Personal data is information that make it possible to identify a natural person. In particular this includes your name, date of birth, address, phone number and email address, as well as your IP address. Anonymous data is data that does not enable a user to be identified in any way.
The controller and data protection officer
Phone: +62 8992 991 777
Your rights as a data subject
Firstly we would like to inform you of your rights as a data subject. These rights are standardised in Articles 15-22 of the European Union General Data Protection Regulation (GDPR). This includes:
- The right to access (Art. 15 GDPR),
- The right to erasure (Art. 17 GDPR),
- The right to rectification (Art. 16 GDPR),
- The right to data portability (Art. 20 GDPR),
- The right to restriction of processing (Art. 18 GDPR),
- The right to object to processing (Art. 21 GDPR).
In order to assert these rights, please contact firstname.lastname@example.org. The same applies if you have questions on how data is processed in our company. You are also entitled to lodge complaints with a supervisory authority for data protection.
Rights to object
In the context of rights to object, please note the following:
If we process your personal data for the purpose of direct advertising, you have the right to object to this data processing at any time without stating reasons. The same also applies for any profiling insofar as it is associated with the direct advertising.
If you object to processing for the purposes of direct advertising, we will no longer process your personal data for these purposes. Making an objection is free of charge and can be done via submission in any form; if possible, please submit any objection to email@example.com.
In the event that we process your data for the purpose of legitimate interests, you may at any time object to this processing on grounds relating to your particular situation; this also applies for any profiling supported by these provisions.
We will then no longer process your personal data unless we are able to demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if processing services the establishment, exercise or defence of legal claims.
Purposes and legal bases of data processing
We use your data for initiating business; fulfilling contractual and legal obligations; implementing the contractual relationship; offering products and services; and strengthening the customer relationship, which may also include analysis for the purpose of marketing and direct advertising.
Your consent also represents a permission instruction under data protection law. We hereby inform you of the purposes of data processing and your right to object. If consent also relates to processing special categories of personal data, we will make explicit reference to this in the consent. Special categories of personal data, as defined by Art. 9 Para 1 GDPR, may only be processed when necessary due to legal specifications and when there is no grounds to suspect that your legitimate interest in the exclusion of processing takes precedence.
Disclosure to third parties
Data recipients / categories of recipients
In many cases, service providers support our departments in performing their tasks. The necessary data protection contracts have been concluded with all service providers.
In order to process shipping orders with UPS, the recipient’s name, address, phone number and email address are recorded. This data is passed on to UPS so it can process shipping for this order. After the data are transferred, the recipient receives a shipping confirmation email from UPS, with shipping tracking information.
Transfer to third countries/intention to transfer to third countries
We transfer your personal data to a service provider or group companies outside the European Economic Area: Salesforce (US states and Asia-Pacific). The Salesforce data privacy policies are available to view here: https://www.salesforce.com/company/privacy/.
Period of data storage
In addition, we may retain data if you have provided your authorisation for us to do so, or if legal disputes arise within the statutory limitation period and we use pieces of evidence that become subject to legal limitation periods, which may be up to thirty years; the regular limitation period is three years.
Secure transfer of your data
Data exchange from and to our web server is encrypted in every case. We offer HTTPS as a transfer protocol for our web presence, in each case subject to the use of current encryption protocols. We also offer our users content encryption within the contact forms. We are the only party able to decrypt this data. There is also the option of using alternative channels of communication (e.g. post).
Obligation to provide data
We have summarised the details of this in the point above. In certain cases, data also needs to be collected or made available as a result of legal provisions. Please note that it is not possible to process your enquiry or execute an underlying contractual relationship without the provision of this data.
Categories, sources, and the origin of data
Please note that we may also make information for particular processing situations separately available to an appropriate body, for example when a contact enquiry is sent.We collect and process the following data when you visit our website:
- The name of your internet service provider
- Information about the website from which you reach our site
- The web browser and operating system you are using
- The IP address allocated by your internet service provider
- The files requested, data volume transferred, and downloads/file export
- Information about the webpages that you access on our site, including the date and time
We collect and process the following data when you submit a contact enquiry:
- Surname and first name
- Email address
- Information on your requests and interests
We process the following data in the course of the order:
- Surname and first name
- Company name
- Date of birth
- Delivery address
- Invoice address
- Email address
- Phone number
- Data that may legitimately be processed from other sources
We collect and process the following data for newsletters:
- Surname and first name
- Email address
- Analytical data from the newsletter evaluation
We collect and process the following data for competitions:
- Surname and first name
- Postal address and/or address
- Email address
- Date of birth
Contact form/making contact by email (Art. 6 Para. 1 lit. a, b GDPR)
The principle of data economy and data reduction is taken into account here, in that you only need to provide the data that we need in order to make contact with you. This comprises your email address, title, first name, surname, subject, and the message field itself. In addition, your IP address is processed for reasons of technical necessity and legal safeguarding. All other data fields are voluntary, and you have the option of filling them out (for example for a better-tailored response to your questions).
If you contact us by email, we will process the personal data you provide in the email purely for the purpose of processing your enquiry.
Newsletters (Art. 6 Para. 1 lit. a GDPR)
You may of course end your subscription at any time using the unsubscribe option provided in the newsletter, thereby revoking your consent. Furthermore, you may at any time also unsubscribe from the newsletter directly via our website.
We use the double opt-in procedure for sending newsletters by e-mail. This means that you will only receive advertising by e-mail if you have expressly confirmed beforehand that we should activate the newsletter service. This is done by sending you a notification e-mail and asking you to confirm that you would like to receive our newsletter at this e-mail address by clicking on a link contained in this e-mail.
The webshop (Art. 6 Para. 1 lit. b GDPR)
The principle of data economy and data reduction is taken into account in that you only need to provide us with data that we require in order to implement the contract and/or to fulfil our contractual obligations (i.e. your name, address, email address, and the payment details required for the selected payment type) or which we are legally required to collect.
In addition, your IP address is processed for reasons of technical necessity and legal safeguarding. Without this data being provided, we must unfortunately refuse to enter into a contract as we will not then be able to implement it, or we may need to terminate an existing contract. You are of course also free to provide more data if you would like to.
Registration/customer account (Art. 6 Para. 1 lit. a, b GDPR)
The principle of data economy and data reduction is taken into account here as only the data required for registration is marked with an asterisk (*). These are, for example, an email address and password including a password confirmation.
If you wish to place an order in our shop, we also need information about the invoice address (title, first name, surname, postal address, phone number) for delivery. If the delivery address differs from the invoice address, the above information must also be provided for the delivery address.
Registering on our website also causes the user’s IP address, the date, and the time of registration to be stored (technical background data). By pressing the “Register now” button, you provide your consent for the processing of your data.
Please note: The password you allocate will be stored within our organisation in encrypted format. Employees of our company are not able to read this password. They are therefore unable to provide you with information if you forget your password.
Should this happen, use the “Forgotten password” function, which sends you a new, automatically generated password by email. No employee is entitled to ask you for your password during a phone call or in writing. So please never disclose your password if you receive any requests of this type. Completing the registration process causes your data to be stored within our organisation in order for you to use the protected customer area. As soon as you register on our website, with your email address as the username and with a password, this data will be made available for actions that you perform on our website (e.g. for placing orders in our online shop). Orders placed can be viewed in the order history. You can make changes to the invoice or delivery address here.
Registered individuals are free to independently change/rectify the invoice or delivery address in the order history. Our customer service team is also happy to change or rectify this information if you get in touch with them. You can of course also terminate or delete your registration and your customer account (under “My customer account”, “Delete customer account”).
Advertising purposes for existing customers (Art. 6 Para. 1 lit. f GDPR)
If you do not wish us to do so, you can object to the use of your personal data for the purposes of direct advertising at any time; this also applies for profiling in as far as it is associated with direct advertising. If you submit an objection, we will no longer process your data for this purpose.
The objection can be provided free-of-charge, in any form, and without stating reasons; you can submit your objection by calling +62 8992 991 777, emailing firstname.lastname@example.org.
Automated decision-making in individual cases
Cookies (Art. 6 Para. 1 lit. f GDPR / Art. 6 Para. 1 lit a GDPR in the event of consent)
These cookies enables us to analyse how users use our websites. This means that we can design the content of the website to meet the needs of its visitors. Cookies also enable us to measure how effective a particular advertisement is, and for example to place it depending on thematic user interests.
Most of the cookies we use are session cookies which are automatically deleted after your visit. Permanent cookies are automatically deleted from your computer when their term of validity (generally six months) is reached, or if you delete them yourself before the term of validity expires.
Most web browsers accept cookies automatically. However, you can generally also change your browser settings if you would prefer not to send information. You can still continue to use our website without restrictions in this case (with the exception of configurators).
User profiles/web tracking procedures
Solutions and technologies from econda GmbH are used to record and save anonymised data and to create usage profiles based on this data using pseudonyms, in order to support needs-appropriate design and optimisation of this website. Cookies that enable a web browser to be recognised on repeat visits may be used for this purpose. However, usage profiles are not brought together with data relating to the holder of the pseudonym without explicit approval from the visitor. In particular, IP addresses are made unrecognisable immediately after receipt, meaning it is not possible to allocate usage profiles to IP addresses. Pseudonymised data is used on the basis of the regulations of Article 15, Para. 3 of the German Teleservices Act (Telemediengesetz, TMG). Visitors to this website may at any time object to the recording and storage of data with immediate effect here. The objection applies only for the device and web browser on which it was set; if required, please repeat the process on all of your devices. If you delete the opt-out cookie, your enquiries will once again be transferred to econda.
Information about privacy in social media
We wish to point out that you are responsible for your use of these platforms and their included features. This applies in particular to your specific usage behaviour on these platforms. This is especially the case if you use interactive features (e.g. commenting, sharing, rating).
With regard to the processing of your personal data, however, we have a shared responsibility with Facebook towards all existing customers, prospective customers and users. We are aware of this responsibility and the protection of your data is important to us. Unfortunately, we are unable to fully meet our responsibilities in this context because Facebook does not provide us with the necessary transparency and the information required to fulfil the above-mentioned information obligations. Nevertheless, we strive to take all necessary measures to protect your data.
We further point out that when you use these platforms, your data may be processed outside the European Union. As a result of being certified under the EU-US Privacy Shield, US providers guarantee that EU data protection standards will be respected, including when data is processed in the United States.
In addition, your usage and user-related information may be processed for market-research and promotional purposes. For example, user profiles may be generated on the basis of your usage behaviour and associated interests. This makes it possible to activate ads both within and outside these platforms. As a general rule, cookies are stored on your device for this purpose. Regardless of this, the usage profiles may also be used to store data that is not collected directly from your device (especially if you are a member of the respective platforms and are logged in to them).In addition, as the provider of this information service, we do not collect and process data resulting from your use of our service.Our processing of users’ personal data is based on our legitimate interest in effectively informing and communicating with users in accordance with. Art. 6 (1f) GDPR. If you are asked to consent to data processing by the respective providers (e.g. by checking a box or clicking on a button), the legal basis for the processing is Art. 6 (1a) and Art. 7 GDPR.Right of objection
If you are a member of a social network and do not want the network to collect information about you via our website, or to link it to your stored membership data on the respective network, you must
- log out of the respective network before visiting our website
- delete the existing cookies stored on your device and
- close and reopen your browser
The next time you log in, however, you will be recognised by the network again as a specific user.
For a detailed description of the respective processing and your right of objection (opt-out), please refer to the provider’s information via the links below.
Should you wish to submit requests for information or to assert your rights as a data subject, we wish to point out that you should contact the providers directly. This is because only the providers have access to users’ data and can respond directly to your requests and provide information. However, should you still need assistance, then please feel free to contact us.
Notice regarding copyright law and artists’ rights
Online offers for children
Links to other providers
At the time that the link was placed, the linked pages were checked for possible legal violations and identifiable infringements of the law. No legal content was identifiable at the time that the link was placed. However, constant monitoring of the content of the linked pages is unreasonable without specific indication of an infringement of the law. In the event of infringements of the law becoming known, links of this type will be removed without delay.