It is very important for us to ensure the protection of your personal information when you use our services. That’s why your privacy connected to the use of our website is processed and stored with utmost care. The following section sets out to explain how we process and use the personal data you leave and/or provide when you visit our website and use our services.
1. THE COLLECTION OF PERSONAL DATA
Your personal data is collected when you:
- Use our website or app
- Make a purchase in the online store
- Create a client account
- Sign up for our newsletter
- Participate in a competition
- Actively engage with the website in another way
- Apply for a job
1.1 Website / Online Store / APP
You will transfer certain information (e.g. your IP address) to us when you access our website or applications. We will also receive data about which terminal device (computer, smartphone, tablet, etc.) you are using, which browser (Chrome, Firefox, Safari, etc.) you are using, the time at which you access the website.
When you access our website the aforementioned data will be automatically stored in log files. A log file automatically logs all or defined actions on a computer system. Such log files are important, for example, for process control and automation. In the case of databases a log file tracks changes to the database of correctly executed transactions. In the event of an error (e.g. a system crash), this allows the current dataset to be restored.
This ananymous data is processed for statistical purposes only. Such analyses help us make our services more attractive and, if necessary, to improve our services.
1.1.2 User profile
You can set up an account with our login system. After you have registered, you can use your user account to register for all services.
To create a user account through our login system we need your first and last name, your e-mail address and a password for your security.
1.2.2 Adding information to your user profile
After registering, you can add more information to your profile (e.g. a profile photo or gender). If you do so, you will provide us with personal data.
1.2.3 Enabling access rights to your device
For you to be able to use our application to the full extent, we will need certain access rights to your smartphone. For example, we need access to your camera or your photos if you upload a profile image or want to change a profile picture. We use push messages to send you reminders or to notify you of movements or new followers. When you want to use such a function for the first time, we will ask you whether you grant us such access rights or we will ask you to grant us access by selecting the appropriate settings. Generally, you may revoke such access rights at any time by changing the appropriate settings.
You can register for our newsletter. This way you will receive regular updates about our services as well as information on topics related to gift giving and environmental protection. All we need is a valid e-mail address. If you are no longer interested in receiving the newsletter, you may unsubscribe at any time using the link that is included in each newsletter.
1.4 Other possible instances of data collection
Collection of data also happens, when you contact us or other users, when you open your user account, sign up for a subscription, upload a profile photo, or use our services to send messages.
1.4 Job Applications
When you apply to a job, the personal data contained in your application will be collected and processed for the purposes of managing our recruitment related activities, which includes setting up and conducting interviews and evaluating and assessing the results. In the event of a rejection, your personal data will be deleted after 12 months.
1.5 Data transfer
When submitting your data on our website, it will always be stated whether the submission is voluntary or necessary for completing the desired action, such as completing a transaction at our online store.
We collect, process and use three types of data:
- Data you provide to us voluntarily (e.g. with an order)
- Data we receive when you use our services (e.g. the calculated CO2 savings when using our APP), and
- Data we receive from third parties (e.g. through a login with Facebook)
2. THE USE OF PERSONAL DATA
We keep statistics about our users’ use of our website and which products our users prefer in order to continually improve the website. This data does not contain personal data. We do not sell or disclose information about how our users navigate and use our website, neither information about your purchase history to third parties.
The term “personal data” is defined by the Federal Data Protection Act (BDSG) and the European General Data Protection Regulation (GDPR). You can think of your personal data as any data that allow you to be identified or that can be correlated to you.
On the other hand, “non-personal” data cannot be correlated to any specific person. By removing identifiable parts from and anonymizing personal data, personal data may be converted into “non-personal data.”
The personal data we collect is used to:
- administer, operate, maintain, and improve the website and our applications
- customize your experience in relation to our website or our applications (e.g. by tailoring content and offers to your personal preferences)
- support the improvement and customization of our services
- allow and process orders for services placed by you through the website or applications
- assess your right to receive certain types of offers or services
- analyze and research customer behavior
- collect customer reviews
- enable registrations for our newsletter
- provide you with information about services that may be of interest to you
- communicate with you about certain concerns
- manage awards, surveys, winning games, lotteries, or other promotional activities or events
- send invitations to events and discount codes
- respond to your questions and inquiries
- comply with our legal obligations to prevent any unlawful use of the website or applications, to protect the security of our service, to detect and prevent fraud or abuse, to settle disputes, and to enforce our contracts
- for any other purposes to which you have consented in a particular case, or otherwise as permitted by applicable law
Please note that we will only use your personal data to send marketing material if you have given your consent.
3. TRANSFERRING DATA TO OTHER CONTROLLERS
In general, we do not transfer your personal data to third parties without your consent. However, information used for delivery of goods will be transferred to the shipping company we use.
Under specific circumstances and with reference to legislation, it might be necessary to transfer information to public authorities or the police. For example, information may be disclosed to the police in case of suspicion of credit card fraud.
In the case of a re-organization, full or partial sale of the company, any disclosure in such connection will be in accordance with current legislation for the processing of personal data.
4. DISCLOSING DATA TO DATA PROCESSORS
Your personal data is disclosed to our partners who deliver services on behalf of us, for example in relation to sending out newsletters. These partners only process the personal data on behalf of us and in accordance with our high security standards.
5. DATA PROCESSING – third-party services and partners
To be able to offer you all functions and services of our applications in the most convenient way possible and to be able to continuously improve our services, we use third-party services and partners. Please also read the data privacy policies of such third-party providers.
Your personal data will be transferred to third parties only if the data transfer is necessary for performance of the contract, if you have consented to the transfer of your data or if we have a legal obligation to do so. In such cases, the extent to which data are transferred will however be kept to the absolute minimum.
Below is the description of the third-party services we use and for what purposes:
We use a number of different Google services (Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043, U.S.A. – hereinafter “Google”) for analysis and marketing purposes. These tools collect and statistically analyze data about your use of our services in different ways. We also use your data to show you personalized ads with the help of Google services.
Information generated by Google tools is generally transferred to a server of Google in the United States and stored there. Google and its subsidiaries are EU-US Privacy-Shield certified.
Additional information about how Google handles data transmitted by us is available here.
By using our website or services, you consent that we may use your data for these purposes.
5.1.1 Google Analytics
You can prevent the collection and processing of information generated by the Google cookie by placing an opt-out cookie or deactivating Google Analytics in the menu of your terminal device. In the alternative, you can also install a browser plug-in, which you will find here.
5.1 Social Plug-ins
We use the following social plug-ins for our website:
- Facebook (Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, U.S.A.)
- Pinterest (Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, U.S.A.)
These plug-ins routinely collect data from you and transfer such data to servers of the provider. Once activated, social plug-ins will place a cookie with a clear ID when the relevant website is accessed. This also allows providers to create profiles of your user behavior. Such a cookie is placed whether or not you are a member of the social network. If you are a member of a social network and are logged in when you visit our website or when you use our applications, data and information about your visit to our website or your use of an application may be linked to your profile on the social network.
5.1.1 Facebook Connect
We use Facebook Connect, so that you can register and log in with us using your Facebook account super easy and fast.
If you use Facebook Connect, Facebook profile data and public data from your Facebook profile will be transferred to us. Conversely, data may be transferred from us to your Facebook profile. Such data is used by us to register you on our website or for our applications or to allow you to log in. For this purpose we also store and process such data.
By registering on our website or for an application with the help of Facebook Connect you consent that your profile data from your Facebook profile may be transferred to us and, conversely, that we may transfer data to Facebook.
On our website we use the “Pin it” button plug-in of Pinterest (Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, U.S.A.). When you visit our website this plug-in establishes a direct connection between your browser and the Pinterest server. This tells Pinterest that you have visited our website with your IP address. If you are logged into Pinterest during your visit, you can share content on Pinterest by clicking on the “Pin it” button. This way, Pinterest can also correlate your visit to our website to your Pinterest user account.
You can change the settings for the storage of your data here You can do so whether or not you are a Pinterest user.
As we use the services of the Canadian platform Shopify when you shop at our website, your personal data is transferred to Canada. As a Canadian organization, Shopify handles your personal data according to the Personal Information Protection and Electronic Documents Act (PIPEDA), which means they handle your personal data according to the highest security standards.
We use the services of MailChimp, located in the USA. As an American organization, MailChimp handles your personal data according to the EU-U.S Privacy Shield Framework, which means they also handle your data according to the highest international standards. The Commission has decided that the level of protection is sufficient in both countries.
You can read more about secure third countries here.
7. LINKS TO OTHER WEBSITES
Our website may contain links to other websites or to integrated sites. We are not responsible for the content of the websites of other companies or for the practices of such companies regarding the collection of personal data. When you visit other websites, you should read the owners’ policies on the protection of personal data and other relevant policies.
8. YOUR SECURITY
We strive to protect your information the best way possible, which is why we have implemented security measures to ensure that our internal procedures meet our high security policy standards – for instance by using Secure Socket Layers (SSL), TLS encryption, HTTPS and PSD2. Accordingly, we strive to protect the quality and integrity of your personal data.
Please make sure not to provide your login details to third parties.
9. DELETING YOUR PERSONAL DATA
We will delete your personal data when we no longer need to process them in relation to one or more of the purposes set out in section 2. However, the data may be processed and stored for a longer period in anonymized form.
10. YOUR RIGHTS
You are entitled to be informed of the personal data we process about you at any time. You also have the right to object to the collection and further processing of your personal data including profiling/automated decision-making. Furthermore, you have the right to have your personal data rectified, erased or blocked. Moreover, you have the right to receive information about you that you have provided to us, and the right to have this information transmitted to another data controller (data portability).
Overview of the rights according to the GDPR
According to the guidelines of the GDPR, you have the right to:
- request information on personal data processed by us about you as provided (§ 15 DSGVO)
- immediately demand the correction of incorrect data or completion of incomplete personal data stored with us (§ 16 DSGVO)
- request deletion of your personal data stored by us, unless the processing of the data is required for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims (§ 17 DSGVO)
- request the restriction of the processing of your personal data as far as the accuracy of the data is disputed by you or the processing is unlawful (§ 18 DSGVO)
- receive your personal data provided to us in a structured, standard and machine-readable format or to request transmission to another controller (§ 20 DSGVO)
- revoke at any time your consent previously granted to us. As a result, we will be no longer able to continue the data processing based on this consent for the future(§ 7 (3) DSGVO)
- lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or work or our company headquarters for this purpose (§ 77 DSGVO)
- also, if your personal data is processed based on legitimate interests in accordance with Art. 6 (1) (f) GDPR, you have the right to file an objection against the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons based on your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right of objection, which shall be implemented by us without you specifying any particular situation.
11. THE AMENDMENT OR DELETION OF DATA
If you want us to update, amend or delete the personal data that we have recorded about you, wish to get access to the data being processed about you, or if you have any questions concerning the above guidelines, please contact us at email@example.com.
12. WITHDRAWAL OF CONSENT
You may, at any time, withdraw any consent you have given and we will delete your personal data, unless we can continue the processing based on another purpose. If you wish to withdraw your consent, please contact us at firstname.lastname@example.org.
Status of the data protection declaration: January 2023