Data Privacy
Introduction
Data is the basis for us to provide an excellent service. However, our most important asset is the trust of our customers. Protecting our customers data and using it only as they expect from us and as required by law is a top priority for us. Therefore, it is crucial for us to comply with the legal provisions on data protection, and that our customers understand the way we store and utilize their data.
I. Name and address of the responsible person
The person responsible within the meaning of the Basic Data Protection Regulation and other national data protection laws of the member states, as well as other data protection regulations is:
EASYGIFTS GmbH
Thomas-Mann-Straße 60
90471 Nuremberg
Germany
Tel.: 0911/817 81 111
E-Mail: vertrieb@easygifts.de
Website: www.easygifts.de
II. Name and address of the data protection officer and the data protection supervisory authority
The data protection officer of the person responsible is:
a.s.k. Datenschutz e.K.
Schulstraße 16a
91245 Simmelsdorf
Germany
Tel.: 09155-263 99 70
E-Mail: info@ask-datenschutz.de
Website: www.ask-datenschutz.de
The data protection supervisory authority is:
Bayerisches Landesamt für Datenschutzaufsicht
Promenade 27 (Schloss)
91522 Ansbach
Telefon: +49 (0) 981 53 1300
Telefax: +49 (0) 981 53 98 1300
E-Mail: poststelle@lda.bayern.de
III. General information on data processing
1. Scope of the processing of personal data
We process our customers' personal data only insofar as this is necessary to provide a functioning website as well as adequate content and services. The processing of personal data of our users takes place regularly only after their consent. An exception applies in those cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.
2. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data owner for the processing of personal data, Art. 6 para. 1 lit. a of the EU Data Protection Ordinance (DSGVO) serves as the legal basis.
In the processing of personal data required for the performance of a contract to which the data owner is a party, Art. 6 para. 1 lit. b of the DSGVO serves as the legal basis. This also applies to processing necessary operations to carry out pre-contractual measures.
Insofar as the processing of personal data is required to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c of the DSGVO serves as the legal basis.
If the vital interests of the data owner or another natural person requires the processing of personal data, Article 6(1)(d) of the DSGVO serves as the legal basis.
If processing is necessary to safeguard a legitimate interest of our company or a third party, and if the interests, fundamental rights, and freedoms of the data owner do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f of the DSGVO serves as the legal basis for processing.
3. Data deletion and storage duration
The personal data of the owner will be deleted or blocked as soon as the purpose of storage is fulfilled. Furthermore, data may be stored if this has been provided by the European or national legislator in EU regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the mentioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
IV. Provision of the website and logfiles creation
1. Description and scope of data processing
Every time you visit our website, our server logs automatically collect data and information from the accessing computer system.
The following data is collected:
- Information about browser type and version used
- The user’s operating system
- The user’s internet service provider
- The IP address of the user
- Date and time of access
- Referrer URL (previously visited pages)
- Websites accessed by the user's system via our website
The data is also stored in the log files of our system. This data is not stored along with other personal data of the user.
2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f of the DSGVO.
3. Purpose of data processing
The temporary storage of the IP address is necessary to allow the access of the user’s computer to our website. For this purpose, the IP address of the user must remain stored for the duration of the session.
The data is stored in log files to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
For these purposes, our legitimate interest in the processing follows the directives of Art. 6 para. 1 lit. f of the DSGVO.
4. Duration of storage
The data will be deleted as soon as the purpose for which it was stored is fulfilled. In the case of collecting the data to enable access to our website, the data will be deleted once the user’s session expires.
Regarding the data stored in log files, it will be deleted after no more than seven days. Additional storage is possible, in this case, the IP addresses of the users are deleted or alienated, so that personalization of the data is no longer possible.
5. Possibility of opposition and elimination of data collection
The collection and storage of data in log files for the use of the website is necessary for the correct operation of the website. Consequently, there is no possibility of objection on behalf of the user.
V. Use of cookies
1. Description and scope of data processing
Our website utilizes Cookies, they are text files which are stored in your computer to provide an analysis of your use of our website. When a user visits a website, a cookie may be stored in the user’s operating system. This cookie contains a distinguishing character string that enables a unique identification of the browser when the website is visited again.
We use cookies to make our website more user-friendly. Some elements of our website require the visitor’s browser to be identified even after a page change.
The following data is stored and transmitted in the cookies:
- Session ID
2. Legal basis for data processing
The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f of the DSGVO.
3. Purpose of data processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website are not available without the use of cookies; therefore, it is necessary that the browser is recognized even after a page change.
We need cookies for the following applications:
- Forwarding the login to the frontend
The user data collected by technically necessary cookies are not used to create user profiles.
For these purposes, our legitimate interest also lies in the processing of personal data in accordance with Art. 6 para. 1 lit. f of the DSGVO.
4. Duration of storage, possibility of objection and elimination
Cookies are stored on the computer of the user and transmitted to us. Therefore, as user, you have full control over the utilization of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all its functions to the fullest.
VI. Newsletter
1. Description and scope of data processing
If you purchase goods or services on our website and provide us with your e-mail address, we may subsequently use it to send you a newsletter. In such case, the newsletter will only send direct advertising for similar goods or services of our catalogue.
Regarding the data processing for the sending of newsletters, no data is forwarded to third parties. The data will be used exclusively for sending the newsletter.
2. Legal basis for data processing
The legal basis for sending newsletters as result of selling goods or services is Section 7 para. 3 of the UWG.
3. Purpose of data processing
The purpose of storing the user's e-mail address is to send the newsletter.
4. Duration of storage
The data will be deleted as soon as the purpose for which it was stored is fulfilled. The user's e-mail address will therefore be stored for as long as the subscription to the newsletter is active.
5. Possibility of opposition and elimination
The subscription to the newsletter can be cancelled at any time. For this purpose, there is a corresponding link in every newsletter.
VII. Registration
1. Description and scope of data processing
We offer users of our website the opportunity to register as customers by inputting personal data, which is transmitted to us and saved. A transfer of this data to third parties does not take place. The following data is collected during the registration process:
- Company name
- Name of the person requesting the registration
- Email address
- PSI membership number
- Telephone number
- Address
- Brach / Industry
- User’s message to us
As part of the registration process, the consent of the user to process this data is requested and obtained.
2. Legal basis for data processing
If the user has given their consent, the legal basis for processing this data is Art. 6 para. 1 lit. a of the DSGVO.
3. Purpose of data processing
User registration is required for the provision of certain content and services on our website.
4. Duration of storage
The data will be deleted as soon as the purpose for which it was stored is fulfilled.
This is the case for the data collected during the registration process when the registration on our website is canceled or modified.
5. Possibility of opposition and elimination
As a user you have the possibility to cancel your registration and change the stored data from you at any time.
You can request this to us in writing at any time.
VIII. Contact form and e-mail contact
1. Description and scope of data processing
There is a contact form available in our website with the purpose of establishing electronic contact with us. If a user utilizes this option, the data entered in the input mask will be transmitted to us and saved.
At the time of sending the message, the following data is stored:
- Ihre Nachricht
- Name
- Email-Adresse
For the processing of the data when utilizing this function, your consent is requested, obtained, and referred to this privacy statement.
Alternatively, contact to the provided e-mail address is allowed. In this case, the user's personal data transmitted by e-mail will be stored.
In this context, there is no disclosure of the data to third parties. The data is used exclusively for processing your request.
2. Legal basis for data processing
If the user has given their consent, the legal basis for processing this data is Art. 6 para. 1 lit. a of the DSGVO.
The legal basis for the processing of data transmitted with the sending of an e-mail is Art. 6 para. 1 lit. f of the DSGVO. If the e-mail contact aims at the termination of a contract, then additional legal basis for the processing is Art. 6 exp. 1 lit. b of the DSGVO.
3. Purpose of data processing
The processing of the personal data from the input mask serves us only to process the contact. In the case of contact via e-mail, this also includes the required legitimate interest in the processing of the data.
Other personal data processed during the contact serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
4. Duration of storage
The data will be deleted as soon as the purpose for which it was stored is fulfilled. Regarding personal data from the input form and sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been finally clarified.
Additional personal data collected during the sending process will be deleted after a seven days period at the latest.
5. Possibility of opposition and elimination
The user can revoke their consent to the processing of their personal data at any time. If the user contacts us per e-mail, they may object to the storage of his personal data at any time. In such a case, the conversation cannot continue.
All personal data stored through the contact will be deleted in this case.
IX. Web analysis by Matomo (formerly PIWIK) and Google Analytics
1. Scope of the processing of personal data
We use the open source software tool Matomo (formerly PIWIK) to analyze the surfing behavior of our users. The software places a cookie on the user's computer (see above for cookies). If individual pages of our website are accessed, the following data is stored:
- Two bytes of the IP address of the user's operating system
- The accessed website
- The website from which the user has accessed the accessed website (referrer)
- The sub-pages accessed from the accessed website
- The time spent on the website
- The frequency with which the website is accessed
The software runs exclusively on the servers of our website. The personal data of users is only stored there and will not be forwarded to third parties.
The software is set so that the IP addresses are not completely stored, but 2 bytes of the IP address are masked (e.g.: 192.168.xxx.xxx). In this way, it is no longer possible to assign the shortened IP address to the user’s computer.
2. Legal basis for the processing of personal data
The legal basis for processing user’s personal data is Art. 6 para. 1 lit. f of the DSGVO.
3. Purpose of data processing
The processing of users' personal data enables us to analyze the surfing behavior of our users. By analyzing the obtained data, we can compile information about the use of the individual components of our website, this helps us to constantly improve our website and its user-friendliness. For these purposes, our legitimate interest lies in the processing of the data according to Art. 6 para. 1 lit. f of the DSGVO. The anonymization of the IP address sufficiently considers the interest of users in their protection of personal data.
4. Duration of storage
The data will be deleted as soon as the purpose for which it was stored is fulfilled. In this case, the data will be deleted after 180 days.
5. Objection / Data elimination – Matomo
Cookies are stored on the computer of the user and transmitted to us. Therefore, as user, you have full control over the utilization of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all its functions to the fullest.
We offer our users the possibility of opting out of the analysis process on our website. For this, they must follow the correspondent link. Another cookie is set on your system, which signals our system not to save the user data. If the user deletes the corresponding cookie from his own system, he must set the opt-out cookie again.
disable Piwik
You can also prevent cookies collection through other suitable add-on programs / script blockers, e.g. Ghostery (https://www.ghostery.com)
6. Objection to data collection by Google Analytics
This website uses functions of the web analytics service Google Analytics, provided by Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043, USA.
Google Analytics utilizes the so-called "Cookies", which are text files stored in your computer that provide us an analysis of your use of our website. The collected information is usually transmitted to a Google server in the USA and subsequently stored.
You can prevent the storage of cookies with a setting in your browser software; however, please note that if you do this you may not be able to use the features of this website to a full extent. You may prevent the collection of cookies, data related to your use of the website (including your IP address) and the processing of this data by Google, by downloading and installing the browser plug-in under the following link: https://tools.google.com/dlpage/gaoptout?hl=de
You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to stop the collection of your data on future visits to this website: disable Google Analytics
For more information about the handling of user data with Google Analytics, please refer to the Google Privacy Policy: https://support.google.com/analytics/answer/6004245?hl=en
X. Use of data for order purposes
We save your personal information through our website only when provided by yourself, e.g. when you contact us via our web form, with an online application, or to carry out a contract. You will be informed in the respective entry and contact forms about the purpose of collecting the respective data, as well as in this privacy policy.
Individuals under the age of 18 should not submit any personal data without the consent of their parents or guardians.
All personal data and information we receive from you will be kept strictly confidential. These are used for the processing of orders, delivery of goods, provision of services, and processing of payments. If you pay on account, your credit rating may be requested from credit institutions.
EASYGIFTS GmbH processes the following categories of personal data:
- Contact details (name, address, telephone, mobile phone, e-mail address, date of birth)
- Registration number (tax numbers, EORI, VAT ID number)
- Bank details
- Order data (e.g. delivery addresses, if necessary with contact details)
We send regular e-mailings on promotions and current information, as well as catalog shipments by mail to our customers. If you do not wish this, you can unsubscribe from this service at any time.
This is based on the legal bases of the data processing according to DSGVO:
- Contract initiation / fulfillment of contract pursuant to Art. 6 (1) (b) DSGVO*
- Information / advertising for own purposes pursuant to Art. 6 (1) (f) GDPR
Your personal data is transmitted to our transportation service providers (freight forwarders and parcel service providers), technology, and other service providers that take part for correct order processing’s. These service providers have access to personal information needed to perform their duties. However, they may not use them for any other purpose. In addition, they are obliged to treat these personal data in accordance with this privacy policy and the German data protection laws.
XI. Job applications
Job vacancies are occasionally posted on our website and you are welcome to apply for these any time. Please note that sending documents or information via e-mail is not
always secure, an e-mail has the protecting value of a postcard when considering data protection laws. If you want to avoid potential abusive transmission of your data, please use the regular post or protect your attachments with a password that you can share with us separately.
Your personal data will be exclusively used in the context of your application and the selection of suitable candidates. As soon as the position is filled, your documents will be deleted from our system after a deadline for defence against litigation is reached (6 months at the latest.) Your data will not be used for commercial purposes. In case we are unable to take your application into account, but it is of interest for us for future vacancies, we will ask you electronically to take part in our job pool.
XII. Update of this privacy policy
As far as we introduce new products or services, or as the Internet and computer security technology evolves, this "Privacy Policy" will be updated. We consequently reserve the right to change or supplement further explanations as needed, and changes will be published on this page. Therefore, you should visit this page regularly to keep up to date with the privacy policy.
XIII. SSL-Encryption
This site utilizes SSL encryption for security reasons and to protect the transmission of sensitive content, such as the requests you send to us as the site operator. You can recognize an encrypted connection when the address line of your browser changes from "http: //" to "https: //" and a lock symbol appears. If SSL encryption is enabled, the data you submit to us cannot be read by third parties.
XIV. Rights of the data subject
If personal data are processed by you, you are affected within the meaning of the DSGVO and you have the following rights vis-à-vis the person responsible:
1. Right of information
You may ask the person in charge to confirm whether personal data concerning you will be processed by us.
If such processing has taken place, you can request the following information from the person responsible:
- the purposes for which the personal data are processed;
- the categories of personal data being processed;
- the recipients or categories of recipients to whom the personal data concerning you have been or are still being disclosed;
- the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
- the existence of a right to rectification or deletion of personal data concerning you, a right to limitation of processing by the controller or a right to object to such processing;
- the existence of a right of appeal to a supervisory authority;
- any available information on the origin of the data if the personal data are not collected from the data subject;
- the existence of automated decision-making including profiling in accordance with Art. 22 para. 1 and 4 DSGVO and - at least in these cases - meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 DSGVO in connection with the transmission.
2. Right to correction / rectification
You have a right to rectification and/or completion to the controller, if the personal data you process is incorrect or incomplete. The responsible person must make the correction without delay.
3. Right to restriction of processing
You may request the restriction of the processing of your personal data under the following conditions:
- if you contest the accuracy of your personal information for a period that enables the controller to verify the accuracy of your personal information;
- the processing is unlawful, and you refuse the deletion of the personal data and instead demand the restriction of the use of the personal data;
- the controller no longer needs the personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims, or
- if you have objected to the processing pursuant to Art. 21 (1) GDPR and it is not yet certain whether the legitimate reasons of the person responsible outweigh your reasons.
If the processing of personal data concerning you has been restricted, this data may only be used with your consent or for asserting purposes, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest Union or a Member State.
If the limitation of the processing after the mentioned conditions are restricted, you will be informed by the person in charge before the restriction is lifted.
4. Right to cancellation
a) Obligation to delete
You may require the controller to delete your personal information without delay, and the controller is required to delete that information immediately if one of the following is true:
- The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
- You revoke your consent, on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a DSGVO, and there is no other legal basis for the processing.
- You file an objection against the processing pursuant to Art. 21 para. 1 DSGVO and there are no overriding legitimate reasons for the processing, or you file an objection against the processing pursuant to Art. 21 para. 2 DSGVO.
- The personal data concerning you have been processed unlawfully.
- The deletion of personal data relating to you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the data controller is subject.
- The personal data concerning you were collected in relation to information society services offered pursuant to Art. 8 para. 1 DSGVO.
b) Information to third parties
If the person in charge has made the personal data concerning you public and is acc. Article 17 (1) of the GDPR, it shall take appropriate measures, including technical means, to inform data controllers who process the personal data that you have been identified as being affected, considering available technology and implementation costs Persons requesting deletion of all links to such personal data or of copies or replications of such personal data.
c) Exceptions
The right to cancellation does not exist insofar as the processing is necessary
- to exercise freedom of expression and information;
- for the performance of a legal obligation required for processing under the law of the Union or of the Member States to which the controller is subject or for the performance of a task in the public interest or in the exercise of official authority conferred on the controller;
- for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 DSGVO;
- for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 DSGVO, insofar as the law referred to under a) is likely to make it impossible or seriously impair the attainment of the objectives of such processing, or
- to assert, exercise or defend legal claims.
5. Right to information
If you have exercised the right of rectification, erasure or restriction of processing to the controller, he/she is obliged to notify all recipients to whom your personal data have been disclosed of this correction or deletion of the data or restriction of processing, unless: this proves to be impossible or involves a disproportionate effort.
You have a right to the person responsible to be informed about these recipients.
6. Right to data transfer
You have the right to receive personally identifiable information you provide to the controller in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another person without hindrance by the person responsible for providing the personal data, provided that
- the processing on a consent acc. Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a DSGVO or on a contract acc. Art. 6 para. 1 lit. b DSGVO is based and
- the processing is done by automated means.
In exercising this right, you also have the right to obtain that your personal data relating to you are transmitted directly from one person to another, insofar as this is technically feasible. Freedoms and rights of other persons may not be affected.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the controller.
7. Right of objection
You have the right at any time, for reasons that arise from your situation, to reject the processing of your personal data, which pursuant to Art. 6 para. 1 lit. e or f DSGVO takes an objection; this also applies to profiling based on these provisions.
The controller will no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for enforcing, exercising or defending legal claims.
If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such advertising; this also applies to profiling insofar as it is associated with such direct mail.
If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
Regardless of Directive 2002/58 / EC, you have the option, in the context of the use of information society services, of exercising your right to object through automated procedures that use technical specifications.
8. Right to revoke the data protection consent declaration
You have the right to revoke your data protection declaration at any time. The revocation of consent does not affect the legality of the processing carried out based on the consent until the revocation.
9. Automated decision on a case-by case basis, including profiling
You have the right not to be subjected to a decision based solely on automated processing - including profiling - that will have legal effect or similarly affect you in a comparable manner. This does not apply if the decision
- is required for the conclusion or performance of a contract between you and the controller,
- is permitted by Union or Member State legislation to which the controller is subject, and where such legislation contains appropriate measures to safeguard your rights and freedoms and legitimate interests, or
- with your express consent.
However, these decisions must not be based on special categories of personal data under Art. 9 (1) GDPR, unless Art. 9 (2) lit. a or g DSGVO applies and reasonable measures have been taken to protect the rights and freedoms as well as your legitimate interests.
Regarding the cases referred to in (1) and (3), the person responsible shall take appropriate measures to uphold the rights and freedoms and their legitimate interests, including at least the right to obtain the intervention of a person by the controller, to express his / her own position and heard on challenge of the decision.
10. Right to appeal to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in the corresponding Member State where you reside, work or suspect of infringement, if you believe that the processing of personal data concerning you is contrary to the DSGVO.
The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 DSGVO.
XV. Liability
The information in this website has been carefully checked, however, we assume no guarantee that the contents of our own websites are always correct, complete and up to date.
XVI. Data Security
In general, the internet is considered an insecure environment. In comparison to e.g. the telephone line, transmission of data on the internet by unauthorized third parties can be more easily monitored, recorded, or even altered.
XVII. Additional Information
Your trust is very important to us, we want to be able to answer your questions regarding the processing of your personal data whenever you need it. If you have questions that this Privacy Policy page did not solve, or if you would like to have further information, please contact our Privacy Officer at any time.
XVIII. Concluding Remark
We guarantee the confidentiality and security of your personal data by:
- using your personal data to the extent they have been provided to us through our website or e-mail communications, only to fulfil your requests or concerns,
- ensuring that our employees comply with our confidentiality obligations,
- ensuring that our security is adequately up-to-date with the latest technology,
- regularly checking our systems security so they can be sustainably protected against possible damage, loss, and access to data,
- and by ensuring that our data protection officer complies with our “Privacy Policy.”