, length of stay, operating systems used and the origin of the user. This data is assigned to the respective end device of the user. There is no assignment to a user ID.
Furthermore, Google Analytics allows us to record your mouse and scroll movements and clicks, among other things. Furthermore, Google Analytics uses various modelling approaches to supplement the data records collected and uses machine learning technologies in the data analysis.
Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.
2. Legal basis for data processing
The use of this service is based on your consent according to Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG. The consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
3. Purpose of data processing
We use Google Analytics to analyse and regularly improve the use of our website. The statistics obtained enable us to improve our offer and make it more interesting for you as a user.
4. Objection and removal options
- 4.1 IP anonymisation
We have activated the IP anonymisation function on this website. This means that your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
- 4.2 Browser plug-in
You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
You can find more information on how Google Analytics handles user data in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.
XI. Use of Google Ads / Google Ads Remarketing / Google Conversion Tracking
XI.I Google Ads
1. Description and scope of data processing
The website operator uses Google Ads. Google Ads is an online advertising programme of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be played on the basis of the user data available at Google (e.g. location data and interests) (target group targeting). As the website operator, we can evaluate this data quantitatively by analysing, for example, which search terms have led to the display of our advertisements and how many advertisements have led to corresponding clicks.
2. Legal basis for data processing
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG. The consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.
3. Purpose of data processing
We use Google Ads in order to be able to optimally advertise our products on the Internet.
4. Possibility of objection and removal
Consent can be revoked at any time. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.
XI.II Google Ads Remarketing
1. Description and scope of data processing
This website uses the functions of Google Ads Remarketing. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
With Google Ads Remarketing, we can assign persons who interact with our online offer to specific target groups in order to subsequently display interest-based advertising to them in the Google advertising network (remarketing or retargeting).
Furthermore, the advertising target groups created with Google Ads Remarketing can be linked to Google’s cross-device functions. In this way, interest-based, personalised advertising messages that have been adapted to you depending on your previous usage and surfing behaviour on one end device (e.g. mobile phone) can also be displayed on another of your end devices (e.g. tablet or PC).
If you have a Google account, you can object to personalised advertising at the following link: https://www.google.com/settings/ads/onweb/.
2. Legal basis for data processing
The use of this service is based on your consent according to Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG. The consent can be revoked at any time.
3. Purpose of the data processing
We use Google Ads Remarketing to present our products optimally to suitable interest groups on the Internet.
4. Possibility of objection and removal
Further information and the data protection regulations can be found in Google’s data protection declaration at: https://policies.google.com/technologies/ads?hl=de.
If you have a Google account, you can object to personalised advertising using the following link: https://www.google.com/settings/ads/onweb/.
XI.III. Google Conversion Tracking
1. Beschreibung und Umfang der Datenverarbeitung
Diese Website nutzt Google Conversion Tracking. Anbieter ist die Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Irland.
Das Google Conversion Tracking ermöglicht es Google und uns zu erkennen, ob der Nutzer bestimmte Aktionen durchgeführt hat. So können wir beispielsweise auswerten, welche Schaltflächen auf unserer Website wie oft angeklickt wurden und welche Produkte besonders häufig angesehen oder gekauft wurden. Diese Informationen werden zur Erstellung von Conversion-Statistiken verwendet. Wir erfahren die Gesamtzahl der Nutzer, die auf unsere Anzeigen geklickt haben und welche Aktionen sie durchgeführt haben. Wir erhalten keine Informationen, mit denen wir den Nutzer persönlich identifizieren können. Google selbst verwendet Cookies oder vergleichbare Erkennungstechnologien zur Identifizierung.
2. Rechtsgrundlage für die Datenverarbeitung
Die Nutzung dieses Dienstes erfolgt auf Grundlage Ihrer Einwilligung gemäß Art. 6 Abs.. 1 lit. a DSGVO und § 25 Abs.. 1 TTDSG. Die Einwilligung kann jederzeit widerrufen werden.
3. Zweck der Datenverarbeitung
Wir setzen Google Conversion Tracking ein, um zu analysieren, welche Produkte interessant sind und um anschließend die Abläufe auf der Website zu optimieren.
4. Widerspruchsmöglichkeit und Löschung
Weitere Informationen zum Google Conversion Tracking finden Sie in den Datenschutzbestimmungen von Google: https://policies.google.com/privacy?hl=de.
XII. Adobe Type Kit / Google Fonts
Our website uses so-called web fonts from Adobe Typekit for the uniform display of certain fonts.
The provider is Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe). When you call up our pages, your browser loads the required fonts directly from Adobe in order to be able to display them correctly on your end device. In doing so, your browser establishes a connection to Adobe’s servers in the USA. This enables Adobe to know that our website has been accessed via your IP address. According to Adobe, no cookies are stored when providing the fonts. Adobe has been certified in accordance with the EU-US Privacy Shield. The Privacy Shield is an agreement between the United States of America and the European Union that is intended to ensure compliance with European data protection standards. More information can be found at: https://www.adobe.com/de/privacy/eudatatransfers.html. The use of Adobe Typekit Web Fonts is necessary to ensure a consistent typeface on our website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. You can find more information about Adobe Typekit Web Fonts at: https://www.adobe.com/de/privacy/policies/typekit.html. The Adobe data protection declaration can be found at: https://www.adobe.com/de/privacy/policy.html.
The shop area uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.
For this purpose, the browser you are using must connect to Google’s servers. This informs Google that our website has been accessed via your IP address. Google Web Fonts are used in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO.
If your browser does not support web fonts, a standard font from your computer will be used.
Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://www.google.com/policies/privacy/.
XIII. Facebook Pixel
We use the “Facebook Pixel” of the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA within our website. So-called tracking pixels are integrated on our pages. When you visit our pages, the tracking pixel establishes a direct connection between your browser and the Facebook server.
Facebook thereby receives, among other things, the information from your browser that our page has been accessed from your end device. If you are a Facebook user, Facebook can assign your visit to our pages to your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Facebook. We can only select which segments of Facebook users (such as age, interests) should be shown our advertising.
By calling up the pixel from your browser, Facebook can also see whether a Facebook ad was successful, e.g. led to an online purchase. This enables us to record the effectiveness of the Facebook ads for statistical and market research purposes.
In doing so, we use a method of working in which no data records, in particular no email addresses of our users – either encrypted or unencrypted – are transmitted to Facebook. For more information, please see Facebook’s privacy policy at https://www.facebook.com/about/privacy/ . Please click here if you do not wish any data to be collected via the Facebook Pixel: https://www.facebook.com/settings?tab=ads#_=_. Alternatively, you can deactivate the Facebook Pixel on the page of the Digital Advertising Alliance under the following link: http://www.aboutads.info/choices/.
XIV. Mashshare & Co
The content on our pages can be shared in social networks such as Facebook, Twitter or Google+ in a data protection compliant manner. This site uses the plugin Mashshare for this purpose. This tool only establishes direct contact between the networks and users only when the user actively clicks on one of these buttons. This tool does not automatically transfer user data to the operators of these platforms. If the user is registered with one of the social networks, an information window appears when using the social buttons of Facebook, Google+1, Twitter & Co. in which the user can confirm the text before sending it. Our users can share the contents of this page in social networks in a data protection-compliant manner without complete surfing profiles being created by the operators of the networks.
XV. Feedback portal Ekomi
We use the independent feedback portal eKomi, which is operated by eKomi Ltd, Markgrafenstr. 11, 10969 Berlin, Germany. We would like to constantly improve ourselves and our service and for this reason we have decided to use such a solution. Accordingly, it is also not possible for us to control or influence rating invitations individually. An evaluation is requested for every order of MYDECK Design floorboards or accessories. This is the only way to guarantee a complete, independent and by us as a shop uninfluenceable customer evaluation for our company and our services. The data given to eKomi for this purpose (title, name, email address, telephone number if available, product name, product ID) will be passed on to eKomi and will neither be used by eKomi itself nor passed on to third parties – only the evaluation will be transmitted to Google. The submission of a review is up to you as a customer. With the submission of a rating/feedback you agree to the current communication rules of eKomi. Further information on the data protection regulations of Ekomi can be found at http://www.ekomi.de/de/datenschutz/.
The use of personal data for advertising purposes can be objected to at any time. Furthermore, you have the right to information about your personal data as well as the right to correction, resolution or restriction of processing. To do so, write to eKomi Ltd, Markgrafenstr. 11, 10969 Berlin or dataprotection@ekomi.de.
XVI. You Tube Videos
This site uses the provider YouTube LLC , 901 Cherry Avenue, San Bruno, CA 94066, USA, represented by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, for the integration of videos. Normally, when you call up a page with embedded videos, your IP address is already sent to YouTube and cookies are installed on your computer. However, we have embedded our YouTube videos with the extended data protection mode (in this case, YouTube still contacts Google’s Double Klick service, but according to Google’s privacy policy, personal data is not evaluated). This means that YouTube no longer stores any information about visitors unless they watch the video. If you click on the video, your IP address is transmitted to YouTube and YouTube learns that you have watched the video. If you are logged in to YouTube, this information is also assigned to your user account (you can prevent this by logging out of YouTube before viewing the video).
We have no knowledge of and no influence on the possible collection and use of your data by YouTube. You can find more information in YouTube’s privacy policy at www.google.de/intl/de/policies/privacy/. In addition, we refer to our general presentation in this data protection declaration for the general handling and deactivation of cookies.
XVII. Rights of the data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
1. Right of access
You may request confirmation from the controller as to whether personal data concerning you is being processed by us.
If there is such processing, you may request information from the controller about the following:
(1) the purposes for which the personal data are processed;
(2) the categories of personal data which are processed;
(3) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
(4) the envisaged duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
(5) the existence of a right to obtain the rectification or erasure of personal data concerning you, a right to obtain the restriction of processing by the controller or a right to object to such processing;
(6) the existence of a right of appeal to a supervisory authority;
(7) any available information on the origin of the data, if the personal data are not collected from the data subject;
(8) the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to request information on whether personal data concerning you are transferred to a third country or to an international organisation. In this context, you may request to be informed about the appropriate safeguards pursuant to Article 46 of the GDPR in connection with the transfer.
2. Right of rectification
You have a right to rectification and/or completion vis-à-vis the controller if the personal data processed concerning you are inaccurate or incomplete. The controller must make the rectification without undue delay.
3. Right to restriction of processing
You may request the restriction of the processing of personal data concerning you under the following conditions:
(1) if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;
(3) the controller no longer needs the personal data for the purposes of the processing but you need it for the establishment, exercise or defence of legal claims; or
(4) if you have objected to the processing pursuant to Article 21(1) DSGVO and it is not yet clear whether the controller’s legitimate grounds override your grounds.
Where the processing of personal data relating to you has been restricted, such data may – apart from being stored – only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or a Member State.
If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
4. Right to erasure
a) Obligation to delete
You may request the controller to erase the personal data concerning you without undue delay and the controller is obliged to erase such data without undue delay if one of the following reasons applies:
(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You withdraw your consent on which the processing was based pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) DSGVO and there is no other legal basis for the processing.
(3) You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR.
(4) The personal data concerning you have been processed unlawfully.
(5) The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
(6) The personal data concerning you has been collected in relation to information society services offered pursuant to Article 8(1) of the GDPR.
b) Information to third parties
If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Article 17(1) of the GDPR, it shall take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers that process the personal data that you, as the data subject, have requested them to erase all links to, or copies or replications of, that personal data.
c) Exceptions
The right to erasure does not apply insofar as the processing is necessary to.
(1) for the exercise of the right to freedom of expression and information;
(2) for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health pursuant to Article 9(2)(h) and (i) and Article 9(3) of the GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the GDPR, insofar as the right referred to in section (a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or
(5) to assert, exercise or defend legal claims.
5. Right to information
If you have exercised the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed of these recipients by the controller.
6. Right to data portability
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another controller without hindrance from the controller to whom the personal data has been provided, provided that.
(1) the processing is based on consent pursuant to Art. 6 para. 1 lit. a DSGVO or Art. 9 para. 2 lit. a DSGVO or on a contract pursuant to Art. 6 para. 1 lit. b DSGVO and
(2) the processing is carried out with the aid of automated procedures.
In exercising this right, you also have the right to have the personal data concerning you transferred directly from one controller to another controller, insofar as this is technically feasible. This must not affect the freedoms and rights of other persons.
The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) DSGVO; this also applies to profiling based on these provisions. Data protection is a top priority at Berliner Platz.
The controller will no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling insofar as it is related to such direct marketing.
If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.
6. Right to data portability
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another controller without hindrance from the controller to whom the personal data has been provided, provided that.
(1) the processing is based on consent pursuant to Art. 6 para. 1 lit. a DSGVO or Art. 9 para. 2 lit. a DSGVO or on a contract pursuant to Art. 6 para. 1 lit. b DSGVO and
(2) the processing is carried out with the aid of automated procedures.
In exercising this right, you also have the right to have the personal data concerning you transferred directly from one controller to another controller, insofar as this is technically feasible. This must not affect the freedoms and rights of other persons.
The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) DSGVO; this also applies to profiling based on these provisions. Data protection is a top priority at Berliner Platz.
The controller will no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling insofar as it is related to such direct marketing.
If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.