Date: [1st Sep 2022]
1. Information on the collection of personal data
1.1 Personal data
In the following, we inform you about the processing of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, and user behaviour. In this way, we would like to inform you about our processing procedures and at the same time comply with our legal obligations, in particular from the EU General Data Protection Regulation (GDPR).
1.2 Data controller
The data controller pursuant to Art. 4 (7) GDPR is [Please enter the company name, address, and email].
2. Processing of personal data when visiting our website
When using the website for information purposes, i.e. simply viewing it without registering and without you providing us with any other information, we process the personal data that your browser transmits to our server. The data described below is technically necessary for us to display our website to you and to ensure stability and security and must therefore be processed by us. The legal basis is Art. 6 (1) f GDPR:
(A) IP address
(B) Date and time of the request
(C) Content of the request (page visited)
(D) Amount of data transmitted in each case
3. Further functions and offers of our website
3.1 Overview of various offers
In addition to the purely informational use of our website, we offer various services that you can use if you are interested (e.g. registering an account, purchasing goods) and we use other functions to facilitate sales (e.g. payment method selection) and to analyse or market our offers, which are presented in more detail in Section 4 and 5 below. For this purpose, you usually have to provide further personal data and/or process such further data that we use to perform the respective services. The aforementioned data processing principles apply to all data processing purposes described here.
3.2 Use of external service providers
In some cases, we use external service providers to process your data (e.g. payment service providers, and shipping companies, for more on these see Sections 5 and 6 below). These service providers are carefully selected by us, are bound by our instructions and are regularly monitored.
3.3 Further third-party involvement
3.4 Third parties outside of the EEA
If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the offer.
4. Processing of personal data when you contact us or register an account with us
When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, name and telephone number, if applicable) will be stored by us in order to answer your questions. When you register a customer account with us, we only collect the information that you voluntarily share with us. This data may include, for example :
(A) Your first and last names, as the case may be also your title or user name
(B) Login data: your email address and a password you choose yourself
(C) Your contact details, e.g. your name, postal addresses, telephone numbers, fax numbers, email addresses
(D) Any further information on your person and your interests that you might share with us
5. Processing of personal data when you make a purchase with us
5.1 Shopping information
If you order something from our online shop, we collect your shopping data. Depending on the type of purchase and processing status, shopping data may include the following information:
(A) Purchased item details (name, price, model, etc.)
(B) Order number
(C) Delivery and billing addresses
(D) Delivery and payment status, e.g. “completed” or “dispatched”
(E) Messages and communication relating to purchases (e.g. complaints and messages to customer service)
(F) Return status, e.g. “ongoing”
(G) Information regarding service providers involved (e.g. shipment numbers of parcel services)
5.2 Payment details
We offer you various payment methods – in particular [credit card], [PayPal] . We collect the payment details shared by you in order to execute the payment. We receive further payment details from external payment service providers and credit agencies which we work with in executing payments and carrying out credit checks. We only forward information to our payment service providers which is necessary for processing payments.
Payment details include:
(A) Billing addresses
(B) Preferred payment method
(C) IBAN and BIC or account number and sort code
(D) Credit card details
The payment details also include other information directly connected to payment processing and credit checking. This applies, for example, to information that external payment service providers use for identification such as your PayPal ID if you are paying with PayPal.
5.3 Transfer of data on outstanding debts to collection service providers
In the event that outstanding invoices are not settled despite repeated reminders, we may transfer the data required to commission a collection service provider to a collection service provider for the purpose of collecting the debt. Alternatively, we may sell the debt to a collection service provider which is then able to file a claim in its own name. The agencies we charge with collection services are the following [Please fill in the information of the debt collection service provider you cooperate with, if not, delete this paragraph]
Legal basis: The legal basis for transferring data within the framework of fiduciary collection services is Article 6 (1) b GDPR; data is transferred within the framework of selling debt on the basis of Article 6 (1) f GDPR.
6.1 General information about cookies
Cookies are small web files that a site or its provider transfers to your device’s hard drive through your web browser that enables the site’s or provider’s system to recognize your browser and remember certain information.
Generally, we use first-party and third-party cookies for the following purposes: to make our Services function properly; to provide a secure browsing experience during your use of our Services; to collect passive information about your use of our Services; to measure how you interact with our marketing campaigns; to help us improve our Services, and to remember your preferences for your convenience.
We use the following types of cookies on our Services:
Strictly Necessary Cookies. These cookies are essential because they enable you to use our Services. For example, strictly necessary cookies allow you to access secure areas on our Services. Without these cookies, some services cannot be provided. These cookies do not gather information about you for marketing purposes. This category of cookies is essential for our Services to work and they cannot be disabled.
Functional Cookies. We use functional cookies to remember your choices so we can tailor our Services to provide you with enhanced features and personalized content. For example, these cookies can be used to remember your name or preferences on our Services. We do not use functional cookies to target you with online marketing. While these cookies can be disabled, this may result in less functionality during your use of our Services.
The performance or Analytic Cookies. These cookies collect passive information about how you use our Services, including webpages you visit and links you click. We use the information collected by such cookies to improve and optimize our Services. We do not use these cookies to target you with online marketing. You can disable these cookies as set forth below.
Advertising or Targeting Cookies. These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests. Our third-party advertising partners may use these cookies to build a profile of your interests and deliver relevant advertising on other sites. You may disable the use of these cookies as set forth below.
6.3 Your Choices
You can manage browser cookies through your browser settings. The 'Help' feature on most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, how to block cookies, and when cookies will expire. If you block all cookies on your browser, neither we nor third parties will transfer cookies to your browser. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some features and services may not work.
6.4 Web Pixels.
To see how successful our marketing campaigns or other goals of the Services are performing we sometimes use conversion pixels, which fire a short line of code to tell us when you have clicked on a particular button or reached a particular page (e.g. a thank you page once you have completed the procedure for subscribing to one of our services or have completed one of our forms). We also use web pixels to analyze usage patterns on our Services. The use of a pixel allows us to record that a particular device, browser, or application has visited a particular webpage.
We may use third-party service providers to monitor and analyze the use of our Services. Presently, we use Google Analytics. Google Analytics is a web analytics service that tracks and reports Site traffic. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en . Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics, available at: https://tools.google.com/dlpage/gaoptout .
6.6 Behavioral Remarketing [If you use Google Ads, Bing Ads, FB Ads, keep this paragraph.]
We also use remarketing services to advertise on third-party websites to you after you visit our Services. For this purpose, visitors are grouped by certain actions on our Services, e.g., by the duration of a visit. This enables us to understand your preferences and to show you personalized advertising even if you are currently surfing on another website that also participates in the Google advertising network.
We use the following tools and services for these purposes:
Google Ads remarketing service is provided by Google. You can opt out of this by visiting the Google Ads Settings page: https://www.google.com/settings/ads .
If Google Ads is structured to collect personal data, the data controller will be Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.
Bing Ads is a service operated by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Please read Microsoft’s privacy statement for more information on how Microsoft processes your information https://privacy.microsoft.com/en-US/ . When you access our Site via advertisements on Bing Ads, a cookie is set on your computer. In addition, a Universal Event Tracking tag is integrated on our Site. This is a code that, in combination with the cookie, stores data about the use of the Site, e.g. length of time spent on the Site, areas accessed, and ads used to reach the Site. In addition, Microsoft may track your usage patterns across multiple of your electronic devices through so-called cross-device tracking. The information collected is transferred to a Microsoft server in the United States. If Bing Ads is structured to collect personal data, the cookie banner on our Services will provide you with the opportunity to consent to Bing Ads.
Facebook Ads. Using Facebook Business Tools, we may display interest-based ads to you when using Facebook. To modify your preferences or turn off personalization for ads served by Facebook, you can visit Facebook's Ad Preferences in addition to the Your Choices section below. We do not share any of your personal information with Facebook. We may also show ads to audiences that share similar characteristics as you. To do so, a list of email addresses is irreversibly encrypted through hashing and uploaded or transmitted from our site. Facebook matches the hashed data against its own users, generating a lookalike audience and deleting the uploaded list. We do not have access to the identity of anybody in the “lookalike” audience unless they choose to click on one of our advertisements.
6.7 Other Tracking Technologies.
We may also use Tracking Technologies to collect "clickstream" data, such as the domain name of the service providing you with Internet access, your device type, IP address used to connect your computer to the Internet, your browser type and version, operating system and platform, the average time spent on our Site, webpages viewed, content searched for, access times and other relevant statistics, and assign unique identifiers to the device or other credentials you use to access the Site for the same purposes.
Pages of our Site may also use Java scripts, which are code snippets embedded in various parts of websites and applications that facilitate a variety of operations including accelerating the refresh speed of certain functionality or monitoring usage of various online components; entity tags, which are HTTP code mechanisms that allow portions of websites to be stored or “cached” within your browser to accelerate website performance; and HTML5 local storage, which allows data from websites to be stored or “cached” within your browser to store and retrieve data in HTML5 pages when the website is revisited.
6.8 Do Not Track.
Some Internet browsers, such as Internet Explorer, Firefox, and Safari, include the ability to transmit “Do Not Track” or “DNT” signals. Since uniform standards for “DNT" signals have not been adopted, our Site does not currently process or respond to “DNT” signals.
6.9 Location Information.
You may be able to adjust the settings of your device so that information about your physical location is not sent to us or third parties by (a) disabling location services within the device settings, or (b) denying certain websites or mobile applications permission to access location information by changing the relevant preferences and permissions in your mobile device or browser settings
7. Transfer of data to third parties
7.1 Transfer only where allowed by law
We only forward your data if this is allowed by German or European law. We work particularly closely with certain service providers, for example in the area of customer service (e.g. hotline service providers), with technical service providers (e.g. running computer centres) or with logistics companies (e.g. postal companies such as [Please enter the name of a logistics company you cooperate with]). These service providers may generally only process your data on our behalf under special conditions. Where we use them to process orders, the service providers only receive access to your data in the scope and for the time period required for the provision of the relevant service. If you shop with one of our partners, we forward particular shopping data regarding you to the partner (e.g. your name and your delivery address), so that the partner can send you the goods ordered.
7.3 Technical service providers
We work with technical service providers in order to be able to provide our services. These service providers include, for example, [SHOPLINEandPlease fill in the cooperative technical service provider, if not, delete this paragraph]. If they process your data outside the European Union, this may mean that your data is transmitted to a country with a lower data protection standard than the European Union. In such cases, we will ensure that the relevant service providers contractually or otherwise guarantee an equivalent data protection level.
7.4 Payment service providers and credit agencies
We offer different payment options, such as advance payment, payment by credit card, payment by PayPal and payment on the invoice. For this purpose, payment data can be transferred to payment service providers with whom we work. You can find more details about the processing of personal data by payment service providers in their privacy policies:
7.5 Shipping companies
(B) Your name
(C) Your delivery address
(D) Your post number if applicable (if you wish to have the order delivered to a DHL packing station)]
(E) Your email address if applicable (if the shipping company wishes to inform you of the provisional delivery date by email)
7.6 Authorities and other third parties
If we are obliged by an official or court decision or it is for prosecution purposes, we will if necessary forward your data to prosecution authorities or other third parties.
8. Retention and erasure of data
We will store your personal data as long as is necessary for the purposes named in this Privacy Notice, especially for the fulfilment of our contractual and legal obligations. We may also store your personal data for other purposes if or as long as the law allows us to store it for particular purposes, including for defence against legal claims.
If you close your customer account, we will delete all the data we have stored regarding you. If it is not possible or necessary to completely delete your data for legal reasons, the relevant data will be blocked for further processing. If data is blocked, technical and organisational measures are used to ensure that only a few employees can access the relevant data, based on the need to know and only for select purposes (e.g. in the event of a tax audit). Blocking will occur, for example, in the following cases:
(A) Your order and payment details and perhaps other details are generally subject to various legal retention obligations, such as those in the Handelsgesetzbuch (HGB - Commercial Code) and the Abgabenordnung (AO - Tax Code). The law obliges us to retain this data for tax audits and financial audits for up to ten years. Only then can we finally delete the relevant data.
(B) Even if your data is not subject to any legal retention obligation, we may refrain in the cases allowed by the law from immediate deletion and instead carry out initial blocking. This applies especially in cases where we may need the relevant data for further contractual processing, prosecution, or legal defence (e.g. in the event of complaints). The decisive criterion for the duration of the blocking is then the legal limitation periods. After the relevant limitation periods expire, the relevant data will finally be deleted.
Deletion may be waived in the cases allowed by law if the data is anonymous or pseudonymous and deletion would rule out or seriously hinder processing for scientific research or statistical purposes.
9. How is my personal data protected?
We use technical and organisational measures to secure our systems. With regard to your order and your customer login, we transmit your personal data securely using SSL encryption (Secure Socket Layer).
10. Your rights
10.1 Your rights against us as data controller
You have the following rights against us as a data controller in respect of personal data relating to you:
(A) right to information,
(B) right of rectification or erasure,
(C) right to restriction of processing,
(D) right to object to processing,
(E) right to data portability.
(F) right to withdraw consent (in case consent is the basis for data processing).
10.2 Information requests
In order to ensure that your data is not disclosed to third parties in the course of requests for information, please attach sufficient proof of identity to your request.
10.3 Withdrawal of consent.
If you have given your consent to the processing of your data, you may revoke this consent at any time. Such revocation affects the permissibility of the processing of your personal data after you have expressed it to us. The permissibility of the processing of your data up to the time of your revocation remains unaffected.
10.4 Objection in case of processing on the basis of balancing of interests
(A) Insofar as we base the processing of your personal data on a balancing of interests, you may object to the processing. This is the case if the processing is not necessary, in particular, for the fulfilment of a contract with you, which is shown by us in each case in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data in the way we have done. In the event of your objection, we will review the situation and either cease or adjust the data processing or show you our compelling legitimate grounds for continuing the processing.
(B) Of course, you can object to the processing of your personal data for advertising and data analysis purposes at any time. The best way to exercise your advertising objection is to contact us using the contact details provided above.
You also have the right to complain to a data protection supervisory authority about our processing of your personal data. The competencies of the supervisory authorities depend on the seat of the data controller. You may, however, contact any data protection authority in any member state of the European Union, in particular at your place of residence, which will forward your complaint to the competent authority.
Further improvements to our website or changes in legal or regulatory requirements may require changes to this privacy notice. Thus, we encourage you to re-read this Privacy Notice from time to time.
12. Data Protection Officer
You can reach our data protection officer at [email@example.com] or our postal address [PandaBoo, Inc.Suite 206, 651 N Broad St, Middletown, Delaware 19709] with the addition “data protection officer”.