Data Protection Declaration
Data protection is of a high priority for us — and presumably for you too. With this data protection declaration, we inform you which personal data (hereinafter also referred to as “Data”) are processed by us in relation to our websites (hereinafter referred to as “Websites”) and what your rights are. The data protection declaration also serves to implement our ob-ligations under § 13 of the German Telemedia Act (TMG) and Article 13 of the Regulation (EU) 2016/679 of the European Parliament Council, of 27 April 2016, regarding the protec-tion of individuals in terms of the processing of personal data, on the free movement of such data and the revocation of Directive 95 /46/EC (General Data Protection Regulation, GDPR).
1. Controller
Company: | NEW TENDENCY GmbH |
Managing Partner: | Manuel Goller, Christoph Goller |
Address: | Adalbertstr. 6, 10999 Berlin, Germany |
Phone: | +49 30 246 30 500 |
Fax: | +49 30 284 49 266 |
E-Mail: | contact@newtendency.com |
2. Definitions
This Data Protection Declaration uses the following terms within the meaning of the General Data Protection Regulation:
- “Personally identifiable information” is any information relating to an identified or identifiable natural person(hereafter referred to as “the data subject”); natural person is regarded as identifiable if he/she can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online ID, or one or more special features, the expression of physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- “Processing” is any process, performed with or without the help of automated procedures, and/or any such process relating to personal data, such as collecting, capturing, organizing, mapping, storage, adaptation or change, reading, consultation, use, disclosure by transmission, dissemination or any other form of deployment, matching or linking, the constraint, deletion, or destruction;
- “Controller” is the natural or legal person, authority, body or other organization which, alone or jointly with others, decides on the purposes and means of processing the personal data;
- “Processor” refers to a natural or legal person, public authority, body or other organization who or which processes personal data on behalf of the Controller;
- “Receiver” is a natural or legal person, public authority, agency or another body, whose personal data is disclosed, regardless of whether it relates to a third party or not. Authorities, in the context of a specific investigation order, pursuant to Union law or Member State law, who may receive personal data, are not considered as the receiver; the processing of this data by the authorities referred to shall be made in accordance with the applicable data protection legislation in accordance with the processing purposes;
- “Third party” means a natural or legal person, public authority, agency or another body, other than the data subject, the Controller, the Processor and the persons authorized under the direct responsibility of the Controller, or the Processor to process the personal data;
- “Consent” of the data subject shall mean any expression of will voluntarily given in a particular case, in an informed and unambiguous manner, in the form of a declaration or other clear confirmation, by which the data subject states that he or she is in agreement with the processing of the personal data concerning him or her, giving his/her consent;
-
“cross-border processing” means either
- the processing of personal data carried out in the context of the activities of establishments of the Controller or Processor in the Union, in more than one Member State, where the Controller or Processor has subsidiaries in more than one Member State; or
- the processing of personal data carried out in the context of the activities of an individual subsidiary of a Controller or Processor in the Union, which, however, has or may have a significant impact on data subjects in more than one Member State
- Customer data (name, gender, date of birth, address, telephone and fax, e-mail, ac-count details);
- Content (text, images, videos);
- Usage data (websites visited, access times, location, etc.).
- Communication data (device information, IP addresses, etc.).
- Contract data (contractual text, payments)
- Visitors to our websites (hereinafter also referred to as “Users”) as well as other in-terested parties, contestants;
- Buyers of our goods and Customers of our services (hereinafter referred to as “Customers”); other business partners.
- Presentation, maintenance and improvement of our websites including all functions for Users, and for evidence; this is done on the basis of Article 6, paragraph 1, letter f of the GDPR (safeguarding our legitimate interests). Communication and usage data are processed and data will not be passed on to third parties unless there is a legal obligation to do so (Article 6, paragraph 1, letter c of the GDPR).
- Processing of usage data (websites visited, products viewed) and content for advertising purposes, in particular for personalized product information; this is done on the basis of Article 6, paragraph 1, letter f of the GDPR (safeguarding our legitimate interests).
- Responses to requests via a contact form, e-mail correspondence with Users and Customers, for competitions; processing is carried out on the basis of Article 6, paragraph 1, letter b of the GDPR.
- Creating a User account. Upon the creation or modification of a User account for our websites, Customer and contract data and, where applicable, content, is processed in order to provide the services within the framework of the websites for registered Users, Article 6, paragraph 1, letter b of the GDPR; in addition, communication data may be used for evidential purposes and for protection against the abuse of processing functions, Article 6, paragraph, letter f of the GDPR (safeguarding our legitimate interests).
- Customer data and contract data are processed for the execution of contractual obligations towards Customers and other contractual partners. Insofar as data to be entered in forms are marked as mandatory, these are necessary for the fulfillment of the stated purpose. The processing is carried out on the basis of Article 6 (1), letters (b) and (c) of the GDPR.
- To display User’s own content. If necessary, the User can post their own content in forums or similar functions on our websites; this is generally done anonymously. IP addresses are stored for evidentiary reasons and therefore done as per legitimate interests in accordance with Article 6, paragraph, 1 letter f, of the GDPR.
- Self-marketing purposes; upon consent, the processing is carried out in accordance with Article 6, paragraph, 1 letter a, as well as Article 7 of the GDPR, moreover, in order to safeguard our legitimate interests, also: Article 6, paragraph 1, letter f of the GDPR.
- You may request confirmation as to whether the concerned data is being processed; if this is the case, you may request information about this data, as well as further information, and a copy of the data in question, Article 15 of the GDPR.
- You have the right to request the correction of incorrect personal data and the completion of incomplete personal data with immediate effect, Article 16 of the GDPR.
- You may request that data in question be deleted immediately (Article 17 GDPR) or restricted in relation to processing (Article 18 of the GDPR).
- Under the conditions set out in Article 20 of the GDPR, you have the right to receive any data provided by you, as well as the right to transmit such data to another Controller, without us hindering you to do so.
- You can file a complaint with the competent supervisory authority in accordance with Article 77 of the GDPR.
- In accordance with Article 7 , paragraph 3 of the GDPR, you may revoke your con-sent, effective going forward, and object to any future processing of your data in accordance with Article 21 of the GDPR, at any time.
3. Type, Scope and Purpose of Processing, Legal Grounds
3.1 The following types of data is processed by us:
3.2 The following categories of data subjects are outlined:
3.3 The processing of the data was carried out for the following purposes, using the following legal grounds:
If our processing is based on further legal grounds, they will be stated below in additional explanations.
4. Recipients of Data, Third Countries
Insofar as it is necessary for the delivery of the products ordered by Customers, data will be passed on to the shipping company commissioned with the delivery. For payment processing, the data required in the payment transactions (name, account data, e-mail address, purchase price) may be passed on by us to a payment service provider and/or to a credit institution commissioned with the payment, such as PayPal. Other categories of recipients include hosting providers, participants in the ERP and financial accounting system, and/or external service providers and suppliers if required.
The transfer and disclosure of data to Recipients, Processors or third parties takes place exclusively within the framework of legal grounds (see section 2.4 above), or if a further legal obligation exists. Access to data for Processors was granted in strict compliance with Article 28 of the GDPR. Data processing in a third country (outside the European Union (EU) or European Economic Area (EEA) is carried out in accordance with Articles 44 to 50 of the GDPR. The processing is carried out at a level of data protection that complies with the GDPR, in particular through guarantees by the Processors, e.g. on the basis of the agreement between the EU and the USA in accordance with the US Privacy Shield (hereinafter also “Privacy Shield”), or on the basis of special contractual obligations (standard contractual clauses).
5. Deletion of Data
Deletion of data is carried out on the basis of Article 17 and 18 of the GDPR; the same applies to the restriction of processing and blocking of data. The deletion or limited processing of the data takes place if and insofar as they are no longer necessary for the achievement of a specified purpose, unless deletion is prohibited by law (e.g. retention obligations under commercial or tax law), or otherwise agreed.
According to § 257 of the German Commercial Code (HGB) and § 147 paragraph 1 of the Tax Code (AO), every merchant is obliged in particular to keep trading books and records, inventories, opening balances, working instructions, annual accounts, other organizational documents, as well as accounting documents, for ten years; for commercial and business correspondence, a period of six years shall apply.
6. Cookies
“Cookies” are small files that are stored on Users’ computers containing a variety of information. They are used to establish the identity of the User and his/her device and to secure information provided by the User during the visit. In addition to temporary cookies (“session cookies”, e.g. content of a shopping cart), which are deleted after the User leaves the web pages and closes the browser. Persistent cookies (e.g. for last login, websites viewed) are not deleted after the User leaves the website. In the case of so-called “third party cookies”, the cookies are not the Controller’s, but a third party’s.
You can prevent cookies from being stored on your computer. In your browser settings, you can select the option that cookies are not allowed in general and/or in relation to specific pages. You can also delete existing cookies here. As a precaution, it is pointed out that our website functions may be limited if cookies are disabled or removed.
7. Hosting
We work with hosting partners to maintain, restore and improve our services, in particular with regard to storage space, computing capacity, databases, infrastructure, maintenance, and similar services. This may result in the processing of data in accordance with Section 2.1 of this Data Protection Declaration; in particular, the collection of server log files (server access). The processing takes place on the basis of a legitimate interest on our site, in accordance with Article 6, paragraph 1, letter f of the GDPR in conjunction with Article 28 of the GDPR. The deletion of the data takes place no later than seven days after the storage process is completed; this does not apply if the retention is necessary for evidentiary reasons— the deletion then takes place once the evidentiary purpose has ceased to be necessary.
8. Newsletter
When subscribing to the newsletter, your e-mail address will be used for the site’s advertis-ing purposes (sending emails), until you unsubscribe from the newsletter. You can unsub-scribe at any time. In this case, you may have expressly given us the following consent and we have logged your consent. We are obliged to keep the content of the given consent and make it available on demand at any time. You can revoke your consent at any time, which will be effective going forward. Repetition of the consensual text for the newsletter:
„[ ] I would like to receive interesting offers on a regular basis via email. My email ad-dress will not be shared with other companies. I can revoke the consent of the use of my e-mail address for advertising purposes at any time, which will be effective going forward, by clicking on the “Unsubscribe” link at the end of the newsletter, or by sending an email to [e-mail address], asking for revocation. “
Registration takes place via the so-called “double opt-in procedure”. After registering, you will be asked to confirm the subscription to the newsletter, via e-mail. The registration is logged for evidentiary purposes, concurrently the usage data (time registration and confirmation, IP address) are processed. The legal basis for this is your consent in accordance with Article 6, paragraph 1, letter a, Article 7 of the GDPR, together with § 7 of the Law against Unfair Competition (UWG); the logging takes place on the basis of legal requirements (Article 6, paragraph 1, letter c of the GDPR) as well as to safeguard our legitimate interests (Article 6, paragraph 1 letter f of the GDPR).
The newsletter is sent via the shipping service provider “MailChimp”, a newsletter delivery platform belonging to the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. For this purpose, your e-mail address, as well as usage and communication data, will also be processed by MailChimp. The use of the shipping service provider is based on our legitimate interests (Article 6, paragraph 1, letter f of the GDPR) and an order processing contract (Article 28, paragraph 3, sentence 1 of the GDPR). You can find out more about data protection of the service provider at https://mailchimp.com/legal/privacy/. MailChimp is certified under the Privacy Shield Agreement (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active).
You can revoke your consent to receiving the newsletter at any time by clicking on the “Un-subscribe” link at the end of the newsletter, or by sending an email to us outlining your revocation. E-mail addresses may remain stored for up to three years after revocation to safeguard our legitimate interests, in order to prove that the required consent for the newsletters which had been sent up to the revocation, had been received.
9. Rights of Data Subjects
According to the GDPR, you have various rights relating to your data:
10. Miscellaneous
Webfonts
On the basis of legitimate interests (the operation and optimization of our websites), we use the web font service “fonts.com”, offered by Monotype GmbH, Werner-Reimers-Straße 2-4, D-61352 Bad Homburg, within the meaning of Article 6, paragraph 1, letter f of the GDPR. Each time you visit this website, files are uploaded from a fonts.com server, displaying the text in a specific font. Your IP address may be transferred to a fonts.com server and stored in the usual server protocol logs. The further processing of this information is the responsibility of fonts.com. For information on terms and conditions, please refer to fonts.com’s privacy policy set out on http://www.monotype.com/legal/privacy-policy.
Stripe
Insofar as it is necessary for the appropriate delivery of Customer-ordered products, data will be passed on to commissioned third parties. For payment via credit card or direct debit, payment is processed via Stripe, the payment service provider Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland. Stripe Payments Europe Ltd processes data (Customer and contract data) for this express purpose. Stripe Payments Europe Ltd has permission to use this information for payment processing purposes. Stripe Payments Europe Ltd is obliged to treat the information in accordance with EU data pro-tection laws. Further information on Stripe data protection can be accessed at https://stripe.com/de/privacy#translation.
Instant Transfer
This website has also implemented the payment service “Sofortüberweisung” (instant trans-fer), operated by SOFORT GmbH, Fußbergstraße 1, 82131 Gauting, Germany. SOFORT GmbH processes data (Customer and contract data) for this purpose. SOFORT GmbH may use this information for the purposes of payment processing. SOFORT GmbH is obliged to treat the information in accordance with EU data protection laws. The applicable data pro-tection provisions of SOFORT GmbH for the “Sofortüberweisung” (instant transfer) service are available at
https://www.sofort.com/ger-DE/datenschutzerklaerung-sofort-gmbh/.
PayPal
Insofar as it is necessary for the appropriate delivery of Customer-ordered products, data will be passed on to commissioned third parties. Components of the online payment service provider PayPal are integrated into this website. PayPal (Europe) S.à.r.l. & Cie is the Euro-pean operator of PayPal. S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter: PayPal). PayPal processes data (Customer and contract data) for this purpose. PayPal may use this information for the purpose of payment processing. PayPal is obliged to treat the information in accordance with EU data protection laws.
Further information about PayPal’s Data Protection Declaration can be found at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
Facebook
Plugins from the social network facebook.com are used on this website by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or for EU citizens Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor , Dublin 2, Ireland, “Facebook”). Facebook is certified under the Privacy Shield Agreement, https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
When you access our website from such a plugin, a connection to the Facebook servers is established and the plugin is displayed on the website by notifying your browser. This tells the Facebook server which of our websites you have visited. If you are logged in as a member of Facebook, Facebook assigns this information to your personal Facebook account. When using the plug-in function (e.g. clicking the “Like” button “, submitting a comment), this information is also assigned to your Facebook user account, which you can only prevent by logging out before using the plug-in.
The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as the related rights and setting options for protecting the privacy of users can be found in Facebook’s data protection information: https://www.facebook.com/about/privacy/ .
Twitter
We use links to the Twitter service on our website, provided by Twitter Inc.,
1355 Market Street, Suite 900, San Francisco, CA 94103, USA (“Twitter”). Twitter is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active).
When you access one of our websites that contains such a plug-in, the user’s device establishes a connection to the Twitter servers. User profiles can be created when processing the plug-in data. We have no influence on the exact amount of data that Twitter collects using this plugin. Twitter can receive information about which pages a user has accessed or which members the user is following via the plugin. If you visit our website and are logged into Twitter at the same time, Twitter can assign the visit to a Twitter account. You can find further information on data protection on Twitter at https://twitter.com/de/privacy. Data protection declaration: https://twitter.com/de/privacy, at https://twitter.com/personalization there is the possibility to restrict the processing by Twitter.
Instagram
Functions and contents of the Instagram service, offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA, may be integrated into our online offer. These are u. a. Images, videos or texts as well as buttons with which you can show that you like the content or its authors, or you can subscribe to Instagram posts. If you are a member of Instagram, Instagram can assign to your profile that you have accessed the relevant content. Instagram’s privacy policy is available at http://instagram.com/about/legal/privacy/.
Google Firebase
Functions and contents of the Google Firebase service, offered by Google LLC (formerly known as Google Inc.), Google Ireland Limited, Google Asia Pacific Pte. Ltd., or any other entity that directly or indirectly controls, is controlled by, or is under common control with Google LLC (as applicable, “Google”), may be integrated into our online offer. By using our website and ordering with us you comply with our terms and the terms of Google Cloud Platform and Firebase.
Google Firebase’s privacy policy is available at https://firebase.google.com/terms/data-processing-terms and https://firebase.google.com/terms/crashlytics-app-distribution-data-processing-terms.
LinkedIn
We use links to the LinkedIn service integrated on our website, an offer from LinkedIn AG, Dammtorstraße 29-32, 20354 Hamburg, Germany (“LinkedIn”). LinkedIn is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active).
When you access one of our websites that contains such a plug-in, the end device of the user establishes a connection to the LinkedIn servers and cookies can be set. User profiles can be created when processing the plug-in data. We have no influence on the exact amount of data that LinkedIn collects using this plugin. LinkedIn can receive information about which pages a user has accessed via the plugin. If you access our pages and are logged in to LinkedIn at the same time, LinkedIn can assign the visit to a LinkedIn account. You can find further information on data protection at LinkedIn at https://www.datenschutz.org/linkedin/, at https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out you can process the processing of Limit data through LinkedIn.