Table of contents
We know legal texts can be complicated, so we’ve put together a summary of our Platform Privacy Policy for you.
Please note that the summary is just a small part of our Policy. It doesn’t replace the Policy in any way and is not legally binding.
Jimdo GmbH, Stresemannstr. 375, 22761 Hamburg, Germany ("Jimdo" or "We") offers various services such as the Jimdo logo creator, website builder, online store, etc. as an online service ("Online Service"). If you become a Jimdo customer and use our Online Services, we will process personal data about you as a Jimdo user ("you" or "Jimdo user" or "customer") for these purposes. This Privacy Policy explains how we process your personal data when you use our online services.
1. Contact information
1.1 Contact information for Jimdo GmbH
Should you have any questions regarding this Privacy Policy or wish to assert your legal rights, you are welcome to contact our data protection experts in our Customer Service department at the following email address or by post to the following address:
Jimdo GmbH
Stresemannstraße 375
22761 Hamburg
Privacy(at)jimdo.com
1.2 Contact details of the Jimdo data protection officer
Jimdo has appointed a Data Protection Officer who can be reached at the following address:
B³ | Informationstechnologie
Papenbergallee 34 25548 Kellinghusen
Datenschutz(at)jimdo.com
2. Processing activities
In this Privacy Policy we provide you with information about the processing of personal data by Jimdo, the purposes and legal basis for processing the data, as well as the categories of data and the categories of recipients. You can find the definitions of the individual terms used in this text in Section 6 of this Privacy Policy.
2.1 Visiting the Jimdo Website
Information about the processing of your personal data in connection with your visit to the Jimdo Website can be found in the Jimdo.com Privacy Policy.
2.2 Use of our online services
Jimdo uses the personal data of Jimdo Users first and foremost to fulfill and implement the contract with Jimdo Users, and to provide our Online Services (Art. 6 (1) (b) GDPR). This involves the following processing activities:
2.2.1 Registration, logging in, and order process
To be able to use our Online Services, you first need to create a user account (“Jimdo User account”) on our website. The processing of data for this purpose serves to set up and provide the user account and to process orders as part of using our Online Services.
When you are logged into your user account during the order process, the information required for the order will be pre-filled with the information stored in the user account to make the order process as straightforward and convenient as possible for you. While you are logged in to your user account, the session data will be stored on your device in the form of cookies. The cookies and the information stored in them may be read whilst you use the website and our services in order to maintain the session.
We process online store HTTP data, registration data, log-in data, and order data for these purposes. Processing is carried out to prepare and implement our contractual obligations (Art. 6 (1) (b) GDPR). We transfer personal data to the following categories of recipients as part of this processing: Hosting providers. We transfer personal data to processors in the USA for these purposes. You can find information about the transfer of personal data to third countries in Section 3. Information about the length of time for which the various categories of personal data are stored can be found in Section 4.
2.2.2 Combating fraud
When you visit our website, we collect and store personal data for analysis in order to prevent and detect attempts at fraud and similar unlawful activities against us and our users. Before we enter into a contract with you we examine whether there are indications of a potential fraud present. To do this we also use automated procedures (although not profiling in the sense of Art. 22 GDPR) in order to ensure the security and reliability of the Jimdo Online Services.
We process HTTP data, and if applicable, contact data, payment data, and log-in data to do so. The legal basis for processing is our legitimate interest (Art. 6 (1) (f) GDPR). Our legitimate interest is the prevention of fraud and economic losses. We have introduced control mechanisms in order to balance our interests with your rights as a Jimdo User. We transfer your data to the following categories of recipient as part of this processing: Fraud prevention services. We transfer your personal data to processors in the USA for these purposes. You can find information about the transfer of personal data to third countries in Section 3. Information about the length of time for which the various categories of personal data are stored can be found in Section 4.
2.2.3 Signing in using social media
You can register with us using your user account for another (social media) provider (such as Facebook, Google or Apple). Following successful registration, the provider will ask you which data it should transfer to us (such as name, email address). The provider will only share information with us that you have selected. We will create your user account with this transmitted data. No permanent link will be formed between your Jimdo User account and your account with the respective provider. You can find information about the processing of your personal data on third party sites in their Privacy Policies (such as Facebook: Data Policy, Google: Privacy Policy, Apple: Privacy). To enable registration, information will also be stored on your device in the form of cookies. The cookies and the data stored in them may be read whilst you use our website and our Online Services in order to maintain the session.
We process third party account registration data for these purposes. Processing is carried out to prepare and implement our contractual obligations to you (Art. 6 (1) (b) GDPR). We transfer your data to the following categories of recipients as part of this processing: Hosting providers. We transfer your personal data to processors in the USA for these purposes. You can find information about the transfer of personal data to third countries in Section 3. Information about the length of time for which the various categories of personal data are stored can be found in Section 4.
2.2.4 Placing an order on the Jimdo.com online store
You can order various Online Services on our website. We process personal data for this purpose to take steps prior to entering into a contract and for the performance of contracts that have been concluded on our website. This includes, in particular, receiving your order, processing the payment using payment service providers, providing the Online Services you have ordered, and sending transactional emails to provide you with information about the status of your order.
We process online store HTTP data, order data, contact data, payment data, transaction email data, registration data, and log-in data for these purposes. Processing is carried out to prepare and implement our contractual obligations (Art. 6 (1) (b) GDPR).
We transfer your data to the following categories of recipient as part of this processing: Hosting providers, payment service providers, subscription management service providers, email distribution service providers (of contractually-relevant technical emails). We transfer your personal data to processors in the USA for these purposes. You can find information about the transfer of personal data to third countries in Section 3. Information about the length of time for which the various categories of personal data are stored can be found in Section 4.
2.2.5 Communicating with your website visitors and customers
Jimdo's Online Services provide you with several options for enabling your visitors and customers to contact you. For example, you can activate the contact form on your website, enable orders via your online store, set up a visitors’ book, etc.
Depending on the communications channel you have chosen, we may process the following data for these purposes: Online store HTTP data, order data, cart data, contact data, payment data, transaction email data, and registration data for your customers/visitors to your website. The legal basis for processing is fulfilling the contract concluded with you in accordance with Art. 6 (1) (b) GDPR. We transfer your data (depending on the instructions) to the following categories of recipient as part of this processing: Selected payment service providers, email distribution service providers (transactional emails), postal shipping providers for shipping goods etc. We transfer your personal data to processors in the USA for these purposes. You can find information about the transfer of personal data to third countries in Section 3. Information about the length of time for which the various categories of personal data are stored can be found in Section 4.
2.2.6 Providing content, error analysis, security of the IT infrastructure, log data
After creating your account, we offer AI-based onboarding via a chatbot. When you enter or select answers about your business in the chat window, this information is used by an AI-based system to provide you with a personalised product experience to get you started quickly with Jimdo. This includes creating and customising a website, suggesting appropriate tools and services to help you succeed, or suggesting domain name options that may be suitable. Your data will not be used for training or optimisation purposes of the AI tool. Jimdo limits the amount and type of personal data we collect, use, and store for AI purposes to what is necessary and relevant for the intended goals. In short, we only collect what we need to give you the best results. Please also refer to our user information on the use of AI when using the AI-based system. The data is stored internally by us and can be used to improve and optimise our services internally.
When page visitors visit your website, data is temporarily processed on our web server in order to provide the website content accessed. In addition, we temporarily store data in log files on our web server and analyse them in order to quickly identify errors that have led to a malfunction or crash and thereby improve the Jimdo online services, as well as to ensure the security of the IT infrastructure used to provide the online service, in particular to detect, eliminate and document malfunctions (e.g. DDoS attacks) in an evidence-proof manner. The data is stored and analysed in anonymised form. This means that we store the data in a form that does not allow identification of the person concerned. In addition, we process data on the settings of the page on which the error occurred.
For Jimdo users who are logged in to a website, the Jimdo server automatically records data in an activity log about how Jimdo was used. This information is used to analyse and maintain the technical operation of our servers and network, to improve the Jimdo online services, and to combat abuse.
For these purposes, we process usage data, event data, and HTTP data.
For AI onboarding, we process company-related information such as your company purpose, your company name, and what you want to achieve with Jimdo products.
The legal basis of the processing is the fulfilment of the contract concluded with you pursuant to Art. 6 (1) lit. b DSGVO as well as our legitimate interest in improving the stability and functionality of the online service pursuant to Art. 6 (1) lit. f DSGVO.
For AI onboarding, the legal basis is our legitimate interest pursuant to Art. 6 para. 1 lit. f DSGVO to offer you a quick and uncomplicated introduction to our products. If you do not agree with this, you can deactivate your customer account as well as submit a request for deletion of the data to the AI service provider we use (OpenAI LLC).
We have implemented control mechanisms to align our interests with the rights of the Jimdo user. As part of the processing, data is transferred to the following categories of recipients: Hosting providers; Error detection and resolution services; Performance monitoring and logging providers, Log data analysis tools; AI providers. Data is transferred to processors in the US for this purpose. For information on the transfer of personal data to third countries, see section 3. For information on the duration of storage of the different categories of personal data, see section 4.
2.2.7 Web Analytics Technologies
To deliver the Jimdo Online Services, Jimdo collects more precise information on users who are logged in to the Jimdo platform, such as how each user utilizes the Jimdo products and the time, frequency, duration, and sequence of these activities. The IP address is rendered anonymous prior to storage.
We process web analysis HTTP data, web analysis device data, and web analysis data. The legal basis for processing is fulfilling the contract concluded with you in accordance with Art. 6 (1) (b) GDPR, as well as our legitimate interest in the technical optimization and functionality of the Online Services in accordance with Art. 6 (1) (f) GDPR. We transfer your data to the following categories of recipient as part of this processing: Web analysis service providers and optimization service providers. We transfer your personal data to processors in the USA for these purposes. You can find information about the transfer of personal data to third countries in Section 3. Information about the length of time for which the various categories of personal data are stored can be found in Section 4.
2.2.8 Element integration
Through the optional integration of different elements Jimdo offers you the option of displaying various helpful tools on your website that you can use and interact with, such as social media profiles, photo libraries, map applications, etc. The use of these elements is at the sole discretion of the user and is subject to the respective Terms and Conditions and the Privacy Policy of the respective provider.
Depending on the elements/tools used or selected by the user, personal data (relating to you or your site visitors or customers) may be transmitted to service providers in the USA. You can find specific information about the tools, the associated data transmissions, and the duration of the storage of the personal data in question in the Data Protection Regulations and Privacy Policy of the respective service provider.
2.2.9 Integrating the Booking Feature (Booking Tool)
When you use our Booking Feature add-on to enable your customers to book appointments with you, your personal data are processed. The Booking Feature also processes your customers’ personal data in order to carry out pre-contractual measures and to execute contracts made through the Booking Tool. This includes sending transaction emails to inform you of incoming bookings or changes such as cancellations. For these purposes, we process HTTP data from the online shop, order data, contact data, transaction email data. Processing is carried out to prepare and implement contractual obligations (Art. 6 (1) (b) GDPR). We transfer your data to the following categories of recipient as part of this processing: Hosting providers, Booking Tool providers, email distribution service providers (of contractually relevant technical emails). We transfer your personal data to processors in the USA for these purposes. You can find information about the transfer of personal data to third countries in Section 3. Information about the length of time for which the various categories of personal data are stored can be found in Section 4.
2.2.10 Jimdo Contact List
The Jimdo Contact List tool provides the ability to add customer data to the contact list as well as use, manage and export customer data and to obtain newsletter consent from your website visitors on a voluntary basis.
For these purposes, we may process the following personal data from you or your customers and visitors: Contact data, transaction email data, newsletter opt-ins, IP address.
The legal basis of the processing is the fulfillment of the contract concluded with you pursuant to Art. 6 (1) lit. b GDPR. As part of the processing, we transmit your data to the following categories of recipients: providers for sending emails (transactional emails). For information on the duration of storage of the various categories of personal data, please refer to section 4.
2.2.11 Jimdo Lead Capture Funktion "Smart Forms"
Jimdo's Online Services offer Smart Forms for more advanced and effective contact management. When using these forms, we may process the following data, depending on how you set up the product: name, phone number, email address, message content, web pages visited, access times, IP addresses, browser type, and operating system. The legal basis for processing this data is fulfilling the contract concluded with you in accordance with Art. 6 (1) (b) GDPR.
We may transfer your data (as per the instructions) to the following categories of recipients: email distribution service providers (for transactional emails). Additionally, your personal data may be transferred to processors in the USA for these purposes. Information regarding the transfer of personal data to third countries can be found in Section 3, and details about the duration for which various categories of personal data are stored can be found in Section 4.
2.4 Customer support
You can contact us with questions by email, via a private message in the administrative area of your customer account, via the Jimdo Creator app, or on social media platforms (for example via Facebook Messenger), via our contact form or via our live chat. In addition, we offer the option of talking to a Jimdo employee over the phone to discuss your query, or you can request a co-browsing session together online with a Jimdo administrator. We store your query in a ticket system in order to process it and to improve and make our service more transparent. Personal information is only used to deal with your query and to authenticate your identity. This is necessary so we can ensure that we do not give out information to an unauthorized person. When a customer query is submitted via the Jimdo Creator app, we automatically collect client-user-agent-data, i.e. browser type, system language, app version, and the device from which you sent the query. This information helps our support team to understand the issue and provide comprehensive support.
In addition, you have the option of sharing your experiences with customer support with us after your issue has been successfully dealt with. Feedback takes place directly in the ticket dialog. We only use the feedback to improve our Jimdo customer support. If you no longer wish to receive support feedback requests you can send us an email at any time to specify your wishes (privacy(at)jimdo.com) and we will then register your opt-out request in our system. We also analyze the queries dealt with by our Customer Support team to improve our customer support. Furthermore, we evaluate individual user enquiries in pseudonymous form for the further development and improvement of our services.
In order to provide the contact form and the live chat function on our website, information from the contact form session/live chat session is stored in cookies on your device. The cookies and the information stored in them may be read whilst you use the contact form/the live chat function in order to maintain your session.
We process query data, communication device data, and communication data. The legal basis for processing the data is our legitimate interest in answering customer queries and improving our support services (Art. 6 (1) (f) GDPR), as well as fulfilling the contract concluded with you in accordance with Art. 6 (1) (b) GDPR. Should the contact be intended to conclude a contract or perform services as part of a contract then our legitimate interest is taking steps prior to entering into a contract or contractual measures (Art. 6 (1) (b) GDPR). We transfer your data to the following categories of recipients as part of this processing: Customer support service providers, providers of customer support analysis software. We transfer your personal data to processors in the USA for these purposes. You can find information about the transfer of personal data to third countries in Section 3. Information about the length of time for which the various categories of personal data are stored can be found in Section 4.
2.4.1 Co-browsing
In order to make it easier for you to navigate our website and the administrative areas of your Jimdo Websites (CMS) we offer the option of temporarily sharing your browser window with a Jimdo employee on a limited basis. When you initiate co-browsing you are stating that you agree to this. The Jimdo employee only has read permissions. They cannot see other browser content or parts of your monitor display. The employee also has no write or edit permissions. You can end the co-browsing session at any time. The unique session ID is processed. We do not collect or store any data from your browser screen. We save the data about the session once co-browsing has finished to avoid misuse.
To do this we process session data. The legal basis for processing the data is fulfilling the contract concluded with you in accordance with Art. 6 (1) (b) GDPR, or our legitimate interest in improving our support services and preventing misuse (Art. 6 (1) (f) GDPR). We transfer your data to the following categories of recipients as part of this processing: Co-browsing providers. We transfer your personal data to processors in the USA for these purposes. You can find information about the transfer of personal data to third countries in Section 3. Information about the length of time for which the various categories of personal data are stored can be found in Section 4.
2.4.2 Surveys about our services
You have the option to answer surveys about our services on our website (in particular about customer satisfaction). These surveys allow us to improve and optimize our products and services. We may also invite you to take part in such surveys by email (in the newsletter, for example).
To do this we process survey data, HTTP data, registration data, and log-in data. The legal basis for processing is our legitimate interest in improving our services (Art. 6 (1) (f) GDPR). If you no longer wish to receive support feedback requests you can unsubscribe from the newsletter at any time by clicking on the unsubscribe link contained in every newsletter. We also analyze the queries dealt with by our Customer Support team to improve our customer support. We transfer your data to the following categories of recipients as part of this processing: Opinion survey providers. We transfer your personal data to processors in the USA for these purposes. You can find information about the transfer of personal data to third countries in Section 3. Information about the length of time for which the various categories of personal data are stored can be found in Section 4.
2.4.3 Chatbot
You have the option to contact us with a Chatbot by clicking on the chat icon and then interacting with the Chatbot accordingly - depending on what you ask, you can either be provided with relevant information about help articles, create a support ticket or be redirected to a chat conversation with a Jimdo employee among others. The chat history is stored in your local storage and deleted after 14 days. The Chatbot can respond to your service requests with appropriate answers around the clock. No profiling in terms of Art. 22 GDPR will take place.
For this purpose, we process chat history data, HTTP data, communication device data and communication data as well as registration data and login data. The legal basis of the processing is our legitimate interest in providing you with a simple, effective and quick solution to your request or problem (Art. 6 (1) (f) DSGVO). If the contact is aimed at the conclusion or implementation of a contract, it is a pre-contractual or contractual measure (Art. 6 (1) (b) DSGVO). In addition, the storage of cookies on your end user device is technically strictly necessary for the use of the Chatbot (§ 25 (2) no. 2 TTDSG). As part of the processing, we transfer your data to the following categories of recipients: customer support service providers, Chatbot providers. Insofar as a support ticket is created in this context, we transfer your personal data to a data processor in the USA for this purpose. You can find information about the transfer of personal data to third countries in Section 3. Further information about the length of time for which the various categories of personal data are stored can be found in Section 4.
2.5 Marketing and personalized newsletter
We send our customers regular information on Jimdo’s products, services, promotions, surveys, prize draws, blog articles, and other similar content in the form of a newsletter sent by email. You can unsubscribe from the newsletter at any time using the unsubscribe link contained in every newsletter. We process certain data in connection with this when we send and analyze the success of our newsletter.
We may reconstruct individual functionalities (such as using behavioral data) of our newsletter to understand which content in our newsletter is particularly interesting to Jimdo Users. We will only use the results of these analyses for the purposes of improving our services and designing our services to better meet your requirements as well as for targeting purposes. The newsletter therefore contains a “web beacon”, which is a pixel-sized file that is retrieved from our server, or, if applicable, the server of an analysis service provider when the newsletter is opened. Technical information, such as browser and system information, as well as IP address and the time of the retrieval is collected as part of this process. This information is used to improve the technical performance of our services using the technical data, or the target groups and reading behavior based on the access location (which can be determined using the IP address), or the time of access. Statistical data that is also collected includes determining whether the newsletter has been opened, when it was opened, how long it was opened for, and which links were clicked on. From a technical perspective, it may be possible to assign this information to individual newsletter recipients. However, it is not our goal to analyze individual users. Rather, these analyses help us to adapt and aggregate our content as needed.
You may object to or withdraw your consent to the storage and usage of your data for sending the newsletter at any time with future effect without needing to give reasons, without being penalized in any way, and without paying any cost for this other than the transmission costs for sending the objection/withdrawal. This can be done by clicking the unsubscribe link in the newsletter, which can be found at the end of every newsletter. Alternatively, you can deselect the “Newsletter” box in your customer account.
Your consent to statistical analysis will also be withdrawn at the same time. It is not possible to only object to the statistical analysis in our newsletter, this can only take place when completely unsubscribing from the newsletter. The lawfulness of the data processing operations remains unaffected by the withdrawal of your consent. In the event that you withdraw your consent, the personal data used for this data processing will be anonymized or erased. Data that we store for other purposes (such as email addresses for the member area) is not affected by this.
To do this we process contact data, newsletter form HTTP data, newsletter subscription data, newsletter tracking pixel data, and newsletter profile data.
The legal basis for sending the newsletter in connection with a purchase of Jimdo’s goods or services is section 7 (3) German Competition Act (UWG). It is also possible to send the Jimdo newsletter on the basis of your consent (Art. 6 (1) (a) GDPR). We transfer your data to the following categories of recipients as part of this processing: Newsletter dispatch service providers, newsletter analysis service providers. We transfer your personal data to processors in the USA for these purposes. You can find information about the transfer of personal data to third countries in Section 3. Information about the length of time for which the various categories of personal data are stored can be found in Section 4.
2.6 Orders for payment
In the event of a late payment, if the other legal requirements are met, Jimdo will transfer the necessary data to the company commissioned to enforce the claim.
To do this we process: Order data, contact data, payment data, transaction email data, and registration data. The legal basis for this processing is Art. 6 (1) (b) and Art. 6 (1) (f) GDPR. Our legitimate interest is asserting a contractual claim. Negative payment experiences from the time the main claim was handed over, together with dunning charges or any bad debts, are also shared with cooperating credit agencies (debt collection registration) if the other legal requirements are met. The legal basis for this is Art. 6 (1) (f) GDPR. The legitimate interest arises from our interest and that of third parties in reducing contractual risks for existing and future contracts. We transfer your data to the following categories of recipient as part of this processing: Debt collection partners, and, if necessary, credit agencies and/or district or regional courts. Information about the length of time for which the various categories of personal data are stored can be found in Section 4.
2.7 Legal obligations and protecting vital interests
In addition to the purposes of processing stated above, Jimdo may also be obligated to process personal data for legal reasons (Art. 6 (1) (c) GDPR).
This applies especially in the following cases:
- When participating in investigations and proceedings carried out by state bodies (authorities and/or courts), in particular to clarify, investigate, and prosecute illegal acts.
- Fulfillment of statutory right to information requests that third parties have made to us (such as in the event of an infringement of intellectual property rights or other illegal activities).
- Retention and storage of personal data to fulfill statutory retention obligations (further information about the storage of your data by Jimdo can be found in Section 4).
In addition, Jimdo may process personal data in order to protect your vital interests or the vital interests of another individual (Art. 6 (1) (d) GDPR). This applies especially in the following cases:
- Prevention, detection, containment, and investigation of illegal activities that may lead to an impairment of your vital interests or the vital interests of another natural person, unless there is already a legal obligation to do so.
As part of the processing outlined above, your data may be transmitted to the following categories of recipients: Prosecutorial authorities, courts, other governmental bodies, third parties (who assert statutory right to information requests against us or who are involved in legal proceedings if they provide us with a legal order, court order, or equivalent legal order), external service providers/(sub)contractors, payment service providers, etc. In the event that personal data is transferred to third countries, this will only be done in strict compliance with the relevant legal provisions. Information about the length of time for which the various categories of personal data are stored can be found in Section 4.
3. Data transmission to third countries
Jimdo ensures that your data is processed in the EU or in the European Economic Area. Should this no longer be possible and data needs to be transferred to a third country, Jimdo will ensure, after prior review, that an adequate level of data protection that meets the requirements of the Court of Justice of the European Union and the EU Commission is adhered to in the country the data is transferred to. In these cases, the data is transferred on the basis of an Adequacy Decision of the European Commission or the Standard Contractual Clauses for the transmission of personal data to third countries in its current valid version. These can be accessed here. We regularly reassess the measures we have taken to assess the requirements arising from new regulatory guidance and case law, for example resulting from the decision of the CJEU in case C-311/18. Data transmission to a third country may also take place on the basis of your consent. You will be provided with details of this separately, if applicable.
4. Period of storage
Insofar as we receive and process your personal data for the purposes of implementing, initiating, and processing your contract with Jimdo, we store it until the purpose of storage has been achieved (in particular achieved in the event of the contract being terminated), or insofar as this is required within the statutory retention periods in accordance with section 257 of the German Commercial Code (HGB) and section 147 of the German Tax Code (AO).
We store HTTP data and server log files for a maximum of three (3) months unless there is a security incident (such as a DDoS attack). In the event of a security incident, server log files will be stored until the incident has been rectified and fully investigated.
Co-browsing session data is generally erased no later than 30 days afterwards.
Otherwise, we only store your data for as long as necessary for the respective purpose or where we are contractually or legally obligated to store the data for a longer period.
5. Information about your rights
As the data subject you have the following rights with regard to the processing of your personal data by Jimdo, in the event of the respective legal requirements:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (“right to be forgotten”) (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object (Art. 21 GDPR)
- Right to withdraw consent (Art. 7 (3) GDPR)
- Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
Please use the information in Section 1 to contact us if you wish to exercise your rights.
Information about any particular arrangements which make it easier for you to exercise your rights, in particular exercising your right to data portability and your right to object, can be found in the information about processing personal data in Section 2 of this Privacy Policy.
We are obligated to carefully verify your identity when dealing with your requests to exercise your rights. Please note that we reserve the right to request further information or proof of your identity depending on the sensitivity of the data. This is in place to protect your data against access by unauthorized third parties.
We reserve the right to not process inquiries which are received with unreasonable frequency or without corresponding proof of identity. You will be separately informed of this.
Your request and notification will be stored on our system for a period of three (3) years. Any copies of proof of identity that we receive will be immediately destroyed after your identity has been verified. The legal grounds for processing is Art. 6 (1) (c) GDPR.
6. Definitions
The terminology used in this Privacy Policy generally has the meaning given in the General Data Protection Regulation. We also use other terms which we explain below, along with the most important terminology from the General Data Protection Regulation:
- “Analysis data” means data which is generated by the web analysis tool on the basis of the information collected referencing the unique visitor ID of the respective visitor contained in their device data. This includes information about the effectiveness of ads and assigning users to target groups for ads.
- “Query data” means data that you have shared with us with as part of the request. This includes title, first name, surname, postal address (invoice address), telephone number, email address, and the content of your query.
- “Processor” means an individual or legal entity, public authority, agency, or other body that processes personal data on behalf of the controller.
- “Order data” means information about your orders. This includes information about services you’ve purchased (description, scope, number, color, price, currency, order number, etc.), the date and time of your order, and the status of your order.
- “Data subject” means an identified or identifiable natural person to whom personal data can be attributed.
- “Third party account log-in data” means the log-in data which is transmitted from us to the respective third party service provider. This also includes a unique session ID while you are logged into your account as well as the expiry date of your session.
- “Third party” means an individual or legal entity, public authority, agency, or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
- “Third country” means a country which is not a Member State of the European Union (“EU”) or a signatory to the Agreement on the European Economic Area. ("EEA").
- “Recipient” means an individual or legal entity, public authority, agency, or other body to which personal data is disclosed, whether it is a third party or not. However, authorities that may receive personal data in the context of a specific investigation under European Union or Member State law are not considered recipients; the processing of this data by the said authorities is carried out in accordance with the applicable data protection regulations in accordance with the purposes of the processing.
- “Device data” means data that has been assigned to your device by the web analysis tool. This includes a unique ID to (re)identify returning visitors.
- “Event data” means data which is collected by the web analysis tool referencing the unique visitor ID of the respective visitor contained in the device’s data. This includes actions that take place on the website which are called “events”. For example, this includes making a purchase, registering, adding payment information, commencing the order finalization process, adding items to your cart, adding items to your wish list, carrying out searches, and considering content. This also includes information associated with the actions that are carried out and are referred to as “parameters”. This includes, for example, the value of purchases made.
- “HTTP data” means protocol data that has arisen by design when accessing the website via the Hypertext Transfer Protocol (Secure) (HTTP(S)). This includes your IP address, type, and version of your Internet browser, the operating system you used, the page you accessed, the page you accessed before our website (referrer URL), as well as the date and time of your visit.
- “International organization” means an international legal organization and its subordinate bodies or any other body created by or on the basis of an agreement concluded between two or more countries.
- “Communication data” means data that you have provided to us when communicating with us. This includes information that you have provided to us on the contact form on our website. This may primarily include the following data: Name, address, telephone number, email address, and the content of your query.
- “Communication device data” means data that has been assigned to your device when using the respective communication channels. This includes a unique session ID for your communication session as well as the expiry date of your session.
- “Contact data” means data that you have provided to us when ordering the newsletter or during the order process for the purposes of contacting you regarding the processing of your order. This includes title, first name, surname, postal address (invoice address), telephone number, and email address.
- “Log-in data” means data you use when you log in to your user account. This includes your email address and password. This also includes a unique session ID while you are logged into your account as well as the expiry date of your session.
- “Newsletter subscription data” means the data we collect when you register for the newsletter. This includes the following mandatory information: Email address. There is also optional information as follows: Title, first name, surname.
- "Newsletter opt-in data" is log data collected when registering for and unsubscribing from the newsletter. This includes the date and time you register for the newsletter, the date and time the registration notification is sent under the double opt-in procedure, the date and time that registration is confirmed under the double opt-in procedure, plus the IP address of the device used to send the confirmation, and the date and time of unsubscribing from the newsletter.
- “Newsletter profile data” means data in user profiles that we use on a pseudonymized basis to analyze usage behavior regarding the newsletter. This includes data about the use of the newsletter, in particular accessing it, frequency of access and the time spent in the newsletters viewed.
- “Newsletter tracking pixel data” means data that is collected by design when accessing our newsletter by the “tracking pixel” contained in our newsletter via the Hypertext Transfer Protocol (Secure) (HTTP(S)). Tracking pixels are small graphics in HTML emails which enable log files to be recorded and analyzed when emails are accessed. This data includes the IP address, type, and version of your Internet browser, the operating system used, the page accessed, the page accessed before viewing our website (referrer URL), as well as the date and time of the visit.
- “Newsletter form device data” means data that has been assigned to your device when using the form on our website to register for and unsubscribe from our newsletter. This includes a unique session ID for your form session as well as the expiry date of your session. This data is stored in cookies on your device (also see our ) and may be read whilst you use the form on our website to register for and unsubscribe from our newsletter.
- “Newsletter form HTTP data” means data that has arisen by design when accessing the form on our website to register for and unsubscribe from our newsletter via the Hypertext Transfer Protocol (Secure) (HTTP(S)). This includes your IP address, type and version of your Internet browser, the operating system you used, the page you accessed, the page you accessed before our website (referrer URL), as well as the date and time of your visit
- “Usage data” includes information regarding the type, scope, and time the website was accessed in accordance with section 15 of the German Telemedia Act (TMG). This data identifies you or your device directly and is partially stored on your device, for example as log files. Some usage data is collected while using our products and services. This data enables us to quickly detect and rectify any faults that occur and continually develop our services for you.
- “Opt-in data” means data that you provide when managing the cookie permissions for this website and data that is assigned to your device when managing the cookie permissions. This includes your consent and, if applicable, your individual selection of the use of cookies on your device.
- “Personal data” or “data” means all information which can be attributed to an identified or identifiable natural person (“data subject”); a natural person is deemed to be identifiable if they can be directly or indirectly identified, in particular by an identifier, such as a name, identification number, location data, online identifier, or by one or more particular characteristics specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of this natural person.
- “Registration data” means data that you have provided to us in the registration form on our website so we can first register you for a user account (setting up a user account). This primarily includes the following mandatory information: Email address and password. This also includes the following optional information: Title, surname, and first name.
- “Session data” means data that we have collected from the co-browsing session. This includes a unique session ID for your contact session as well as the IP address, date, and time of the session, operating system, and browser.
- “Transaction email data” means data from transaction emails which we send to process/reverse your order (e.g. an email confirming receipt of an order). This includes the content and time of the transaction emails.
- “Controller” means the individual or legal entity, public authority, agency, or other body that, either alone or jointly with others, decides on the purposes and means of the processing of personal data. If the purposes and means of this processing are specified by European Union law or the law of the Member States, the Controller or the specific criteria designated by the Controller can be provided for in accordance with European Union law or the law of the Member States.
- “Processing” means any operation or set of operations performed in connection with personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
- “Publication information” means information you have provided to us to publish on our website: This includes your product reviews you have provided us with for publication.
- “Cart data” means data that has arisen from your use of the cart function. This includes information on services you have placed in your cart (such as the name of the service, scope, price, and currency). This also includes a unique session ID for the cart session as well as the expiry date of your session. This data is stored in cookies on your device and may be read whilst you use our online store.
- “Web analysis data” means data which is generated by the web analysis software and stored in pseudonymized user profiles. This includes information about the use of the website, in particular pages accessed, frequency of access and time spent on the accessed pages referencing the unique visitor ID of the respective visitor, which is contained in the device’s data.
- “Web analysis HTTP data” means data that has arisen by design using the web analysis tool used on our website via the Hypertext Transfer Protocol (Secure) (HTTP(S)). This includes your IP address, type, and version of your Internet browser, the operating system you used, the page you accessed, the page you accessed before our website (referrer URL), as well as the date and time of your visit.
- “Payment data” means data that you have provided to us as part of the order process to pay for the services you have ordered. This includes the payment method you have selected, plus, if applicable, further information necessary for the respective payment method, such as bank account details and credit card numbers.
- “Tracking pixel HTTP data” means data that has arisen via the Hypertext Transfer Protocol (Secure) (HTTP(S)) upon accessing the tracking pixel contained in our website. This data includes your IP address, type and version of your Internet browser, the operating system you used, the page you accessed, the page you accessed before our website (referrer URL), as well as the date and time of your visit.
7. Version and changes to this Privacy Policy
Valid from: 31.01.2022.
It may be necessary to make adjustments to or further develop our Online Services due to technical developments and/or changes to the law. As a result, we update this Privacy Policy accordingly when required. The current valid version of our Privacy Policy can be accessed at any time in the version published on our website.