MYDECK GmbH
Falkensteiner Str. 6b
61462 Königstein im Taunus, Germany
F: +49 61 74 92 43 41
Authorised representative > Eberhard Horn, Marit Nagorny-Heun
Commercial Register > Königstein im Taunus., HRB 9888
VAT identification number > DE 179 469 387
Tax number > 003 232 01192, Bad Homburg tax office
You are welcome to download our terms and conditions as a PDF document here.
Terms and conditions for consumers
Terms and conditions for resellers
DATA PROTECTION POLICY
- Name and address of the data controller
The data controller, as defined in the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
mydeck GmbH
Falkensteiner Str. 6b
61462 Königstein
Germany
T +49 61 74 / 92 43 30
info@MYDECK.de
www.MYDECK.de
- General information on data processing
- The scope of the processing of personal data
Below, we provide information on the collection of personal data when using this website. Personal data is all data that relates to you personally, e.g. your name, address, email address or user behaviour.
In principle, we only collect and use personal data of our users to the extent necessary to provide a functional website and our content and services. We collect and use the personal data of our users periodically, and only with the user’s consent. An exception applies, for example, in cases in which prior consent cannot be obtained for reasons of circumstance and the processing of the data is permitted by law.
- Legal basis for processing personal data
Insofar as we obtain the consent of the data subject for processing personal data, Art. 6 Para. 1 lit. a of the EU General Data Protection Regulation (GDPR) applies as the legal basis for processing personal data.
In processing personal data necessary for performance of a contract to which the data subject is a party, Art. 6 para. 1 (b) GDPR. This also applies to processing that is necessary for pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c of the GDPR applies as the legal basis.
In the event that vital interests of the data subject or another natural person require a processing of personal data, Art. 6 para. 1 d) of the GDPR applies as the legal basis.
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR applies as the legal basis for processing.
- Data deletion and storage duration
The data subject’s personal data will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the responsible party is subject. Data is also blocked or deleted once a retention period prescribed by the specified standards expires, unless there is a need for further storage of the data in order to conclude or fulfill a contract.
- Disclosure of data to third parties and third-party providers
Data is only passed on to third parties within the scope of legal requirements, i.e., for example, on the basis of Art. 6 para. 1 (b) GDPR, if this is necessary for contractual purposes, or on the basis of Art. 6 para. 1 (f) GDPR due to legitimate interests.
If we make use of the services of third parties, we will take appropriate legal precautions and appropriate technical and organisational measures to protect personal data. The third parties have been carefully selected and commissioned by us, are bound by our instructions and are regularly checked.
Data is only transferred to third countries where the GDPR is not a directly applicable law if there is an adequate level of data protection, we have the consent of the user, or other legal permission to do so.
III. Provision of the website and creation of log files
- Description and scope of data processing
In the case of mere informational use of the website; i.e., if you do not register or otherwise provide us with information, our system automatically collects data and information from the computer system of the calling computer.
The following data are collected:
(1) the IP address of the visitor
(2) the login name of the visitor as http authentication occurs
(3) the time of the request (server time)
(4) the time zone difference to Greenwich mean time (GMT)
(5) the user’s operating system
(6) the user’s Internet service provider
(7) the content of the Web page request submitted by the visitor’s browser
(8) websites from the user’s system which have arrived at our Internet page
(9) result status code of the request
(10) the content of the Web page request submitted by the visitor’s browser
(11) the file size of the request response
(12) the referrer (just one is transmitted by the visitor’s browser)
(13) voluntary disclosures of the visitor’s browser, for example, regarding the browser used, which are typically used to optimise the web page’s appearance.
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
2. Legal basis for the data processing
The legal basis for temporary storage of data and log files is Art. 6 Para. 1 (f) GDPR.
- Purpose of the data processing
Temporary storage of IP address by the system is necessary to enable delivery of the website to the user’s computer. To this end, the user’s IP address must remain stored for the duration of the session.
The data is stored in log files to ensure the website’s functionality. In addition, the data is used to optimise the website and to ensure the security of our information technology systems. No evaluation of the data for marketing purposes is undertaken in this context.
These purposes also encompass our legitimate interest in data processing in accordance with Art. 6 para. 1 (f) GDPR.
- Duration of retention
All data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of data collection for provision of the website, this will be undertaken once the respective session has ended.
Should any data be stored in log files, these will be deleted after seven days at the latest. Further storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that it is no longer possible to attribute the calling client.
- Options for objecting to the collection of your data and requesting its deletion
The collection of the data for the provision of the website and the storage of the data in log files is essential for the operation of the website. Consequently, there is no option to object on the part of the user.
- Use of cookies
- Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. If a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a distinctive character string that enables unique identification of the browser when the website is accessed again. Cookies cannot run programs nor deliver viruses to your computer. They serve to make our website more user-friendly and effective overall.
We use cookies to make our website more user-friendly. Some elements of our website require that the requesting browser can be identified even after changing pages.
The following data are stored and transmitted in the cookies:
(1) The items in a shopping cart
(2) Log-in information
We also use third-party cookies on our website. These are cookies of partner companies that are placed on our site. These cookies contain only pseudonymous, mostly even anonymous data. For example, these are data about which products you have viewed, whether something was purchased, or which products have been searched for. In addition, some of our advertising partners also gather information about which websites you previously visited or which products you were interested in, for example, in order to be able to show you the advertisement that best matches your interests. These pseudonymous data will never be combined with your personal data.
2. Legal basis for the data processing
The legal basis for processing personal data using technically necessary cookies is Art. 6 para. 1 (f) GDPR.
The legal basis for processing personal data by using cookies for analytical purposes, if the user’s consent to this has been obtained, is Art. 6 Para. 1 (a) GDPR.
The legal basis for processing personal data using third-party cookies is Art. 6 para. 1 (f) GDPR.
- Purpose of the data processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some features of our website are not offered without the use of cookies. In such cases, it is necessary that the browser is recognised even after changing the page.
We require cookies for the following applications:
(1) Shopping cart
The user data collected through technically necessary cookies will not be used to create user profiles.
The purpose of using third-party cookies is solely to enable our advertising partners to engage you with advertisements that may actually interest you.
On the websites of Facebook, Google Plus, Pinterest and Ekomi, you have the opportunity to see more of our image material, to collect it in albums, to review it or to contact us via the portal.
For these purposes, our legitimate interest lies in the processing of personal data according to Art. 6 para. 1 (f) GDPR.
- Duration of storage, options for objecting to the collection of your data and requesting its deletion
Cookies are stored on the user’s computer and transmitted to our site. Therefore, as a user you, have full control of the use of cookies. Some cookies are only used temporarily (so-called transient cookies). These are automatically deleted when you close your browser. Some cookies are used not only temporarily (so-called persistent cookies). These are automatically deleted after a specified period, which may vary depending on the cookie. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all of the website’s features.
- Registration
- Description and scope of data processing
On our website, we offer users the opportunity to register by providing personal information. The data is entered into an input form and transmitted to us and stored. These data shall not be passed on to third parties. The following data are collected during the registration process:
(1) Name
(2) Your email address
(3) House address, if necessary additional delivery address
(4) Telephone
(5) Customer group (end customer/reseller)
(6) A password of your choice
As part of the registration process, the consent of the user to process the data is obtained.
The following additional data are stored at the point of registration:
(1) The IP address of the user
(2) The date and time of registration
In order to prevent unauthorised access to your personal data by third parties, in particular financial data, the connection is encrypted using TLS technology.
- Legal basis for the data processing
Where consent of the user is provided, the legal basis for the processing of the data you provide is Art. 6 para. 1 (a) GDPR.
The legal basis for the processing of the data you provide in accordance with commercial and tax law is Art. 6 para. 1 (c) GDPR.
If registration is performed to fulfil a contract to which the user is a party or to implement pre-contractual measures, an additional legal basis for the data processing is Art. 6, para. 1 (b) GDPR.
The storage of further data that is collected is based on legitimate interests in accordance with Art. 6 para. 1 (f) GDPR.
- Purpose of the data processing
User registration is required for the provision of certain content and services on our website. After registration, you will be able to see the complete shipping costs, as these depend on the delivery address, which has to be entered during registration.
Registration is used to conclude a contract with the user.
The user’s registration is necessary to fulfil a contract with the user or to implement pre-contractual measures.
Registration in our shop is used to be able to place orders of MYDECK planks and to manage orders in the user’s account. You can see the complete freight costs after login/registration, as they depend on the delivery address.
The other personal data processed during the registration process helps prevent misuse of the registration process and ensure the security of our information technology systems. For these purposes, there is also a legitimate interest in data processing in accordance with Art. 6 para. 1 (f) GDPR.
- Duration of retention
All data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.
This is the case for the data collected during the registration process when the registration on our website is cancelled or modified.
This is the case for the data collected during the registration process for the purpose of fulfilling a contract or to carry out pre-contractual measures when the data is no longer required to execute the contract. Even after conclusion of the contract, it may still be necessary to store personal data of the contractual partner in order to fulfil contractual or legal obligations. We are obliged by commercial and tax law to store your address, payment, and order data for a period of ten years.
- Options for objecting to the collection of your data and requesting its deletion
As a user, you have the option of cancelling your registration at any time. You can modify the data stored about you at any time by sending a short email, calling up by telephone, or sending a letter in the post.
If the data is required to fulfil a contract or implement pre-contractual measures, premature erasure of data is only possible insofar as contractual or legal obligations do not preclude erasure.
- Contact form and email contact
- Description and scope of data processing
There is a contact form on our website that can be used for electronic contact. If a user accepts this option, the data entered in the input form will be transmitted to us and saved. These data are:
(1) Name (required)
(2) Your email address (required)
(3) Postal address (optional)
(4) Telephone (optional)
(5) Customer group (end customer/reseller) (optional)
(6) A message to us (optional)
(7) The information on how you became aware of us (optional)
For the purposes of processing the data, your consent is obtained as part of the sending process, and reference is made to this Privacy Policy.
The following data are also stored at the time the message is sent:
(1) The IP address of the user
(2) Date and time of registration
Alternatively, you can contact us via the email address provided. In this case, the user’s personal data which are transmitted along with the email will be stored.
The data will not be disclosed to third parties in this context. The data are used exclusively for responding to the enquiry.
2. Legal basis for the data processing
The legal basis for processing the data, if the user’s consent to this has been obtained, is Art. 6 para. 1 (a) GDPR.
The legal basis for processing the data transferred in the course of sending an email is Art. 6 para. 1 (f) GDPR. If the purpose of making contact is to conclude a contract, then an additional legal basis for the processing is Art. 6 para. 1 (b) GDPR.
The storage of further data that is collected is based on legitimate interests in accordance with Art. 6 para. 1 (f) GDPR.
- Purpose of the data processing
The processing of personal data in the input screen is used by us only for processing the contact. If contact is made via email, this is also because of our required legitimate interest in processing the data.
The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems. For these purposes, there is also a legitimate interest in data processing in accordance with Art. 6 para. 1 (f) GDPR.
- Duration of retention
All data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the contact form input screen and the data that was sent by e-mail, this is the case when the respective conversation with the user has been completed. The conversation is terminated when the circumstances indicate that the matter in question has been finally resolved.
Additional personal data that was collected during the sending procedure will be deleted after a period of thirty days at the latest.
- Options for objecting to the collection of your data and requesting its deletion
The user has the option of revoking his or her consent to the processing of personal data at any time. If the user contacts us by email, he may object to the storage of his personal data at any time. It will not be possible to continue the conversation in this case. Please let us know about your wish to have the data deleted by email, telephone, fax or post.
In such cases, all personal data that was stored when establishing contact with us shall be deleted.
VII. Online shop
- Description and scope of data processing
On our website, we offer users the option of concluding sales contracts. If you wish to place an order in our online store, then, in order to conclude the contract, it is necessary for you to provide your personal information that we need to process the order. To do this, you can enter your data in an input form and submit it to us. The mandatory information required for processing the contract is marked separately; provision of any additional information is optional.
We use the data you provide to process your order. For this purpose, we can also pass on your data to commissioned companies in order to process the payment and delivery.
In the course of the online purchase, the following additional data are also stored:
(1) The IP address of the user
(2) The date and time of the purchase
To prevent unauthorised access to your personal data by third parties, in particular financial data, the ordering process is encrypted by TLS technology.
2. Legal basis for the data processing
The legal basis for processing the data, if the user’s consent to this has been obtained, is Art. 6 para. 1 (a) GDPR.
The legal basis for processing personal data, which is necessary for fulfilling a contract with you, is Art. 6 para. 1 (b) GDPR. This also applies to processing that is necessary for pre-contractual measures.
Data is transferred to third parties on the basis of on Art. 6 para. 1 (b) GDPR, if this is necessary for contractual purposes, or on the basis of Art. 6 para. 1 (f) GDPR, due to legitimate interests, in order to optimise our online offer.
The legal basis for the processing of the data you provide in accordance with commercial and tax law is Art. 6 para. 1 (c) GDPR.
The storage of further data that is collected is based on legitimate interests in accordance with Art. 6 para. 1 (f) GDPR.
- Purpose of the data processing
The transmission of the data is necessary to fulfil a contract with the user or to carry out pre-contractual measures.
Due to their length of up to 6 m, the designer boards are delivered by freight carrier. Depending on the postcode area, very different costs can be incurred here. For this reason, we need your delivery address to determine the freight costs. After you have placed your order, the boards are delivered to your installation site. An order confirmation and information about the boards will be sent to you via email. If you have any further questions, we will contact you via email if necessary. The freight company will also contact you by email if notification is requested.
Transfer of data to third parties is necessary to fulfil contractual purposes or is carried out for the purpose of optimising our online offering, for which we have a legitimate interest in processing data pursuant to Art. 6 para. 1 (f) GDPR.
The other personal data processed during the registration process helps prevent misuse of the registration process and ensure the security of our information technology systems. For these purposes, there is also a legitimate interest in data processing in accordance with Art. 6 para. 1 (f) GDPR.
- Duration of retention
All data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case when the data are no longer required for the execution of the contract. Even after conclusion of the contract, it may still be necessary to store personal data of the contractual partner in order to fulfil contractual or legal obligations. We are obliged by commercial and tax law to store your address, payment, and order data for a period of ten years.
- Options for objecting to the collection of your data and requesting its deletion
The user has the option of objecting to the storage of his personal data at any time. To do this, you can contact us by email or using another means of contact
All personal data stored in the context of concluding the contract will be deleted in this case. Since the data is required to fulfil a contract or implement pre-contractual measures, premature erasure of data is only possible insofar as contractual or legal obligations do not preclude erasure.
If we have disclosed data to third parties, we will inform these third parties about your objection. Third parties that are bound by our instruction are regularly checked by us. We take appropriate legal precautions to protect your personal information as well as appropriate technical and organisational measures.
VIII. Use of social media plug-ins
- Description and scope of data processing
We currently use the following social media plug-ins: Facebook, Google+, Pinterest, eKomi
We use the ‘two-click solution’ here. In other words, when you visit our site, initially no personal data is passed on to the providers of the plug-ins. You can recognize the provider of the plug-in by the marking on the box above its initial letter or the logo. We give you the opportunity to communicate directly with the provider of the plug-in via the button. Only if you click on the marked field and activate it will the plug-in provider receive the information that you have accessed the corresponding website of our online offer. In addition, the following data is transmitted:
(1) Information about the browser type and version used
(2) The user’s operating system
(3) The user’s Internet service provider
(4) The user’s IP address
(5) The date and time of access
In the case of Facebook, the IP address is anonymised immediately after collection, according to details provided by the relevant provider in Germany. By activating the plug-in, your personal data will be transmitted to the respective plug-in provider and stored there (with US providers in the USA). Since the plug-in provider collects data mainly via cookies, we recommend that you delete all cookies using your browser’s security settings before clicking on the greyed-out box.
We have no control over the collected data and the data processing operations, nor are we aware of the full scope of the data collection.
The data transfer takes place regardless of whether you have an account with the plug-in provider or are logged in there. If you are logged in with the plug-in provider, your data collected from us will be assigned directly to your existing account with the plug-in provider. When you click the activated button and link the page, for example, the plug-in provider also stores this information in your user account and communicates this to your contacts in public. We recommend that you log out regularly after using a social network, especially before activating the button, as this way you can avoid things being assigned to your profile with the plug-in provider.
2. Legal basis for the data processing
The legal basis for the use of the plug-ins is Art. 6 para. 1 (f) GDPR.
- Purpose of the data processing
The plug-ins allow us to interact with social networks and other users so that we can improve our offering and make it more interesting for you as a user. We do not know the full purpose of the data collection by the plug-in provider. The plug-in provider stores the data collected about you as user profiles and uses these for the purposes of advertising, market research and/or demand-oriented design of its website. Such evaluation is also made for users who are not logged in, to display customised advertising and to inform other users of the social network about your activities on our website.
For these purposes, there is also a legitimate interest in data processing in accordance with Art. 6 para. 1 (f) GDPR.
- Duration of retention
The exact storage periods of the data are not known to us. We also have no information on the circumstances of the deletion of the data collected.
- Options for objecting to the collection of your data and requesting its deletion
You have a right to object to the formation of a user profile, although you must contact the respective plug-in provider to exercise it.
For more information on the purpose and scope of the data collection and how the data is processed by the plug-in provider, please refer to the privacy policies of these providers, listed below. You will also find further information there on your rights and settings options for protecting your privacy:
Facebook Inc.: 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has submitted to the EU-US privacy shield, https://www.privacyshield.gov/EU-US-Framework
Google Inc.: 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de. Google has submitted to the EU-US privacy shield,https://www.privacyshield.gov/EU-US-Framework.
Pinterest: Non-US residents should contact Pinterest Europe Ltd. as data controller, an Irish company registered in Dublin at the following address: Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. https://policy.pinterest.com/de/privacy-policy, message to the Data Protection Officer at Pinterest: https://help.pinterest.com/de/data-protection-officer-contact-form
eKomi Europe (Germany): eKomi, Ltd., Markgrafenstraße 11, 10969 Berlin, Germany, Privacy Policy: http://www.ekomi.de/de/datenschutz/, Data Protection Officer: dataprotection@ekomi.de
- Use of Google Analytics
- Description and scope of data processing
This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, text files that are stored on your computer and enable your use of the website to be analysed. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymisation is enabled on this website, your IP address will first be truncated by Google within the Member States of the European Union or other parties to the agreement on the European Economic Area. Only in exceptional cases will the entire IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on the website activities and to provide the website operator with further services associated with the use of the website and the internet.
Google Analytics will not collate your IP address transmitted by your browser with other Google data.
This website uses Google Analytics with the extension “_anonymizeIp()”. This shortens the processing of IP addresses and prevents direct personal identification. If the data collected about you are identifiable to you personally, they will be blocked immediately and the personal data deleted as soon as possible.
2. Legal basis for the data processing
The legal basis for the use of Google Analytics is Art. 6 para. 1 (f) GDPR.
- Purpose of the data processing
We use Google Analytics to analyse and regularly improve the function of our website. With the statistics that are gained, we can improve our offering and make it more interesting for you as a user. For exceptional cases in which personal data is transferred to the USA, Google has agreed to comply with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
This website also uses Google Analytics to analyse visitor flows across all devices, which is carried out by means of a USER ID. You can disable the cross-device analysis of your use in your customer account under “My Data”, “Personal Information”.
For these purposes, there is also a legitimate interest in data processing in accordance with Art. 6 para. 1 (f) GDPR.
- Duration of retention
The exact storage periods of the data are not known to us. We also have no information on the circumstances of the deletion of the data collected.
- Options for objecting to the collection of your data and requesting its deletion
You can prevent the use of cookies by selecting the corresponding settings on your browser; however, we would like to point out that if you do this, you may not be able to fully utilise all information provided on this website. You can also prevent the data generated by cookies concerning your use of the website (incl. your IP address) from being collected by Google, and the processing of these data by Google, by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
For more information about Google’s data usage, and for options to stop or object to its processing, please visit Google’s websites: https://www.google.com/intl/en/policies/privacy/partners (“Use of data by Google when you use websites or apps of our partners”), http://www.google.com/policies/technologies/ads (“Advertising”), http://www.google.com/settings/ads (“Make the ads you see more useful to you”).
- Google fonts
This site uses so-called web fonts provided by Google so as to be able to uniformly display fonts. When you open a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
To do this, the browser you use must connect to Google’s servers. As a result, Google learns that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a consistent and attractive presentation of our online offerings. This constitutes a justified interest pursuant to Art. 6 para. 1 (f) GDPR.
If your browser does not support web fonts, a default font will be used by your computer.
Further information about handling user data can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy at: https://www.google.com/policies/privacy/.
- Meta Pixel (formerly Facebook Pixel)
This website uses the visitor action pixel from Facebook/Meta for conversion measurement. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.
This allows the behavior of page visitors to be tracked after they have been redirected to the provider’s website by clicking on a Facebook ad. This allows the effectiveness of the Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized.
The collected data is anonymous for us as the operator of this website, we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook Data Usage Policy (https://de-de.facebook.com/about/privacy/). This allows Facebook to enable the placement of advertisements on Facebook pages as well as outside of Facebook. This use of data cannot be influenced by us as the site operator.
The use of this service is based on your consent according to Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG. The consent can be revoked at any time.
Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after the onward transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook tool and for the privacy-secure implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g., requests for information) regarding data processed by Facebook directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
In Facebook’s privacy notices, you will find further information on protecting your privacy: https://de-de.facebook.com/about/privacy/.
You can also deactivate the “Custom Audiences” remarketing function in the Ad Settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged into Facebook.
If you do not have a Facebook account, you can disable usage-based advertising from Facebook on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/.
XII. eKomi feedback portal
We make use of the independent rating portal eKomi, which is operated by eKomi Ltd., Markgrafenstr. 11, 10969 Berlin, Germany. We would like to constantly improve ourselves and our service, which is why we decided to use such a solution. Accordingly, we are not able to individually control or influence rating invitations. A rating is requested for every order of MYDECK designer boards or accessories. Only in this way is it possible to guarantee a rating for our company and our services that is complete, independent, and which we cannot influence as a shop. The data transferred to eKomi for this purpose (title, name, email address, if available: telephone number, product name, product ID) are passed on to eKomi and are neither used by eKomi nor passed on to third parties – only the rating is transmitted to Google. You, as a customer, are free to choose whether to submit a rating. By submitting a rating/feedback, you agree to the current eKomi communication rules. Further information on the eKomi’s data protection regulations can be found at http://www.ekomi.de/de/datenschutz/
The use of personal data for advertising purposes can be objected to at any time. You also have the right of access to information about your personal data and to rectification, erasure or limitation of processing. In this regard, please write to eKomi Ltd, Markgrafenstr. 11, 10969 Berlin or dataprotection@ekomi.de.
XIII. YouTube videos
To embed videos, this site uses YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA, represented by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Normally, your IP address is already sent to YouTube and cookies are installed on your computer when you visit a page with embedded videos. However, we have included our YouTube videos in the enhanced privacy mode (in which case YouTube will still contact Google’s Double Click service, but Google’s privacy policy does not evaluate personal information). As a result, YouTube does not store any information about the visitors unless they watch the video. When you click on the video, your IP address will be transmitted to YouTube and YouTube will know that you have watched the video. If you are logged in to YouTube, this information will also be associated with your user account (you can prevent this by logging out of YouTube before calling up the video).
We have no knowledge of or influence over any possible collection and use of your data by YouTube that then occurs. For more information, please see YouTube’s privacy policy at www.google.de/intl/de/policies/privacy/. In addition, with regard to the general handling and deactivation of cookies, we refer you to our general description in this privacy policy.
XIIII. Ryte analysis tool
We make use of the analysis tool from the company Ryte (headquarters: Ryte GmbH, Paul-Heyse-Str. 27, 80336 Munich / www.ryte.com) to analyse the website, for example, which of Google’s keywords lead to our pages, which pages are most popular, and to view any possible technical problems, or possible optimisations for texts and possibilities for technical improvements.
The analysis of technical details and content is based on data created by Google Analytics. Please refer to paragraph IX. on the use of Google Analytics.
For more information about Ryte’s data protection regulations, please visit https://de.ryte.com/about/privacy/
- Rights of the data subject
If your personal data is processed, you are a data subject for the purposes of the GDPR and you have the following rights vis-à-vis the data controller:
- The right to information
You may ask the data controller to confirm if personal data concerning you is processed by us.
If such processing is undertaken, you may request information from the data controller about the following information:
(1) the purposes for which the personal information is processed;
(2) the categories of personal data being processed;
(3) the recipients or categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed;
(4) the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the retention period;
(5) the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the data controller, or a right to object to such processing;
(6) the existence of a right of appeal to a supervisory authority;
(7) all available information on the source of the data if the personal data are not collected from the data subject;
(8) the existence of automated decision-making, including profiling according to Art. 22 para. 1 and 4 of the GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to request information regarding whether your personal information will be transmitted to a third-party country or an international organisation. In this respect, you can request the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transmission.
- The right of rectification
You have a right of rectification and/or completion with respect to the responsible party if the personal data processed concerning you is incorrect or incomplete. The responsible party must make the correction immediately.
- The right to restriction of processing
You may request the restriction of the processing of your personal data under the following conditions:
(1) If you dispute the accuracy of your personal information for a period of time that enables the data controller to verify the accuracy of your personal information;
(2) The processing is unlawful and you refuse the deletion of the personal data and instead demand the restriction of the use of the personal data;
(3) The data controller no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
(4) If you object to the processing in accordance with Art. 21 para. 1 GDPR and it is not yet clear whether the data controller’s legitimate reasons for processing your data outweigh your interests.
If the processing of personal data concerning you has been restricted, then – apart from their storage – this data may only be processed with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person, or for reasons of an important public interest on the part of the Union or a Member State.
If the processing restriction has been restricted in accordance with the above conditions, you will be informed by the responsible party before the restriction has been lifted.
- The right to deletion (right to be forgotten)
- a) Obligation to delete
You may demand the data controller delete the personal data concerning you without delay, and the data controller is obliged to delete that data without delay if one of the following reasons applies:
(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed
(2) You revoke your consent upon which its processing was based in accordance with Art. 6 para. 1 (a) or Art. 9 para. 2 (a) GDPR and there is no other legal basis for the processing.
(3) You object to processing in accordance with Art. 21 para. 1 of the GDPR, and there are no overriding legitimate grounds for processing, or you submit an objection to processing in accordance with Art. 21 para. 2 of the GDPR.
(4) Your personal data has been processed unlawfully.
(5) The deletion of personal data relating to you is required in order to comply with legal obligations according to EU law or national law of the Member States to which the data controller is subject.
(6) The personal data concerning you were provided in relation to information society services offered under Article 8 para. 1 GDPR
b) Information to third parties
If the data controller has made the personal data relating to you public and is obliged to delete the data in accordance with. Art. 17 para. 1 GDPR, it shall take appropriate measures, including technical measures, taking into account the technology available and the implementation costs, to inform data controllers who process the personal data that you, as data subject, have requested they delete the data, including all links to such personal data or copies or replications of such personal data.
c) Exceptions
The right to erasure does not exist insofar as the processing is necessary
(1) to exercise the right to freedom of expression and information;
(2) to fulfil a legal obligation which requires such processing under Union or Member State law to which the controller is subject, or to perform a task that is in the public interest, or in the exercise of official authority that has been conferred on the data controller;
(3) for reasons of public interest in the field of public health, in accordance with Art. 9 para. 2 (h) and (i), as well as Art. 9 para. 3 GDPR;
(4) for archiving, scientific, or historical research purposes in the public interest or for statistical purposes in accordance with Art. 89 para. 1 GDPR, to the extent that the law referred to in section (a) is likely to render impossible or seriously prejudice the attainment of the objectives of such processing, or
5) to assert, exercise or defend legal claims. - Right to information
If you have asserted the right to rectification, erasure or restriction of processing to the data controller, it is obliged to notify all recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of the data or the restriction of its processing, unless this proves to be impossible or involves a disproportionate effort. You have the right to be informed about who these recipients are.
- The right of data portability
You have the right to obtain your personal data that you have provided to the data controller in a structured, commonly used and machine-readable format. In addition, you have the right to transfer this data to another data controller without hindrance by the data controller who was provided with the personal data, provided that (1) the processing is based on consent in accordance with Art. Art. 6 para. 1 (a) of the GDPR or Art. 9 para. 2 (a) of the GDPR or on a contract in accordance with Art. 6 para. 1 (b) GDPR and
(b) the processing is carried out using automated procedures.
In exercising this right, you also have the right to bring about that the personal data relating to you are transmitted directly from one data controller to another data controller, as far as this is technically feasible. The freedoms and rights of other persons must not be affected by this.
The right to data portability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the responsible party.
- The right of objection
You have the right, for reasons arising from your specific situation, to object to the processing of personal data concerning you at any time, which is carried out in accordance with Art. 6 Para. 1 (e) or (f) of the GDPR; the same applies to profiling based on these provisions. Data protection is very important to Berliner Platz.
The data controller will no longer process the personal data relating to you unless they can prove compelling legitimate reasons for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such marketing; this also applies to profiling insofar as it is associated with such direct marketing.
If you object to processing that is for direct marketing purposes, the personal data that concerns you will no longer be processed for these purposes.
You have the option of exercising your right of objection in connection with the use of Information Society services by means of automated procedures using technical specifications, notwithstanding Directive 2002/58/EC.
- The right to revoke the data protection declaration of consent
You have the right at any time to revoke your data protection declaration of consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its revocation.
- Automated decision in individual cases, including profiling
You have the right not to be subjected to a decision based solely on automated processing – including profiling – that will have a legal effect on you or significantly affect you in a similar manner. This does not apply if the decision
(1) is required for the conclusion or performance of a contract between you and the data controller,
(2) is permitted by Union or Member State legislation to which the data controller is subject, and that legislation is adequate to protect your rights and freedoms as well as your legitimate interests, or
(3) is made with your express consent.
However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 Para. 2 lit. a or g applies and appropriate measures have been taken to protect your rights and freedoms as well as your legitimate interests.
In the cases referred to in (1) and (3), the responsible party shall take reasonable measures to safeguard your rights, freedoms and legitimate interests, including at least the right to obtain the intervention of a person on the part of the responsible party, to state his or her own position and to challenge the decision.
- The right of appeal to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you reside, work or where the infringement is suspected, if you believe that the processing of personal data that concerns you is in contravention of GDPR.
The supervisory authority with which the appeal has been filed shall inform the appellant of the status and results of the appeal, including the possibility of a judicial remedy under Art. 78 GDPR.