Privacy Policy
1. General
1.1 What is personal data?
Personal data is information that discloses or can disclose the identity of the user. We adhere to the principle of data avoidance. As far as possible, we do not collect personal data.
1.2 Dealing with personal data
Personal data is used solely for the purpose of establishing the contract, structuring its content, implementing or processing the contractual relationship (Art. 6 I S. 1 b GDPR).
In addition, personal data will only be processed if we have received your consent to do so (Art. 6 I S. 1 a GDPR) or if it concerns data whose processing is necessary for our legitimate interests and if the assessment shows that there are no overriding interests, fundamental rights or fundamental freedoms on your part (Art. 6 I S. 1 f GDPR).
We may use contract processors to process your personal data, but will not pass on your personal data to third parties.
The data will only be passed on to the shipping company commissioned with the delivery in order to fulfil the contract, insofar as this is necessary for the delivery of ordered goods. In order to process payments, the necessary payment data will be passed on to the bank commissioned with the payment and, if applicable, to the commissioned and selected payment service provider.
The processing of your personal data takes place exclusively within the EU, unless otherwise stated below.
1.3 Usage data
When you visit the website, general technical information is collected. This includes the IP address used, time of day, duration of the visit, browser type and, if applicable, the page of origin. This usage data is registered in a log file for technical reasons and can be used and stored for the purpose of statistical evaluation of this website. This usage data is not linked to your other personal data.
1.4 Duration of storage
After the end of the purpose for which the data was collected, we only store your personal data for as long as this is necessary due to legal (in particular tax) regulations.
2. Your rights
2.1 Information
You can request information from us as to whether we process your personal data and, if so, you have a right to information about this personal data and the further information specified in Art. 15 GDPR.
2.2 Right to Correction
You have the right to rectify the incorrect personal data concerning you and may request the completion of incomplete personal data in accordance with Art. 16 GDPR.
2.3 Right to cancellation
You have the right to demand that we delete your personal data immediately. We are obliged to delete them immediately, in particular if one of the following reasons applies:
- Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
- You revoke your consent on which the processing of your data was based and there is no other legal basis for the processing.
- Your data have been processed unlawfully.
The right to deletion does not exist insofar as your personal data is necessary for the assertion, exercise or defence of our legal claims.
2.4 Right to limitation of processing
You have the right to demand that we restrict the processing of your personal data if
- you dispute the accuracy of the data and we therefore verify the accuracy,
- the processing is unlawful and you refuse to delete it and instead request the restriction of its use
- we no longer need the data, but you need it to assert, exercise or defend legal claims,
- you have objected to the processing of your data and it is not yet clear whether our legitimate reasons outweigh your reasons.
2.5 Right to Data Transferability
You have the right to receive the personal data relating to you that you have provided to us in a structured, common and machine-readable format and you have the right to communicate this data to another responsible person without our interference, provided that the processing is based on a consent or a contract and the processing is carried out by us using automated procedures.
2.6 Right of revocation
If the processing of your personal data is based on a consent, you have the right to revoke this consent at any time.
2.7 General and right of appeal
The exercise of your aforementioned rights is generally free of charge for you. If you have any complaints, you have the right to contact the supervisory authority responsible for us, the state data protection officer, directly.
3. Data security
3.1 Data security
All data on our website is protected by technical and organisational measures against loss, destruction, access, alteration and distribution.
3.2 Sessions and Cookies
We may use cookies or server-side sessions in which data can be stored to operate the website. Cookies are files that are stored on your hard drive by a website in order to automatically recognize this computer the next time you visit the website and thus adapt the use of the website to you. Some of the cookies used are deleted after the end of the browser session. These are so-called session cookies. Other cookies remain on your end device and enable the browser to be recognised during a subsequent visit to our website (permanent cookies). You can set your browser so that you are informed about the setting of cookies and decide individually whether to accept them or whether to exclude the acceptance of cookies in certain cases or in general. Please note that you may not be able to use some functions of this website if cookies are deactivated. We ensure that no personal data from sessions or through cookies is transferred and that cookies are only used if this is technically necessary for the website. Thus, the assessment shows that no overriding interests on your part conflict (Art. 6 I S. 1 f GDPR).
4. Newsletter
If you subscribe to our newsletter, we will use the data required for this purpose or provided separately by you in order to send you our e-mail newsletter on a regular basis. You can unsubscribe from the newsletter at any time, either by sending us a message via the contact details given in the imprint or via the link provided in the newsletter.
5. Comments
If you use the comment function on our website, the time of creation and your chosen pseudonym will be saved in addition to these comments. The IP address is made anonymous by us immediately and is not stored.
6. Presence on social media platforms
We use the following social media platforms for company presentation and communication (the following linked data protection declarations and opt-out options are expressly referred to).
Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)Privacy Policy: https://www.facebook.com/about/privacy/
Opt-Out: https://www.facebook.com/settings?tab=ads alternatively http://www.youronlinechoices.com
Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA)
Privacy policy: https://twitter.com/de/privacy
Opt-Out: https://twitter.com/personalization
LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland)
Privacy Policy https://www.linkedin.com/legal/privacy-policy
Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
Xing (XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany)
Privacy Policy and Opt-Out: https://privacy.xing.com/de/datenschutzerklaerung.
Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA)
Privacy Policy and Opt-Out: http://instagram.com/about/legal/privacy/
These social media platforms may be able to process personal data outside the EU, we refer in this respect to the above data protection declarations of the social media platforms. The respective social media platforms may create user profiles and store cookies on your computer, in which your user behaviour is stored, based on your user behaviour and the resulting interests on your part. If you have an account on the respective social media platform and are logged in, your usage behaviour can even be stored independent of the device. Your usage profile can be used, for example, to place advertisements that presumably correspond to your interests.
We process the personal data exclusively for communication with you via the social media platform selected by you and for the optimisation of our online presence and ensure that no interests on your part are affected which outweigh this justified interest on our part (Art. 6 I S. 1 f GDPR). If you have already given the respective operator of the social media platform effective consent to the corresponding data processing, your personal data will also be processed on the basis of this consent (Art. 6 I S. 1 a GDPR).
7. Third-party services
7.1 Google Analytics
This website uses Google Analytics, a web analysis service from Google, operated by Google LLC,1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google") and collects and stores data via this web analysis service from which user profiles are created using pseudonyms. The user profiles created in this way are used to evaluate visitor behaviour in order to design and improve the services presented on this website in line with requirements. Google Analytics uses "cookies", which are small text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States. However, if IP anonymisation is activated on this website, your IP address will be shortened by Google in advance within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA where it will be shortened. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google. Even the user profiles under a pseudonym are not merged with the personal data of the user without the express and separately declared consent of the user. Thus, the assessment shows that no overriding interests on your part conflict (Art. 6 I S. 1 f GDPR). You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and Google from processing this data by downloading and installing the browser plug-in available at the following link (http://tools.google.com/dlpage/gaoptout?hl=en).
You can also prevent Google Analytics from collecting your data by clicking on the following link. An opt-out cookie is set to prevent the collection of your information on future visits to this website: Disable Google Analytics. You can view Google's privacy policy at http://www.google.de/intl/de/policies/privacy/ . For more information on terms of use and privacy, please visit http://www.google.com/analytics/terms/de.html or http://www.google.com/intl/de/analytics/privacyoverview.html. We would like to point out that on this website Google Analytics has been extended by the code "anonymizeIp" in order to guarantee an anonymous collection of IP addresses (so-called IP masking).
7.2 Social media links
We have our own social media pages with the third-party providers that can be reached via links from this website. By using the links you will reach the respective websites of the third party providers (e.g. Facebook, Twitter, Google+). In order to avoid unnecessary data transfer, we recommend that you log out of the respective third-party provider yourself before using a corresponding link, so that usage profiles cannot be created by the third-party provider through the use of the link.
7.3 Use of ActiveCampaign
Our e-mail communication is handled via "ActiveCampaign", 1 N Dearborn, 5th Floor, Chicago, IL 60601, USA. Your e-mail address and other data described in this notice will be stored on ActiveCampaign's servers in the USA. ActiveCampaign uses this information to send and evaluate e-mails on our behalf. Furthermore, according to its own information, ActiveCampaign can use this data to optimize or improve its own services, e.g. for the technical optimization of the dispatch and presentation of the newsletter or for economic purposes in order to determine from which countries the recipients come. ActiveCampaign does not use the data of our mail recipients in order to write to them or pass them on to third parties. ActiveCampaign is certified under the US-EU data protection agreement "Privacy Shield" and thus undertakes to comply with EU data protection regulations. In addition, we have concluded a data processing agreement with ActiveCampaign. This is a contract in which ActiveCampaign undertakes to protect the data of our users, to process it on our behalf in accordance with their data protection regulations and, in particular, not to pass it on to third parties. Thus, the weighing up results in the fact that no overriding interests on your part are opposed (Art. 6 I S. 1 f GDPR). You can view the data protection regulations of ActiveCampaign at https://www.activecampaign.com/privacy-policy/
7.4 Font Awesome Web Fonts
We also use Web Fonts from Font Awesome to provide you with a consistent font on our website. These fonts are automatically saved in your browser cache when you call up one of our pages in order to enable the desired display. If your browser does not support the web fonts used, a standard font from your computer may be used. Here no interests of the users are concerned, which outweigh this technical necessity (art. 6 I S. 1 f GDPR). You can view Font Awesome's privacy policy here: https://fontawesome.com/privacy
7.5 Typekit
We use Adobe Typekit to display fonts on our website. Adobe Typekit is a service providing access to a font library provided by Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe). When you open a page, your browser loads the Web fonts you need into your browser cache to display text and fonts correctly. In the course of providing the Typekit service, no cookies are placed or used to provide the fonts. To provide the Typekit service, Adobe may collect font information to identify the site itself and the associated Typekit account. The interests of the users are not affected according to (Art. 6 I S. 1 f GDPR). For more information about privacy at Adobe Typekit, please refer to Adobe's privacy statement at https://www.adobe.com/privacy/policies/typekit.html
7.6 Google reCAPTCHA
This website uses reCAPTCHA, a service by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google"). The function is used to distinguish whether the input is made by a human or abusive by automated, mechanical processing. The query includes the sending of the IP address and any other data required by Google for the reCAPTCHA service to Google. For this purpose, your input will be transmitted to Google and used there. However, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. The IP address sent by your browser as part of reCaptcha will not be merged with other data provided by Google. The processing thus serves to avoid the misuse of this website and ultimately takes place anonymously, thus the consideration that no overriding interests on your part preclude a processing (Article 6 I p. 1 f DSGVO). It is Google's Privacy Policy, which can be found at: https://policies.google.com/privacy?hl=en.
7.7 Facebook Pixel
To measure conversion rates, this website uses the visitor activity pixel of Facebook. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook’s statement the collected data will be transferred to the USA and other third-party countries too.
This tool allows the tracking of page visitors after they have been linked to the website of the provider after clicking on a Facebook ad. This makes it possible to analyze the effectiveness of Facebook ads for statistical and market research purposes and to optimize future advertising campaigns.
For us as the operators of this website, the collected data is anonymous. We are not in a position to arrive at any conclusions as to the identity of users. However, Facebook archives the information and processes it, so that it is possible to make a connection to the respective user profile and Facebook is in a position to use the data for its own promotional purposes in compliance with the Facebook Data Usage Policy. This enables Facebook to display ads on Facebook pages as well as in locations outside of Facebook. We as the operator of this website have no control over the use of such data.
The use of Facebook Pixel is based on Art. 6(1)(f) GDPR. The operator of the website has a legitimate interest in effective advertising campaigns, which also include social media. If a corresponding agreement has been requested (e.g., an agreement to the storage of cookies), the processing takes place exclusively on the basis of Art. 6(1)(a) GDPR; the agreement can be revoked at any time.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum und https://de- de.facebook.com/help/566994660333381.
Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after the onward transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The wording of the agreement can be found under: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook tool and for the privacy- secure implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g., requests for information) regarding data processed by Facebook directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.
In Facebook’s Data Privacy Policies, you will find additional information about the protection of your privacy at: https://www.facebook.com/about/privacy/.
You also have the option to deactivate the remarketing function “Custom Audiences” in the ad settings section under https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.
To do this, you first have to log into Facebook. If you do not have a Facebook account, you can deactivate any user-based advertising by Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/
8. Establishing contact
If you would like to contact us about data protection, please use the contact options below. Responsible person in the sense of the GDPR:
Bright Idea
Frau Dr. Katja Brunkhorst
Rudolfstraße 24
49080 Osnabrück
Germany
E-mail: kb@bright-idea.de
Phone: +49 (0) 541 40757303