the swapface UG (limited liability), Erftstrasse 5, 50672 Cologne, (as of July 2020)
In the following Privacy information we inform you about the processing of personal information carried out by swapface UG (limited liability), Erftstraße 5, 50672 Cologne (“swapface” and / or “we” and / or “responsible person”) in accordance with the General Data Protection Regulation (“GDPR”) and the Federal Data Protection Act (BDSG 2018). Our data protection information applies to all websites, applications and other services (hereinafter collectively referred to as “services”) that are offered by swapface in Europe.
Please read our data protection information carefully. If you have any questions or comments about our data protection information, please contact us at firstname.lastname@example.org.
1 NAME AND CONTACT DETAILS OF THE RESPONSIBLE
This data protection information applies to data processing by the
swapface UG (limited liability
Phone: +49 174 6088453
represented by: Lilia Kleemann (managing director), Svanja Kleemann (managing director)
for the following website: www.swapface.de
2 PERSONAL INFORMATION WE COLLECT
When you visit www.swapface.de, we automatically collect certain information about your device, including information about your web browser, IP address, time zone and some of the cookies that are installed on your device. In addition, when you browse the site, we collect information about the individual websites or products you are viewing, which website or search terms you have referred to the site, and information about how you interact with our website. We refer to this automatically-collected information as "Device Information".
We collect device information using the following technologies:
- "Log files" track the actions taking place on the site and collect data, including your IP address, browser type, Internet service provider, the pages you referred to / left our website, as well as date and time Time stamp.
- "Web beacons", "tags" and "pixels" are electronic files that are used to record information about how you browse our website.
When you make a purchase or try to make a purchase through our website, we also collect certain information from you, including your name, billing address, delivery address, payment information (including credit card numbers and data about PayPal, Apple Pay, Amazon Pay, Google Pay, Shop Pay, or SOFORT), your e-mail address and your telephone number. We refer to this information as "Ordering Information".
As part of the registration process, you will be asked whether you have taken note of the data protection declaration and agree to its validity, which you confirm by clicking the field and ticking the appropriate box. By doing this, you consent to your personal data being used for the following purposes:
- Processing of orders
- Sending direct mail, e.g. by e-mail, package insert or post, sending offers and vouchers
- Sending of evaluation requests
- Sending our newsletter
If you have given your consent, the legal basis for processing the data is Article 6 (1) lit. a GDPR and, if the registration serves to fulfill a contract or to carry out pre-contractual measures with you, also Art. 6 Para. 1 lit. b GDPR.
Our website uses the following types of cookies, the scope and functionality of which are explained below:
3.1 Transient cookies
These are automatically deleted when you close your browser. This includes in particular the session cookies. These store a so-called session ID, with which the various requests from your browser can be assigned to the common session. This enables your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.
3.2 Persistent cookies
These are automatically deleted after a specified period, which can differ depending on the cookie. You can delete cookies at any time in the security settings of your browser.
3.3 browser settings
You can of course set up your browser so that it does not store cookies on your device. The help function in the menu bar of most web browsers explains how you can prevent your browser from accepting new cookies, how you let your browser notify you when you receive a new cookie or how you can delete all cookies that have already been received and for all others can block.
In Internet Explorer:
- In the “Tools” menu, select “Internet Options”.
- Click on the "Data Protection" tab.
- You can now make the security settings for the Internet zone. Here you set whether and which cookies should be accepted or rejected.
- Confirm the setting with "OK".
- In the "Tools" menu, select Settings.
- Click on "Privacy".
- In the drop-down menu, select the entry "Create according to user-defined settings".
- Now you can set whether cookies should be accepted, how long you want to keep these cookies and add exceptions, which websites you always or never want to allow cookies to be used.
- Confirm the setting with "OK".
In Google Chrome:
- Click the Chrome menu on the browser toolbar.
- Now select "Settings".
- Click on "Show advanced settings".
- Under "Privacy" click on "Content Settings".
- Under "Cookies" you can make the following settings for cookies:
- Delete cookies
- Block cookies by default
- Delete cookies and website data by default when you close your browser
- Allow exceptions for cookies from certain websites or domains
However, we would like to point out that in this case you may not be able to use all the functions of our services to their full extent.
4 DISCLOSURE OF YOUR PERSONAL INFORMATION
In accordance with the statutory provisions, we pass on your personal data to third parties who support us in using your personal data as described above. Your data can be passed on to the following companies / categories of persons:
- Tax auditors, other authorities, external service providers and professional consultants such as lawyers, auditors, accountants, etc. Credit bureaus for credit checks, debt collection service providers, postal / shipping service providers, freight forwarders e.g. UPS, DHL, Deutsche Post, payment providers such as PayPal (Europe) S.à r.l. et Cie, S.C.A, 22-24 Boulevard Royal, L-2449 Luxembourg; Klarna AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden, (Amazon Pay) Amazon Payments Europe s.c.a., 5 Rue Plaetis, L-2338 Luxembourg; (Apple Pay) Apple Distribution International, Hollyhill Industrial Estate, Hollyhill Cork, Ireland; Shopify Payments, 126 York Street, Suite 200, Ottawa, ON, Canada, K1N 5T5; Google Pay (Europe), Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
- Shopify e-commerce platform. We use Shopify, a service of Shopify Inc., 126 York Street, Suite 200, Ottawa, ON, Canada, K1N 5T5, to operate our online shop. This service provides an e-commerce platform through which we offer our goods for sale. The data transmitted as part of your order is stored on a Shopify server in the USA. Shopify has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. For more information on data protection, please refer to Shopify's data protection information at http://www.shopify.com/legal/privacy.
- Finally, we may also share your personal information in order to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other legitimate request for information we receive, or to otherwise protect our rights.
The legal basis for the transfer of data to third parties for the purpose of contract processing or for billing purposes is Art. 6 Para. 1 lit. b GDPR and for the transfer in the context of legally mandated cases Art. 6 Para. c GDPR.
5 HOW DO WE USE YOUR PERSONAL INFORMATION?
We use the order information that we generally collect to fulfill all orders placed through the website (including processing your payment information, arranging shipping and providing invoices and / or order confirmations). We also use this order information to:
- communicate with you;
- prepare the shipment for you. For this purpose, your contact details will be passed on to the integration application of Deutsche Post AG and DHL Paket GmbH, which will use them to create a shipping label and to track your shipment; You can find more information on data protection for this application here: https://www.dhl.de/en/toolbar/footer/privacy-notice.html;
- review our orders for potential risk or fraud;
- To provide you with information or advertising relating to our products or services, provided that you have signed up for our newsletter by doube opt-in; and
- To inform you about product availability, provided you have registered for it.
We use the device data we collect to help us check for potential risks and fraud (especially your IP address) and, more generally, to improve and optimize our website (e.g. by creating analyzes about it how our customers surf and interact with the website and to evaluate the success of our marketing and advertising campaigns).
6 DATA PROCESSING FOR ADVERTISING PURPOSES
As described above, we use your personal information to send you targeted advertising or marketing communications that we believe may be of interest to you. For more information on how targeted advertising works, you can visit the Network Advertising Initiative ("NAI") education page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
In addition, you can opt out of some of these services by visiting the Digital Advertising Alliance's opt-out portal at http://optout.aboutads.info/.
As part of our services, we offer you the opportunity to register for our newsletter. In order to be able to make sure that no errors were made when entering the email address, we use the so-called double opt-in procedure (DOI procedure): After you have entered your email address in the registration field and your consent to receive it our newsletter, we will send you a confirmation link to the email address provided. Only when you click on this confirmation link will your email address be added to our distribution list for sending our newsletter.
The legal basis for this data processing is Article 6 Paragraph 1 Letter a) GDPR.
6.1.1 Notice of right of withdrawal
You can revoke your consent at any time with effect for the future by sending a message to email@example.com or using the unsubscribe option at the end of each newsletter.
6.2 Back In Stock
If products are sold out, we offer the option of being informed about product availability by e-mail or SMS. This function is made available by the third-party provider Appikon, www.appikon.com. If you click on the button “Notification of availability”, your personal information (such as e-mail address, telephone number, address) will be sent to Appikon and informed if the product is available. You can find more information on Appikon's data protection here: https://back-in-stock.appikon.com/privacy-policy.
6.2.1 Notice of right of withdrawal
You can revoke your consent at any time by clicking the "Unsubscribe" button in your notification email or by sending the response "STOP" to the SMS notification or by sending an email to firstname.lastname@example.org.
The legal basis for the use of analysis tools is Art. 6 Para. 1 S. 1 lit. f GDPR.
6.3.1 Notice of right of withdrawal
Via the link https://www.hotjar.com/opt-out you can prevent the collection and use of your data by Hotjar.
7 ONLINE PRESENTATION AND SERVICE OPTIMIZATION
7.1 Google Analytics
Our website uses Google Analytics, a web analysis service from Google Inc. (“Google”). Google Analytics uses so-called "cookies", text files that are stored on your computer and that enable your use of the website to be analyzed. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. If IP anonymization is activated on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. The full IP address is only transmitted to a Google server in the USA and shortened there in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services related to website and internet usage.
The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by using the browser plug-in available under the following link. Download and install it from: http://tools.google.com/dlpage/gaoptout?hl=de.
This website uses Google Analytics with the extension "_anonymizeIp ()". As a result, IP addresses are further processed in abbreviated form, so that personal references can be excluded. If the data collected about you can be linked to a person, this will be excluded immediately and the personal data will be deleted immediately.
We use Google Analytics to analyze the use of our website and to improve it regularly. We can use the statistics obtained to improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
8 ONLINE MARKETING
8.1 Google Tag Manager
We use the Google Tag Manager service from Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94.043 USA on our website. With the Google Tag Manager, marketers can manage website tags through one interface. A tag is one of marking or labeling a database. The Tag Manager itself, which uses the tags, works without cookies and does not collect any personal data. The tags set up via the Google Tag Manager only ensure the collection of data that is passed on to the target system. Because the data is only passed on, the system does not collect or save the data itself. The Tag Manager only triggers other tags, which themselves may collect data. Corresponding explanations for these respective third-party providers can be found in this data protection declaration. The Google Tag Manager does not use this data. If you have set or otherwise deactivated cookies, this will be observed for all tracking tags that have been used with the Google Tag Manager, so the tool does not change your cookie settings.
Google may ask you for permission to share some product data (e.g. your account information) with other Google products in order to activate certain features, e.g. B. to simplify the addition of new conversion tracking tags for AdWords. In addition, Google's developers review product usage information from time to time in order to further optimize the product. However, Google will not pass on any data of this type to other Google products without your consent.
8.2 Google Ads Remarketing
Our website uses the functions of Google Ads Remarketing, with which we advertise our websites in Google search results as well as on third-party websites. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). For this purpose, Google places a cookie in the browser of your terminal device, which automatically enables interest-based advertising using a pseudonymous cookie ID and based on the pages you have visited.
Any further data processing will only take place if you have given Google permission to link your internet and app browser history to your Google account and to use information from your Google account to personalize advertisements that you view on the web . In this case, if you are logged in to Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. For this purpose, your personal data is temporarily linked by Google with Google Analytics data in order to form target groups. When using Google Ads Remarketing, personal data may also be transmitted to the servers of Google LLC. come in the US.
You can permanently deactivate the setting of cookies for ad preferences by downloading and installing the browser plug-in available under the following link: https://www.google.com/settings/ads/onweb/.
In the event that personal data is transmitted to Google LLC. based in the USA, Google LLC. Certified for the US-European data protection agreement “Privacy Shield”, which guarantees compliance with the data protection level applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list.
You can find further information and the data protection provisions regarding advertising and Google here: https://www.google.com/policies/technologies/ads/.
As far as legally required, we have your consent to the processing of your data described above in accordance with Art. 6 Para. 1 lit. a GDPR obtained. You can revoke your consent at any time in the account settings or by email to email@example.com.
8.3 Facebook remarketing / retargeting
On our website, we use “Custom Audiences” from Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”) for retargeting and remarketing purposes. This service uses so-called tracking or remarketing pixels. These are pixel image files that enable log file analysis. By using the pixels, the service provider can see when and how many users have accessed the pixel, or whether and when an email was opened or a website was visited.
With the help of this service, users of the website can be shown interest-related advertisements (“Facebook Ads”) when visiting the social network Facebook or other websites that also use the process. We are interested in showing you advertisements that are of interest to you in order to make our website more interesting for you. When you visit our website, a direct connection to the Facebook servers is established via the pixel. This enables Facebook to identify you using your browser ID, as this can be linked to your user account. We have no influence on the extent and further use of the data that is collected by Facebook through the use of this tool and therefore inform you according to our level of knowledge: By integrating Facebook Custom Audiences, Facebook receives the information that you are visiting our website Have accessed our website or have clicked on an advertisement from us. If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered with Facebook or have not logged in, there is a possibility that the provider will find out and save your IP address and other identification features.
The deactivation of the "Facebook Custom Audiences" function is for logged-in users under https://www.facebook.com/settings/?tab=ads#_ possible.
As part of the Facebook pixel function, we have also activated the automatic advanced matching. This pixel function enables us to send hashed e-mails, names, gender, city, state, zip code and date of birth or telephone number as additional information to Facebook, provided that you have provided us with this data and given your consent. This activation enables us to tailor advertising campaigns on Facebook even more precisely to people who are interested in our services or products.
The legal basis for processing your data is Art. 6 Para. 1 S. 1 lit. f GDPR. You can find more information about data processing by Facebook at https://www.facebook.com/about/privacy/.
Our website uses the tool "Goaffpro" (Oxybit Enterprises Pvt Ltd) to carry out a recommendation program, the legal basis is Art. 6 Para. 1 S. 1 lit. F GDPR.
Further information on the handling of user data can be found in Goaffpro's data protection declaration at: https://goaffpro.com/privacy.
If you do not want you to receive advertisements generated by the respective targeting service, you can object to the use of retargeting technology on our websites by sending us a message to firstname.lastname@example.org.
swapface maintains social media profiles on the social networks Facebook and Instagram ("Fanpages"), services of Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland ("Facebook"), on which we regularly publish content and offers and share. If you interact with our fan pages or other Facebook or Instagram websites, the operators of the social networks record your usage behavior with cookies and similar technologies. swapface can view general statistics on the interests and demographic characteristics (such as age, gender, region) of users for its fan pages. If you use social networks, the type, scope and purposes of data processing in the social networks are primarily determined by the operators of the social networks. An exception applies to so-called page insights, for which we are jointly responsible with Facebook and which are explained below.
9.1 Processing of your data by Facebook
Data protection information from Facebook: https://www.facebook.com/about/privacy/
Data protection information from Instagram: https://help.instagram.com/519522125107875
9.2 Usage analysis (page insights)
Swapface and Facebook are jointly responsible for processing your data for the provision of page insights (Art. 26 GDPR). There is an agreement between swapface and Facebook that specifies which company fulfills which data protection obligations under the GDPR with regard to the processing of Page Insights data.
The agreement with Facebook is available here: https://www.facebook.com/legal/terms/page_controller_addendum
Facebook has summarized the essential contents of this agreement (including a list of the page insights data) here: https://www.facebook.com/legal/terms/information_about_page_insights_data.
Insofar as you have consented to the creation of page insights for Facebook as described above, the legal basis is Article 6 (1) (a) GDPR. Otherwise, the legal basis is Article 6 Paragraph 1 Letter f) GDPR, whereby our legitimate interest arises from the aforementioned purposes.
10 SOCIAL MEDIA PLUG-INS
We can use social plug-ins from the social networks Facebook and Twitter on the basis of Article 6 (1) (a) GDPR in order to make our company better known. Responsibility for the data protection-compliant operation is to be guaranteed by the respective provider.
The purpose and scope of the data collection and the further processing and use of the data by the respective provider as well as your related rights and setting options to protect your privacy can be found in the respective data protection information of the provider, which we list below.
On some websites we use plug-ins from the social network TikTok, which is operated by TikTok Inc., 10100 Venice Blvd, Culver City, CA 90232, USA (“TikTok”). The link to TikTok's data protection declaration can be found here: https://www.tiktok.com/legal/privacy-policy?lang=de
On some websites, we use plug-ins from the social network Xing, which is operated by New Work SE, Dammtorstraße 30, 20354 Hamburg (“Xing”). You can find the link to Xing's data protection declaration here: https://privacy.xing.com/de/datenschutzerklaerung
On some websites, we use plug-ins from the social network Twitter, which is operated by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (“Twitter”). You can find the link to Twitter's data protection declaration here: https://twitter.com/de/privacy
If plug-ins are activated, your web browser establishes a direct connection with the web servers of the respective social network and the content of the plug-in is transmitted directly from the social network to your web browser, which then integrates it into our website. By integrating the plug-ins, the social network receives the information that you have accessed the corresponding page of our website and can record device and access data. If you are logged in to the social network, it can also assign the visit to your account on the respective social network.
By logging out of the social network pages and deleting cookies that have been set, you can prevent social networks from assigning the information collected about you to your user account on the respective social network during your visit to www.swapface.de If you do not want social networks to assign the data collected via our website directly to your profile, you must log out of the relevant social networks before visiting our website. You can completely prevent the loading of the plugins with add-ons for your browser, e.g. B. with the script blocker "NoScript", to be found at: www.noscript.net.
11 CONTACT FORM
If you send us inquiries using the contact form, we will only use your data to process your request. These data are not used for advertising purposes or passed on to third parties.
The legal basis for the processing of the data transmitted via the contact form or in the course of sending an email is Art. 6 Para. 1 lit. f GDPR. If the establishment of contact is also aimed at concluding a contract, the additional legal basis for processing is Art. 6 Para. 1 lit. b GDPR.
The data you enter in the contact form will be stored by us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies.
12 DO NOT TRACK
Please note that we will not change the data collection and usage practices of our website if we see the "do not track" signal from your browser.
13 DURATION OF DATA STORAGE
We store your data for as long as the respective purpose requires, weighing your legitimate interests. If there is a tax retention period for certain data that are processed for the processing of sales contracts, the data will be stored for 6 or 10 years. During this time, the processing of the data is restricted after 2 years, i.e. the data will only be used to comply with legal obligations. The retention obligation begins at the end of the calendar year in which the order was placed by the customer or the contract was fulfilled.
14 DATA SECURITY
We have taken a variety of security measures to protect your personal information. Our servers and databases are among others protected by physical and technical measures.
When collecting and transmitting data via our website, we use standardized SSL encryption technology. As part of the ordering process, personal data is transmitted via SSL encryption, which can be recognized by the lock symbol in the browser and by the addition “https: //” in the address bar.
With encrypted communication, your payment data that you transmit to us cannot be read by third parties. When communicating by email, 100% data security cannot be guaranteed.
15 YOUR RIGHTS
If you are based in Europe, you have the right to access your personal data stored with us and to request that your personal data be corrected, updated or deleted. You can easily exercise your right via the following link or the contact information mentioned under 1: https://swapface.de/pages/gdpr-compliance.
You have the following rights:
15.1.1 Revocation of Consent
You can revoke your consent to the processing of personal data at any time with effect for the future. You can easily exercise your right via the following link or the contact information mentioned under 1: https://swapface.de/pages/gdpr-compliance.
15.1.2 Other rights
You also have the following rights towards us with regard to your personal data:
- Right to information,
- Right to rectification,
- Right to erasure or restriction of processing,
- Right to object to processing,
- Right to data portability,
You can easily exercise your right via the following link or the contact information mentioned under 1: https://swapface.de/pages/gdpr-compliance.
1.1.1 Data protection supervisory authority
You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us. The competent data protection supervisory authority for North Rhine-Westphalia is:
State Commissioner for Data Protection and Freedom of Information
P.O. Box 20 04 44
Tel .: 0211 / 38424-0
Fax: 0211 / 38424-10
If you are based in Europe, we also acknowledge that we process your data to perform contracts with you (e.g. when you place an order through the website) or to pursue our legitimate business interests listed above. Please also note that your data will be transferred outside of Europe, including to Canada and the United States.
The range of goods in our online shop is aimed exclusively at buyers who have reached the age of 18.
We reserve the right to update this data protection guideline from time to time, e.g. To take into account changes in our practices or for other operational, legal or regulatory reasons.