Data protection

I. General 

 

1. overview

With the following information we would like to inform you about the type, scope and purpose of the collection, storage and use of your data that we receive from you in connection with your visit to our website. 

In this case, we only collect, store and otherwise process your data in accordance with the statutory provisions. In particular, we only collect, store and process your personal data for the purposes stated in this data protection declaration and will not pass it on to third parties other than those described here without your consent and without legal grounds. Without your consent, your personal data will only be passed on to third parties if this is necessary 

- to execute a contract or to carry out pre-contractual measures at your request, or 

- to fulfill a legal obligation or

- is necessary to protect legitimate interests and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data.

However, in the cases mentioned in this privacy policy where your personal data is passed on to third parties, the scope of the data transmitted is limited to the minimum necessary to fulfil our respective purposes.

We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

 

 

2. Responsible body

The responsible body within the meaning of data protection laws, in particular the EU General Data Protection Regulation (GDPR), is:

hoots classic GmbH
Fabrikstr. 27
01445 Radebeul

Phone: +49 (0) 351 81081025
Email: info@hoots.de

 


II. Scope and purpose of the processing of personal data when visiting our website

 

1. Protocol data/log files

In principle, you can visit our websites without telling us who you are.

1.1 When you access our website or subdomains, the Internet browser you use when visiting our website automatically sends log data to our website's server and stores it there for a limited time in a log file. Without your intervention, the following information is recorded and stored until it is automatically deleted:

- an anonymous session ID that does not allow any conclusions to be drawn about your IP address,

- the operating system you use, the web browser you use (including installed add-ons (e.g. for the Flash Player) and the screen resolution you have set,

- IP address of the accessing device (e.g. PC or smartphone),

- the date and time of your visit,

- whether your browser allows cookies to be stored and Java Script to be executed,

- the websites you have visited on our site,

- the website from which you accessed our website (so-called referrer URL), for search engines also the search terms used),

- the size of the data transferred and 

- the http status code (e.g. "request successful" or "requested file not found").

1.2 We do not use your data to draw conclusions about your identity. The processing of the information stored in the log files only serves to ensure a smooth connection setup, the comfortable use of our website and the anonymized evaluation for statistical purposes (e.g. for the general analysis of user behavior, which pages of the online offering are accessed, which browsers are used, etc.) and to improve our website and the technology behind it. The legal basis for data processing is Art. 6 Para. 1 Clause 1 Letter f) of GDPR. The only recipients of the data are the responsible body and, if applicable, our processors. 

1.3 The individual log files are regularly stored by us and our processor for 8 weeks to identify disruptions and for security reasons (e.g. to investigate attempted attacks) and then deleted. Log files that need to be retained for legal reasons for evidence purposes are exempt from deletion until the respective incident has been finally clarified.

 

2. Cookies

We use so-called "cookies" on our website. Cookies are small text files that are automatically created by your browser and stored on your device when you visit our site. If our website is accessed again from this device, your browser sends the content of the cookies back, enabling us to recognize you. 

You can find out more about the types of cookies and the reasons for using them in our Cookie Policy. Our Cookie Statement applies in conjunction with this Privacy Policy.

 

3. Use of the contact form

3.1 On our website we offer you the opportunity to contact us using a form provided. In order to process your request, you must at least provide a valid email address. If you ask us for a quote for our services or make a support request for a purchased product, you must provide further data. All other information can be provided voluntarily. 

3.2 The data processing for the purpose of contacting us is carried out in accordance with Art. 6 Paragraph 1 Clause 1 Letter b) of GDPR. The personal data collected by us for the use of the contact form will be deleted by us as soon as the request has been finally processed and there are no reasons for further storage.      (e.g. subsequent execution of a contract or to fulfil a legal obligation according to Art.6 Para.1 Clause 1 Letter c) GDPR). 

3.3 The only recipients of the data are the responsible body and, if applicable, our processors, the vicarious agents employed (in the case of subsequent contract execution) and third parties to whom there is a legal obligation within the meaning of Art. 6 Paragraph 1 Clause 1 Letter c) of GDPR. Under no circumstances will the data collected be linked to your personal data that we have collected and processed using log files, cookies or other analysis services without your consent.

 

4. Newsletter

4.1 On our website we offer you the opportunity to sign up to receive our newsletter regularly, in which we keep you up to date with news from our company and our products. To register for our newsletter service, we need at least your email address to which the newsletter should be sent. Other information is voluntary and will only be used with your consent, e.g. to address you personally and to clarify queries about your email address. If we send you newsletters by post, we need your address details. 

4.2 We generally use the double opt-in procedure for registration. This means that we will only send you newsletters if you confirm your registration after providing your email address via an email sent by us and a link contained therein. The registration and confirmation are logged. This is to ensure that only you as a user of the specified email address can register for the newsletter service. Your confirmation must be made promptly after we send the email, otherwise your registration and email address will be deleted from our database. Until you confirm, our newsletter service will not accept any further registrations using this email address.

4.3 You can unsubscribe from a newsletter you have subscribed to at any time and revoke your consent. To do so, you can either send us an email or cancel via a link at the end of the newsletter.

4.4 The registration process is logged on the basis of our legitimate interests in accordance with Art. 6 Para. 1 lit. f GDPR and serves the purpose of a user-friendly and secure newsletter system as well as proof of your consent. Data processing for the purpose of sending newsletters is carried out in accordance with Art. 6 Para. 1 S. 1 lit. a) GDPR and Section 7 Para. 3 UWG. The personal data we collect when you register will be deleted by us as soon as you have informed us that you no longer wish to receive newsletters from us in the future. 

4.5 The only recipients of the data are the responsible body, our processors and the vicarious agents used to send the newsletter (e.g. mailing services). The mailing service commissioned by us can use your data in pseudonymous form, i.e. without assignment to a user, to optimize or improve its own services, e.g. for the technical optimization of the sending and presentation of the newsletter or for statistical purposes. However, our shipping service provider does not use the data of our newsletter recipients to write to them themselves or to pass the data on to third parties.

 

5. Social network plug-ins (social plug-ins)

5.1 Our website contains links to our social media presence in external social networks such as Facebook ("social plugins"). The functions assigned to the links, in particular the transmission of information and user data, are not activated by visiting our website, but only when you click on the link yourself. After clicking on these links, the plugins of the respective social network are activated and your browser establishes a direct connection to their servers. Data is transferred directly to the operator of the network and their servers, e.g. in the USA, stored there and possibly used. The network operator is usually informed of your IP address and which of our pages you have visited. If you click on the links while visiting our website and are logged into the network via your personal user account at the same time, you enable the network operator to assign the processed data directly to your personal profile and other data known about you and to create user profiles about you, which may be passed on to third parties. You can prevent such an assignment by logging out of your user account on the network before visiting our website or activating the link.

5.2 The respective network operator is solely responsible for the data processing that starts when you click on the link. We have no influence on the scope and content of your data that the respective network operator collects. The purpose and scope of the data collection as well as the further processing, use and storage period of your data as well as your rights and setting options to protect your privacy can be found in the data protection information of the respective network operator. We ourselves do not collect any personal data in this context.

5.3 On our websites we have integrated links to our presence on the following social networks: 

- “Facebook” 

The network operator is Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. In the EU, this service is operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. 

Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law. 

Privacy Policy: https://www.facebook.com/policy.php

- “Instagram”

The network operator is Instagram Inc., 1601 Willow Road, Menlo Park, California 94025, USA. 

Privacy Policy: https://help.instagram.com/155833707900388

 

6. External services

Our website uses the service “Cloudflare” as a CDN (“Content Delivery Network”) to speed up our website and protect it against hacker attacks. The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA. 

6.1. Cloudflare, Inc. operates a content delivery network (CDN) that consists of a globally distributed network of servers connected to one another via the Internet, on which some of the content available on our website is stored. By using Cloudflare's own server and network infrastructure, it is possible to deliver the content of our website with shorter loading times. At the same time, the stored content of our website is even better protected against interference and manipulation by third parties by avoiding the use of third-party servers for data transport. We mainly store static elements such as HTML pages, images, style sheets, documents or videos on Cloudflare's servers, but under no circumstances personal data. 

6.2 To provide its services, Cloudflare uses a (__cfduid) cookie, which is stored in the browser of your device and used to identify individual clients behind a shared IP address and to apply security settings per client. In addition, security tools and traffic monitoring are provided via CloudFlare Inc. For this purpose, your IP address, the time, the user agent (browser, operating system and language), the referrer URL and all entries in the contact form are transferred to Cloudflare or its servers, e.g. in EU third countries, and then forwarded to our website.

6.3 The legal basis for the processing of your personal data using cookies is Art. 6 (1) (f) GDPR.

6.4 Cloudflare is a member of the EU-US Privacy Shield ( https://www.privacyshield.gov ). The data processing agreement concluded between us ensures that Cloudflare only processes the respective data for the intended purpose and in accordance with the applicable legal provisions and does not pass it on to third parties without authorization. Further information about Cloudflare can be found at https://www.cloudflare.com/security-policy/ .

Here you can find information about which data Cloudflare, Inc. collects, processes and uses under the EU-US Privacy Shield Framework and for what purposes this is done: https://www.cloudflare.com/privacyshield/ .

 

III. Deletion of your data

The data we process is deleted or restricted in accordance with Art. 17 and 18 GDPR. Unless expressly stated in our privacy policy, the data stored by us is deleted as soon as it is no longer required to achieve the respective processing purpose and there are no statutory retention periods that prevent deletion. We review the necessity every two years. If the data is not deleted because it is required for other legally permissible purposes (e.g. retention for commercial or tax reasons), this data is "blocked" and not further processed for other purposes (restricted processing). 

 

IV. Your rights

You can assert your following rights against the responsible body at any time free of charge.

1. Right of providing information:

You have the right to request confirmation from us as to whether we process personal data concerning you and the right to information about this personal data and further information in accordance with Art. 15 GDPR.

2. Authorization right:

You have the right to request that we correct any incorrect or incomplete personal data concerning you in accordance with Art. 16 GDPR.

3. Right to erasure:

You have the right to request the deletion of your data if the conditions set out in Art. 17 GDPR are met. You can then, for example, request the deletion of your data if it is no longer necessary for the purposes for which it was collected. You can also request deletion if we process your data on the basis of your consent and you revoke this consent.

4. Right to restriction of processing:

You have the right to request that the processing of your data be restricted if the requirements of Art. 18 GDPR are met. This is the case, for example, if you dispute the accuracy of your data. You can then request that processing be restricted for the duration of the verification of the accuracy of the data.

5. Right to data portability: 

If the data processing is based on consent or contract fulfillment and is also carried out using automated processing, you have the right according to Art. 20 GDPR to receive your data in a structured, common and machine-readable format and to transmit it to another data processor.

6. Right of objection according to Art. 21 GDPR:

If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 Paragraph 1 Letter f) of GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR if there are reasons for doing so that arise from your particular situation. If your objection is directed against the processing of your data for direct marketing purposes, the right of withdrawal is unlimited. This also applies to profiling insofar as it is related to direct marketing. In this case, we will no longer process the data for this purpose without your prior indication of a special situation. 

7. Right of withdrawal according to Art. 7 Para. 3 GDPR: 

If the data processing is based on consent you have given, you have the right to revoke the data processing within the scope of consent at any time free of charge with effect for the future. The revocation does not affect the legality of our data processing, which was carried out on the basis of your consent until the revocation was received. After receipt of the revocation, the data processing that was based exclusively on your consent will be stopped.

8th. Right to complain: 

According to Art. 77 GDPR, you have the right to complain to a competent supervisory authority (e.g. the State Commissioner for Data Protection) about our processing of your data. A list of supervisory authorities and their addresses can be found at:

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html .

 

If you wish to exercise your aforementioned rights against us, you can contact us by telephone, email or letter using the contact details provided at the beginning of this privacy policy.

 

v. Transfers to third countries

If we or our processors or vicarious agents process, disclose or transmit data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), this will only be done if it is necessary to fulfill our (pre)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process or have data processed in a third country if the special requirements of Art. 44 ff. GDPR are met. This means that processing is carried out, for example, on the basis of special guarantees, such as the officially recognized determination of a data protection level corresponding to that of the EU (e.g. for the USA through the “Privacy Shield”) or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).

 

VI. Cooperation with processors and third parties

If, as part of our processing, we disclose data to other people and companies (contract processors or third parties), transmit it to them or otherwise grant them access to the data, this will only be done on the basis of your consent, a legal permission (e.g. if transmission of the data to third parties, such as payment service providers, is necessary to fulfill the contract in accordance with Art. 6 Para. 1 lit. b GDPR), if a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.). If we commission third parties to process data on the basis of a so-called "contract processing agreement", this is done on the basis of Art. 28 GDPR.

The use of Hotjar on our Website:

We use Hotjar to better understand the needs of our users and to optimize this service and their experience. Hotjar is a technology service that helps us better understand user behavior (e.g. how much time they spend on which pages, which links they choose, what users like and dislike, etc.) and thus enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data about the behavior of our users and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic locations (country only), and the preferred language used to view our website. Hotjar stores this information in a pseudonymized user profile on our behalf. Hotjar is contractually obligated not to sell any of the data collected on our behalf.

VII. Status and update of this privacy policy

This privacy statement is dated May 25, 2018. We reserve the right to update the privacy statement from time to time in order to improve data protection and/or to adapt it to changes in official practice or case law.