|Company Name:||travSIM GmbH|
|Physical Address:||Firedrich-Franz-Str. 19 Haus A|
|Postal Code, Location, Country:||14776 Brandenburg an der Havel, Germany|
|Commercial Registration Number:||Potsdam, HRB 27022 P|
|Managing Director:||Marcel Scheifhacken|
UK +44-20 36 08 30 32
USA +1-78 78 22 64 79
Data protection officer:
E-Mail Address: firstname.lastname@example.org
As of: 24.05.2018
1. Basic information on data processing and legal basis
1.2. The terms used, such as "Personal data" or their "processing", we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
1.3. The personal data of users processed in the context of this online offer includes stock data (e.g., names and addresses of customers), contact data (e-mail, telephone numbers), contract data (e.g., services used, payment information), meta / communication data (IP -addresses), usage data (e.g., the visited websites of our online offer, interest in our products) and content data (e.g., entries in the contact form).
1.4. The term "user" covers all categories of persons affected by data processing. These include our business partners, customers, interested parties and other visitors to our online offer. The terms used, such as "Users" are to be understood gender-neutral.
1.5. We process personal data of users only in compliance with the relevant data protection regulations. This means that users' data will only be processed if there is a legal permit. That is, especially if the data processing for the provision of our contractual services (e.g., processing of orders) as well as online services required or required by law, the consent of the user exists, as well as our legitimate interests (i.e. interest in the analysis, optimization and economic operation and security of our online offer within the meaning of Art. 6 (1) lit. GDPR, in particular in the range measurement, creation of profiles for advertising and marketing purposes as well as collection of access data and use of third-party services.
1.6. Please note that the legal basis of the consents Art. 6 para. 1 lit. a. and Art. 7 GDPR, the legal basis for the processing for the performance of our services and the performance of contractual measures Art. 6 para. 1 lit. b. GDPR, the legal basis for processing to fulfill our legal obligations Art. 6 para. 1 lit. c. GDPR, and the legal basis for processing to safeguard our legitimate interests Art. 6 para. 1 lit. f. GDPR is.
2. Safety measures
2.1. We take organizational, contractual and technical security measures in accordance with the state-of-the-art to ensure that the provisions of data protection laws are adhered to and in order to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.
2.2. One of the security measures is the encrypted transfer of data between your browser and our server.
3. Disclosure of data to third parties and third-party providers
3.1. A transfer of data to third parties is only within the scope of legal requirements. We will only pass users' data on to third parties if this is the case, e.g. based on Art. 6 para. 1 lit. b) GDPR is required for contract purposes or based on legitimate interests acc. Art. 6 para. 1 lit. f. GDPR on the economical and effective operation of our business operations.
3.2. If we use subcontractors to provide our services, we will take appropriate legal precautions and appropriate technical and organizational measures to protect personal data in accordance with applicable law.
4. Provision of contractual services
4.1. We process inventory data (e.g., names and addresses as well as contact information of users), contract data (e.g., services used, names of contacts, payment information) for the purpose of fulfilling our contractual obligations and services in accordance with Art. Art. 6 para. 1 lit b. GDPR.
4.2. Users can optionally create a user account, in particular by being able to view their orders. As part of the registration, the necessary mandatory information will be communicated to the users. The user accounts are not public and cannot be indexed by search engines. If users have terminated their user account, their data will be deleted with regards to the user account, subject to their retention is for commercial or tax law reasons according to Art. 6 para. 1 lit. c GDPR necessary. It is the responsibility of the users to secure their data upon termination before the end of the contract. We are entitled to irretrievably delete all user data stored during the term of the contract.
4.3 As part of the registration and re-registration and use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user's protection against misuse and other unauthorized use. A transfer of these data to third parties does not take place, unless it is necessary for the prosecution of our claims or there is a legal obligation in accordance with. Art. 6 para. 1 lit. c GDPR.
5. Electronic communication
5.1. When contacting us (via contact form or e-mail), the information provided by the user is used to process the contact request and its processing acc. Art. 6 para. 1 lit. b) GDPR.
5.2. User information can be stored in our Customer Relationship Management System ("CRM System") or similar request organization.
5.3. We use the CRM system "Zendesk", Zendesk GLOBALES HQ - 1019 Market St., San Francisco, CA 94103, USA based on our legitimate interests (efficient and fast processing of user requests). For this purpose, we have entered into a contract with Zendesk with so-called standard contractual clauses, in which Zendesk commits itself to processing user data only in accordance with our instructions and compliance with the EU data protection standard. Zendesk is also certified under the Privacy Shield Agreement, providing an additional guarantee to comply with European privacy legislation https://www.privacyshield.gov/participant?id=a2zt0000000TOjeAAG&status=Active .
6. Comments and posts
6.1. If users leave comments or other contributions, their IP addresses are based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR saved for 7 days.
6.2. This is for our own safety, if someone leaves illegal content in comments and contributions (insults, prohibited political propaganda, etc.). In this case, we ourselves can be prosecuted for the comment or post and are therefore interested in the identity of the author.
7. Collection of access data and log files
7.1. Based on our legitimate interests for the purpose of Art. 6 para. 1 lit. f. GDPR data about every access to the server on which this service is located (so-called server log files). The access data includes the name of the retrieved web page, file, date and time of retrieval, amount of data transferred, message about successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.
7.2. Logfile information is stored for security purposes (for example, to investigate abusive or fraudulent activities) for a maximum of seven days and then deleted. Data whose further retention is required for evidential purposes shall be exempted from the cancellation until final clarification of the incident.
8. Cookies & reach measurement
8.1. Cookies are information transmitted from our web server or third-party web servers to users' web browsers and stored there for later retrieval. Cookies can be small files or other types of information storage.
8.2. We use "session cookies" that are only stored for the duration of the current visit to our online presence (for example, to enable the storage of your login status or the shopping cart function to enable the use of our online offer). In a session cookie, a randomly generated unique identification number is stored, a so-called session ID. In addition, a cookie contains information about its origin and the retention period. These cookies cannot save any other data. Session cookies will be deleted if you have finished using our online offer and you have e.g. log out or close the browser.
8.4. If users do not want cookies stored on their computer, they will be asked to disable the option in their browser's system settings. Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
9. Google Analytics
9.2. Google is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active ).
9.3. Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with further services related to the use of this online offer and the internet usage. In this case, pseudonymous usage profiles of the users can be created from the processed data.
9.4. We only use Google Analytics with activated IP anonymization. This means that the IP address of the users will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there.
9.5. The IP address submitted by the user's browser will not be merged with other data provided by Google. Users can prevent the storage of cookies by setting their browser software accordingly; Users may also prevent the collection by Google of the data generated by the cookie and related to their use of the online offer as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de .
9.6. For more information about Google's data usage, hiring and opt-out options, please visit Google's websites: https://www.google.com/intl/en/policies/privacy/partners ("Google's use of your data when you use websites or apps our partners"), https://www.google.com/policies/technologies/ads ("Use of data for promotional purposes"), https://www.google.com/settings/ads ("Managing information Google uses, to show you advertising").
10.1. On the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 (1) f., GDPR), we use the marketing and remarketing services ("Google Marketing Services") Of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google").
10.2. Google is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active ).
10.3. Google Marketing Services allows us to better target advertisements for and on our website so that we only present ads to users that potentially match their interests. If a user e.g. is shown ads for products he's been interested in on other websites is called remarketing. For these purposes, when Google and our other websites accessing Google Marketing Services are directly accessed by Google, a code will be executed by Google and so-called (re) marketing tags (invisible graphics or code, also called "Web Beacons") incorporated into the website. With their help, the user is provided with an individual cookie, i.e. a small file is saved (instead of cookies, comparable technologies can also be used). The cookies can be set by different domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. In this file it is noted which web pages the user visited, in what content he is interested and what offers he has clicked, as well as technical information about the browser and operating system, referring web pages, visit time and other information on the use of the online offer. The IP address of the users is also recorded, whereby in the context of Google Analytics we announce that the IP address is shortened within member states of the European Union or other parties to the Agreement on the European Economic Area and only in exceptional cases to one Google server in the US is transmitted and shortened there. The IP address will not be merged with data of the user within other offers from Google. The above information may also be linked by Google with such information from other sources. If the user then visits other websites, they can be displayed according to his interests, the ads tailored to him.
10.4. The data of the users are pseudonym processed in the context of the Google marketing services. That Google stores and processes e.g. not the name or e-mail address of the users but processes the relevant data cookie-related within pseudonymous user profiles. That from the perspective of Google, the ads are not managed and displayed to a specifically identified person, but to the cookie owner, regardless of who that cookie owner is. This does not apply if a user has explicitly allowed Google to process the data without this pseudonymization. The information collected about users through Google Marketing Services is transmitted to Google and stored on Google's servers in the United States.
10.5. Among the Google marketing services we use is i.a. the online advertising program "Google AdWords". In the case of Google AdWords, each advertiser receives a different "conversion cookie". Cookies cannot be tracked through AdWords advertisers' websites. The information collected through the cookie is used to generate conversion statistics for AdWords advertisers who have opted for conversion tracking. Advertisers will see the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, they do not receive information that personally identifies users.
10.8. Also, we can use the service "Google Optimizer". Google Optimizer allows us to understand how various changes to a website (such as changes to the input fields, the design, etc.) can take place in so-called "A / B testings". Cookies are stored on users' devices for these purposes. Only pseudonymous data of the users are processed.
10.9. In addition, we may use the "Google Tag Manager" to integrate and manage the Google Analytics and Marketing Services on our website.
10.11. If you wish to opt-out of interest-based advertising through Google Marketing Services, you can take advantage of Google's adjustment and opt-out options: https://www.google.com/ads/preferences .
11. Integration of services and contents of third parties
11.1. Based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer as defined in Art. 6 para. 1 lit. f.GDPR), we make use of content or services offered by third-party providers in order to provide their content and services, such as videos or fonts (collectively referred to as "content"). This always presupposes that the third-party providers of this content perceive the IP address of the users, since they could not send the content to their browser without the IP address. The IP address is therefore required for the presentation of this content. We endeavour to use only content whose respective providers use the IP address solely for the delivery of the content. Third parties may also use so-called pixel tags (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may include, but is not limited to, technical information about the browser and operating system, referring websites, visiting time, and other information regarding the use of our online offer.
11.2. The following presentation provides an overview of third-party providers as well as their contents, as well as links to their data protection statements, which contain further information on the processing of data and, already mentioned here, contradictory possibilities (so-called opt-out) included:
• If our customers use the payment services of third parties (e.g. PayPal or immediate transfer), the terms and conditions and the privacy notices of the respective third-party providers, which are retrievable within the respective websites, or transactional applications apply.
12. Rights of users
12.1. Users have the right, upon request, to obtain free information (Article 15 EU-GDPR) about the personal data that we have stored about them.
12.2. In addition, users have a right to rectification (Art. 16 EU-GDPR) of incorrect data, restriction of processing and deletion of their personal data, if applicable, asserting their rights to data portability and in the event of the acceptance of unlawful data processing the competent authority.
12.3. Likewise, users can revoke consent, generally with implications for the future.
12.4. Users have the right under Article 77 GDPR to file a complaint with the competent supervisory authority.
Die Landesbeauftragte für den Datenschutz und für das Recht auf Akteneinsicht
Stahnsdorfer Damm 77
13. Deletion of data
13.1. The data stored with us are deleted as soon as they are no longer necessary for their purpose and the deletion does not conflict with any statutory storage requirements. Unless the users' data are deleted because they are required for other and legally permitted purposes, their processing will be restricted. That is, the data is blocked and not processed for other purposes. This applies, for example for data of users who must be kept for commercial or tax reasons.
13.2. According to legal requirements, storage is valid for 6 years in accordance with § 257 (1) HGB (trading books, inventories, opening balance sheets, annual accounts, trade letters, accounting documents, etc.) and for 10 years pursuant to § 147 (1) AO (books, records, management reports, Accounting documents, commercial and business letters, documents relevant for taxation, etc.).
14. Right of objection
Users may object to the processing of their personal data in accordance with legal requirements (Art. 21 EU-GDPR) at any time. The objection may be made against processing for direct marketing purposes.
List of cookies we collect
The table below lists the cookies we collect and what information they store.
|COOKIE name||COOKIE Description|
|CART||The association with your shopping cart.|
|CATEGORY_INFO||Stores the category info on the page, that allows to display pages more quickly.|
|COMPARE||The items that you have in the Compare Products list.|
|CURRENCY||Your preferred currency|
|CUSTOMER||An encrypted version of your customer id with the store.|
|CUSTOMER_AUTH||An indicator if you are currently logged into the store.|
|CUSTOMER_INFO||An encrypted version of the customer group you belong to.|
|CUSTOMER_SEGMENT_IDS||Stores the Customer Segment ID|
|EXTERNAL_NO_CACHE||A flag, which indicates whether caching is disabled or not.|
|FRONTEND||You sesssion ID on the server.|
|GUEST-VIEW||Allows guests to edit their orders.|
|LAST_CATEGORY||The last category you visited.|
|LAST_PRODUCT||The most recent product you have viewed.|
|NEWMESSAGE||Indicates whether a new message has been received.|
|NO_CACHE||Indicates whether it is allowed to use cache.|
|PERSISTENT_SHOPPING_CART||A link to information about your cart and viewing history if you have asked the site.|
|POLL||The ID of any polls you have recently voted in.|
|POLLN||Information on what polls you have voted on.|
|RECENTLYCOMPARED||The items that you have recently compared.|
|STF||Information on products you have emailed to friends.|
|STORE||The store view or language you have selected.|
|VIEWED_PRODUCT_IDS||The products that you have recently viewed.|