Privacy Policy
-
Summary
We take your privacy very seriously and are committed to being transparent with how we use your information. Our website
www.denimsta.com and any of our services and sites directing you to this Privacy Policy are controlled by our team collectively.
Data controller & responsible body
45, Ashwathnagar, Sachinanda Nagar, Raj Mahal Vilas 2nd stage,
R.M.V 2nd stage, Bengaluru, Karnataka - 560094 annie@denimsta.com
Our Privacy Policy Explains
-
What information we collect and why we collect it
-
How we use that information
-
A notice to users from California
-
Your rights with regard to the processing of personal data by Denimsta
If you have any questions about this Privacy Policy or would like to know more about what information we collect and store, please contact us at annie@denimsta.com
Purposes of data collection, data processing and data use
Titel Media is engaged in operating online publications covering forthcoming trends and news in fashion, art, music, and culture. Titel Media collects and processes personal data for the following purposes:
-
Operation of the Website and App, including statistical analysis of the use
-
Provision of website content
-
Advertising and market research
-
Execution of purchase contracts
-
Fraud prevention, selection of payment methods and credit check
-
Processing of job applications
-
On the basis of your consent
Groups of people concerned and the associated data and category of data
We process customers’ and website visitors’ personal data, the data of job applicants as well as the data of business partners from our service providers and partner companies insofar it is needed to fulfil the processing purposes.
The following data categories are processed:.
-
Profile information
-
Contact details
-
Shopping information
-
Payment details
Messages, conversation content
-
Social network data
-
Site data/Access data
-
Tracking data
-
Job applications
-
Survey data
Recipients or groups of recipients to whom data may be disclosed
Public authorities in connection with an overriding legal regulation, contractors in connection with a partnership in accordance with Article 28 of the General Data Protection Regulation (GDPR), for example,
technical service providers, external partners (for example, consultancies, marketing agencies, law companies) and internal departments of Denimsta to fulfill the purposes of data processing.
Time limits for the deletion of data
Under statutory provisions, a variety of obligations and periods apply with regard to the data retention. We only store personal data for as long as necessary to fulfil the purposes for which we collected the data. Once these retention periods have expired, the corresponding data must be erased as a matter of routine, unless we still need the data until the expiry of the statutory limitation period for evidence purposes for claims under civil law, due to statutory retention obligations or there is another legal basis under data protection law for the continued processing of your data in the specific individual case.
For evidence purposes, we must retain contractual data for three years from the end of the calendar year in which the business relationship with you ends. Any claims become statute-barred at this point at the earliest in accordance with the standard statutory limitation period.
Transfer of data to third countries
As further detailed in this Privacy Notice, data may be transferred to a third country, i.e., countries whose level of data protection does not correspond to that of the European Union (outside the European Union or the European Economic Area, including to the United States) in connection with certain services.
Insofar as this is the case and the European Commission has not issued an adequacy decision (Art. 45 GDPR) for these countries, we have taken appropriate safeguards to ensure an adequate level of data protection for any data transfers. These include, among others, the Standard Contractual Clauses of the European Union or binding corporate rules. Where this is not possible, we rely on the derogations of Art. 49 GDPR, in particular your explicit consent or necessity of data transfer for performance of the contract or for implementation of the pre-contractual measures. If third country data transfer is foreseen and no adequacy decision or appropriate safeguards are in place, it is possible and there is a risk that authorities in the respective third country (e.g., secret services) may obtain access to the transferred data in order to collect and analyze it, and that enforceability of your data subject rights cannot be guaranteed. When obtaining your
consent via the cookie consent banner, you will also be informed about it.
Legal basis for the collection and processing of personal data
We may process your personal data on the basis of your consent pursuant to Article 6(1)(a) GDPR, for example, for Newsletter subscription (see Chapter VIII “Newsletter”).
Furthermore, we may process your personal data which is necessary for the conclusion or performance of a contract entered in your interest pursuant Article 6(1)(b) GDPR, for example, when you conduct a purchase in our online store. This legal basis also applies to the implementation of pre-contractual measures.
We may also process your personal data which is required to fulfill our legal obligations pursuant to Article 6(1)(c) GDPR.
Legal basis for the processing of personal data which is necessary in order to realize our or third party’s legitimate interest, except where such considerations are overridden by the need to protect your interests or fundamental rights, is Article 6(1)(f) GDPR.
B. Personal data we collect
We collect information for example to fulfil orders in our store, to answer customers’ requests and to provide better services to our users and customers as well as to improve our business. The list of purposes of data collection and data processing are provided in “Purpose of data collection, data processing and data use”. We collect information in following ways:
Information you give us or information provided through a social network
For example, some of our services require you to sign up for a customer account, provide information for a contest or award, or login to an account through a social network. The information we collect includes email, name, phone number, address, and credit card information. Such information is necessary to render the services requested and/or to provide contractual services. Legal basis for such data processing is Article 6 (1)(b) GDPR. Unless statutory provisions provide otherwise, the data will be deleted if the purpose ceases to apply, e.g. if the services are performed in full or if you unsubscribe from our services.
When you contact us, either by email, live chat or by using our contact forms, we collect the data you have submitted with your request (including name, email, message content, IP address) and may keep a record of your communication to help solve any issues you might be
facing. Legal basis for such data processing is Article 6(1)(b), if the request is related to the conclusion or execution of a contract, and otherwise Article 6(1)(f) GDPR. Unless statutory provisions govern otherwise, the data will be deleted if the purpose of processing ceases to apply, e.g. if we have fulfilled your request.
When you make a purchase in our online store, we collect personal data required to process your order. Legal basis for such data processing is Article 6(1)(b) GDPR. Please see section IV. below for further details.
We work with social networks including Facebook, Twitter, Snapchat, Instagram, and YouTube to communicate with our customers. We have access to information you directly provide and information through those social networking services based on your privacy settings on those networks when you visit or contact us on our social pages. Please see section V. below for further details. Such information serves to enhance the usability of our services. Legal basis for such data processing is Article 6(1)(f) GDPR. Unless statutory provisions provide otherwise, the data will be deleted if the purpose ceases to apply.
Information we gather from surveys
If you take part in one of our surveys, we store your contact data and the information you provide as part of the survey. We use this data in anonymous form only. It is not possible to draw any conclusions about your person. We publish the results of the survey on our Website or
share them with partner companies, e.g. advertising partners or connected websites. For example, we may share information to show trends about the general use of our services.
To receive surveys and to process your personal data for survey purposes, we will ask you for your prior consent. In this case the legal basis for data processing is Article 6 (1)(a) GDPR. You may revoke your consent for receiving surveys and for processing survey data at any time.
Information we get from your use of our services
We may collect usage information when you visit different parts of our Website. We may also automatically collect certain technical information such as device-specific information (such as your hardware model, operating system version, device type, unique device identifiers, and mobile information if you use a mobile device to access the Website). If this information is necessary to provide our services, the legal basis is Article 6 (1) lit. f GDPR. In other cases, we ask you for your consent and process your information on the basis of Article 6 (1) lit. a GDPR. Please see section I. below for details.
Information we collect from your job application
You can apply for open positions with us via our application management system or via email to annie@denimsta.com. The purpose of the data collection is the selection of applicants for the
possible employment relationship establishment. To receive and process your application, we process the following personal data in particular (hereinafter "Application data"):
-
First and last name;
-
Email address, telephone number;
-
Application documents (e.g., references, curriculum vitae);
-
Date of earliest possible start of job;
-
Salary expectations.
The legal basis for the processing of your application data is Art. 6 (1)(b) and Art. 88 (1) GDPR in conjunction with Section 26 (1)(1) BDSG.
We store your personal data upon receipt of your application. If we accept your application and an employment relationship is established, we retain your application data for as long as it is necessary for the employment relationship and to the extent that legal regulations require us to retain it. If your application is rejected, we will store your application data for a maximum of three months after the rejection of your application, unless you give us your consent to store it for a longer period. If you have separately provided us with your consent in accordance with Art. 6 (1)(a) GDPR, we will store your data submitted as part of the application in our talent pool for a further twelve months after the end of the application process in order to identify any further positions that may be of interest to you and, if necessary, to approach you again. After this period, the data will be deleted. You can revoke this consent at any time with effect for the future.
Sometimes we proactively search online for candidates for our open positions and may then receive your personal data from sources such as LinkedIn or other professional networks where you have published your profile. We may then store some of your data (such as name, link to your profile, please adjust accordingly) in our database and contact you to inform you about our open positions. If there are currently no vacancies, we will ask for your consent to store the data in the Talent Pool.
The legal basis is Art. 6 (1)(f) of the GDPR if the data processing is based on our legitimate interest and Art. 6 (1)(a) if the data processing is based on your consent.
-
Information We Share
We do not share personal information with companies, outside organizations and individuals unless one of the following circumstances apply:
With your consent
We will share personal information with companies, outside organizations or individuals if we have your consent to do so. We will also seek your additional consent in case purposes of processing change and we will notify you about it.
For external processing
We provide personal information to our affiliates, service providers or other trusted businesses or persons to process it for us, based on our instructions and in compliance with our Privacy Notice and any other appropriate confidentiality and security measures. These companies are authorised to use your personal information only as necessary to provide these services to us. If personal data is transferred to or processed in countries outside the European Union or European Economic Area, we make sure that our contractors guarantee an adequate level of data protection.
For legal reasons
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet
national security or law enforcement requirements. We will share personal information with companies, outside organisations or individuals if we have a good-faith belief that access, use,
preservation or disclosure of the information is reasonably necessary to meet any applicable law, regulation, legal process or enforceable governmental request, detect, prevent, or otherwise address fraud, security or technical issues or protect against harm to the rights, property or safety of our users or the public as required or permitted by law.
In case of a sale or asset transfer
If we become involved in a merger, acquisition or other transaction involving the sale of some or all of our assets, user information, including personal information collected from you through your use of our services, could be included in the transferred assets. Should such an event occur, we will use reasonable means to notify you and ask for your consent where applicable.
In anonymous form for business purposes
We may share anonymous, non-personally identifiable information publicly and with our partners such as businesses which we have a relationship with, advertisers or connected sites. For example, we may share information to show trends about the general use of our services.
-
Information Security
We work hard to protect our users from unauthorized access to or unauthorized alteration, disclosure or destruction of information we hold however no website is entirely secure. You should protect the account information in your possession as well. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received. If you have any
questions about the security of your personal information, you can contact us at annie@denimsta.com
-
-
Your Tracking Consent Management
-
When visiting our Website, we will ask you for your consent to use certain cookies and similar tracking technologies. You can at any time revoke your consent for either all cookies and similar tracking technologies or for individual ones by clicking the button below. If you have any questions or concerns on this process, please send an email to annie@denimsta.com
Cookies and similar tracking technologies (“Tools”)
A cookie is a small text file that is stored on your device by the browser. Cookies are not used to run programs or download viruses onto your computer. Similar tracking technologies are in particular web storage (local / session storage), fingerprints, tags or pixels. Most browsers are set by default to accept cookies and similar technologies. However, you can usually adjust your browser settings so that cookies or comparable technologies are rejected or only stored with your prior consent. If you reject cookies or comparable technologies, it is possible that not all of our offers will function properly for you.
Some cookies are automatically deleted when you end your browser session ("session cookies"). Some cookies will remain stored on your device (“persistent cookies”), for example, to recognize you as a returning user, to gather information about the use of our services and our audience or to display information or advertising tailored to your interests on our Website or on other websites. These cookies will be deleted automatically after a certain period of time.
-
-
Tools we use on our Website
-
Detailed information about the cookies and other similar tracking technologies used on our Website.
In addition, users can control the use of cookies and other similar technologies at the individual browser level by changing your browser settings (mostly found under “Options” or “Settings” in the browser menu). You have the choice of accepting all cookies, being informed about each cookie or refusing all. To manage Flash cookies, please click here. If you choose not to accept cookies and similar technologies on our Website, it is possible that the functionality of our Website may be limited and some services may not be usable.
We use the following types of Tools:
Essential Tools
These Tools are absolutely necessary for the functionality of our Website and the provision of our services. Legal basis for their use is Article 6(1)(b) GDPR, if Tools are used to enable the ordering process, or Article 6(1)(f) GDPR, for example, if Tools are used for fraud prevention. Access to and storage of information in the device is in these cases strictly necessary and takes place on the basis of the implementation laws of the EU member states of the Art. 5 (3) of the ePrivacy Directive, as example in Germany according to § 25 (2) No.
2 TTDSG.
Functional Tools
We use these Tools with your prior consent to analyse and improve the use of our Website and services. Legal basis for such data processing is Article 6(1)(a) DSGVO. Access to and storage of information in the device is then done on the basis of the implementation laws of the EU member states of Art. 5 (3) of the ePrivacy Directive, as example in Germany the § 25 (1) TTDSG.
Marketing Tools
Marketing Tools are used by our advertising partners to serve advertisements based on your interests and usage behaviour. We will only use such Tools with your prior consent. Legal basis for such data processing is Article 6(1)(a) GDPR. Access to and storage of information in the device is then done on the basis of the
implementation laws of the EU member states of Art. 5 (3) of the ePrivacy Directive, as example in Germany the § 25 (1) TTDSG.
3rd Party Media Tools (Emded Content)
We embed content from our profiles in social media and other media content provided by third parties (for example, YouTube, Instagram). These third party providers may use Tools to enable content sharing and measure user preferences. Legal basis for such data processing is Article 6 (1)(a) GDPR. Access to and storage of information in the device is then done on the basis of the implementation laws of the EU member states of Art. 5(3) of the ePrivacy Directive, as for example in Germany the § 25 (1) TTDSG.
You can revoke your consent for Functional, Marketing, 3rd Party Media Tools and Embed at any time. To do so, open the settings directly via the link Edit Consent in the cookie banner of this website. There you can also change the selection of the tools you wish to consent to using, as well as obtain additional information about the cookies and the respective storage periods.
Alternatively, you can assert your revocation for certain tools directly with the provider.
-
User Account
When you create an account on our Website, we store your email address and a personal password.
If you have an account, you can order from our online store and save articles and products.
Legal basis for such data processing is Art.6 (1)(b) GDPR, if the data is collected in connection with an order (see Sec. VI. below for details), and otherwise our legitimate interest in offering the account functions according to Art.6 (1)(f) GDPR (for example, fraud prevention).
Unless we are required by law to retain your data for a longer period of time (as in the case of data for orders in our online store), your data will be deleted at the latest when you delete your account.
In the interest of data minimization, we delete your account if you have been inactive for more than 24 months, i.e. you have not logged in during this period.
-
Online Store
To place an order on our Website, you must create an account using your email address and a personal password.
When placing an order via our store, we collect personal data required to process your order (name, billing address, shipping address, phone number, payment method, email address). These data may be transferred to payment and shipping service providers.
Legal basis for such data processing is Article 6 (1)(b) GDPR. Due to legal regulations, we are obliged to store data for orders, including addresses and payment details, for 10 years.
Payments via PayPal.
If you choose to pay by credit card, the information required to process the order (such as credit card number, purchase price and quantity, time of purchase, shipping address, phone number and email address) will be transferred to Stripe (Stripe Payments Europe Ltd.).Stripe can forward this data to Stripe Inc. based in India. In this case, the data is transferred to a server in India. For this purpose, the Standard Contractual Clauses between Denimsta and Stripe, Inc. have been concluded.
For payments by credit card, a fraud check is also carried out. For this purpose, data such as credit card number, purchase price and quantity, time of purchase, shipping address, phone number and email address are forwarded to Stripe so that Stripe can verify the identity and carry out the fraud check. As part of the fraud check, an automated decision is made which may lead to the exclusion of the credit card payment method. Legal basis for such data processing is Article 6(1)(f) GDPR. For further information, please see Stripe’s Privacy Policy.
VI. Social media profiles
Our Website includes links to social networks. Apart from this, we maintain profiles in social media. Please note that Denimsta is not liable for the privacy policies of these companies. We recommend you to read the privacy policies of social media networks for further information.
Facebook and Instagram Social Media Profile (“Fanpages”)
When you visit our Facebook or Instagram Fanpage, Facebook collects personal data, even if you are not a member of Facebook. Please note that we have no control over the type and scope of such data processing. The users' data is usually processed by Facebook for market research and advertising purposes. In this way, behavior profiles can be created based on the interests of the users. For this purpose, cookies and other identifiers are stored on the users' computers.
Facebook provides us with aggregated, anonymous demographic data only that helps us to better understand our audience (so-called “Page Insights”).
The legal basis for data processing is Article 6 (1)(f) GDPR, based on our legitimate interest in providing effective information to users and communicating with users, or Art.6 (1)(b) GDPR, in order to stay in contact with and inform our customers and to carry out pre-contractual measures with future customers and interested parties.
Denimsta and Facebook share responsibility for processing your data for providing Page Insights. For this purpose, we and Facebook have defined an agreement about which company fulfils the data protection obligations under the GDPR with regard to Page Insights data processing.
For the information on the legal basis of the data processing carried out by Facebook under its own responsibility the purpose and scope of data collection and procession by Facebook, as well as your rights against Facebook including the right to object to data processing in this respect and settings options for protecting your privacy please visit:
We would like to point out that data protection requests can be made most efficiently with Facebook, as Facebook has access to the data and can take appropriate measures directly.
For more information about the data processing by Facebook please refer to Facebook Privacy Policy.
Login with Facebook
Our Website also allows you to register or sign-up to our services using your Facebook account. If you want to connect to denimsta.com through Facebook, as soon as you have logged in with your existing Facebook account, additional registration is no longer necessary. If you wish to use the Facebook sign-up option, you will first be redirected to the Facebook page. There you will be asked to log in
with your username and password. Of course, we do not take any notice of these login data. The following data can be transmitted to us through Facebook API: your name, profile picture, email address, gender, birthday, location, likes, friends and other information you make publicly available via Facebook; cookies used in particular: "_fbsr".
By confirming the corresponding registration button on our website, Facebook learns that you have registered on our site with your user account and links your user account with your customer account on our website.
Legal basis for such data processing is Article 6 (1)( a) GDPR (your consent). The transfer of data to the USA and other third countries is based on explicit consent in accordance with Art. 49(1)(a) GDPR.Unless statutory provisions provide otherwise, the data will be deleted if the purpose ceases to apply.
For further information regarding the purpose and scope of data collection, and regarding the further processing and use of your data by Facebook, see Facebook’s own privacy rules. There you will find, amongst other things, information regarding settings for the protection of your privacy and regarding your further rights regarding the collecting, processing and use of your data by Facebook.
Twitter social media profile
We maintain a social media profile in Twitter (by Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA (“Twitter”)) in order to communicate with our customers and interested parties and to inform them about our products and services. The users' data is usually processed by Twitter for market research and advertising purposes. In this way, behavior profiles can be created based on the interests of the users. For this purpose, cookies and other identifiers are stored on the users' computers.
As part of the operation of our Twitter social media page, it is possible that we may access information such as statistics on the use of our online presences provided by the social networks. These statistics are aggregated and may include, in particular, demographic information and data on interaction with our online presences and the posts and content distributed via them.
The legal basis for data processing by Twitter social media profile is Article 6(1)(f) GDPR, based on our legitimate interest in providing effective information to users and communicating with users, or Art. 6 (1)(b) GDPR, in order to stay in contact with and inform our customers and to carry out pre-contractual measures with future customers and interested parties.
For further information regarding the purpose and scope of data collection, and regarding the further processing and use of your data by Twitter, see the privacy rules of Twitter. There you will find, amongst other things, information regarding settings for the protection
of your privacy and regarding your further rights regarding the collecting, processing and use of your data by Twitter.
Snapchat social media profile
We also maintain a social media profile in Snapchat (Snapchat, Inc., Attn: copyright Agent, 63 Market Street, Venice, CA 90291, USA (“Snapchat”)) in order to communicate with our customers and interested parties and to inform them about our products and services by using our video channel. The users' data is usually processed by Snapchat for market research and advertising purposes. In this way, behavior profiles can be created based on the interests of the users. For this purpose, cookies and other identifiers are stored on the users' computers.
As part of the operation of our Snapchat social media page, it is possible that we may access information such as statistics on the use of our online presences provided by the social networks. These statistics are aggregated and may include, in particular, demographic information and data on interaction with our online presences and the posts and content distributed via them.
The legal basis for data processing by Snapchat social media profile is Article 6 (1)(f) GDPR, based on our legitimate interest in providing effective information to users and communicating with users, or Art.
6(1)(b) GDPR, in order to stay in contact with and inform our customers and to carry out pre-contractual measures with future customers and interested parties.
For further information regarding the purpose and scope of data collection, and regarding the further processing and use of your data by Snapchat, see Snapchat’s own privacy rules. There you will find, amongst other things, information regarding settings for the protection of your privacy and regarding your further rights regarding the collecting, processing and use of your data by Snapchat.
YouTube social media profile
Our Website has links to our YouTube social media profile. The sole responsibility for YouTube and its website lies with Google Ireland Limited, Gordon House, Barrow Street Dublin 4., Ireland (for EU, EEA and Switzerland) and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
We maintain a social media profile in YouTube in order to communicate with our customers and interested parties and to inform them about our products and services by using our video channel. The users' data is usually processed by Google for market research and advertising purposes. In this way, behavior profiles can be created based on the interests of the users. For this purpose, cookies and other identifiers are stored on the users' computers.
As part of the operation of our YouTube social media page, it is possible that we may access information such as statistics on the use of our online presences provided by the social networks. These statistics are aggregated and may include, in particular, demographic
information and data on interaction with our online presences and the posts and content distributed via them.
The legal basis for data processing by YouTube social media profile is Article 6(1)(f) GDPR, based on our legitimate interest in providing effective information to users and communicating with users, or Art.
6(1)(b) GDPR, in order to stay in contact with and inform our customers and to carry out pre-contractual measures with future customers and interested parties.
For further information regarding the purpose and scope of data collection, and regarding the further processing and use of your data by Google, see Google Privacy Policy. There you will find, amongst other things, information regarding settings for the protection of your privacy and regarding your further rights regarding the collecting, processing and use of your data by YouTube.
-
Newsletter
You have the opportunity to receive a newsletter containing targeted information via our web service or new products. In this case we must collect and save your email address, which we will only use to send the newsletter.
The following data are processed:
-
-
Date of the last purchase, number of purchases,
-
- Array of brands and product categories that have been purchased at Highsnobiety.
Iterable may store and process the above-mentioned data outside the European Economic Area (USA). Iterable, Inc. has joined the EU-US Data Privacy Framework, which is why the transfer in this case is based on the adequacy decision for the USA in accordance with Article 45 GDPR.
If you have expressly consented to receiving our newsletter, the legal basis for such processing of personal data is Article 6 (1)(a) GDPR.
We use standard market technologies in our newsletters, with which the interactions with the newsletters can be measured (e.g., opening of the newsletter, links clicked on). We use this data in pseudonymous form for general statistical analysis and to optimise and further develop our content and customer communication. This is done with the help of small graphics embedded in the newsletter. The data is only collected pseudonymously and is not linked to your other
personal data. The legal basis for this is your consent in accordance with Art. 6 (1)(a) GDPR. We want to share content that is as relevant as possible for our customers via our newsletter and better understand what readers are actually interested in. If you do not want the analysis of usage behaviour, you can unsubscribe from the newsletters or deactivate graphics in your email program by default.
You can unsubscribe from the newsletter at any time. At the end of the newsletter you will find a link intended for this purpose and provides a simple way to cancel the newsletter or, alternatively, you can reach out
to us via annie@denimsta.com. In this case your data will be deleted. Unless statutory provisions provide otherwise, the data will be deleted if the purpose ceases to apply, e.g. if you unsubscribe from the newsletter.
-
Affiliate Marketing
We use affiliate links on our Website. In order to evaluate the use and success of these affiliate offers, we store and analyse information about the use of these links. This includes the IP address and interactions with the affiliate links (like clicks). This information is combined by one of our partners with information from the connected shops. On the basis of this information, anonymous statistics about the success of affiliate offers are compiled (e.g. the number of users who clicked on an affiliate link and the type and number of products purchased in our partner’s shop).
The legal basis for data processing by us is Art. 6(1)(b) GDPR, insofar as affiliate partners provide special offers for our customers. If you have consented to the use of Marketing Tools via our consent banner, this also applies to those affiliate partners who use cookies to make the referral of new users traceable. If you wish to withdraw your consent to this, you can adjust your settings under “Edit Consent”. The legal basis for this data processing is Article 6 (1)(f) GDPR, insofar as we use the data to measure the success of the campaigns and to enable billing with the affiliate partners, based on our interest in
effective advertising of our offers. The data will be deleted as soon as the purpose of the processing has ceased to exist, at the latest after 24 months.
-
Log information
When you access our Website or view content provided by us, we may automatically collect and store certain information in server logs. This information may include:
-
Details of how you used our service, such as your navigation paths and search queries.
-
Mobile related information if you access our Website using your mobile device.
-
Internet protocol address.
-
Device event information such as crashes, system activity, hardware settings, browser type, browser language, the date and time of your request and referral URL.
-
Browser type, operating system, and other technical information.
Data processing of Website access data is necessary in order to enable the visit of the Website or App, to guarantee the permanent operability and security of our systems as well as for the general administrative maintenance of our Website or App. The access data is also temporarily stored in internal log files for the purposes described above, temporarily and limited to the most necessary content, for example in order to find the cause of repeated or criminal calls that
endanger the stability and security of our Website and to take action against them. The legal basis is Art. 6 (1)(b) GDPR, insofar as the page call is made in the course of initiating or executing a contract, and otherwise Art. 6 (1)(f) GDPR on the basis of our legitimate interest in enabling the Website call and the permanent functionality and security of our systems.
XI. Your right of access and data subject rights
To exercise following rights, please contact us as set forth in Section A “Summary” above.
You are entitled to the data subject rights stipulated in Art. 15 - 21, Art. 77 GDPR at any time:
-
Right to withdraw your consent;
-
Right to object to the processing of your personal data (Art. 21 GDPR);
-
Right to information about your personal data processed by us (Art. 15 GDPR);
-
Right to rectification of your personal data stored by us which is incorrect (Art. 16 GDPR);
-
Right to erasure of your personal data ("right to be forgotten") (Art. 17 GDPR);
-
Right to restrict the processing of your personal data (Art. 18 GDPR);
-
Right to data portability of your personal data (Art. 20 GDPR);
Right to not be subject to automated decision-making (Art. 22 GDPR);
-
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR).
To exercise your rights described here, you can contact us at any time using the contact details above (see Section A. Summary). This also applies if you would like to receive copies of guarantees to prove an adequate level of data protection under Art. 46 GDPR in case of third country data transfer. Provided that the respective legal requirements are met, we will comply with your data protection request.
Your enquiries regarding the exercise of data protection rights and our responses to them are stored for documentation purposes for a period of up to three years and, in individual cases, for the assertion, exercise or defense of legal claims even longer. The legal basis is Art. 6(1)(f) GDPR, based on our interest in defending against any civil claims under Art. 82 GDPR, avoiding fines under Art. 83 GDPR and fulfilling our accountability obligation under Art. 5(2) GDPR.
You have the right to revoke your consent at any time. This means that we will no longer process the data based on this consent in the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
Insofar as we process your data on the basis of legitimate interests, you have the right to object to the processing of your data at any time on grounds relating to your particular situation. If it concerns an objection to data processing for direct marketing purposes, you have a
general right of objection, which will also be implemented by us without giving reasons.
If you wish to make use of your right of revocation or objection, it is sufficient to send an informal message to the contact details above.
Finally, you have the right to complain to a data protection supervisory authority. You can exercise this right, for example, with a supervisory authority in the member state of your residence, your place of work or the place of the alleged infringement.
XII. Changes
We may update our Privacy Notice from time to time. Thus, we advise you to review this page periodically for any changes. We will notify you of any changes by posting the new Privacy Notice on this page. These changes are effective immediately after they are posted on this page.