Person in charge:
prismus communications GmbH Lehmbruckstr. 24 10245 Berlin, Germany info@scmonline.de
1. Basic information on processing of data and legal bases
1.1. This privacy policy explains to you the nature, scope and purpose of the processing of personal data within our online service and the associated websites, functions and content (hereinafter collectively referred to as “online service” or “website”). The privacy policy applies regardless of the domains, systems, platforms and devices (e.g. desktop or mobile) on which the online service is provided.
1.2. We refer the terms used, such as “personal data” or “processing”, to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
1.3. The personal user data processed within the scope of this online offer include inventory data (e.g. names and addresses of customers), contract data (e.g. services used, names of administrators, payment information), usage data (e.g. websites visited on our online offer, interest in our products) and content data (e.g. entries in the contact form).
1.4. The term “user” covers all categories of data subjects involved in data processing. These include our business partners, customers, interested parties and other visitors to our online offers. The terms used, such as “user”, are to be understood gender-neutrally.
1.5. We process users’ personal data only in compliance with the relevant privacy policy regulations. This means that the data of the users will only be processed if there is a legal permission. This means, in particular, that if the data processing is necessary for the provision of our contractual services (e.g. processing of contracts) and online services, or is required by law, a consent of the users, as well as due to our legitimate interests (i.e. interest in the analysis, optimization and economic operation and security of our online services within the meaning of Art. 6 Para. 1 (f) of the German Data Protection Regulation (GDPR) , in particular for range measurement, the creation of profiles for advertising and marketing purposes as well as the collection of access data and the use of third-party services.
1.6. We would like to point out that the legal basis of the consents is Art. 6 Para. 1 a. and Art. 7 of GDPR, the legal basis for the processing for the fulfilment of our services and implementation of contractual measures is Art. 6 Para. 1 b of GDPR, the legal basis for the processing for the fulfilment of our legal obligations is Art. 6 Para. 1 c of GDPR, and the legal basis for the processing to protect our legitimate interests is Art. 6 Para. 1 f of GDPR.
2. Security measures
2.1. We take organizational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of the privacy policy regulation are complied with and to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.
2.2. The security measures include in particular the encrypted transmission of data between your browser and our server.
3. Disclosure of data to third parties and third-party providers
3.1. Data will only be passed on to third parties within the framework of legal requirements. We only pass on user data to third parties if this, for example, on the basis of Art. 6 Para. 1 (b) GDPR is necessary for contractual purposes or on the basis of legitimate interests pursuant to Art. 6 Para. 1 (f) GDPR in the economic and effective operation of our business.
3.2. If we use subcontractors to provide our services, we will take appropriate legal precautions and take appropriate technical and organisational measures to ensure the protection of personal data in accordance with the relevant statutory provisions.
3.3. If content, tools or other means from other providers (hereinafter jointly referred to as “third party providers”) are used within the scope of this privacy policy and their registered office is located in a third country, it is to be assumed that a data transfer to the countries of registered office of the third party providers takes place. Third countries are countries in which the GDPR is not a directly applicable law, i.e. in principle countries outside the EU or the European Economic Area. Data is transferred to third countries either if an appropriate level of data privacy, user consent or other legal permission has been obtained.
4. Provision of contractual services
4.1. We process inventory data (e.g. names and addresses as well as contact data of users), contract data (e.g. services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services in accordance with Art. 6 Para. 1 (b) of GDPR.
4.2. Users can optionally create a user account by viewing their orders in particular. Within the framework of registration, the required mandatory information will be communicated to the users. The user accounts are not public and cannot be indexed by search engines. If users have terminated their user account, their data will be deleted with regard to the user account, subject to retention for commercial or tax reasons in accordance with Art. 6 Para. 1 (c) of GDPR. It is the responsibility of the users to secure their data before the end of the contract in the event of termination. We are entitled to irretrievably delete all user data stored during the term of the contract.
4.3. Within the scope of registration and renewed registrations as well as use of our online services, the IP address and the time of the respective user action will be stored. The storage is based on our legitimate interests, as well as the user’s protection against misuse and other unauthorized use. A passing on of these data to third parties does not take place in principle, except it is necessary for the pursuit of our claims or there is a legal obligation according to Art. 6 Para. 1 (c) of GDPR.
5. Establishment of contact
5.1. When contacting us (via contact form or e-mail), the user’s details will be processed in order to process the contact request and its processing in accordance with Art. 6 Para. 1 (b) of GDPR.
5.2. The user data can be saved for the purpose of organizing inquiries.
6. Collection of access data and log files
6.1. On the basis of our legitimate interests within the scope of Art. 6 Para. 1 (f) of GDPR, we collect data on each access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
6.2. Log file information is stored for a maximum of seven days for security reasons (e.g. to clarify abuse or fraud) and then deleted. Data, the further storage of which is necessary for evidence purposes, are excluded from deletion until the respective incident has been finally clarified.
7. Cookies & range measurement
7.1. Cookies are pieces of information that are transferred from our web server or third party web servers to the user’s web browser and stored there for later retrieval. Cookies can be small files or other types of information storage.
7.2. We use “session cookies”, which are only stored for the duration of the current visit to our online presence (e.g. to enable the storage of your login status or the shopping cart function and thus the use of our online offer at all). A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. In addition, a cookie contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted when you have finished using our online service and log out or close your browser, for example.
7.3. Users are informed about the use of cookies within the scope of pseudonymous range measurement within the scope of this privacy policy.
7.4. If users do not wish cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
7.5. You may opt-out of the use of cookies to measure reach and for advertising purposes via the Network Advertising Initiative’s opt-out page (http://optout.networkadvertising.org/) and additionally the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
8. Google Analytics
8.1. We use a web analysis service of Google Inc. (“Google”) on the basis of our legitimate interests, (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 Para. 1 (f) of the GDPR) of Google Analytics. Google uses cookies. The information generated by the cookie about the use of the online offer by the user is usually transferred to a Google server in the USA and stored there.
8.2. Google is certified under the Privacy Shield Agreement, providing a guarantee of compliance with European Privacy Policy (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
8.3. Google will use this information on our behalf to evaluate the use of our online services by users, to compile reports on the activities within this online service and to provide us with other services associated with the use of this online service and the Internet. Pseudonymous user profiles of the users can be created from the processed data.
8.4. We only use Google Analytics with IP anonymization enabled. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in rare cases is the full IP address transmitted to a Google server in the USA and shortened there.
8.5. The IP address transmitted by the user’s browser is not merged with other Google data. Users can prevent the storage of cookies by setting their browser software accordingly; In addition, users can prevent the collection by Google of the data generated by the cookie and related to their use of the online information and the processing of this data by Google, by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
8.6. Further information on the use of data by Google, possibilities for settings and objections can be found on the Google web pages: https://www.google.com/intl/de/policies/privacy/partners (“Use of data by Google when using the websites or apps of our partners”), http://www.google.com/policies/technologies/ads (“Use of data for advertising purposes”), http://www.google.de/settings/ads (“Manage information that Google uses to display advertisements to you”).
9. Newsletter
9.1. The following information will inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedures and your rights of objection. By subscribing to our newsletter, you agree to the receipt and procedures described.
9.2. Content of the newsletter: We send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter “newsletter”) only with the consent of the recipient or a legal permission. Insofar as the contents of the newsletter are specifically described within the framework of registration, they are decisive for the consent of the user. Furthermore, our newsletters contain information about our products, offers, promotions and our company.
9.3. Double-Opt-In and logging: The registration to our newsletter takes place in a so-called Double-Opt-In procedure. This means, after registration you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can register with external e-mail addresses. The registrations for the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes storing the login and confirmation information as well as the IP address. Likewise the changes of your data stored with the delivery service provider are logged.
9.4. The newsletter is sent via “MailChimp”, a newsletter delivery platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can view the privacy policy of the shipping service provider here: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with the European level of privacy policy. (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active).
9.5. Furthermore, according to its own information, the delivery service provider may use this data in pseudonymous form, i.e. without allocation to a user, to optimise or improve its own services, e.g. for technical optimisation of the delivery and presentation of the newsletter or for statistical purposes, in order to determine from which countries the recipients come. However, the delivery service provider does not use the data of our newsletter recipients to write to them itself or pass them on to third parties.
9.6. Registration data: To subscribe to the newsletter, it is enough to enter your Email address. Optionally, we ask you to enter a name in the newsletter in order to address you personally.
9.7. Statistical survey and analyses – The newsletters contain a so-called “web beacon”, i.e. a file the size of a pixel, which is called up by the server of the delivery service when the newsletter is opened. Within the scope of this retrieval, technical information such as information about the browser and your system, as well as your IP address and time of retrieval are first collected. This information is used for the technical improvement of the services on the basis of technical data or target groups and their reading behaviour on the basis of their retrieval points (which can be determined with the help of the IP address) or access times. Statistical surveys also include determining whether newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our nor the delivery service provider’s intention to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
9.8. The use of the delivery service provider, the performance of statistical surveys and analyses as well as the logging of the registration procedure are carried out on the basis of our legitimate interests pursuant to Art. 6 Para. 1 (f) of GDPR. Our interest is aimed at the use of a user-friendly and secure newsletter system that serves both our business interests and the expectations of users.
9.9. Cancellation/Withdrawal – You can cancel the receipt of our newsletter at any time, i.e. withdraw your consent. As a result, your permission to have it delivered by the delivery service provider and the statistical analyses expire at the same time. A separate revocation of the delivery by the delivery service provider or the statistical evaluation is unfortunately not possible. You will find a link to cancel the newsletter at the end of each newsletter. If users have only subscribed to the newsletter and cancelled their subscription, their personal data will be deleted.
10. Integration of third-party services and content
10.1. Within our online offer, we use content or service offers from third parties on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art 6 Para. 1 (f) of GDPR) in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”). This always presupposes that the third-party providers of this content perceive the IP address of the user, since they could not send the content to their browser without the IP address. The IP address is therefore required for the representation of these contents. We strive to use only those contents, whose respective providers use the IP address only for the distribution of the contents. Third parties may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “PixelTags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may include technical information about the browser and operating system, referring websites, visit times and other information about the use of our website, as well as may be linked to such information from other sources.
10.2. The following presentation provides an overview of third-party providers and their contents, along with links to their privacy policies, which contain further information on the processing of data and, in some cases already mentioned here, possible objections (so-called opt-out):
If our customers use the payment services of third parties, such as PayPal, the terms and conditions and privacy policies of the respective third party providers, which are available within the respective websites or transaction applications.
-External fonts from Google, Inc., https://www.google.com/fonts (“Google Fonts”). The integration of the Google Fonts takes place by a server call with Google (usually in the USA). – Privacy policy: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.
Maps of the “Google Maps” service of third party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.
Videos from the “YouTube” platform of third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.
External code of the JavaScript framework “jQuery” provided by the third-party provider jQuery Foundation, https://jquery.org.
11. Rights of users
11.1. Users have the right, upon request and free of charge, to obtain information about the personal data we have stored about them.
11.2. In addition, users have the right to rectify inaccurate data, limit the processing and delete their personal data, if applicable, to exercise their rights to data portability and, in the event of the assumption of unlawful data processing, to file a complaint with the competent supervisory authority.
11.3. Likewise, users can revoke consents, in principle with effect for the future.
12. Deletion of data
12.1. The data stored by us will be deleted as soon as it is no longer required for its intended purpose and there are no legal obligations to retain it. Unless the user’s data is deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means, the data will be blocked and not processed for other purposes. This applies, for example, to user data that must be stored for commercial or tax reasons.
12.2. According to legal requirements, the documents are stored for 6 years according to § 257 Para.1 HGB (Commercial Books, Inventories, Opening Balance Sheets, Annual Financial Statements, Commercial Letters, Accounting Vouchers, etc.) and for 10 years according to § 147 Para. 1 AO (Books, Records,
Management Reports, Accounting Vouchers, Commercial and Business Letters, Documents Relevant for Taxation, etc.).
13. Right of objection
Users may at any time object to the future processing of their personal data in accordance with the statutory provisions. The objection may in particular be lodged against processing for the purposes of direct marketing.
14. Changes to the Privacy Policy
14.1. We reserve the right to change the privacy policy in order to adapt it to changed legal situations or in the event of changes to the service or data processing. However, this only applies with regard to declarations on data processing. If user consents are required or components of the privacy policy contain provisions of the contractual relationship with the users, the changes will only be made with the consent of the users.
14.2. Users are requested to update themselves regularly on the content of the privacy policy.
Questions and comments
If you have any questions, suggestions or comments on the subject of privacy policy, please send an Email to info@scmonline.de.