Data Privacy Statement
Responsible party:
Name/Company | visunext UK Ltd |
Street No. | Victory House/ Chequers Road |
Post code, city, country | NR15 2YA, Tharston, Norwich |
Comm. register / No. | GB 977 1988 47 |
Managing Director | Christoph Hertz |
Telephone number | 01508 53 50 59 |
E-mail address | info@visunext.co.uk |
Data Privacy Officer
Name | Niklas Holtmann |
Street, No. | Victory House/ Chequers Road |
Post code, city, country | NR15 2YA, Tharston, Norwich |
Telephone number | 01508 53 50 59 |
e-mail address | privacy@visunextgroup.com |
Thank you for your interest in our online shop. The protection of your privacy is very important to us. Below we inform you in detail about how we handle your data.
Version of: 1/04/2019
1. Fundamental information on data processing and legal bases
1.1. This Data Privacy Statement informs you about the type, scope, and purposes of personal data processing within our online offer and the related websites, functions, and content (hereinafter jointly referred to as the “Online Offer” or “Website”). The Data Privacy Statement applies irrespective of the domains, systems, platforms, and devices (e.g. desktop or mobile) on which the services of the Online Offer are rendered.
1.2. The terms used, such as “personal data” or their “processing”, are pursuant to the definitions specified in § 4 of the General Data Protection Regulation (GDPR).
1.3. The user’s personal data processed within the scope of this Online Offer includes basic data (e.g. customer names and addresses), contract data (e.g. services used, names of persons responsible, payment information), usage data (e.g. the websites visited within our Online Offer, interest in our products), and certificate data (e.g. contact-form entries).
1.4. All persons subject to data processing are covered by the term “User”. These include our business partners, customers, stakeholders, and other visitors to our Online Offer. All terms, such as “User”, are neutral in gender.
1.5. We solely process personal User data under observance of the applicable data privacy provisions. This means that User data are only processed if there exists a regulatory approval, in particular if the data processing is either necessary or legally prescribed to render our contractual services (e.g. processing orders) as well as online services, if the User has provided his consent, or if we have a justified interest (interest pertaining to the analysis, optimisation, and economical operation and safety of our Online Offer pursuant to § 6 (1)(f) GDPR), and particularly pertaining to reach measurements, creation of profiles for advertisement and marketing purposes, as well as the gathering of access data and the use of third-party services).
1.6. We would like to point out that the legal basis of consents is § 6 (1)(a) and § 7 GDPR, the legal basis for the processing to perform our services and enact contractual measures is § 6 (1)(b) GDPR, the legal basis for the processing to fulfil our contractual obligations is § 6 (1)(c) GDPR, and the legal basis for the processing to safeguard our justified interests is § 6 (1)(f) GDPR.
2. Safety measures
2.1. Organisational, contractual, and technical safety measures in correspondence with the state-of-the-art shall be taken by us to guarantee compliance with data safety regulations and to protect the data processed by us against manipulation, loss, destruction, or unauthorised access, with or without intent.
2.2. These safety measures in particular include the encrypted transmission of data between your browser and our server.
3. Data transmission to third parties and third-party service providers
3.1. Data are only transmitted to third parties in compliance with the legal regulations. We undertake to only transmit User data to third parties if e.g. necessitated following § 6 (1)(b) GDPR for contractual purposes or on the basis of justified interests pursuant to § 6 (1)(f) GDPR in safeguarding effective and economical business operation.
3.2. Upon commissioning any subcontractors to support in performing our services, we shall take the appropriate legal, organisational, and technological measures to ensure the protection of personal data in compliance with the applicable legal requirements.
3.3. If, within the scope of this Data Privacy Statement, content, tools, or other means of third-party service providers (hereinafter jointly referred to as “Third-Party Providers”) are used, and if these are located in a non-member state, it can be assumed that the data transfer takes place in the state of residence of the Third-Party Provider. Non-member states are those states, in which the GDPR legislation is not directly applicable, i.e. generally countries outside of the EU and the EEA. Data are transmitted to non-member states if an appropriate level of data privacy, User consent, or legal permission exists.
4. Performing contractual services
4.1. We process inventory data (e.g. User names, addresses, and contact information), contract data (e.g. services used, names of contact persons, payment information) to fulfil our contractual duties and services pursuant to § 6 (1)(b) GDPR.
4.2. Users have the option of creating a User account, which above all serves the purpose of offering an overview of the order history. The User is informed of the obligatory details required for registration during the registration process. User accounts are not public and cannot be indexed by search engines. On termination of the User account, the data present in the User account are deleted, except for those cases in which their storage is necessary for reasons of commercial or tax law pursuant to § 6 (1)(c) GDPR. When terminating, Users themselves are responsible for the storage of their data in due time before the end of the contract. We reserve the right to irrevocably delete all User data stored for the duration of the contract.
4.3. We store the IP address and time of day of each User registration, log-in action, and when our online services are used. We and the User have a justified interest in storing these data, as it protects against misuse and unauthorised use. These data are generally not transmitted to third parties, except for those cases in which this is necessary to pursue our claims or if legally obliged pursuant to § 6 (1)(c) GDPR.
4.4. We process usage data (e.g. the websites of our Online Offer visited, interest in our products) and certificate data (e.g. contact form entries or the User profile) for advertisement purposes, creating a User profile that allows for the e.g. inclusion of product information based on the services already used.
5. Contacting
5.1. When contacting us (via contact form or e-mail), User information is processed to process and handle the contact request pursuant to § 6 (1)(b) GDPR.
5.2. User information might be stored in our customer relationship system (“CRM System”) or a comparable enquiry organisation system.
6. Comments and contributions
6.1. When leaving a comment or other type of contribution, the Users’ IP addresses are stored for seven (7) days on the basis of our justified interests in accordance to § 6 (1)(f) GDPR.
6.2. This protects us from cases in which a contributor leaves behind illicit content (insults, illicit political propaganda, etc.). In this case, we can be held liable for this comment or contribution, justifying our interest in the contributor’s identity.
7. Elicitation of access data and log files
7.1. On the basis of our justified interests in accordance with § 6 (1)(f) GDPR, we collect data about each access to a server hosting our service (so-called server logfiles). These data include the name of the website accessed, date and time of access, data quantity transmitted, notification of successful access, browser type and version, User operating system, referrer URL (website visited before), IP address, and requesting provider.
7.2. Logfile information are stored for a maximum of seven (7) days for security reasons (e.g. to clarify malicious or fraudulent actions). The data are then deleted, unless their further storage is necessary for purposes of evidence, in which case they are stored until the relevant case is clarified in full.
8. Cookies & reach measurement
8.1. Cookies are pieces of information that are transmitted by our web server or the web server of a third party to the User web browser and stored there for later access. Cookies can either be small files or other types of data storage.
8.2. We use so-called “session cookies”, which are only stored for the duration of the visit to our online service (e.g. to store your log-in status and offer our shopping cart function, vital to your use of our Online Offer). These session cookies contain a randomly generated unique identifier, a so-called session ID. Moreover, cookies include information on their origin and storage duration. These cookies are not capable of storing other data. Session cookies are deleted at the end of your visit to our Online Offer on logging out of our service or closing the browser.
8.3. The Users are informed about the use of cookies for pseudonymised reach measurement in this Data Privacy Statement.
8.4. If Users do not desire the storage of cookies on their computer, they are requested to disable the relevant function in their browser’s system settings. Stored cookies can be deleted here as well. The functionalities of this Online Offer can be limited by disabling cookies.
8.5. You can express your objection to the use of cookies for reach measurement or advertising purposes through the deactivation page of the network advertising initiative (http://optout.networkadvertising.org/) and additionally through the US page (http://www.aboutads.info/choices) or European page (http://www.youronlinechoices.com/uk/your-ad-choices/).
9. Google Analytics
9.1. We use Google Analytics on the basis of our justified interests (interest pertaining to the analysis, optimisation, and economical operation and safety of our Online Offer pursuant to § 6 (1)(f) GDPR). This is a web analysis service by Google Inc. (“Google”). Google uses cookies. The information gather by the cookie on Users’ use of the Online Offer is generally transmitted to a Google server in the US and stored there.
9.2 Google is certified with the privacy shield, which guarantees compliance with European data protection regulations (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
9.3. This information is used by Google, as commissioned by us, to analyse the User’s use of our Online Offer, to compile reports on the activities performed within this Online Offer, and to render other services related to the use of this Online Offer and Internet use. The data processed can be used to create pseudonymised User usage profiles.
9.4. We use Google Analytics to only display advertisements, within the advertisement service network of Google and its partners, to those Users who demonstrated an interest in our Online Offer and who possess certain characteristics (e.g. interests in certain topics or products as determined from the browsing history). These advertisements are transferred by us to Google (so-called “remarketing audiences”, or “Google Analytics audiences”). Remarketing audiences helps additionally ensure that our advertisements correspond to the potential interests of Users and do not have a harassing effect.
9.5. We only use Google Analytics with active IP anonymisation. The User IP address is truncated by Google within EU member states or other parties to the Agreement on the European Economic Area. The full IP address is only transmitted to a Google server in the US and truncated there in exceptional cases.
9.6 The IP address transmitted by the User’s browser is not collated with other Google data. Users can make settings in their browser software to prevent the storage of cookies. Users can additionally prevent Google’s gathering of data related to their use of the Online Offer by the cookie and Google’s processing thereof by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
9.7. Further information on the data usage by Google and configuration and rejection options can be found on the websites of Google: https://policies.google.com/privacy/partners?hl=en (“How Google uses data when you use our partners' sites or apps”), https://policies.google.com/technologies/ads?hl=en ("Advertising"), http://www.google.de/settings/ads (“Managing the information Google uses to show you ads”).
10. Google-Re/Marketing-Services
10.1. We use the marketing and remarketing services (“Google Marketing Service”) by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, US, (“Google”) on the basis of our justified interests (interest pertaining to the analysis, optimisation, and economical operation and safety of our Online Offer pursuant to § 6 (1)(f) GDPR).
10.2. Google is certified with the privacy shield, which guarantees compliance with European data protection regulations (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
10.3. The Google Marketing Services allow us to only present advertisements for and on our website that are better tailored to the potential interests of Users. If a User is shown e.g. advertisements for products in which he has shown interest other websites, this is referred to as “remarketing”. To this end, on accessing our and other websites with active Google Marketing Services, Google immediately executes a code and includes so-called (re)marketing tags (invisible graphics or code, also referred to as “Web Beacons”) into the website. These allow for the storage of a unique cookies (small file) on the User’s device (or comparable technology). The cookies can originate from various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com, or googleadservices.com. This file includes information on the websites visited by the user, in which content interest has been shown, which offers have been clicked on, further information on the browser and operating system, referring websites, time of visit, as well as further information about the use of the Online Offer. In addition, the User’s IP address is logged. We inform Users that the User’s IP address is truncated by Google within EU member states or other parties to the Agreement on the European Economic Area. The full IP address is only transmitted to a Google server in the US and truncated there in exceptional cases. The IP address is not collated with User data within different Google offers. The aforementioned information can be connected by Google to similar information from other sources. If the User subsequently visits other websites, he might be shown advertisements tailored to his interests.
10.4. User data are pseudonymised for processing within the scope of Google Marketing Services, i.e. Google does not store or process the User e-mail address or name, but rather the relevant data related to the cookie within the pseudonymised User profile. Google does not manage and display advertisements for and to a specifically identified person, but rather for the owner of the cookie, regardless of who the owner is, except for those cases in which Users expressly consent to Google’s processing of these data without pseudonymisation. The data gathered by the Google Marketing Services about the Users are transmitted to Google and stored on Google servers in the US.
10.5. The Google Marketing Services used by us include the online advertisement programme “Google AdWords”, each AdWords customer receives a unique “conversion cookie” within the scope of Google AdWords. As such, cookies cannot be tracked through the websites of AdWords customers. The information gathered through these cookies are used to compile conversion statistics for AdWords customers who opted for conversion tracking. The AdWords customers are provided with the overall number of Users who clicked on their advertisements and were subsequently forwarded to a website which includes the conversion tracking tag. However, they do not receive information that allows for the personal identification of Users.
10.6. We can optionally also use the “Google Optimizer” services, which allows us to perform so-called “A/B testing” to track the effects of certain website modifications (e.g. input field changes, design changes, and the like). Cookies are stored on User devices for these test purposes. All User data are solely processed in a pseudonymised manner.
10.7. We might additionally use the “Google Tag Manager” to include and manage Google analysis and marketing services in our website.
10.8. Further information on Google’s use of data for marketing purposes can be found on the overview page: https://policies.google.com/technologies/ads?hl=en, and Google’s Data Privacy Statement can be accessed here https://policies.google.com/privacy?hl=en.
10.9. If you wish to express your objection to interest-based advertisement through Google Marketing Services, you can use the opt-out and settings possibilities provided by Google: http://www.google.com/ads/preferences.
11. Facebook Social Plugins
11.1. We use the social plugins (“Plugins”) of the social network facebook.com, operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland on the basis of our justified interests (interest pertaining to the analysis, optimisation, and economical operation and safety of our Online Offer pursuant to § 6 (1)(f) GDPR). These plugins might display interaction elements or content (e.g. videos, graphics, or textual contributions). They can be recognised by one of the Facebook logos (white “f” on a blue tile, the term “Like”, or a “Thumbs up” sign) or are labelled as such with the additional mention “Facebook Social Plugin”. A list of Facebook Social Plugins and their appearance can be found here https://developers.facebook.com/docs/plugins/.
11.2. Facebook is certified with the privacy shield, which guarantees compliance with European data protection regulations (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
11.3. If a User accesses a function of this Online Offer, which contains such a Plugin, the User device establishes a direct connection to the Facebook servers. The Plugin content is transmitted directly by Facebook to the User device and included into the Online Offer. The processed data allow for the creation of a User usage profile. Thus, we cannot influence the scope of data collection through the Facebook Plugin and will inform Users in accordance with the state of our knowledge.
11.4. By including the Plugin, Facebook receives information about a User’s access to a certain website of the Online Offer. Facebook can assign the User’s visit to his Facebook account if the User is logged in to Facebook. If Users interact with the Plugins, i.e. by clicking on the Like button or leaving a comment, the relevant information is directly transmitted by your device to Facebook and stored there. If the User is not a member of Facebook, there still exists the possibility of Facebook identifying and storing his IP address. Facebook claims that, in Germany, all IP addresses are anonymised before storage.
11.5. The purpose and scope of the data collection and the ongoing processing and use of the data by Facebook as well as the User rights and setting options related to this to protect your privacy can be consulted in the Facebook data privacy policy: https://www.facebook.com/about/privacy/.
11.6. If a User is a Facebook member and does not want Facebook to collect data on him through this Online Offer and to link these data with his data stored on his Facebook account, he needs to log out from Facebook and delete his cookies before using our Online Offer. The Facebook profile offers further settings to manage or object to the use of data for advertising purposes: https://www.facebook.com/settings?tab=ads or through the US website http://www.aboutads.info/choices/ or the European website http://www.youronlinechoices.com/. The settings function across platforms, i.e. they are adopted for all devices such as desktop computer or mobile devices.