Privacy statement - Privacy Policy
We are glad that you have shown interest in us. Data protection is a particularly high priority for the management of the Underwater Activities Club "SUB". The use of the Club of Underwater Activities "SUB" website is possible without indicating personal data, however, if the respondent wants to use the special services of our club through our website, the processing of personal data may be necessary. If the processing of personal data is necessary and if there is no legal basis for the processing, we require the consent of the subject.
The processing of personal data such as the name and surname, e-mail address, phone number of the respondent is always in accordance with the General Data Protection Regulation of the European Union (GDPR) and in accordance with the law of the country that applies to our - Underwater Activities Club "SUB" . With this data protection statement, our club wants to inform the public about the nature, scope and purpose for which we collect, use and process personal data. Moreover, with this notice, respondents are informed about their rights that they can exercise.
As a data controller, the Underwater Activities Club "SUB" has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, data transmissions via the Internet may in principle have security flaws, and absolute protection cannot be guaranteed. For this reason, each respondent may transmit personal data to us through alternative means of communication such as telephone.
- Definitions
The data protection statement of the Underwater Activities Club "SUB" is based on the terms used by the European legislator in the General Data Protection Regulation (GDPR). Our data protection statement should be understandable to the general public, as well as to our clients and business partners. In order to make sure that this is indeed the case, we want to first explain the terms we use.
In this data protection statement, among other things, we will use the following terms:
- a) Personal data
Personal data means all data relating to an identified or recognizable natural person ("the respondent"). An identified natural person is one who can be directly or indirectly identified, in particular by reference to an identifier such as name, identification number, location data, online identifier or one or more factors specific to physical, physiological, genetic, mental, economic, cultural or the social identity of that natural person.
- b) Respondent
The respondent is a specific or identifiable natural person whose personal data is processed by the controller responsible for data processing.
- c) Data processing
Data processing is any operation or multiple operations carried out on personal data or personal data, regardless of whether or not automated means of processing are involved, such as collection, recording, organization, structuring, storage, adaptation or modification, data recovery , consultation, use, disclosure of data by transmission, dissemination or otherwise making available, matching or combining, restriction, erasure or destruction of data.
- d) Limitation of data processing
Limitation of data processing is the marking of stored personal data with the aim of limiting their processing in the future.
- e) Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data for the assessment of certain personal aspects relating to a natural person, and in particular for the purpose of analyzing or predicting aspects relating to performance at work, economic situation, health, personal the choices, interests, reliability, behavior, location or movement of a natural person.
- f) Pseudonymization
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or recognizable natural person.
- g) Data controller or controller responsible for data processing
The processing manager or the manager responsible for the processing is a natural or legal person, public authority, agency or other body that independently or together with others determines the purpose and means of personal data processing; if the purpose and means of such processing are determined by the law of the European Union or a member state, the controller or special criteria for his appointment may be provided for by the law of the European Union or a member state.
- h) Processor
The processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
- i) Recipient
The recipient is a natural or legal person, public authority, agency or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, public authorities that may receive personal data within the framework of a specific investigation in accordance with European Union law are not or member states are not considered recipients; the processing of such data by these public bodies must be in accordance with the applicable data protection rules and in accordance with the purpose of the processing.
- J) Third party
A third party is a natural or legal person, public authority, agency or other body or person who is not a data subject, a data controller, a data processor and a person who, with the direct authorization of a data controller or data processor, is authorized to process personal data
- k) Consent
Consent of the subject is any consent freely given, given for a specific purpose, based on information and represents the unequivocal will of the subject by which he or she, by statement or clear affirmative actions, gives consent to the processing of his or her personal data.
- Name and address of the data controller
The controller in accordance with the General Data Protection Regulation (GDPR), other data protection regulations that apply in the member states of the European Union and other provisions related to data protection is:
Club of underwater activities "SUB"
Slobode Street 16 A
21000 Split
Croatia
Phone: 0976806119
Email: kpasub@gmail.com
Website: https://sub.hr
- Name and address of the Data Protection Officer
The data protection officer is:
Responsible person Zoran Ergović
Club of underwater activities "SUB"
Slobode Street 16 A
21000 Split
Croatia
Phone: 0913132121
Email: kpasub@gmail.com
Website: https://sub.hr
Any subject can directly contact our data protection officer at any time with any questions and suggestions related to data protection.
- Cookies
The Underwater Activities Club "SUB" website uses cookies. Cookies are text files stored in the computer system via the internet browser.
Many websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique cookie identifier. It consists of a series of characters through which Internet pages and servers can be assigned to a specific Internet browser in which the cookie is stored. This enables the visited websites and servers to distinguish individual Internet browsers of the respondents from other Internet browsers that contain other cookies. A particular internet browser can be recognized and identified using a unique cookie ID.
By using cookies, the Underwater Activities Club "SUB" is able to provide users of this website with more convenient services, which would not be possible without the use of cookies.
With the help of cookies, information and offers on our website can be optimized taking into account the needs of users. Cookies allow us, as we have already mentioned, to recognize users of our website. The purpose of this recognition is to make it easier for users to use our website. A user of our website who uses cookies, for example, does not have to enter access data every time he accesses the website because they are downloaded by the website and the cookie is therefore stored on the user's computer system. Another example is the virtual shopping cart cookie in an online store. The online store remembers the products that the customer placed in the virtual shopping cart through cookies.
The data subject can prevent the setting of cookies via our website at any time by means of the corresponding setting of the Internet browser used and can therefore permanently deny the setting of cookies. Furthermore, already set cookies can be deleted at any time via the Internet browser or other software programs. This is possible in all popular Internet browsers. If the respondent disables the setting of cookies in the Internet browser used, not all functions of our website may be fully usable.
- Collection of general data and information
The Underwater Activities Club "SUB" website collects a series of general data and information when respondents or an automated system calls the website. This general data and information is stored in server log files. The data and information collected can be (1) about the type of internet browser and the versions used, (2) about the operating system used by the access system, (3) about the website from which the access system accesses our website (so-called referrers). , (4) about sub-web pages (5) about the date and time of access to the website, (6) about the Internet Protocol address (IP address), (7) about the Internet service provider of the access system, and (8) all other similar data and information that can be used in the event of an attack on our information systems.
When using these general data and information, the Underwater Activities Club "SUB" does not draw any conclusions about the respondent. Rather, this information is necessary to (1) properly deliver our website content, (2) optimize our website content and advertising, (3) ensure the long-term viability of our IT systems and website technology, and (4) provide law enforcement authorities with information necessary for criminal prosecution in the event of a cyber-attack. Therefore, the Underwater Activities Club "SUB" analyzes anonymously and statistically collects data with the aim of increasing the protection and security of our company's data and ensuring the optimal level of protection of the personal data we process. Anonymous server log file data is stored separately from all personal data provided by the respondent.
- Login to our website
The respondent has the option of registering on the controller's website with the specified personal data. Which personal data is transferred to the controller is determined by the corresponding form used for the application. Personal data entered by the respondent are collected and stored exclusively for internal use by the data controller and for its own purposes. The controller may request a transfer to one or more processors (e.g. a service package) that also uses personal data for an internal purpose attributable to the controller.
By registering on the controller's website, the IP address (assigned by the Internet Service Provider (ISP) and used by the data subject), the date and time of the registration are stored. The reason for storing this data is that it is the only way to prevent abuse of our services and to enable the investigation of committed violations, if necessary. The storage of this data is necessary to ensure the controller. This data is not transferred to a third party, unless there is a legal obligation to transfer data or if the transfer serves the purpose of criminal prosecution.
The registration of the respondent, along with voluntarily indicated personal data, is intended to enable the controller to offer the respondent content or data services that can only be offered to registered users due to the nature of the offer. Registered persons can at any time change the personal data provided during registration or delete them completely from the database of the data controller.
The manager of data processing must at any time provide information upon request to each respondent about what personal data is stored about him. The controller will correct or delete personal data at the request or indication of the data subject, provided that there are no legal storage obligations. All employees of the controller are available to the respondent in this regard as contact persons.
- Subscription to our newsletters
On the website of the "SUB" Underwater Activities Club, users can subscribe to our club's newsletter. The form used to sign up for the newsletter determines which personal data is transferred, as well as when the newsletter is ordered from the data controller.
The club of underwater activities "SUB" regularly informs its clients and business partners through a newsletter about the club's offers. Our newsletter can only be received by the respondent if (1) the respondent has a valid email address and (2) the respondent has signed up to receive the newsletter. The e-mail confirmation will be sent to the address first registered by the respondent for the delivery of the newsletter, for legal reasons, in the double consent procedure. This e-mail confirmation is used to prove whether the owner of the e-mail address as a respondent is authorized to receive the newsletter.
When registering for the newsletter, we also store the IP address of the computer system assigned by the Internet Service Provider (ISP) and used by the respondent at the time of registration, as well as the date and time of registration. The collection of this data is necessary to understand the (possible) misuse of the e-mail address of a respondent later, and therefore serves as a means of legal protection of the data controller.
Personal data collected as part of the newsletter application will be used only for sending our newsletter. In addition, newsletter subscribers may be notified by e-mail, if this is necessary for the provision of the newsletter service or registration, as this may be the case when the newsletter offer is changed, or in the event of a change in technical circumstances. Personal data collected through the newsletter service will not be transferred to third parties. The respondent can unsubscribe from our newsletter at any time. The consent to the storage of personal data, which the respondent gave for the delivery of the newsletter, can be revoked at any time. For the purpose of canceling consent, there is a corresponding link in each newsletter. You can also unsubscribe from the newsletter at any time directly on the controller's website, or by notifying the controller in a different way.
- Biltten - Monitoring
The newsletter from the Underwater Activities Club "SUB" contains so-called tracking pixels. A tracking pixel is a miniature graphic element embedded in e-mail messages sent in HTML format to enable the recording and analysis of log files. This enables a statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, the Underwater Activities Club "SUB" can see if and when the respondent opened the e-mail and which links in the e-mail message were opened by the respondent.
Such personal data collected in the tracking pixels contained in the newsletter are stored and analyzed by the controller in order to optimize the delivery of the newsletter as well as to tailor the content of future newsletters even more to the interests of the data subjects. These personal data will not be passed on to third parties. Respondents at any time have the right to revoke the separate declaration of consent given in the double consent procedure. After revocation, the controller will delete this personal data. The club of underwater activities "SUB" will automatically consider that the refusal to receive the newsletter constitutes a revocation.
- Possibility of contact through the website
The website of the "SUB" Underwater Activities Club contains information that enables quick electronic contact with our club, as well as direct communication with us, which also includes the general address of the so-called electronic mail (e-mail address). If the respondent contacts the data controller via e-mail or via the contact form, the personal data entered by the respondent are automatically stored. Such personal data that the respondents voluntarily transfer to the data controller are kept for the purpose of processing or contacting the respondents. These personal data will not be transferred to third parties.
- Signing up for comments on the website's blog
Third parties can register for comments on the "SUB" Underwater Activities Club blog. In particular, there is an option for a commenter to apply for comments that follow his comments on a particular blog post.
If the data subject chooses to opt-in to this option, the controller will send an automatic confirmation e-mail to check in the double consent procedure whether the owner of the specified e-mail address has opted for this option. The ability to sign up for comments can be terminated at any time.
- Routine deletion and blocking of personal data
The data controller processes and stores personal data of the data subject only for the time necessary to achieve the purpose of storage or for the time provided by the European legislator or the laws or regulations of other legislation applicable to the data controller.
If the purpose of storage cannot be achieved or if the storage period prescribed by the European legislator or other competent legislator expires, personal data are routinely blocked or deleted in accordance with legal requirements.
- Rights of respondents
- a) The right to confirmation
Every respondent has the right, guaranteed by European legislation, to request confirmation from the data controller as to whether or not their personal data is being processed. If the data subject wishes to exercise the right to request confirmation, he may contact any employee of the data controller at any time.
- b) Right of access
Every data subject has the right guaranteed by the European legislator to obtain free of charge from the controller information about his personal data stored at any time as well as a copy of this data. Furthermore, European directives and regulations guarantee respondents access to the following information:
- on the purpose of processing;
- about the categories of personal data that are covered;
- about recipients or categories of recipients to whom personal data has been disclosed or will be disclosed, especially recipients in third countries or international organizations;
- if possible, about the expected storage time of personal data, or if this is not possible, about the criteria used to determine the storage time;
- on the existence of the right to request correction or deletion of personal data by the data controller or the limitation of the processing of personal data concerning the respondent or the right to object to such processing;
- on the existence of the right to appeal by the supervisory body;
- when personal data is not collected from the data subject, all available information about the source of the personal data;
- about the existence of automated decision-making, including profiling, specified in Article 22 paragraphs 1 and 4 of the General Data Protection Regulation and in these cases, significant information about the logic involved, as well as the significance and anticipated consequences of such processing for the data subject.
Moreover, the data subject has the right to receive information on whether personal data have been transferred to a third country or an international organization. If this is the case, the data subject has the right to be informed of the appropriate safeguards relating to the transfer.
If the data subject wants to use the right of access, he can contact any employee of the controller at any time.
- c) Right to rectification
Every data subject has the right guaranteed by the European legislator to obtain from the controller the correction of inaccurate personal data about him without undue delay. Taking into account the purposes of the processing, the respondent has the right to supplement incomplete personal data, including the right to an additional statement.
If the data subject wishes to exercise this right to rectification, he may contact any employee of the data controller at any time.
- d) Right to erasure ("Right to be forgotten")
Every data subject has the right guaranteed by the European legislator to demand from the controller the deletion of personal data relating to him without undue delay, and the controller is obliged to delete personal data without undue delay if one of the following grounds applies, provided that the processing is not necessary:
- Personal data are no longer required for the purposes for which they were collected or for which they are processed.
- The subject withdraws the consent on which this processing is based in accordance with point (a) article 6 paragraph 1 or point (a) article 9 paragraph 2 of the General Data Protection Regulation, and if there is no other legal basis for the processing.
- The data subject has objected to the processing in accordance with Article 21, paragraph 1 of the General Data Protection Regulation, and there is no more important legitimate reason for the processing, or the data subject has objected to the processing in accordance with Article 21, paragraph 2 of the General Data Protection Regulation.
- Personal data was illegally processed.
- Personal data must be deleted in order to comply with legal obligations in accordance with the law of the European Union or the law of a member state that apply to the controller.
- Personal data were collected in connection with the offer of information society services from Article 8, paragraph 1 of the General Data Protection Regulation.
If one of the above-mentioned reasons occurs, and the respondent wishes to request the deletion of personal data stored by the Underwater Activities Club "SUB", the person can contact any employee of the data controller at any time. An employee of the club Underwater Activities Club "SUB" will confirm that the deletion request will be acted upon immediately.
If the data controller has made public personal data and is obliged to delete personal data in accordance with Article 17 paragraph 1, the data controller shall, taking into account available technology and implementation costs, take reasonable steps, including technical measures, to inform other data controllers who process personal data if the data subject has requested those data controllers to delete all links, copies and replications of that personal data, provided that processing is not necessary. Employees of the Underwater Activities Club "SUB" will take the necessary measures in individual cases.
- e) The right to restrictions on processing
Every data subject has the right, guaranteed by the European legislator, to obtain from the data controller the restriction of processing if one of the following conditions is met:
- The accuracy of the personal data was contested by the respondent during the time period that allows the controller to check the accuracy of the personal data.
- The processing is illegal, and the respondent objects to the deletion of personal data and requests instead the restriction of their use.
- The data controller no longer needs personal data for processing, but the data subject needs them to make a legal request, exercise or protect his legal interests.
- The respondent objected to the processing on the basis of Article 21, paragraph 1 of the General Data Protection Regulation in the course of checking whether the legitimate interests of the data controller outweighed the interests of the respondent.
If one of the above conditions is met, and the data subject wishes to request the restriction of the processing of personal data stored by the Underwater Activities Club "SUB", he or she may contact any employee of the data controller at any time. The employee of the Underwater Activities Club "SUB" will undertake the restriction of processing.
- f) The right to transfer data
Each respondent has the right guaranteed by the European legislator to receive his personal data that he has provided to the data controller in a structured, common and legible form. The respondent has the right to transfer this data to another data controller without interference from the data controller to whom the personal data was submitted, provided that the processing is based on consent from the General Regulation on Data Protection, based on Article 6, paragraph 1, point (a) or point (a) of Article 9, Paragraph 2 or on the basis of a contract from Article 6, Paragraph 1, Point (b) of the Article, and the processing is carried out by automated means and is not necessary for the performance of tasks in the public interest or for the purpose of exercising official authority entrusted to the controller.
Moreover, in exercising the right to data transfer in accordance with Article 20, paragraph 1 of the General Data Protection Regulation, the data subject has the right to direct transfer of personal data from one controller to another, where this is technically feasible and when this does not adversely affect rights and freedoms of others.
In order to exercise the right to transfer data, the respondent can contact any employee of the Underwater Activities Club "SUB" at any time.
- g) The right to object
Each data subject has the right guaranteed by the European legislator to object for any reason, for reasons related to his or her particular situation, to the processing of personal data relating to him, which is based on points (e) or (f) of the article 6, paragraph 1 of the General Data Protection Regulation. This also applies to profiling based on these provisions.
Underwater Activities Club "SUB" will no longer process personal data in the event of objection, unless we can prove compelling legitimate grounds for processing that override the interests, rights and freedoms of the data subject, or in the event that the processing is necessary for the determination, execution or processing of legal requirements.
If the Underwater Activities Club "SUB" processes personal data for the purpose of direct marketing, the respondent has the right to object at any time to the processing of personal data about him or her for such marketing. This applies to profiling to the extent that it is linked to such direct marketing. If the respondent objects to the Underwater Activities Club "SUB" due to processing for the purpose of direct marketing, the Underwater Activities Club "SUB" will no longer process personal data for these purposes.
In addition, the respondent has the right, for reasons related to his or her personal situation, to object to the processing of his or her personal data by the Underwater Activities Club "SUB" for the purpose of scientific or historical research or for statistical purposes in accordance with Article 89, paragraph 1. General of the European Union data protection regulation, unless the processing is necessary for the performance of a task in the public interest.
In order to exercise the right to complain, the respondent can contact any employee of the Underwater Activities Club "SUB". In addition, the respondent is free in the context of using the services of the information society and, regardless of the European Union Directive 2002/58 / EC, exercise his right to object by automatic means using technical specifications.
- h) Automated individual decision-making, including profiling
Every data subject has the right guaranteed by the European legislator not to be the subject of a decision based solely on automated processing, including profiling, which has legal consequences for him or her or similarly significantly affects him or her, unless decision (1) is necessary for the conclusion or execution of a contract between the data subject and the controller, or (2) is not approved by the European Union or the law of the member state that applies to the data controller and which also prescribes appropriate measures to protect the rights and freedoms and legitimate interests of the data subject, or (3) ) is not based on the express consent of the respondent.
If the decision (1) is necessary for the conclusion or execution of a contract between the respondent and the data controller, or (2) is based on the explicit consent of the respondent, the Underwater Activities Club "SUB" will implement appropriate measures to protect the rights and freedoms and legitimate interests of the respondent, and at least guarantee the right to obtain human intervention by the data controller to express his point of view and challenge the decision.
If the respondent wishes to exercise his rights regarding automated individual decision-making, he may contact any employee of the Underwater Activities Club "SUB" at any time.
- i) the right to withdraw consent for data protection
Every subject has the right, guaranteed by the European legislator, to withdraw their consent to the processing of their personal data at any time.
If the respondent wants to use the right to withdraw consent, he can contact any employee of the Underwater Activities Club "SUB" at any time.
- Data protection provisions on the use and use of Facebook
On this website, the controller has integrated components of the company Facebook. Facebook is a social network.
A social network is a social meeting place on the Internet, an online community that usually allows users to communicate and interact with each other in virtual space. A social network can serve as a platform for the exchange of opinions and experiences, or allow the Internet community to provide personal or business information. Facebook allows users of the social network to include creating private profiles, uploading photos, and networking through friend requests.
The company that operates Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States. If the person lives outside the United States of America or Canada, the controller is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
With each call to one of the individual pages of this website, which is managed by the data controller and on which the Facebook component (Facebook plug-in) is integrated, the Internet browser on the information system of the respondent is automatically prompted to send a display of the corresponding Facebook component from Facebook via the Facebook component. An overview of all Facebook plugins can be accessed at https://developers.facebook.com/docs/plugins/. During this technical procedure, Facebook is aware of which specific sub-page of our website was visited by the respondent.
If the person is simultaneously logged on to Facebook, Facebook detects each call to our website by the subject and for the entire duration of their stay on our website - which specific subpages of our website were visited by the subject. This data is collected via the Facebook component and is linked to the respective Facebook account of the respondent. If the data subject clicks on one of the Facebook buttons integrated on our website, e.g. the "Like" button, or if the data subject comments, then Facebook associates this data with the data subject's personal Facebook user account and stores the personal data.
Facebook always receives, via the Facebook component, information about the visit of our website by the subject, whenever the person is simultaneously logged on to Facebook during the call to our website. This happens regardless of whether the respondent launches the Facebook component or not. If such a transfer of information to Facebook is not desirable for the data subject, he or she can prevent this by logging out of the Facebook account before calling up our website.
The data protection guideline published by Facebook, available at https://facebook.com/about/privacy/, provides information on the collection, processing and use of personal data by Facebook. In addition, it explained which settings Facebook offers to protect the privacy of respondents. In addition, various settings options are available to prevent the transfer of data to Facebook. These applications can be used by the respondent to disable data transfer to Facebook.
- Terms of use and use of Google AdSense data protection
On this website, the controller has integrated Google AdSense. Google AdSense is an online service that allows advertisements to be placed on third-party websites. Google AdSense is based on an algorithm that selects advertisements displayed on third-party websites to match the content of the corresponding third-party website. Google AdSense allows the targeting of Internet users based on their interests, which is carried out by generating individual user profiles.
The company that provides Google's AdSense component is Alphabet Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, United States.
The purpose of the Google AdSense component is the integration of advertisements on our website. Google AdSense places cookies on the respondent's information system. The definition of cookies is explained above. By setting cookies Alphabet Inc. enables the analysis of the use of our website. With each call to one of the individual pages of this website, which is managed by the controller and on which the Google AdSense component is integrated, the Internet browser on the information system of the respondent will automatically send data via the Google AdSense component for the purpose of online advertising and the collection of a commission by Alphabet Inc. During this technical procedure Alphabet Inc. acquires knowledge of personal data, such as the IP address of the respondent, which serves Alphabet Inc., among other things, to understand the origin of visitors and clicks and then collect a commission.
The respondent can, as stated above, prevent the setting of cookies via our website at any time by making appropriate adjustments to the internet browser used and thus permanently deny the setting of cookies. Such adjustment of the Internet browser used would also prevent Alphabet Inc from placing a cookie on the information system of the respondent. In addition, cookies already used by Alphabet Inc. they can be deleted at any time via an internet browser or other software programs.
Furthermore, Google AdSense uses so-called tracking pixels. A tracking pixel is a miniature image that is embedded in Internet pages to enable the recording and analysis of log files in order to perform statistical analysis. Based on embedded tracking pixels, Alphabet Inc. can determine if and when the respondent accessed the website and which links he clicked on. Tracking pixels serve, among other things, to analyze the flow of visitors on the website.
Through Google AdSense, personal data and information - which also includes the IP address and which is necessary for the collection and calculation of displayed ads - is transferred to Alphabet Inc. to the United States of America. This personal data will be stored and processed in the United States of America. Alphabet Inc. may disclose personal data collected through this technical procedure to third parties.
Google AdSense is further explained at the following link https://www.google.com/intl/en/adsense/start/.
- Provisions on the protection of data on the use and use of the Google Analytics service (with anonymization function)
On this website, the controller has integrated a component of the Google Analytics service (with anonymization function). The Google Analytics service is a web analysis service. Web analysis collects and analyzes data on the behavior of visitors to Internet pages. The web analysis service collects, among other things, data about the website from which the person came (so-called referrer), which subpages were visited or how often and for how long the subpages were viewed. Web analysis is mainly used to optimize a website and to perform a cost-benefit analysis of Internet advertising.
The company providing the Google Analytics component is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.
For web analytics through the Google Analytics service, the controller uses the application "_gat. _AnonymizeIp”. With this application, Google shortens and anonymizes the IP address of the internet connection of the subject when accessing our website from a member state of the European Union or another contracting state to the Agreement on the European Economic Area (EEA).
The purpose of the Google Analytics service component is to analyze traffic on our website. Google uses the collected data and information, among other things, to evaluate the use of our website and provide online reports that show the activities on our website and provide us with other services related to the use of our website.
Google Analytics places a cookie on the respondent's information system. The definition of cookies is explained above. By setting cookies, Google can analyze the use of our website. With each call to one of the individual pages of this website, which is managed by the controller and on which the Google Analytics service component is integrated, the Internet browser on the information system of the respondent will automatically send data via the Google Analytics component for the purpose of online advertising and the collection of a commission by Google. And. During this technical procedure, Google acquires knowledge of personal data, such as the IP address of the subject, which Google, among other things, serves to understand the origin of visitors and clicks, and for the subsequent payment of a commission.
A cookie is used to store personal data, such as the time of access, the location from which the access came and the frequency of visits to our website by the subject. Each visit to our website, such personal data, including the IP address of the Internet access used by the subject, will be transmitted to Google in the United States of America and stored by Google in the United States of America. Google may transfer this personal data collected by the technical process to third parties.
The respondent can, as stated above, prevent the setting of cookies via our website at any time by making appropriate adjustments to the internet browser used and thus permanently deny the setting of cookies. Such adaptation of the Internet browser used would also prevent Google Analytics from placing cookies on the data subject's information system. In addition, cookies already used by Google Analytics can be deleted at any time via your internet browser or other software programs.
In addition, the data subject has the possibility to object to the collection of data generated by Google Analytics, related to the use of this website, as well as to the processing of this data by Google and the possibility to prevent any such collection or processing. For this purpose, the respondent must download and install the Internet browser plug-in at https://tools.google.com/dlpage/gaoptout. This browser plug-in tells Google Analytics via JavaScript that all data and information about website visits are not transmitted to Google Analytics. Installation of browser add-ons is considered objectionable by Google. If the data subject's information system is subsequently deleted, formatted or reinstalled, the data subject must reinstall the Internet browser plug-ins to disable Google Analytics. If the Internet browser plug-in has been uninstalled by the respondent or any other person attributable to the jurisdiction, or the plug-in has been disabled, it is possible to reinstall or reactivate the Internet browser plug-ins.
Additional information and applicable data protection provisions from Google can be downloaded at https://www.google.com/intl/en/policies/privacy/ and http://www.google.com/analytics/terms/ us.html. Google Analytics is further explained at the following link https://www.google.com/analytics/.
- Data protection provisions on the use and use of Google Remarketing
On this website, the controller has integrated the services of Google Remarketing. Google Remarketing is a feature of the Google AdWords program that allows a company to display ads to Internet users who have previously visited the company's website. The integration of Google Remarketing therefore enables the company to advertise in a user-friendly way and thereby show relevant ads to interested internet users.
The company providing the Google Remarketing service is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.
The purpose of Google Remarketing is to insert advertising according to relevant interests. Google Remarketing allows us to display ads on the Google network or on other websites that are based on individual needs and correspond to the interests of Internet users.
Google Remarketing places a cookie on the respondent's information system. The definition of cookies is explained above. By setting cookies, Google enables the recognition of visitors to our website if they call up successive websites that are also members of the Google advertising network. With each call to a website on which the Google Remarketing service is integrated, the internet browser of the subject is automatically identified with Google. During this technical process, Google receives personal data, such as the user's IP address or surfing behavior, which Google uses, among other things, to insert relevant relevant advertisements.
The cookie is used to store personal data, for example the internet pages visited by the respondent. Each time you visit our website, personal data, including the IP address of the Internet access used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may transfer this personal data collected through the technical process to third parties.
The respondent can, as stated above, at any time prevent the setting of cookies via our website by making appropriate adjustments to the used internet browser and thus permanently deny the setting of cookies. Such adaptation of the Internet browser used would also prevent Google from placing cookies on the data subject's information system. In addition, cookies already used by Google can be deleted at any time via the Internet browser or other software programs.
In addition, the data subject has the possibility to object to interest-based advertising by Google. For this purpose, the data subject must call up the link at www.google.de/settings/ads and enter the desired settings on each Internet browser used by the data subject.
Additional information and the applicable data protection provisions of Google can be found at https://www.google.com/intl/en/policies/privacy/.
- Provisions on the protection of data on the use and use of the Google AdWords program
On this website, the controller has integrated Google AdWords. Google AdWords is an online advertising service that allows an advertiser to place ads in Google search results and Google's advertising network. Google AdWords allows an advertiser to pre-define certain keywords that only display the ad on Google's search results when a user uses search to find search results related to the keywords. In the Google advertising network, ads are distributed on relevant websites using an automatic algorithm, taking into account previously defined keywords.
The company providing the Google AdWords service is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.
The purpose of Google AdWords is to promote our website by including relevant advertising on third-party websites and search results in the Google search engine, as well as for third-party advertising on our website.
If the subject accesses our website via a Google ad, a conversion cookie is sent to the information technology system of the subject via Google. The definition of cookies is explained above. The conversion cookie expires after 30 days and is not used to identify the data subject. If the cookie has not expired, the conversion cookie is used to check whether certain subpages have been called up on our website, e.g. the virtual shopping cart from the online store. Through the conversion cookie, Google and the controller can understand whether the person who came to the AdWords ad on our website generated a sale, i.e. made or canceled the sale of goods.
Google uses the data and information collected through the use of conversion cookies to create statistics on the visit to our website. These visit statistics are used to determine the total number of users served by AdWords ads in order to determine the success or failure of each AdWords ad and to optimize AdWords ads in the future. Neither our company nor other Google AdWords advertisers receive information from Google that could identify respondents.
The conversion cookie stores personal data, such as the internet pages visited by the respondent. Each time you visit our website, personal data, including the IP address of the Internet access used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may transfer this personal data collected through the technical process to third parties.
The respondent can at any time prevent the setting of cookies on our website, as stated above, by means of the appropriate setting of the Internet browser used and thereby permanently deny the setting of cookies. Such a setting of the Internet browser used would also prevent Google from placing a conversion cookie on the data subject's information system. In addition, the cookie set by Google AdWords can be deleted at any time via the Internet browser or other software programs.
The respondent has the possibility to object to interest-based advertising by Google. For this purpose, the respondent must call up the link at www.google.de/settings/ads and enter the desired settings.
Additional information and the applicable data protection provisions of Google can be found at https://www.google.com/intl/en/policies/privacy/.
- Data Protection Terms of Use and Use of Jetpack for WordPress
On this website, the controller has integrated Jetpack. Jetpack is a WordPress plugin that provides additional features to a WordPress-based website operator. Jetpack enables website operators, among other things, to view website visitors. By displaying related posts and publications or the ability to share content on the page, it is possible to increase the number of visitors. In addition, security components are integrated into Jetpack, so a website using Jetpack is better protected from attacks. Jetpack also optimizes and speeds up the loading of images on a website.
The company providing the Jetpack Plug-Ins service for WordPress is Aut O'Mattic A8C Ireland Ltd., Business Centre, No.1 Lower Mayor Street, International Financial Services Centre, Dublin 1, Ireland.
Jetpack places a cookie on the information system used by the respondent. The definition of cookies is explained above. With each call to one of the individual pages of this website, which is managed by the controller and on which the Jetpack component is integrated, the internet browser on the data subject's information system is automatically prompted to send data via the Jetpack component for analysis at Automattic. During this technical procedure, Automattic receives data that is used to create an overview of visits to the website. The data obtained in this way are used to analyze the behavior of the respondents who have access to the controller's website and are analyzed with the aim of optimizing the website. Data collected through the Jetpack component is not used to identify the data subject without the specific express consent of the data subject previously obtained. Quantcast has also been notified of the data. Quantcast uses data for the same purposes as Automattic.
The respondent can, as stated above, prevent the setting of cookies via our website at any time by making appropriate adjustments to the internet browser used and thus permanently deny the setting of cookies. Such adjustment of the Internet browser used would also prevent Automattic/Quantcast from placing a cookie on the respondent's information system. In addition, cookies already in use by Automattic / Quantcast can be deleted at any time via your internet browser or other software programs.
In addition, the respondent has the possibility to object to the collection of data relating to the use of this Website generated by Jetpack cookies, as well as the processing of such data by Automattic / Quantcast and the opportunity to prevent any such collection or processing. For this purpose, the respondent must press the "opt-out" button on the link https://www.quantcast.com/opt-out/ which sets an opt-out cookie. The disabled cookie set for this purpose is located on the information system used by the respondent. If cookies are deleted on the respondent's system, the respondent must call the connection again and set a new opt-out cookie.
By setting the disabled cookie, however, there is a possibility that the website of the data controller can no longer be used in full by the data subject.
Automattic's privacy policy can be accessed at https://automattic.com/privacy/. Quantcast's privacy policy can be accessed at https://www.quantcast.com/privacy/.
- Data protection provisions for the use and use of YouTube
On this website, the controller has integrated components of YouTube. YouTube is an online video portal that allows video publishers to upload videos and other users for free, and which also allows free viewing, rating and commenting on them. YouTube allows you to publish all kinds of videos, so you can access full movies and TV shows, as well as music videos, trailers, and user-made videos through the online portal.
The company providing the YouTube service is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.
With each call to one of the individual pages of this website, which is managed by the controller and on which the YouTube component (YouTube video) is integrated, the Internet browser in the information technology system of the respondent is automatically prompted to download the display of the YouTube component via the corresponding YouTube component. Further information about YouTube can be obtained at https://www.youtube.com/yt/about/en/. During this technical procedure, YouTube and Google acquire information about which specific subpages of our website have been visited by a person.
If the data subject is logged in to YouTube, YouTube recognizes with each call-up to a subpage containing a video on YouTube which specific subpage of our website was visited by the data subject. This data is collected by YouTube and Google and assigned to the respective YouTube accounts of the data subjects.
YouTube and Google will receive information via the YouTube component that the data subject has visited our website if the data subject is logged in to YouTube at the time of the call to our website; this happens whether the person clicks on the YouTube video or not. If such a transfer of this data to YouTube and Google is not desirable for the data subject, the transfer can be prevented if the data subject logs out of his own YouTube account before making a call to our website.
The YouTube privacy policy, available at https://www.google.com/intl/hr/policies/privacy/, provides information on the collection, processing and use of personal data by YouTube and Google.
- Payment method: Data protection provisions on the use of PayPal as a payment processor
On this website, the controller has integrated PayPal components. PayPal is a provider of online payment services. Payments are processed through so-called PayPal accounts, which are virtual private or business accounts. PayPal is also able to process virtual payments via credit cards when the user does not have a PayPal account. A PayPal account is managed through an email address, which is why there are no classic account numbers. PayPal allows you to initiate online payments to third parties or receive payments. PayPal also accepts trustee functions and offers buyer protection services.
The company providing the PayPal service is PayPal (Europe) S.à.rl et Cie, SCA, 22-24 Boulevard Royal L-2449, Luxemburg.
If the respondent selects “PayPal” as a payment option in the online store during the ordering process, we automatically transfer the respondent's data to PayPal. By choosing this payment option, the respondent agrees to the transfer of personal data necessary for payment processing.
Personal information transmitted to PayPal is usually first name, last name, address, email address, IP address, telephone number, mobile phone number or other information necessary to process the payment. The processing of the purchase contract also requires such personal data, which are related to the respective order.
Data transfer is aimed at processing payments and preventing fraud. The controller will transfer personal data to PayPal, especially if there is a legitimate interest in doing so. Personal data exchanged between PayPal and the data processor will be forwarded by PayPal to economic credit agencies. This transfer is intended to verify identity and creditworthiness.
If necessary, PayPal will transfer personal data to affiliates and service providers or subcontractors to the extent necessary to fulfill contractual obligations or to process order data.
The data subject has the possibility to revoke the consent to the handling of personal data at any time from PayPal. Revocation does not affect personal data that must be processed, used or transferred in accordance with (contractual) payment processing.
The applicable PayPal data protection provisions can be found at https://www.paypal.com/us/webapps/mpp/ua/privacy-full.
- Legal basis for processing
Article 6 paragraph 1 GDPR serves as the legal basis for processing procedures for which we have obtained consent for a specific purpose of processing. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, when the processing is necessary for the delivery of goods or the provision of any other service, the processing is based on Article 6 paragraph 1 point b) GDPR. The same applies to those processing procedures that are necessary to carry out pre-contractual actions, for example in the case of inquiries about our products or services. If our company is subject to a legal obligation that requires the processing of personal data, such as the fulfillment of tax obligations, the processing is based on Article 6 paragraph 1 point c) GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or other natural persons. This would be the case, for example, if a visitor to our company is injured and their name, age, health insurance information or other vital information needs to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 paragraph 1 point d) GDPR. Finally, the processing procedures could be based on Article 6 paragraph 1 point f) GDPR. This legal basis is used for processing procedures that are not covered by any of the legal reasons mentioned above, if the processing is necessary for the purposes of legitimate interests pursued by our company or a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject that require protection personal data. Such processing procedures are specifically allowed because the European legislator has specifically mentioned them. He considered that a legitimate interest can be assumed if the respondent is a client of the controller (introductory statement 47 Sentence 2 GDPR). "
- Legal interests pursued by the controller or a third party
If the processing of personal data is based on Art. 6 paragraph 1 point f) GDPR, it is our legitimate interest to operate for the benefit of the well-being of all our employees and shareholders.
- Period in which personal data will be stored
The criteria for determining the storage period of personal data are the corresponding legally prescribed retention periods. After the expiration of this period, the corresponding data is routinely deleted, until it is no longer necessary for the fulfillment of the contract or the initiation of the contract.
- Provision of personal data as a legal or contractual requirement; Conditions necessary for concluding a contract; Obligation of respondents to provide personal data; possible consequences of not providing such information
We clarify that the provision of personal data is partly required by law (e.g. tax regulations) or may result from contractual provisions (e.g. information about the contractual partner). Sometimes it may be necessary to enter into a contract in which the respondent provides us with personal data, which we must subsequently process. For example, the respondent is obliged to provide us with personal data when our company signs a contract with him or her. Failure to provide personal data would result in the contract with the respondent not being concluded. Before personal data is provided by the respondent, the data must contact any employee. The employee explains to the respondent whether the provision of personal data is required by law or contract or is necessary for concluding a contract, whether there is an obligation to provide personal data and the consequences of not reporting personal data.
- The existence of automated decision-making
As a responsible company, we do not use automated decision-making or profiling.