Data Protection Policy
§ 1 General provisions
We will solely process your personal data (e.g. title, name, email address, telephone number, bank account details, credit card number) in accordance with the framework of German data protection regulations and the General Data Protection Regulations of the European Union (EU – GDPR). The following provisions will provide you with information about the purpose of processing, who receives your data, legalities, period of data storage, as well about your rights and information about those processing your data. This data protection statement refers exclusively to our website. If you follow links from our webpages to other pages outside of our website, please check these sites for their specific data protection policies.
The following data will be registered on our server log files: website visit, time of access, amount of data transferred in bytes, source / link from where the website was accessed, and the browser, operating system and IP-address used to access the site.
Your collected data is only used for statistical analysis and to help us improve our website. However, the website operator reserves the right to check server log files in cases where there is a concrete indication of unlawful use.
§ 2 Data processing to fulfill contract obligations
(1) Purposes of data processing
The personal data that you have made available to us during the ordering process is necessary to conclude a contract with us. Without receiving information about your address, we will not be able to send your order to you. For many of our payment processes, it is necessary to transfer your payment data to a third party as it is required by our subcontractor who provides us with payment services (Novalnet AG Finanzdienst-leistungsinstitut (BA), Gutenbergstr. 2, 85737 Ismaning). The personal data collected during the ordering process is necessary for carrying out your contracted order.
If you contact us before the contract has been concluded via email, through a contact form, etc. with a request, the thereby stored data will solely be used to process your request, to contact you about the necessary measures to be taken to complete your order, or to answer questions about our products.
The legal basis for data processing is delineated in Article 6 § 1 point (b) of the EU-GDPR.
(3) Data receiver categories
Those who may receive your data fall under the categories of: payment service suppliers, delivery service suppliers, hosting operators, or when applicable, merchandise management systems.
(4) Period of data storage
The personal data that is necessary to carry out your contracted order will be stored in accordance with the statutory storage time limits and when applicable, until the contract guarantee period has ended.
The data that is required by the statutory regulations regarding warranties and if applicable, guarantee periods, will be stored until the statutory limits have expired.
Data that is required by commercial and tax laws will be stored for the period deemed by law, as a rule, for ten years pursuant to §257 of the German Commercial Code (HGB) and §147 of the German Tax Code (AO).
After the expiration of the storage period, a routine deletion of the data is performed as long as the data is no longer necessary for purposes of initiating or fulfilling a contract.
§ 3 Use of image data files
Your image data (photographs) will strictly be used within the framework of statutory regulations.
Your photographs will only be used to create your photo albums and will be subsequently deleted after a holdback period of a few weeks in case of reclamations.
Please note: the created album and the photographs that were uploaded using the Online Designer to create said album will not be automatically deleted. You can delete individual photos or an entire album, including all photos used to create it, by using the Online Designer.
(1) Purpose of using cookies
In order to make the website more attractive for the user and to make the usability of particular functions possible, we make use on various webpages of so-called ‘cookies.’ Cookies are small text files that are put on your computer when you are browsing through our web pages. These cookies make it possible to, for example, put more than one product in the shopping cart or to recognize your browser on your next visit. Cookies also make it possible to save your customer account passwords permanently.
The legal basis for data processing is delineated in Article 6 § 1 point (b) of the EU-GDPR.
(3) Justifiable interest
Our justifiable interest is the functionality of our website. The data collected through the installation of technically required cookies and the permanent cookies described here, will not be used to compile user profiles. In this way, your data protection interests can be ensured.
(4) Period of data storage
Some of the installed cookies expire after you close your browser (these are so-called session cookies). Other cookies remain on your device and enable your browser to be recognized upon your next visit (these are so-called persistent cookies).
(5) Right to object
If you do not want have these cookies stored, you need to deactivate the storage of cookies in your internet browser configuration. Please be aware that when you refuse to accept cookies, the usability of our website may be impaired. Permanent cookies can also be deleted over your browser.
§ 5 Use of Google Analytics
Under http://www.google.com/intl/de/analytics/privacyoverview.html, you can access general information about Google Analytics and data protection. We would like to point out that on this website, Google Analytics with the code “gat._anonymizelp();” will make your IP address anonymous (so-called IP masking) to guarantee your privacy.
§ 6 Use of Google +1 button
The website will continue to use the Google +1 button which is linked to Google Plus. This function is operated by Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). When you visit a page that has a +1 button, a direct connection between your browser and the Google server is established. The website operator does not have any influence on the nature and scope of data which is transferred through the plug in to the Google server. According to Google, Inc., if you click on the +1 button while you are logged on to Google +, the contents of the page will be collected and connected to your personal profile account only after you click on the +1 button. Also, the IP addresses of users will be directly recognized and assigned to your account.
If you would like to object the storing and linking your data to your personal account by Google Inc., log out of Google before using this website.
For more information about the +1 button, please go to: https://developers.google.com/+/web/buttons-policy
§ 7 Use of Facebook Social Plug-ins
This website uses so-called social plug-ins (“plug-ins”) from the social network Facebook which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). These plug-ins are indicated by the Facebook logo or by the “Facebook Social Plugin” description. You can find an overview of Facebook plug-ins and their appearance here: http://developers.facebook.com/plugins
When you visit one of our webpages that contains such a plug-in, your browser makes a direct connection to Facebook’s servers. Facebook will transmit the contents of the plug-in directly to your browser and embed it in the website. Through embedded plug-ins, Facebook receives data pertaining to correlating information you call up on our website – even if you do not have a Facebook account or are not logged in to your Facebook account at the time. This information (including your IP address) is transmitted over your browser directly to a Facebook server in the USA and stored there. If you are logged into Facebook, Facebook can associate this information with your Facebook account. When you interact with the plug-ins (for example, by clicking the ‘like’ button or leaving a comment), the corresponding information is transmitted directly from your browser to Facebook, where it is saved. The information is also posted on Facebook and can be seen by your Facebook friends.
§ 8 Use of Twitter functions
One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 IRELAND). If you visit a page that contains such a function, a direct connection between your browser and the Twitter server will be established. The website operator has no influence over the nature and the scope of the data that is transferred to Twitter’s server through the plug in.
According to Twitter Inc., only your IP address will be stored. For more information about Twitter’s personal data policy, please visit: https://twitter.com/en/privacy?lang
§ 9 Handling of contact data
When you contact the website operator through the contact possibilities offered on the website, the personal data that you have made available will be stored in order to refer to it when processing and answering your request. This information cannot be transferred to a third party without your consent.
§ 10 Handling commentary and forum contributions
When you leave a comment or a forum contribution, your IP address will be stored. This is necessary for the security of the website operator – if your text infringes upon any laws, the operator must be able to trace your identity.
§ 11 Notice about the newsletter and consent
With the following notices, will explain the topics concerning our newsletter, as well as our registration, delivery and statistical analysis and your right to object to the collection of your personal data. When you subscribe to our newsletter, you have given your consent to receiving said newsletter and have been thus informed and have consented to the other processes described hereafter.
§ 12 Newsletter
(1) Purpose of use
When you register for our newsletter, your email will be used for advertising purposes. Therefore, within the framework of the newsletter, we will inform you particularly about our product range. For statistical purposes, we can also analyze what links have been clicked on in the newsletter. However, the concrete identity of an individual who clicked on an item remains anonymous. You have given your consent expressly either specifically or during the process of ordering by clicking on: subscribe to newsletter.
(2) Double Opt-In and protocol
Registration for our newsletter is done with a so-called double opt-in process. After subscribing, you will receive a confirmation email and you will be asked to click on a link to verify your registration. This confirmation is necessary to ensure that no one can register email addresses that are not their own.
The newsletter registration is protocolled to ensure that the registration process fulfills legal requirements. In this process, the time of registration and confirmation will be noted along with your IP address.
The legal basis for data processing is delineated in Article 6 § 1 point (b) of the EU-GDPR.
(4) Receiver categories
Those who may receive your data could also fall under the category of a newsletter dispatch service supplier.
(5) Period of data storage
Your email address will be only be used for sending the newsletter to you and only stored as long as you are a subscriber.
(6) Right of objection
You can revoke your consent for future dissemination at any time. If you no longer wish to receive the newsletter, you can unsubscribe using the ‘unsubscribe’ link given in the newsletter.
§13 Rights of the data subject
When your personal data has been processed by us, you are a “data subject” as understood in the General Data Protection Regulation of the European Union (EU-GDPR) and as such, you are afforded the following rights from us as the responsible processors of your personal data, i.e. the controller.
1. Right to information
You can request a confirmation from the controller verifying if personal data about you as the data subject is being / has been processed by Bindit.
In the case that such a processing has taken place, you can request the following information from us:
(1) the purposes for which your personal data is being processed;
(2) the categories of your personal data that have been processed;
(3) the recipients or categories of recipients to whom your personal data has been disclosed at the time of your request or to whom the personal data will be disclosed to in the future;
(4) the planned period of storage of your personal data or if not possible, the criteria used to determine that period;
(5) the existence of the right to request rectification, erasure or restriction of processing of personal data concerning you as the data subject or to object to such processing;
(6) the right to lodge a complaint with a supervisory authority;
(7) the right to any available information about the source of the data in the event that personal data has not been collected from you as the data subject. Furthermore, you also have the right to request information from us as to whether your stored or collected personal data has been transferred to a third country or international organization. In this context, you have the right to request an appropriate guarantee pursuant to Article 46 EU-GDPR and in relation to this, to be advised of such transference.
2. Right to rectification
You have the right to require us to rectify and / or complete the data you have provided as the responsible processor of your data when the processed personal data that concerns you is incorrect or incomplete. In this case, we will immediately undertake the necessary rectifications.
3. Right to restriction of processing
Under the following conditions, you have the right to request that the processing of your personal data as a data subject be restricted:
(1) where the accuracy of the personal data is contested by the data subject for the period of time that it takes us to verify the accuracy of the personal data;
(2) the processing is unlawful and the data subject opposes the erasure of the personal data and instead requests a restriction of its use;
(3) the processor no longer requires the personal data for the purposes of processing, but the data is needed by the data subject for the establishment, exercise of defense of legal claims; or
(4) where a request for the processing of personal data to be restricted has been made under Article 21 §1 EU-GDPR and it is not clear whether the legal grounds for the processing by the responsible controller override those of the data subject.
4. Right to erasure (‘right to be forgotten’)
a) Obligation of deletion
You have the right to request that we, as the processors of your data, erase your personal data without undue delay. In this case, as the controller, we are obligated to erase your data without undue delay where one of the following grounds apply:
(1) the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
(2) you withdraw your consent on which the processing is based according to Article 6 §1 point (a) or Article 9 §2 point (a) of the EU-GDPR, and where there is no other legal ground for the processing;
(3) you object to the processing pursuant to Article 21 §1 EU-GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21 §2 EU-GDPR;
(4) the personal data has been unlawfully processed;
(5) the personal data has to be erased in order to fulfill a legal obligation in the European Union or member state law to which the controller is subject to;
(6) the personal data has been collected in relation to the offer of information society services referred to in Article 8 § 1.
b) Information to third parties
If we, as the responsible party for the processing of your personal data, have made your personal data public and are therefore obligated to erase the personal data pursuant to Article 17 §1 EU-GDPR, we will take appropriate measures as far as available technology and the costs of implementation allow, and including technical measures, to inform controllers processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of this personal data.
The right of erasure is not valid when the data is necessary for the following processing:
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing in accordance with European Union or member state laws to which the controller is subject to or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with Article 9 §2 points (h) and (i) as well as Article 9 §3 of the EU-GDPR;
(4) for archiving purposes in the public interest, scientific or historical research or statistical purposes in accordance with Article 89 §1 EU GDPR in so far as the right referred to in §1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) for the establishment, exercise or defense of legal claims.
5. Right of notification
If you have exercised the right of rectification, erasure or restriction of processing as the data subject to us as the controller, i.e. responsible party for processing your data, then we are obligated to communicate the rectification, erasure or restriction to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort.
You have the right as data subject to be informed about those recipients by Bindit, as the controller, and we are obligated to do so upon your request.
6. Right to technical data portability of your personal data
In as far as you have the right to information as aforementioned in this text, you have the right to receive your personal data that you have provided to us or that we have stored about you in a structured, commonly used and machine-readable format. In addition, you have the right to transmit your data to another controller without hindrance from the controller who originally processed said personal data, where:
(1) the processing is based on consent pursuant to Article 6 §1 point (a) in the EU- GDPR or Article 9 §2 or on a contract pursuant to Article 6 § 1 point (b); and
(2) the processing is carried out through automated means.
In exercising this right, you have the further right to have the personal data in question be transferred directly from one controller to another in as far as this technically feasible. The rights and freedoms of third parties shall not be adversely affected thereby. The right of data portability shall not apply to the processing of personal data that is necessary for the performance of a task that is carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to object
You have the right to object to the processing of your personal data on grounds related to your particular situation and at any time, based on Article 6 §1 point (e) or (f), including profiling based on those provisions.
We, as the controller, i.e. the party responsible for collecting and / or storing your personal data, shall no longer process said data in accordance with your right to object unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
Where your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing. When you, as the data subject, object to processing your personal data for direct marketing purposes, then your personal data shall no longer be processed for such purposes.
8. Right to rescind a data protection declaration of consent
You have the right to rescind your data protection declaration of consent at any time. The legality of the processing of your personal data carried out after you gave your consent until receipt of your revocation remains valid.
9. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the regulations set forth in EU-GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 or the EU-GDPR.
Data Protection Officer / Contact Person
If you have any questions regarding the topic of data protection at Bindit, please contact our Data Protection Officer:
+49 40 875 0 9800
Stand: Mai 2018