1. Basic Information
We are delighted to have you visit our website, and we would like to thank you for your interest. In the following, we would like to inform you about how we handle your personal data when you use our web services, like our website with mobile end devices such as smart phones or tablets. Personal data includes all data which could be used to identify you personally, or which make you identifiable via a username or identification code, such as your IP address.
This Privacy Statement explains the legal basis and the purpose for this collection or processing of your data. We would like to inform you of your rights regarding the use of your personal data.
For security reasons and to protect the transfer of personal data and other confidential information (e.g., queries sent to Controllers), these online services use SSL or TLS encryption. You can identify an encrypted connection by checking that the letters “https://” and a lock symbol appear in your browser address line.
2. Your contact person for all data privacy related questions
If you have any questions regarding data protection, please contact us (from the EU):
Rolf C. Hagen INC.,
20500 Trans-Canada Hwy
Baie d’Urfé, Quebec
Tel.: +1 -514-457-0914
If you are from the EU or the EEA, the following applies:
- This company is the Controller for the processing of data on our online service pursuant to the General Data Protection Regulation (GRPD).
- Our EU representative is: Kaschae Datenschutz & Compliance GmbH, An der Alster 62, 20099 Hamburg, [email protected]
Contact information for our company Data Protection Officer: [email protected]
3. Data collection when accessing our online services
Accessing our web pages (without registration) will result in the automatic anonymised collection of the following data on our servers:
- masked IP address,
- access date/ time/ time zone,
- access status,
- type of access,
- type of protocol,
- type and number of pages accessed on our site,
- name and size of accessed files,
- referring website,
- web browser,
- operating system.
The listed non-personal data are collected automatically as part of the normal operations of our internet services. The information gathered about the use of our pages is not combined with any personal information provided through the online registration form. We do not have any personal references in our usage data.
We use the above data for the purposes of troubleshooting, generating statistics and measuring website activity with the aim of improving the value and use of our services. This also constitutes a legitimate interest for the purposes of processing (permissible in the EU pursuant to: Art. 6 (1) (f) GDPR).
Within our company, our web administrator is the only person with access to these data for the purposes listed above. We work with external services provided to maintain and to program the services we offer on the web, with whom we have job processing agreements for that purpose.
The above data are only collected for the period of use; once the use has ended, the data shall be deleted without delay, after seven days at the latest.
We do not use any automated decision making or conduct any profiling.
On our pages, we have provided an online form which enables you to make contact with us electronically. Your first and last name, address, email address and the kind of product you have purchased is required information. We need these data to process your request. You can also choose to provide us with additional information. Contacting us is always voluntary. Your request is logged by our internal customer service.
These data are solely used for the purpose of answering your request or responding to your request for contact, and the technical administration involved (permissible within the EU pursuant to: Art. (1) (b) GDPR).
After your request has been processed, we delete your contact information, at the latest, seven days after your request has been dealt with. This period of storage may be subject to statutory storage periods, for example, when your request is in connection with the processing of a contract or a warranty or guarantee. In this case, we store your request beyond seven days only for the purpose of complying with our legal obligations (permissible within the EU pursuant to: Art. 6 (1) (c) GDPR). In this case, we delete your data on termination of the statutory storage period, beginning at the conclusion of the contract. We will delete your data at the end of this retention period without any request to do so on your part.
5.1 Recommending products to existing customers
If you have ordered products from us and provided your email address, we are permitted by law to send you product recommendations for similar products which could be of interest to you, where you have not objected this use during the purchase process. This form of contact will only occur for the purpose of sending product recommendations via email to you as an existing customer. In this, we are pursuing our legitimate interest in sending personalised direct advertising to existing customers (permissible within the EU pursuant to: Art. 6 (1) (f) GDPR). If you have initially objected to this use of your email address, we will not send this information to you via email. You may withdraw your consent to the use of your email address to receive such messages from us at any time and with future effect. After receipt of your withdrawal of consent, we will cease the use of your email address for this purpose without delay.
5.2 Newsletter subscription
You can register for our email newsletter on our website. Our newsletter provides regular updates on new items, interesting offers and new promotions and campaigns. To receive our newsletter, you must only provide your email address. You may also choose to provide your name, to allow us to address you personally. We use the double opt-in process for our newsletter subscription. For this purpose, we will send you a confirmation email after we have received your consent to a newsletter subscription. In this email, we will ask you to confirm your subscription via a provided link. You will only receive our newsletter after this (second) activation of the service.
We store your email address and name if provided along with the declaration of consent for newsletter delivery for the period of your subscription, or until you withdraw your consent (cancel subscription). Any other data collected as part of newsletter delivery will be deleted after seven days.
5.3 Consent to newsletter subscription within the EU
The address you provided for our newsletter subscription and any other data you provided such as your name will solely be used for the purposes of sending advertisements to you via electronic mail. This sending of electronic advertising is lawful pursuant to Art. 6 (1) (a) GDPR.
You can withdraw your consent to the use of your email to receive newsletters at any time with future effect by sending an email or using our online contact form, or the link provided with the newsletter. After cancellation of this service, we will delete your email address without delay from our distribution list, unless you have expressly consented to another use of your data, or we reserve the right to use your data for lawful purposes and of which you have been informed appropriately. Data processing is legal until you withdraw your consent.
Your declaration of consent will be recorded electronically for the purposes of verification. On registration for the newsletter we also store the IP address provided by your Internet Service Provider (ISP) as well as the date and time of your subscription to trace any potential misuse of your email address at a later date.
If you have not consented to the newsletter subscription or have withdrawn said consent, you will only receive electronic mail from us in connection with the processing of orders you have placed with us.
5.4 Service providers for sending electronic advertising
Product recommendations and our newsletter are sent via email using the services provided by the following service provider: Mailchimp, a platform of The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA. This service provider acts on our behalf and strictly on our instructions, and is provided with your email address and your name (where provided) for this purpose. These data are processed on the service provider’s servers.
This service provider, acting on our behalf, will only use this information for delivery purposes and for the statistical assessment of the newsletter. For the purposes of this assessment, the emails contain web beacons or tracking pixels. This allows us to ascertain whether a newsletter has been opened, and which links you may have clicked. Using conversion tracking, we can then also analyse whether a certain action (e.g. the purchase of a product on our online pages) has taken place after clicking the link in the newsletter. Additionally, we collect further technical information, namely the time of access, the masked IP address, browser type and operating system. This technical information is exclusively collected in an anonymised form and is not linked to your personal data or your customer account, making it impossible for us to link that information back to you. In this way, we can rule out any connection of the data with your person. The data are only utilised for statistical analysis of our newsletter campaigns. The results of this analysis assist us in adapting our newsletter to customise future offers better to our customers’ interests. This analysis is lawful pursuant to Art. 6 (1) (f) GDPR as a legitimate interest in the optimisation and adaptation of our newsletter to better meet demand (permissible within the EU pursuant to: Art. 6 (1) (f) GDPR).
If you wish to reject the use of these data for analytical purposes, you must unsubscribe from the newsletter.
We have entered into a Data Processing Agreement with the service provider to protect our customers’ data and to not disclose that data to third-parties. This service provider is also registered with the “Privacy Shield” Program of the US Department of Commerce. The service provider is also obliged to observe the privacy protection provisions of the EU-US Privacy Shield, the legal framework for transatlantic transfer of data agreed between the European Commission and the United States of America. Available here: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv%3AOJ.L_.2016.207.01.0001.01.ENG.
More information on data processing by the service provider is available here: https://mailchimp.com/legal/privacy/.
6. Data processing in Canada
Personal data are also processed in Canada. An agreement between the EU and Canada mutually recognises adequacy of data protection. This provides the legal framework for the transatlantic transfer of data. You can read the agreement here: https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32002D0002
7.1 What are cookies?
7.2 What cookies do we use?
According to function, we classify our cookies as Required, Functional, Analysis & Statistics, and Advertising and Marketing. Some of the cookies we use are required for you to use our web pages (so called session cookies). If you disable this cookie, our pages may not be accessed. The authentication cookie provides you with access to the log-in page. Without this cookie, you cannot register or access the log-in page. These session cookies will be deleted when you close your browser.
Other cookies remain on your device and allow us and our partner companies (third-party cookies) to recognise your browser on your next visit (persistent cookies). Persistent cookies are automatically deleted after a certain period of time, which differs from cookie to cookie. For advertising purposes, we use a retargeting cookie which allows us to show you interesting offers, even outside of our web pages. For more information, see the following overview of cookies used.
7.3 What is the purpose of using cookies?
Most of the cookies we use do not store any information that can identify you personally or that makes you identifiable. Rather, these cookies provide us with general and anonymised information regarding the use of our websites, the pages that are visited, the browsers and operating systems used and the cities our visitors are located. We only collect masked IP addresses which make it impossible to recognise individual users or be assigned to any one individual.
In some cases, settings may be saved using cookies to simplify certain processes (e.g. registration). This processing is carried out in order to fulfil our obligations to you (permissible within the EU pursuant to: Art. 6 (1) (b) GDPR).
7.4 How to disable cookies
You can set your browser to inform you about the setting of cookies and whether you wish to accept cookies individually, or to accept only specific kinds of cookies, or to disable all cookies. Each browser is different in the way it administers its cookie settings. The Help menu of your browser provides information on how to change your cookie settings. You can find this information for your browser using the links below:
- Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
- Edge: https://support.microsoft.com/en-US/help/4027947/microsoft-edge-delete-cookies
- Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox
- Chrome: https://support.google.com/chrome/answer/95647?hl=en&hlrm=en
- Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/12.0/mac/10.14
- Opera: https://help.opera.com/en/latest/web-preferences/#cookies
Alternatively, the Digital Advertising Alliance provide information on cookies and settings at www.aboutads.info.
We sometimes work with web partners who help us to make our web pages more interesting for you. For this purpose, when you access some of our pages online, cookies from our partner companies may also be stored in your device (third-party cookies). This section provides more information regarding the use of these kinds of cookies, their scope, and the data they collect. The third-party cookies used by us are partially used for data processing in the USA. These service providers (e.g., Google, Facebook) are registered with the “Privacy Shield” Program of the US Department of Commerce.
They are also obliged to observe the privacy protection provisions of the EU-US Privacy Shield, the legal framework for transatlantic transfer of data agreed between the European Commission and the United States of America. Available here: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv%3AOJ.L_.2016.207.01.0001.01.ENG.
|Type of Cookie||Cookie Name||Description||Duration|
|cookie_notice_accepted; CONSENT||Saves your consent/rejection of optional cookies||1 day / 18 years|
|wp-wpml_current_language||Saves language settings: forwards users directly to the relevant language on multi-lingual pages based on the browser language.||Session end|
|PHPSESSID||This session cookie stores information regarding online activities during a single browser setting.||Session end|
|APISID, HSID, SAPISID, SID, SSID||These security cookies authenticate users, prevent fraudulent use of log-in information and protect user data from unauthorised access.|
Records a user’s Google Account ID and last sign-in time in encrypted form with a digital signature. Prevents attacks.
|NID||Personalisation cookie: The NIS cookie contains some clear ID, used to save the preferred settings and other user information, particularly the chosen language (e.g. English), how many search results should be displaced on each page (e.g., 10 or 20) and whether the Google SafeSearch filter should be activated. Data may be transmitted to Google.||6 months|
|SEARCH_SAMESITE||Prevents cross-site requests.||4 months|
|CONSENT||Saves your consent/rejection of optional cookies||1 day|
|woocommerce_cart_hash||Required for the shopping cart function on the website, to remember selected products, this also permits the website to advertise related products to the user based on the content of the shopping cart. Information: https://docs.woocommerce.com/document/woocommerce-cookies/||Duration of the session|
|bm_sz||Used in conjunction with the BotManager function of the website. This function, for the site owner, detects, categorises, and generates reports on potential bots trying to access the site. Identifies the user session and duration.||Duration of the session|
|_abck||Akamai BotManager cookie, assigned to the user. Used to detect users trying to re-use a cookie.||Duration of the session|
|ak_bmsc||This cookie is used to differentiate between people and bots. This is advantageous for the website to prevent the creation of invalid reports on the use of the website.||1 day|
|_AVESTA_ENVIRONMENT||This cookie is used when a user subscribes to the MailChimp email service.||Duration of the session|
|Analysis & Statistics|
|_ga||Google analysis tool, that provides website and app operators with insight on their interactions with users, compiles website use statistics.||2 years|
|_gid||This cookie is used to collect user behaviour for each user.||1 day|
|Advertising & Marketing|
|AID, ANID, OTZ||Used to display advertisements in various places on the web. Data are transmitted to Google.||1 year|
|__auc, _asc||Used to collect information on user behaviour and for the purposes of displaying advertising, which is sent to Alexa Analytics. Alexa Analytics is an Amazon company.||1 year|
|DSID||Links activities on various devices on which sign in to a Google account had occurred. Coordinates the display of advertising across a range of devices, and measures conversion rates.||3 weeks|
|SIDCC, __Secure-SSID||Used to determine the way a website is used, which advertisements have been displayed before the site is visited, to customise advertising on Google sites by linking your most recent search queries, previous interactions with an advertiser’s advertisements or search results, and visits to an advertiser’s site.||5 months|
|P_JAR,__Secure-3PAPISID, __Secure-3PSID, __Secure-APISID, DV, IDE||Creates a profile of website user’s interests in order to display relevant and personalised Google advertising (targeting).||1 month/ 2 years/ 5 months / 1 day / 1 year|
|__Secure-HSID||Used to display relevant and personalised advertising and for security purposes, to store digitally signed and encrypted records of a user’s Google account ID and their most recent sign-in which allows Google to authenticate users, prevent fraudulent use of log-in information and to protect user information from unauthorised parties.||5 months|
|_gat||Used for advertising which Google displays in various locations across the web. This allows interaction with advertisements displayed in the domain to be measured to prevent advertisements being repeated too often. Google can only read cookie the on the website which set it. This does not apply to other websites to which the user navigates. More information available at: https://policies.google.com/technologies/types?hl=en-us||1 day|
|IDE||Cookie for advertising preferences for non-Google sites. Used to optimise advertisements from Google DoubleClick to deliver relevant advertisements to users, to improve promotional services or to prevent the same advertisements being displayed to the user multiple times.||1 months|
7.7.1 Google Analytics (cookie name: _ga, _gid)
The information collected by the cookie regarding your use of our online web presence (including your masked IP address) is transferred to and stored in a Google server in the USA. Google uses this information to evaluate the use of our website to prepare reports about the activities on our online presence and provide us with additional services associated with that use. The IP address provided by your browser as part of the Google Analytics service is not added to any other Google data.
We use Google Analytics in our online presence for web analysis purposes exclusively with an add-on that provides an “anonymise IP” function. This setting ensures that Google Analytics erases the last part of your IP address. This anonymisation of your IP address removes any direct trace of you personally. When using this feature, Google masks your IP address within the member states of the European Union or in other signatory states to the Agreement on the European Economic Area prior to transferring that information outside of the EU. The full IP address will only be sent to a Google server for masking in the USA in exceptional cases. In this way, we do not receive data that provides us with a way to identify you personally.
We also use the Universal Analytics function with Google Analytics. Universal Analytics allows us to analyse the use of our online services across devices (e.g. access via a laptop and then later from a tablet). As a user, you will be given a pseudonymous User ID on registration. This is how the system recognizes your User ID when you access our site from another device. We do not allocate any names to the User ID, nor do we provide Google with any personal data. Privacy measures such as IP masking and Browser Add-ons are not restricted by the use of the Universal Analytics function.
This will prevent all future collection of data by Google Analytics within our web pages. This opt-out cookie only works only in that browser and only for this domain.
If you undertake any of the above cookie deactivation measures, you may not be able to use all the functions of our website to their full extent.
For more information regarding how Google Analytics deals with user information, please refer to Google’s Privacy Statement: https://policies.google.com/privacy?hl=en
7.8 Retargeting / Remarketing / Referral Advertising
7.8.1 Facebook Custom Audience Pixels
Facebook compares these data with all its registered users. If you are also registered to Facebook, Facebook will allocate these data to your Facebook User Profile. These data may be processed on servers in the USA. We have no influence over this data processing. The Facebook pixel collects the following data:
- input into the browser (everything present in the web protocol, the “HTTP headers”), i.e., IP addresses, information about the web browser, the page location, the document, the sender, and the user
- pixel-specific data, namely, the pixel ID and the Facebook cookie
- button-click data, namely all buttons you have clicked as a visitor to the website, the names of those buttons, and all pages visited as a result of the button clicks
- data to measure the success of an advertising campaign, namely, the conversion rate (clicks on displayed advertisements), type of page, purchase.
- information pertaining to the purchase, such as email, address, amount
Pixels may only be used with your consent. We have concluded a contract with Facebook between our respective Controllers (Art. 26 GDPR). In it, we have committed ourselves to informing you accordingly.
7.8.2 Google Ad Manager
Google Ad Manager allows us to design advertisements that are interactive, dynamic, and in a range of formats (e.g., video or individual), and to administer and evaluate them. Ad Manager cookies allow Google to recognise your browser. We receive the information that someone clicked on an advertisement and was sent to our site. For our part, we do not collect or process any personal data in those advertising measures. Google only provides us with statistical valuations on our campaigns. Using these valuations, we can see which of our advertising measures are the most successful. We do not receive any further data on the use of our advertising, and we are not able to identify the user on the basis of this information.
The information generated by the cookies is sent to a Google server in the USA and stored, and used for evaluation. Google is only permitted to share this information with third parties when required by law or under the framework of a data processing commission. Google will not under any circumstances combine these data with other data collected by Google.
You can prevent Ad Manager from collecting data by:
- preventing the installation of cookies using the settings in your browser software. More information is available at: https://support.google.com/ads/answer/7395996
- preventing the collection and processing of data by cookies by installing a browser plugin (https://support.google.com/ads/answer/7395996
- deactivating Google cookies on the Digital Advertising Alliance website at (http://optout.aboutads.info/?c=2#).
If you undertake any of the above cookie deactivation measures, you may not be able to use all the functions of our website to their full extent.
7.8.3 Google Tag Manager
More information on Google Tag Manager is available at: http://www.google.de/tagmanager/use-policy.html
7.8.4 Google Ads Remarketing
Our online services use the Google Ads remarketing function, which allows us to advertise our online services in Google search results and on third-party websites. This service is operated in the EU, the EEA and Switzerland by Google Ireland Limited Gordon House, Barrow Street Dublin 4., Ireland and in the USA by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. We have embedded a pixel (a snippet of code, also known as a remarketing tag) in our online presence, which Google uses to set a cookie in the browser of your end device. This cookie allows us to show you advertising based on your interests. It does this by generating a pseudonymous cookie ID, and analysing the web pages you have visited.
Further data processing only occurs if you have consented to Google linking your web and app browsing history with your Google account and using information from your Google account to personalise the advertisements you see on the internet. Information on the integration of user consent is available at: http://www.google.com/about/company/user-consent-policy.html
If you are logged into Google during a visit to our website, Google will use your data together with Google Analytics data to compile and define target group lists for cross-device remarketing. Google will temporarily link your personal data with data from Google Analytics to form target groups. More information is available at: https://policies.google.com/technologies/ads?hl=en and https://support.google.com/google-ads/answer/7664943?hl=en&ref_topic=3122875.
You can permanently deactivate cookies for interest-based advertising by downloading and installing the plugin for your browser available from https://support.google.com/ads/answer/7395996.
Alternatively, the Digital Advertising Alliance provide information on cookies and settings at www.aboutads.info. You can set your browser to inform you about the setting of cookies and whether you wish to accept cookies individually, or to accept specific kinds of cookies, or to disable all cookies. You can also set your browser to automatically delete cookies at the end of each session.
7.8.5 Use of Google Ads Conversion Tracking
Our online services use the online advertising program “Google Ads” and the conversion tracking it provides. Conversion tracking is a free tool from Google which measures interaction or transactions related to our advertising. For example, using the tool, we can evaluate whether users subscribe to our newsletter or how often clicks on our advertisements have led to activity on our web pages (e.g., registration). That way, we can identify which actions should be evaluated (i.e., conversions).
Technically, conversion tracking works via the conversion tracking code (the “tag”) integrated into our online services. Click rate data for our advertisements is collected using cookies.
Conversion tracking is set as a cookie when you, as a user, click on an advertisement displayed on Google. Normally, this cookie becomes invalid after 30 days, and is only used for anonymised identification. If you visit specific pages within our online presence as a user before the cookie becomes invalid, we and Google can tell that you originally clicked on an advertisement and were thus re-directed to our online services.
Google shares specific (customer specific) cookies with us as an Ads customer. As an Ads customer, we cannot track individuals using the cookies on our website. Instead, we receive statistical analyses from Google on the information that Google collected using the conversion cookies. This only tells us the number of users who clicked on our Ads advertisements and who were directed to our pages marked with conversion tracking tags. This statistical analysis does not contain any information that could identify you as an individual.
If you do not wish to participate in conversion tracking or wish to permanently disable personalisation cookies, you can use the settings in your internet browser. Alternatively, you can also download and install the plug-in for your browser available at: http://www.google.com/settings/ads/plugin?hl=en. Your user behaviour will then not be recorded in the conversion tracking statistics. Deactivating conversion tracking or cookies for personalised advertising may result however in limitations to the functioning of our online services.
Use of conversion tracking may result in Google processing your data on servers located in the USA. The principles of the EU-US Privacy Shield apply.
More information on Google’s privacy terms and conditions are available at: https://policies.google.com/privacy?hl-en-US
8. Integration of social media and other services
8.1 Integration of YouTube videos
We have integrated YouTube videos into our web pages that can be played on YouTube directly from our web pages. This uses the “expanded privacy mode” which only allows YouTube access to your data when you play the video. YouTube videos are only embedded for the purposes of making our website more user friendly, and to present our products. This constitutes a legitimate interest in customer acquisition and advertising (permissible in the EU pursuant to: Art. 6 (1) (f) GDPR). We do not collect any personal data in connection with the use of the embedded YouTube videos.
YouTube is a service operated in the EU, the EEA and Switzerland by Google Ireland Limited Gordon House, Barrow Street Dublin 4., Ireland and in the USA by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
We have used the privacy-enhanced mode to integrate YouTube videos into our site. Opening one of our pages which include YouTube videos, and clicking on a video, does not result in your data being provided to Google. Your consent will be sought before such data provision takes place, using the consent declaration that we have provided.
Once you have given your consent, or if you have called up a video on YouTube itself (e.g., in our YouTube channel), your data may be sent to a Google server in the USA and stored there. Google uses these data to evaluate your use of our videos on YouTube, to create anonymised reports about the videos watched and to offer video-use related services to us. We have an agreement with Google between our respective Controllers (Art. 26 GDPR) for the use of our YouTube channel. In it, we have committed ourselves to informing you about the processing of data when using our YouTube channel.
More information on data protection for the Google service “YouTube” is available in the provider’s Privacy Statement at: https://policies.google.com/privacy?hl=en&gl=en
8.2 Social media presence and use of social media icons on our pages
We do not use social plug-ins as active buttons on our website. We only use icons to refer to our presence in the following social networks:
- Facebook: Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland;
- Instagram: Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland;
- Twitter: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland;
- Pinterest: Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland;
- YouTube: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
We only display the social media icons on our pages, and they are not activated. To ensure your privacy, we have implemented a solution which only sends the address of our servers to these services and not your IP address should you click and activate a social media plug-in.
If you click on a plug-in on our pages, this indicates your consent to connect with these third-parties via a separate tab in your browser, and allows these third-parties to follow your visit to our pages. If you are a member of a social network, you can share the content of our web pages with other members of that social media network by clicking the button.
Your data may be processed outside of the EU if you are a member of a social network or when you visit or call up one of our social media pages. This may carry risks, for example, by making it harder for you to enforce your rights.
When you call up a social network, cookies are generally set to collect data on your user behaviour which is then stored in your end device. As long as you have a user account on any network, and are logged in, your user behaviour can be saved to your user account. The social networks may use this user behaviour information for market research and advertising purposes. This may result in advertisements being displayed to you both within and outside of your social networks. We have no influence over this.
We have no influence over the personal data collected and stored by social networks. We receive evaluations of user behaviour from the social media sites listed above, and may use this to send relevant advertising to users. If users interact with our social media pages and are logged into a user account, we can also recognise the user profile and see the content of comments or postings on our page. The processing of these data is carried out in joint responsibility with the provider of the social network in question. We have concluded an agreement with the individual providers of our social media pages on joint responsibility for the evaluation of data collected in connection with our social media pages (Art. 26 GDPR). In it, we have committed ourselves to providing you with this privacy information. More information is available from the privacy policies of the individual social networks. You may also exercise the rights to which you are entitled against us. However, as the social network provider stores and evaluates your data, they are able to more comprehensively fulfil your rights.
We operate a social media presence on https://www.instagram.com/catitofficial/, which we use to present photographs and posts related to our company, provide information on our services, and to communicate with customers. When using and accessing our Instagram page, your user data are processed by both the Ireland based company, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin, as well as the USA based Facebook Inc., 1601 Willow Road, Menlo Park, California 94025 (hereinafter referred to as “Facebook”). Facebook uses Instagram to enable a system (among other things) that distributes advertising across its network.
We analyse all access and interactions on our Instagram page. Facebook creates user profiles for this purpose, but only provides us with anonymised data in this regard. This involves aggregate data which provides us with insights of how users interact with our Instagram page. The resulting statistics are only provided to us in anonymised form. We have no access to the underlying data. We process your data in conjunction with Facebook to provide this insight service. For this reason, we have concluded an agreement with Facebook between our respective Controllers.
Depending on your activity, this use is lawful pursuant to either your consent (Art. 6 (1) (a) GDPR) or due to our legitimate interest in providing tailored marketing to our customers (Art. 6 (1) (f) GDPR). Instagram users may withdraw consent on publishing their comment or Like at any time with future effect by deleting the comment or content in question. The legality of any processing that has occurred prior to the revocation of that consent remains unaffected.
Facebook offers you the opportunity to object to certain data processing; the relevant information and possibilities to opt-out can be found at https://www.facebook.com/policies/cookies/ and for registered users at https://www.facebook.com/settings?tab=ads.
Instagram users can influence the extent to which their user behaviour may be recorded on our Instagram page at https://www.facebook.com/ads/preferences. Alternatively, the relevant settings can be changed at https://www.facebook.com/settings and https://www.instagram.com/accounts/login/?next=/accounts/privacy_and_security/ or you can reject the processing of your data at: https://www.facebook.com/help/contact/367438723733209.
You can also use the settings in your browser to prevent the processing your data using Facebook cookies.
Facebook only transfers user data to countries which have been granted an Adequacy Decision by the European Commission pursuant to Art. 45 GDPR or based on guarantees offered pursuant to Art. 46 GDPR. Facebook Inc. and all its affiliated companies are certified under the EU-US Privacy Shield and therefore provides an appropriate level of data protection (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
8.4 Facebook fanpage
Description of purpose and legal basis of data processing
In addition to our company website, we also operate a Facebook page (known as a fanpage). This can be found at https://www.facebook.com/catitdesign We use this page to introduce our company, provide information on our products and services, and to communicate with customers and interested parties.
We only process personal data when you interact with our Facebook page, e.g. if you leave a comment, click a Like button or send us a message. This use is lawful pursuant to either your consent (Art. 6 (1) (a) GDPR) or due to our legitimate interest in providing tailored marketing to our customers (Art. 6 (1) (f) GDPR). This includes for example, showing our current range, you send us a query in relation to a contract, or if you like or comment on one of our posts, or if you upload content to our Facebook page.
Analysis of user activity
We analyse all access and interactions on our Facebook page. Facebook creates user profiles for this purpose, but only provides us with anonymised data in this regard. This involves aggregate data which provides us with insights of how users interact with our Facebook page.
Use of the data by Facebook:
Facebook only transfers user data to countries which have been granted an Adequacy Decision by the European Commission pursuant to Art. 45 GDPR or based on guarantees offered pursuant to Art. 46 GDPR. Facebook Inc. and all its affiliated companies are certified under the EU-US Privacy Shield and therefore provide an appropriate level of data protection (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
Withdrawal of consent and right to object
You may revoke your consent at any time with future effect. The legality of any processing that has occurred prior to the revocation of your consent remains unaffected. You may delete a comment or uploaded material yourself at any time.
Facebook offers you the opportunity to object to certain data processing; the relevant information and possibilities to opt-out can be found at https://www.facebook.com/policies/cookies/ and for registered users at https://www.facebook.com/settings?tab=ads.
We operate a social media presence on https://www.twitter.com/catit, which we use to present photographs and posts related to our company, provide information on our services, and to communicate with customers. When using or accessing our Twitter page, user data are also processed by the USA based company Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103,USA (hereinafter referred to as “Twitter”). Twitter also offers a system for distributing advertising on Twitter at https://ads.twitter.com/.
We analyse all access and interactions on our Twitter page. Twitter creates user profiles for this purpose, but only provides us with anonymised data under https://analytics.twitter.com/. This involves aggregate data which provides us with insights of how users interact with our Twitter page. The resulting statistics are only provided to us in anonymised form. We have no access to the underlying data. We process your data in conjunction with Twitter to provide this insight service. For this reason, we have concluded an agreement between our respective Controllers.
Our Twitter page can be accessed whether or not you have a Twitter user account. We only process personal data when you interact with our Twitter page, e.g. if you leave a comment, click a Like button or send us a message. We do not provide these data to third parties. More information on privacy and data protection at Twitter: https://twitter.com/privacy.
Within the EU, this data processing is lawful as per your consent (Art. 6 (1) (a) GDPR). Twitter users may withdraw consent for publishing their comment or Like at any time with future effect by deleting the comment or content in question. The legality of any processing that has occurred prior to the revocation of that consent remains unaffected.
Twitter offers you the opportunity to object to certain data processing; the relevant information and possibilities to opt-out can be found at https://twitter.com/personalization.
Twitter users can influence the extent to which their user behaviour may be recorded on our Twitter page at https://twitter.com/personalization. You can also personalise the relevant settings.
You can also use the settings in your browser to prevent the processing of your data using Twitter cookies.
We operate a social media presence on https://www.pinterest.com/catitdesignproducts/ which we use to present pins (photographs, links, and text) provide information on our services, and to communicate with customers. Pinterest is a service operated in the EU by Pinterest Europe Ldt., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Irland., in the USA by Pinterest Inc., 505 Brannan Street, Suite 900, San Francisco, CA 94107,USA (hereinafter referred to as “Pinterest”). Pinterest also offers a system for distributing advertising on Pinterest at https://ads.pinterest.com/ .
We analyse all access and interactions on our Pinterest page. Pinterest creates user profiles for this purpose, but only provides us with anonymised data in this regard under https://analytics.pinterest.com/, known as Audience Insights. This involves aggregate data which provides us with insights of how users interact with our Pinterest page. The resulting statistics are only provided to us in anonymised form. We have no access to the underlying data. We process your data in conjunction with Pinterest to provide this Audience Insights service. For this reason, we have concluded an agreement between our respective Controllers.
Our Pinterest page can be accessed whether or not you have a Pinterest user account. We only process personal data when you interact with our Pinterest page, e.g. if you leave a comment, click a Like button, re-pin our pin, or send us a message. We do not provide these data to third parties. The Pinterest data protection provisions apply: https://policy.pinterest.com/privacy-policy.
Within the EU, this data processing is lawful as per your consent (Art. 6 (1) (a) GDPR). Pinterest users may withdraw consent on publishing their comment, Like, or pin at any time with future effect by deleting the comment or content in question. The legality of any processing that has occurred prior to the revocation of that consent remains unaffected.
Pinterest offers you the opportunity to object to certain data processing; the relevant information and possibilities to opt-out can be found at https://www.pinterest.com/settings/privacy/ .
Pinterest users can influence the extent to which their user behaviour on our Pinterest page may be recorded at https://www.pinterest.com/settings/privacy/.
You can also use the settings in your browser to prevent the processing of your data using Pinterest cookies.
8.7 Google Maps
This website uses Google Maps to display interactive maps and to provide directions. Google Maps is a mapping service operated in the EU and EEA by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google”). You will only be shown the embedded Google Map after you have given your consent (Art. 6 (1) (a) GDPR).
On our website you will first only see an initial box with a reference to Google Maps. No data are transferred to Google until you activate the box on the screen and agree to the use of Google Maps.
Activation of the use of Google Maps via our website may result in information being sent to Google in the USA for processing regarding use of the website, including your IP address, device information (operating system), your location, and any start and destination information you input into the route planner function. Google may also pass on this information to third parties, insofar as this is legally permitted or where those third parties process the data for Google. We have no influence over the scope of data collected by Google in this way. We as a company do not collect any personal data in connection with the use of Google Maps.
To the best of our knowledge, at least the following data are included:
- data and time of the visit to our website
- internet address or URL of website accessed
- IP address,
- location information
- a start and destination location where the route planner is used.
9. Your rights as enforceable in the EU
Please read the following information about your rights as a data subject regarding the processing of your personal data.
9.1 The right of access
You have the right to request a confirmation whether your personal data are being processed. Should this be the case, you have the right to be informed of the personal data that have been collected, stored or processed, as well as to the following information:
- the processing purpose;
- the recipients or categories of recipients to whom these data have been disclosed or will be disclosed;
- the duration of storage or the criteria for determining that duration;
- your additional rights (see below);
- if the personal data have not been collected from you, all available information regarding its source;
- the existence of automated decision-making, including profiling, and where existent, further relevant information.
You have the right to be informed of the appropriate safeguards available pursuant to Art. 46 GDPR against the transfer of your data to a third country or international organisation.
9.2 The right to rectification
You have the right to request the correction without delay of incorrect or incomplete personal data.
9.3 Right to erasure (right to be forgotten)
You have the right to request that we delete all your personal data without delay. We are obliged to delete your personal data without delay where one of the following grounds applies:
- your personal data are no longer required for the purpose for which they were collected or otherwise processed.
- you are withdrawing your consent and there are no other legal grounds for processing that data.
- you are filing an objection (see below) to the data processing.
- your personal data were unlawfully processed.
- the deletion of your personal data are necessary to fulfil an obligation under EU law or the law of the Member States.
- a child has provided consent to the collection of personal data.
9.4 Right to restriction of processing:
You have the right to request a restriction of our data processing when one of the following conditions is met:
- you are contesting the accuracy of the personal data;
- the data processing is unlawful but you do not agree to the deletion of the personal data, instead requesting a restriction of its use;
- we no longer need the personal data for the purposes of processing, but you need the data to establish, exercise or defend legal claims; or
- you have objected to processing (see below) and it is not yet clear whether our legitimate interest will prevail.
9.5 Right to notification
If you have exercised your right to rectification, erasure or restriction of processing against us, we are obliged to inform all recipients to whom your personal data have been disclosed of this rectification, erasure of the data or restriction of the data processing unless this proves impossible or requires a disproportionate effort. You have the right to be informed of those recipients.
9.6 Right to data portability
You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format. You also have the right to transfer these data to another controller without interference on our part provided that:
- the processing is based on consent granted pursuant to Art. 6 (1) (a) GDPR or Art.9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR; and
- the processing is carried our using automated methods.
In exercising this right, you may request that personal data related to you be transferred directly from us to another controller in so far as this is technically feasible, and does not infringe on the freedoms and rights of any other person. The right to data portability does not apply to the processing of personal data required for fulfilling a task carried out in the public interest or in the exercise of an official authority invested in the controller.
9.7 Right to object
You have the right, based on grounds relating to your particular personal situation to object at any time to the processing of your personal data, unless it is based on one of the following grounds:
- the processing of your personal data by us is required for the fulfilment of a task that lies in the public interest or in the exercise of public authority that has been delegated to us; or
- the processing is necessary to safeguard our legitimate interest or the legitimate interest of a third-party, in so far as your interests or basic rights require that protection of your personal data prevail.
The right to object also applies to profiling based on these processes.
If the personal data that concerns you is being processed for direct marketing purposes, you have the right to object to the processing of your personal data for such marketing purposes. This also applies to profiling insofar as it is associated with such direct marketing.
You also have the right, on grounds arising from your particular personal situation, to object to the processing of your personal data undertaken by us for scientific or historical research purposes or for statistical purposes, unless such processing is necessary for the performance of a task in the public interest.
9.8 Right to withdraw consent and data protection law
You may revoke your consent at any time with future effect. The revocation may be simply sent to us at any time, e.g., an informal email. Processing of your data which occurred prior to the withdrawal of consent is not affected.
9.9 Right of appeal to the supervisory authority
Do you think that the processing of your personal data was illegal? Then you have the right to lodge a complaint with a supervisory authority, particularly in your country of residence or country of work, or at the location the alleged breach took place. If you are in doubt, contact the agency responsible for us at Hamburg Commissioner for Data Protection and Freedom of Information (Ludwig-Erhard-Str 22, 7 OG, 20459 Hamburg, Tel.: 040 428 544040, Fax: 040 428 544000, E-Mail: [email protected]. Other administrative or judicial remedies are not affected by the exercise of these rights.
Last updated: May 2020
Rolf C. Hagen INC.,