Types of data processed
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
"Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
"Restriction of processing" means the marking of stored personal data with the aim of limiting their future processing.
"Pseudonymization" means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures which ensure that the personal data cannot be attributed to an identified or identifiable natural person.
"File system" means any structured collection of personal data accessible according to specified criteria, whether such collection is maintained centrally, decentrally, or by functional or geographic facPoints.
"Controller" means a natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union law or Member State law, the controller or the specific criteria for its designation may be provided for by Union law or Member State law.
"Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
"Recipient" means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients; the processing of such data by the aforementioned authorities shall be carried out in accordance with the applicable data protection rules, in accordance with the purposes of the processing.
"Third party" means any natural or legal person, public authority, agency or other body, other than the data subject, the controller, the processor and the persons who, under the direct responsibility of the controller or the processor, are authorized to process the personal data.
A "consent" of the data subject is any freely given specific, informed and unambiguous indication of his or her wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.
Purpose of processing
The data is processed for the purpose of providing the online offers, the functions as well as the contents, the answering of contact inquiries and communication with users/customers, security measures and marketing as well as for the evaluation of the use/reach measurement.
In accordance with Article 13 DSGVO, we inform you about the legal bases of our data processing. Basically, the following applies: The legal basis for obtaining consent is Article 6(1)(a) and Article 7 DSGVO, the legal basis for processing for the performance of our services and implementation of contractual measures and responding to requests is Article 6(1)(b) DSGVO, the legal basis for processing for compliance with our legal obligations is Article 6(1)(c) DSGVO, and the legal basis for processing for the protection of our legitimate interests is Article 6(1)(f) DSGVO. In the event that vital interests of the data subject or another natural person require processing of personal data, the legal basis is Article 6(1) d DSGVO.
Collaboration with processors and third parties
If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transmit it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (e.g. if a transmission of the data to third parties, such as payment service providers, is required for the performance of the contract pursuant to Article 6 paragraph 1 b DSGVO), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
If we commission third parties with the processing of data on the basis of a so-called "order processing agreement", this is done on the basis of Article 28 DSGVO.
Transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or do so in the context of using third-party services or disclosing or transferring data to third parties, this will only be done if it is done to fulfill our (pre)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or allow the processing of data in a third country only if the specific conditions of Article 44 et seq. DSGVO (the processing is then carried out, for example, on the basis of special guarantees, such as the officially recognized determination of a level of data protection corresponding to that of the EU (e.g. for the USA through the "Privacy Shield") or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses"))
Our online services are generally directed at adults. Persons under 18 years of age should not transmit any personal data to us without the consent of their parents or legal guardians.
Rights of data subjects
In accordance with Articles 15-18,20 DSGVO, you have the right to access, complete, correct, delete or restrict and transmit the data concerning you.
Right of withdrawal
You have the right to revoke consents in accordance with Article 7(3) DSGVO with effect for the future.
Right of objection
You may object to future processing of data concerning you in accordance with Article 21 of the GDPR.
Cookies and right to object to direct marketing
"Cookies" are small files that are stored on users' computers. Within the cookies, different information can be stored. A cookie is primarily used to store the details of a user (or the device on which the cookie is stored) during or even after his visit within an online offer. Temporary cookies, or "session cookies" or "transient cookies", are cookies that are deleted after a user leaves an online offer and closes his browser. In such a cookie, for example, the contents of a shopping cart in an online store or a login jam can be stored. Cookies that remain stored even after the browser is closed are referred to as "permanent" or "persistent". For example, the login status can be stored if users visit them after several days. Likewise, the interests of users can be stored in such a cookie, which is used for range measurement or marketing purposes. Third-party cookies are cookies that are offered by providers other than the responsible party that operates the online offer (otherwise, if they are only its cookies, they are referred to as "first-party cookies").
If users do not want cookies to be stored on their computer, they are asked to disable the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies may lead to functional restrictions of this online offer.
Deletion from data
For the provision of contractual services and services as well as for customer care, marketing, advertising and market research, we process contractual data (this includes, for example, the subject matter of the contract, term, customer category) and payment data (this includes, for example, bank details, payment history) of our customers, prospects and business partners.
The hosting services used by us (for the operation of the online offers) serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services.
Our hosting provider can provide the following services.
For this purpose, our hosting provider may collect inventory data, contact data, content data, contract data, usage data, meta data and communication data from customers, interested parties and visitors to the online offers in accordance with the necessary provision of the online offers pursuant to Article 6 paragraph 1 f DSGVO in conjunction with. Article 28 DSGVO.
Collection of access data and log files
We, or our hosting provider, collects on the basis of our legitimate interests within the meaning of Article 6 paragraph 1 f. DSGVO data about each access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Log file information is stored for security reasons (e.g. for the clarification of abuse or fraud) for a maximum of 7 days and then deleted. Data whose further storage is necessary for evidentiary purposes are excluded from deletion until the final clarification of the respective incident.
Log file information is stored for security reasons (e.g. clarification of abuse or fraud).
Service / order processing in the online store, service center and customer account
We process the data of our customers in the context of the order processes in our online store to enable them to select and order the selected products and services, as well as their payment and delivery, or execution, and in our service centers to provide you with various online services (for example, Short Game Guru).
The processed data includes inventory data, communication data, contract data, payment data and the persons affected by the processing include our customers, prospective customers and other business partners. The processing is carried out for the purpose of providing contractual services in the context of the operation of an online store, billing, delivery and customer services. Here, we use session cookies for storing the shopping cart content and permanent cookies for storing the login status.
The processing is carried out on the basis of Article 6 paragraph 1 b and c DSGVO. In this context, the information marked as required is necessary for the justification and fulfillment of the contract. We disclose the data to third parties only in the context of delivery, payment or in the context of legal permissions and obligations to legal advisors and authorities. The data is processed in third countries only if this is necessary for the fulfillment of the contract (e.g. at the request of the customer for delivery or payment).
Users can optionally create a user account, in particular by viewing their orders. As part of the registration process, the required mandatory information will be provided to users. User accounts are not public and cannot be indexed by search engines. If users have cancelled their user account, their data with regard to the user account will be deleted, subject to their retention is necessary for commercial or tax reasons in accordance with Article 6 paragraph 1 c DSGVO. Information in the customer account will remain until its deletion with subsequent archiving in the event of a legal obligation. It is incumbent on users to back up their data in the event of termination before the end of the contract.
In the context of registration and renewed registrations as well as use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the users in protection against abuse and other unauthorized use. In principle, this data is not passed on to third parties, unless it is necessary for the pursuit of our claims or there is a legal obligation to do so in accordance with Article 6 paragraph 1 c DSGVO.
Deletion takes place after the expiry of statutory warranty and comparable obligations, the necessity of retaining the data is reviewed every three years; in the case of statutory archiving obligations, deletion takes place after their expiry (end of commercial law (6 years) and tax law (10 years) retention obligation).
External payment service providers
We offer several payment methods when using our online stores and online service centers and use different payment service providers. Depending on which payment method you choose, different data will be transmitted to the respective payment service provider. The legal basis for the transmission of data is Article 6(1)(a) DSGVO (consent) and Article 6(1)(b) DSGVO (processing for the performance of a contract). The payment providers most frequently used by us include PayPal (https://www.PayPal.com/en/webapps/mpp/ua/privacy-full) and WIRECARD (https://www.wirecard.de/datenschutz/).
We process our customers' data as part of our contractual services which include conceptual and strategic consulting, campaign planning, software and design development/consulting or maintenance, implementation of campaigns and processes/handling, server administration, data analysis/consulting services and training services.
In this context, we process inventory data (e.g., customer master data, such as names or addresses), contact data (e.g., e-mail, telephone numbers), content data (e.g., text entries, photographs, videos), contract data (e.g., subject matter of the contract, term), payment data (e.g., bank details, payment history), usage and metadata (e.g., as part of the evaluation and performance measurement from marketing measures). As a rule, we do not process special categories of personal data, unless these are components of a commissioned processing. Data subjects include our customers, prospective customers as well as their customers, users, website visitors or employees as well as third parties. The purpose of the processing is the provision of contractual services, billing and our customer service. The legal bases of the processing arise from Article 6 paragraph 1 b DSGVO (contractual services), Article 6 paragraph 1 f DSGVO (analysis, statistics, optimization, security measures). We process data that are necessary for the justification and fulfillment of the contractual services and point out the necessity of their indication. Disclosure to external parties only takes place if it is necessary in the context of an order. When processing the data provided to us as part of an order, we act in accordance with the instructions of the client as well as the legal requirements of a contract processing pursuant to Article 28 DSGVO and do not process the data for any other purposes than those specified in the order.
We delete the data after the expiry of legal warranty and comparable obligations. the necessity of keeping the data is reviewed every three years; in the case of legal archiving obligations, the deletion takes place after their expiry (6 J, according to § 257 paragraph 1 HGB, 10 J, according to § 147 paragraph 1 AO). In the case of data disclosed to us by the client as part of an order, we delete the data in accordance with the specifications of the order, in principle after the end of the order.
Users can optionally create a user account. As part of the registration process, users will be provided with the required mandatory information. The data entered during registration will be used for the purposes of using the offer. Users may be informed by e-mail about information relevant to the offer or registration, such as changes to the scope of the offer or technical circumstances. If users have terminated their user account, their data with regard to the user account will be deleted, subject to their retention is necessary for commercial or tax reasons in accordance with Article 6 paragraph 1 c DSGVO. It is the responsibility of the users to save their data in the event of termination before the end of the contract. We are entitled to irretrievably delete all user data stored during the term of the contract.
In the context of the use of our registration and login functions as well as the use of the user account, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the users in protection against abuse and other unauthorized use. In principle, this data is not passed on to third parties, unless it is necessary for the pursuit of our claims or there is a legal obligation to do so in accordance with Article 6 paragraph 1 c DSGVO. The IP addresses are anonymized or deleted after 7 days at the latest.
When contacting us (e.g. by contact form, e-mail, telephone or via social media), the user's details are processed for the purpose of handling the contact request and its processing in accordance with Article 6 (1) b) DSGVO. The user's details may be stored in a customer relationship management system ("CRM system") or comparable organizational system.
We delete the requests if they are no longer necessary. We review the necessity every two years; Furthermore, the statutory archiving obligations apply.
With the following information we inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedure and your rights of objection. By subscribing to our newsletter, you agree to receive it and to the described procedures. Content of the newsletter: We send newsletters, e-mails and other electronic notifications with promotional information (hereinafter "newsletter") only with the consent of the recipients or a legal permission. Insofar as the contents of the Newsletter are specifically described in the context of a registration, they are decisive for the consent of the users. Otherwise, our newsletters contain information about our services and us.
Double opt-in and logging: The registration for our newsletter takes place in a so-called double opt-in process. That is, after registration you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other e-mail addresses. The registrations for the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation time, as well as the IP address. Likewise, the changes to your data stored with the shipping service provider are logged.
Subscription data: To sign up for the newsletter, it is sufficient to provide your email address. Optionally, we ask you to provide a name and possibly other information, for the purpose of personal address in the newsletter.
Germany: The dispatch of the newsletter and the performance measurement associated with it is based on the consent of the recipients in accordance with Article 6 paragraph 1 a, Article 7 DSGVO in conjunction with § 7 paragraph 2 No. 3 UWG or on the basis of legal permission in accordance with § 7 paragraph 3 UWG.
The logging of the registration process takes place on the basis of our legitimate interests pursuant to Article 6 paragraph 1 f DSGVO. Our interest is directed towards the use of a user-friendly as well as secure newsletter system that serves our business interests as well as meets the expectations of the users and further allows us to prove consent.
The logging of the registration process is based on our legitimate interests pursuant to Article 6 (1) f DSVO.
Cancellation/Revocation - You can cancel the receipt of our newsletter at any time, i.e. revoke your consents. You will find a link to cancel the newsletter at the end of each newsletter. We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to be able to prove consent formerly given. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed at the same time.
Google is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with other services related to the use of this online offer and Internet use. In doing so, pseudonymous usage profiles of the users can be created from the processed data.
We only use Google Analytics with IP anonymization activated. This means that the IP address of the user is shortened by Google within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a server from Google in the USA and shortened there.
The IP address transmitted from the user's browser is not merged with other data from Google. Users can prevent the storage of cookies by selecting the appropriate settings on their browser software; users can also prevent the collection of data generated by the cookie and related to their use of the online offer to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
The personal data of the users will be deleted or anonymized after 14 months.
On our online offers we use the offer from Google Maps. This allows us to show you interactive maps directly on the website and enables you to use the map function comfortably.
By visiting the website, Google receives the information that you have called up the corresponding sub-page of our website. In addition, the data collected during the visit to our website is transmitted. This occurs regardless of whether Google provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) for the provision of needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.
Facebook Pixel, Custom Audiences and Facebook Conversion
Within our online offer, based on our legitimate interests in analysis, optimization and economic operation of our online offer and for these purposes, the so-called "Facebook Pixel" of the social network Facebook, which is operated by Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are a resident of the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").
Facebook is certified under the Privacy Shield agreement, thereby providing a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
With the help of the Facebook pixel, it is possible for Facebook to determine the visitors of our online offer as a target group for the display of ads (so-called "Facebook ads"). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (so-called "Custom Audiences"). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of users and do not have a harassing effect. With the help of the Facebook pixel, we can further track the effectiveness of the Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").
The processing of data by Facebook takes place within the framework of Facebook's data use policy. Accordingly, general notes on the presentation from Facebook ads, in the data use policy from Facebook: https://www.facebook.com/policy.php. For specific information and details about the Facebook Pixel and how it works, please see the Help section from Facebook: https://www.facebook.com/business/help/651294705016616.
You can opt-out of the Facebook Pixel's collection and use of your data to display Facebook Ads. To adjust which types of ads are displayed to you within Facebook, you can go to the page set up by Facebook and follow the instructions there regarding the settings for usage-based advertising: https://www.facebook.com/settings?tab=ads. The settings are done in a platform-independent manner, which means that they are applied to all devices, such as desktop computers or mobile devices.
Online presences in social media
We maintain online presences in social networks and platforms. When calling up the respective networks and platforms, the terms and conditions and data processing policies of their respective operators apply.