DATA PRIVACY STATEMENT
ORTOVOX Sportartikel GmbH (in the following: “ORTOVOX”) is firmly committed to data privacy. Therefore, as a matter of course, we strictly adhere to the legal regulations concerning the protection of data privacy (in particular those in GDPR (General Data Protection Regulation) and BDSG [German Data Protection Act] and will do everything possible to ensure the privacy of your data. In addition, it is important for us that you know at any given time which data we store and how we use them. Please take a moment to read the following text informing you about the way we deal with your data. We reserve the right to revise the content of this data privacy statement from time to time, in particular to adapt it to new legal stipulations and technical development so that we can also safeguard data protection in the future. It is therefore advisable to regularly take note of our information and remarks concerning data processing. This Data Privacy Statement refers to the internet presence of ORTOVOX Sportartikel under the domain ortovox.com as well as other subdomains (hereinafter referred to as the „Website”).
1. Responsible person and scope
The responsible person is: ORTOVOX Sportartikel GmbH, Rotwandweg 5, 82024, Taufkirchen, Germany (hereinafter “ORTOVOX”).
2. Data Protection Officer
Our Data Protection Officer is: Mr. Sebastian Meyer, Schwanweg 1 – 90562 Heroldsberg, Germany. Please refer to our Data Protection Officer if you have any questions regarding data protection issues at our company. You can reach him under the email-address: Datenschutz@schwan-stabilo.com .
3. General Principles on data processing
We collect and use personal data from our users basically only then, when this is necessary to provide a functional Website as well as to deliver our content and services.
3.1. Personal data
Personal data is all information relating to an identified or identifiable natural person. This includes, for example, information such as your name, email-address, address, date of birth or your phone number. Non-personal data is ex. data regarding the number of users at a website.
3.2. Processing of personal data
Processing of personal data is any operation or set of operations which is performed on personal data or on sets of personal data, whether by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction. We process personal data through our Website only if you provide us with this data, ex. when filling out our contact form or sending us an email. We process this data for the named purposes or for the purposes defined in your request. We do not disclose your personal data to third parties, unless otherwise provided by law or you have given us your consent thereto. Apart from that you may use the general information at www.ortovox.com without revealing your personal data. In particular we process your personal data as provided:
3.2.1. Registration (Customer Account) and registration process
On our Website, we offer you the possibility to create a customer account with your personal data. The personal data will be entered into the entry screen, transmitted to us, and saved. We do not transmit this data to third parties, apart when this is necessary to fulfill an agreement with you. Following data is collected during the registration process: - Name, address, e-mail address, telephone number as well as a password chosen by you. Furthermore, we process: - your IP-Address; - the date and time of your registration. With your data we create a personalized Customer Account, with which you may use certain content and services, such as easier orders in our Online Shop on our Website. We process your e-mail address in order to send you new access data, should you have forgotten or lost your password. Should you delete or change the registration data on our Website, such data will be deleted or changed. Any further storage may however be required by law. You have the possibility to dissolve your registration. In order to do so, please send us an email to the following email-address: firstname.lastname@example.org. You may also correct your data in your customer account. The data processing described above is carried out in accordance with article 6 (1) lit. b GDPR (processing is necessary for the performance of an agreement or in order to take steps prior to entering into an agreement).
In order for you to subscribe to our email newsletter, we require at least your first name and surname, your country, the language in which you would prefer to receive the newsletter, and the email address to which the newsletter should be sent, in addition to your consent. It is entirely your choice whether you provide us with this data. However, without this data we might not be able to send you our newsletter.
Processing your first name and surname will allow us to send you a personalized newsletter.
After subscribing, your email address will be used for advertising purposes until you unsubscribe from the newsletter. To unsubscribe, follow the link on our website.
Your data will be stored as long as you are subscribed to the newsletter. After unsubscribing from the newsletter, your data will be deleted. In individual cases and if required by law, your data will continue to be stored.
In order to optimize our newsletter, we check how often it is opened by readers and which links the readers click (analysis of user behavior).
If the user’s consent has been given, after the user has subscribed to the newsletter the legal basis for processing data shall be Article 6(1)(a) GDPR. Please note that we are currently working with The Rocket Science Group LLC d/b/a Mail Chimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA to send our newsletters. Further information about Mail Chimp, your rights to data protection and all privacy protection settings can be found at: mailchimp.com and mailchimp.com/legal/privacy/.
We pass on personal data to third parties only if there is a reasonable contract (e.g. an order processing contract, if legally required) in place. Personal data is only ever passed on in the smallest scope necessary for the respective purpose. The affected companies must follow the applicable date protection law, handle your personal data confidentially and may in no event use these for their own business purposes.
3.2.3. Press mailing list
If you subscribe to our press review, we will use your e-mail address in order to send you the ORTOVOX press review. Other personal data, such as address, language, fax number are voluntary and are used only to personalize the press review, as well as to contact you in the event of inquiries. You may freely decide, whether you want to provide this information to us. Without this information we will however not be able to send you our press review. Your first and last name allows us to personalize the newsletter. Your personal data will be stored for the time you have subscribed to the ORTOVOX press review. Upon unsubscribing your personal data will be deleted. You can unsubscribe at any time and for any reasons. For unsubscribing you can follow the link in each press review. No costs are connected with un-subscription. Any further storage may however take place, if storage is required by law. The data processing described above is carried out in accordance with article 6 (1) lit. a GDPR (your consent).
3.2.4. Registration to the ORTOVOX Safety Nights Courses and to the ORTOVOX Safety Lab Rock
For signing on to the ORTOVOX Safety Night Courses and/or ORTOVOX Safety Academy Lab Rock we will need your first and last name as well as your email address. You may freely decide, whether you want to provide this information to us. Without this information we will however not be able to complete your registration. If you do not want to take part in the ORTOVOX Safety Night Courses and/or the ORTOVOX Safety Lab Rock any more you may sign out at any time and for any reasons. For signing out please sent an e-mail to: email@example.com. Upon signing out from the ORTOVOX Safety Night Courses and/or the ORTOVOX Safety Lab Rock your data will be deleted. Your data may however be stored after this period, if this is required by law. The data processing described above is carried out in accordance with article 6 (1) lit. b GDPR (processing is necessary for the performance of a contract or prior to entering into a contract).
In order to take part in our competitions, we will need your name and e-mail address. Furthermore, depending on the prize, it may be necessary to provide us with your size, gender and address. We will use this information only to notify you about the prize and to send you your prize, if you have won the competition. You may freely decide, whether you want to provide this information to us. Without providing ORTOVOX with this information you will however not be able to participate in the competition. The data processing described above is carried out in accordance with article 6 (1) lit. b GDPR and article 6 (1) lit. f GDPR (processing is necessary for the performance of a contract, or in order to take steps prior to entering into a contract, as well as the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data).
3.2.6. Ordering process in the ORTOVOX Online Shop
In order to process your orders in the ORTOVOX Online Shop we will need the following personal data from you: first and last name, address, e-mail-address, telephone number, date of birth as well as your size. You may freely decide, whether you want to provide this information to us. Without this information we will however not be able to deliver your order. Please note, that we use third party processors for processing data of our clients. We work with BS PAYONE GmbH, Lyoner Straße 9, D-60528 Frankfurt/Main in order to provide you with comfortable and practical payment options. We work further with KIBO Commerce 717 North Harwood ST. STE. 1900 Dallas, TX 75201, in order to provide you with optimum solutions for delivering through the partner dealers. In order to send your order, we work with different parcel services, which receive customer data to the extent which is necessary to provide their services. We give your data to third party processors only upon having an agreement with them (ex. data processing agreement, if such is required by law). Personal data is given only in the scope required for the provision of the services. The service providers are required to comply with all data protection regulations, to keep your personal data confidential and may not use this data for their own business purposes. The data processing described above is carried out in accordance with article 6 (1) lit. b GDPR (processing is necessary for the performance of an agreement or in order to take steps prior to entering into an agreement).
3.2.7. Job applications
If you are interested in our job offer, you can send us an application per email using the following email address: firstname.lastname@example.org or per post to the address: ORTOVOX Sportartikel GmbH, Rotwandweg 5, 82024, Taufkirchen, Germany. We assure you, that we will process your personal data only for the purposes of carrying out the job application process. Your personal data will be stored for 6 months after concluding the job application process. The data processing described above is carried out in accordance with article 6 (1) lit. b GDPR.
3.2.8. Product recall registration
In the event of a product recall, you have the possibility to register via our online form. In such an event, we will need the following personal data: name, e-mail-address, telephone number and address. You may freely decide, whether you want to provide this information to us. Without providing ORTOVOX with this information we will however not be able to carry out the recall for your product. Please note that we may provide your personal data to service partners close to you, in order have optimum handling and settlement of the product recall. Upon settling the product recall and clarifying all its circumstances, your data will be deleted. Your data may however be stored after this period, if this is required by law. The data processing described above is carried out in accordance with article 6 (1) lit. b GDPR and article 6 (1) lit. c GDPR (processing is necessary for the performance of an agreement and processing is necessary for compliance with a legal obligation to which the controller is subject)
3.2.9. Registration for the purposes of checking or repairing ORTOVOX products during or after the guarantee or warranty period
On our website we offer you a possibility to register online in order to check or repair your ORTOVOX product during or after the guarantee or warranty period. For this purpose, we will need your name, email, customer group, telephone number (voluntarily) and address. You may freely decide, whether you want to provide this information to us. Without this information we will however not be able to check or repair your ORTOVOX product. Upon checking and/or repairing your ORTOVOX product your personal data will be deleted. Your data may however be stored after this period, if this is required by law. The data processing described above is carried out in accordance with article 6 (1) lit. b GDPR (processing is necessary for the performance of a contract).
3.2.10. Registration for the ORTOVOX Media Room for special users
On our website we offer special groups of users, like distributors, dealers, press, sport professionals, the possibility to register in our Media Room, in order to have access to certain information regarding ORTOVOX products, as well as photos and videos of ORTOVOX products. For this purpose, we will need your name, email, customer group, telephone number (voluntarily) and address. You may freely decide, whether you want to provide this information to us. Without this information we will however not be able to give you access to our Media Room. If you do not want to have access to the ORTOVOX Media Room any more you may sign out at any time and for any reasons. For signing out please sent an e-mail to: email@example.com. Upon signing out from the ORTOVOX Media Room your data will be deleted. Your data may however be stored after this period, if this is required by law. The data processing described above is carried out in accordance with article 6 (1) lit. b GDPR (processing is necessary for the performance of a contract).
3.2.11. Registration in the ORTOVOX Partner Section
On our website we offer dealers/partners, who have received from ORTOVOX login data, the possibility to register online, in order to have access to our B2B store. For this purpose, we will need your language, customer number, company name, title and e-mail. You may freely decide, whether you want to provide this information to us. Without this information we will however not be able to check or repair your ORTOVOX product. The data processing described above is carried out in accordance with article 6 (1) lit. b GDPR (processing is necessary for the performance of a contract or prior to entering into a contract).
3.3. Legal basis
Collecting and processing your personal data takes generally place upon your consent. Should the data processing be based on your consent, the legal basis for this data processing is Article 6 (1) lit. a GDPR. An exception may occur when obtaining a consent is not possible and/or this is permitted by law. If processing your data is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, the legal basis for this data processing is Article 6 (1) lit. b GDPR. If processing your personal data is necessary for compliance with a legal obligation to which we as the controller are subject, the legal basis for this data processing is Article 6 (1) lit. c GDPR. If processing your personal data is necessary for the purposes of legitimate interests pursued by us, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, the legal basis for this data processing is Article 6 (1) lit. f GDPR.
Below we describe the processing operations connected with usage of cookies, sessions and logfiles.
4.1. Usage of cookies, sessions and logfiles
4.2. Data collected by cookies
Except for the IP address, no personal data will be stored in the cookies, sessions and logfiles. Furthermore, these files cannot transfer viruses, spy on your computer, or send emails undetected. In addition, each webserver can only read out those cookies it placed itself.
The following data is automatically collected via cookies, sessions and logfiles when you call up our Website:
- Your internet address (IP address) / host name
- Agent/browser type and version
- Website you were referred from (referrer URL)
- Operating system used
- Pages viewed on our Website
- Date and time of access
- Session (for registered users)
- Session ID (for registered users)
This data is stored separately from the data you provided to us and is not linked with other personal data. The data processed according to 4.2. is processed for statistical purposes, in order to optimize our Website and our offer.
4.3. Google Analytics
Information about your use of our Website generated by cookies, ex. Time, place and frequency of use of the Website, is usually transferred to a Google server in the USA and saved there. When using Google Analytics, it may not be excluded, that apart from the IP address Google processes further personal data.
Please be informed that such information may be transferred by Google to third parties, if this is required by law or if Google contracts third parties to process such data. Google will use the information gathered by the cookies to evaluate your use of the Website in order to compile reports about Website activities for us and provide additional services associated with the Website and Internet usage. According to Google, Google will not associate your IP address with other personal data collected by Google. You have the option to prevent Google from acquiring and processing data generated by cookies and data related to your use of our Website (including your IP address) by downloading and installing a Google-provided browser plugin. More information about Google Analytics Opt-out function can be found at: tools.google.com/dlpage/gaoptout . Please be informed, that in such an event, not all functions of this Website may be available to you. This plug-in prevents Google Analytics from giving you information about your visit to the site. This plug-in does not prevent any other analysis.
By clicking on this link, a so-called opt-out cookie is placed in your browser. This will prevent Google Analytics from giving you information about your visit to the site. Please note that the opt-out cookie is only valid for this browser, and only for this domain. If you delete the cookies in this browser, the opt-out cookie will also be deleted. To continue to prevent Google Analytics from capturing, you must click the link again. The use of the opt-out cookie is also possible as an alternative to the above plug-in when using the browser on your computer. In order to ensure the best possible protection of your personal data, Google Analytics has been extended by the code “anonymizeip” on this website. This code causes the last 8 bits of the IP addresses to be deleted and their IP address is thus collected anonymously (so-called IP-masking). Your IP address will be shortened by Google in principle, even before the transfer within Member States of the European Union or in other contracting States of the Agreement on the European Economic Area and thereby anonymized. Only in exceptional cases will the full IP address be transferred to a Google server in the United States and shortened there.
4.4. Google Remarketing
4.5. Facebook Pixel
4.6. Social Plugins (Facebook, Google+, Twitter and Youtube)
On our Website we use social plugins of the social networks “Facebook” (Facebook Inc., 1601 S. California Ave, Palo Alto, California 94304, USA), “Google +” (Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA), “Instagram” (Instagram Inc., 1601 Willow Rd Menlo Park CA 94025 USA) and “Twitter” (Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA) and “Youtube” (YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066 USA) These services are offered by the respective companies (“providers”). As part of our online presence, the social plugins are marked by the respective buttons belonging to the service. Based on the data transmitted via the social plugins to the respective service, this can assign certain personal data you to your Facebook, Google+, Twitter and/or Instagram account. In order to increase the protection of your data on our website, the social plugins are integrated on our website by means of the so-called “2-click-Solution”. This ensures that when you call a page of our website that contains such social plug-ins, no automatic connection to the servers is made by the respective providers.
The function of the respective social plug-in is activated in two stages. To activate a social plug-in, you have to click on the link on our website. This activates the social plug-in and your browser connects to the servers of the respective provider. With a second click you can now interact with the social plug-in and, for example, submit your recommendation. If you are already logged in to one of the social networks of the providers, the providers can directly assign the visit to this website to your profile. If you interact with the social plugins by clicking on them, the corresponding information is also transmitted directly to a server of the provider and stored there. The information may also be published to the social network and displayed under your contacts. If you would like to prevent such direct assignment of your data collected via our website to your profile, you must unsubscribe from your account of the respective provider before you visit our web pages.
The scope and purpose of the data collection by the respective service as well as the further processing and use of your data, please refer to the data protection information directly from the website of the service. You will also receive further information about your privacy rights and setting options to protect your privacy.
b) Google Inc., 1600 Amphitheater Parkway, Mountain View, California 94043, USA https://www.google.com/policies/privacy/partners/?hl=de
c) Twitter Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA https://twitter.com/privacy?lang=de
e) Instagram Inc., 1601 Willow Rd Menlo Park CA 94025 USA https://help.instagram.com/155833707900388
f) Youtube 600 Amphitheater Parkway, Mountain View, California 94043, USA https://www.youtube.com/t/privacy
4.7. Prevention of cookies
Upon closing your browser, the session-cookies are deleted, other cookies after one year. Cookies from our Partners, ex. Google (4.4) are deleted maximally after 24 months. You can deactivate the usage of cookies by Google by means of visiting the deactivating site of Google. Alternatively, you may deactivate the usage of third party cookies by means of visiting the deactivating site of the network initiative.
4.8. Legal basis
5. Fan pages on Facebook, Instagram, YouTube, Google+, Xing and Twitter
We operate fan pages on the social media channels: Facebook, Instagram, YouTube, Google+, Xing and Twitter. Operating these fan pages, we are joint controllers within the meaning of Art. 5 Sec. 7 GDPR together with the operators of these networks. If you visit our fan pages, the controllers will process certain personal data. We have agreements with the operators of these networks, which among others regulate the conditions for using these pages. We have integrate separate Data Protection Policies on our fan pages, where you can read more about your personal data.
6. Data security and precautionary measures
We are committed to protecting your privacy and treating your personal data confidential. In order to avoid any manipulation, loss or misuse of your data stored by us, we take extensive technical and organizational security measures that are regularly reviewed and adapted to technological progress. Intensive training of our employees and their obligation to data security ensure that your personal data is treated confidential.
6.1. Responsibility of the User
We urge you to also take all possible measures to protect your data while working on the internet. Due to the structure of the internet, it is not possible for us to ensure that third parties, which are not within the scope of our responsibility, adapt identical privacy and security measures. Possibly if personal data is not encrypted or is sent per email it may be seen or read by third parties. Hereto we have no impact. It is the responsibility of the User, to secure his/her data via encryption or by other means.
We use the SSL (Secure Sockets Layer) to encrypt your data on all Websites which require providing personal data. SSL encryption masks your data before transmitting it to our server, in such a manner that it cannot be reconstructed by third parties. This safeguards the privacy of your personal data.
6.3. Technical security measures at SCHWAN-STABILO COSMETICS GMBH & CO. KG
- Encryption of sensitive data transfer with SSL certificates by GMO GlobalSign Ltd., Springfield House, Sandling Road, Maidstone, ME142LP, Great Britain.
- Server security: a firewall system protects our servers against attacks.
- An internal security system and authorisation concept make sure that your sensitive data are not accessible to our employees unless they have a special authorisation.
7. Service providers for processing personal data
We employ service providers, who process personal data on our behalf and only on our instruction. The service providers are required to comply with all data protection regulations and to process data in accordance with our instructions. Our service providers have been carefully selected and receive access to your personal data only to the extent and for the time necessary to carry out their services. Service providers in third countries such as the USA and countries outside the European Economic Area are subject to data protection regulations, which do not protect personal data to same extent as in the European Union. Should we process your personal data in countries, which do not provide such a high level of data privacy as in the European Union, then we will ensure by means of contractual regulations and other instruments that your that your personal data is safe and adequately protected.
8. Storage period
Your data will be stored only for the period of time required by law. Your data will be erased, when you have withdrawn your consent for processing your data or the purposes of processing your data have been obtained or when the processing is no longer legitimate for any legal reasons. Any retention periods required by law shall remain unaffected. During the statutory retention periods your data will not be processed for other purposes.
9. Rights concerned
From the GDPR, the following rights arise for you as an affected person for the processing of your personal data:
9.1. Right of access
According to art. 15 GDPR, you can request information about your personal data processed by us. In particular, you may request information on the source of the data, the recipients of this data or categories of recipients, as well as the processing purposes.
9.2. Right of objection
If the processing of personal data is based on your consent, you may object to this processing for the future, at any time and without any reason. To do so please send an email to: firstname.lastname@example.org or a letter to: ORTOVOX Sportartikel GmbH, Rotwandweg 5, 82024 Taufkirchen.
9.3. Right to rectification
In accordance with art. 16 GDPR, you can immediately request the rectification of incorrect or the completion of your personal data stored by us.
9.4. Right to erasure or restriction
In accordance with art. 17 GDPR, you may request the deletion of your personal data stored by us. The personal data will be deleted within 7 working days from your request. Any retention periods required by law shall remain unaffected. If your data may not be deleted due to retention periods, only a restriction of processing may be applied. Upon deleting your data, no access right may be granted.
9.5. Right to data portability
According to art. 20 GDPR, you may request to receive your personal data that you have provided to us in a structured, common, and machine-read format, or you may request the transfer to another responsible person, insofar this is possible to due technical means.
In accordance with art. 7 (3) GDPR, you can revoke your once given consent to us at any time. As a result, we are not allowed to continue the data processing based on this consent for the future. In such an event you may not access our company sight.
9.7. Exercising the rights concerned
To exercise the aforementioned rights, please contact us at: email@example.com or per mail to: ORTOVOX Sportartikel GmbH, Rotwandweg 5, 82024 Taufkirchen, Germany. Your personal data (possibly your email, name and telephone number) will be processed in order to answer your questions or respond to your concern. This data will be deleted if no longer necessary; in the event of statutory retention periods – the processing may only be limited.
10. Complaint to a supervisory authority
According to art. 77 GDPR, you have the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of stay, your workplace or our company headquarters.