This document provides information on the data that is collected when visiting or using our website and how it is used, processed and transferred.
Controller within the meaning of data protection law: Releezer Deutschland GmbH(hereinafter referred to as RELEEZER)
Data protection officer of the controller:Managing Director: Thilo Noack
E-mail: [email protected]
Customers should contact the data protection officer stated above if they wish to assert their rights stated in this Data Protection Policy or if they have questions about the use, collection or processing of personal data.
As the controller in accordance with data protection law, RELEEZER undertakes to protect the personal data and privacy of its customers and to treat it as confidential. Personal data is collected, stored, modified, transferred, blocked, deleted and used on the basis of the applicable legal provisions, particularly the General Data Protection Regulation (GDPR).
RELEEZER implements technical and organisational security measures to protect the data of its customers against access by unauthorised persons, accidental or malicious manipulation, destruction or loss.
Section 1 Access dataWhen using the website for information purposes, RELEEZER only collects the personal data transferred by the customer’s browser to RELEEZER’s server. If customers wish to view RELEEZER’s website, RELEEZER collects the following data, which is technically required for displaying the website to the customers and ensure its stability and security:
However, the webserver stores this data separately from other data and RELEEZER does not allocate this data to a specific person.
These data processing activities are based on Art. 6 (1) S. 1 lit. f GDPR to maintain the legitimate interests of RELEEZER, namely the optimisation of the website.
Section 2 Use of cookiesIn addition to the above data, cookies are stored on customer’s computer when using the website. Cookies are small text files that are stored on the hard drive and allocated to the browser used by the customer, which provide the instance installing the cookie with certain information. Cookies cannot execute any programs or transfer viruses to the computer. They serve to create an overall more user-friendly and effective website.
The following types of cookies are used on the RELEEZER website, whose scope and type of function is explained below:
a) Transient cookies are automatically deleted when you close the browser, including session cookies, in particular. They store a so-called session ID which is used for allocating various requests made by your browser to the joint session. This makes it possible to recognise your computer when you return to the website. Session cookies are deleted when you log out. b) Persistent cookies are automatically deleted after a specified period, which can differ depending on the cookie. You can delete cookies at any time in the system settings of your browser. These data processing activities are based on Art. 6 (1) S. 1 lit. f GDPR to maintain the legitimate interests of RELEEZER, namely the optimisation of the website.
a) Transient cookies are automatically deleted when you close the browser, including session cookies, in particular. They store a so-called session ID which is used for allocating various requests made by your browser to the joint session. This makes it possible to recognise your computer when you return to the website. Session cookies are deleted when you log out. b) Persistent cookies are automatically deleted after a specified period, which can differ depending on the cookie. You can delete cookies at any time in the system settings of your browser. These data processing activities are based on Art. 6 (1) S. 1 lit. f GDPR to maintain the legitimate interests of RELEEZER, namely the optimisation of the website.
Section 3 Collection and use of personal data when sending a contact requestWhen contacting RELEEZER via e-mail or contact form, RELEEZER stores the disclosed data (your e-mail address and name) to answer the query. RELEEZER deletes the data transferred in this respect once it is no longer required, e.g. when the matter has been dealt with. Otherwise, data processing is restricted if there are mandatory retention periods. This data is processed on the basis of Art. 6 (1) S. 1 lit. a GDPR in conjunction with the consent given by the customer.
Section 4 Collection of personal data for the conclusion of agreements and paymentsThe following personal data is stored within the scope of an order:
RELEEZER exclusively uses this data for the fulfilment of the agreement and the related necessary communication with the customer. This includes the initiation, conclusion, processing, assurance and, if necessary, reversal of the agreement. The data is stored until the entire agreement has been fulfilled. The data may be stored up to 10 years if there exist any retention periods under trade and tax law. These data processing activities are based on Art. 6 (1) S. 1 lit. b GDPR for the fulfilment of the agreement. The continued storage under tax and trade law is based on necessity in accordance with Art. 6 (1) S. 1 lit. c GDPR.
Section 5 Data transferRELEEZER only transfers personal data if and insofar as this is required for the fulfilment of the agreement or maintaining the legitimate interests of RELEEZER. RELEEZER engages external service providers (order processors) for the fulfilment of the agreement. Separate order processing agreements have been concluded with the service providers to ensure the protection of the customer’s personal data.
The customer’s forename, surname, address, e-mail address and phone number are transferred to the shipper for the purpose of dispatching the goods. This data is transferred for the fulfilment of the contractual relationship with you, the customer. The legal basis for these data processing activities is Art. 6 (1) S. 1 lit. b GDPR.
The customer’s payment data, namely forename, surname, address, e-mail address and phone number, is transferred to the respective payment service provider for processing payments. This data is processed for the fulfilment of the contractual relationship with you, the customer, on the basis of the consent issued by you. The legal basis for these data processing activities is Art. 6 (1) S. 1 lit. a and b GDPR.
Section 6 Use of data for advertising purposes and newslettersRELEEZER uses personal customer data for sending newsletters to customers, but only if customers have given their consent in this respect.
The newsletters are sent via “MailChimp”, a newsletter sending platform of the US provider, Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.
The e-mail addresses, as well as further data described in this policy, of our newsletter recipients is stored on the MailChimp servers in the USA. MailChimp uses this information for sending and analysing the newsletters as per our order. According to its own information, MailChimp may use this data for optimising or improving its own services, e.g. for the technical optimisation of the sending process and display of the newsletter or for economic purposes to determine the country of the recipients. However, MailChimp does not use the data of our newsletter recipients for contacting them directly or transferring it to third parties.
You can read the MailChimp data protection policy here: https://mailchimp.com/legal/privacy
The newsletter contains a “web beacon”, i.e. one-pixel file that is accessed by the MailChimp server when opening the newsletter. When accessing this file, technical information, such as your browser and system as well as IP address and time of access, is collected. This information is used for the technical improvement of the services using the technical data or target groups and their read behaviour based on the access locations (which is determined through the IP address).
The statistical data collection also includes the determination if and when the newsletters are opened and which links are being clicked. This information can be allocated to the individual newsletter recipients for technical reasons. However, neither us nor MailChimp plan to monitor individual users. We rather use the analyses for recognising the read behaviour of our users and adjust our contents accordingly or for sending different contents based on the interests of our users.
The only mandatory data to be entered for sending the newsletter is the e-mail address. Any other, separately marked data is entered on a voluntary basis and is used for addressing the customer in person. Once confirmed, RELEEZER stores the customer’s e-mail address for sending the newsletters.
Customers may withdraw their consent for sending the newsletter at any time and unsubscribe from the newsletter. Customers can unsubscribe from the newsletter by clicking on the link provided in each newsletter, through the form on the RELEEZER website or by e-mailing [email protected].
These data processing activities are based on the customer’s consent and the legal basis is Art. 6 (1) S. 1 lit. a GDPR. Section 7 Use of plug-ins
We use social media plug-ins (hereinafter referred to as plug-ins) of the following providers:
Facebook, YouTube, Instagram, Twitter.
We use the two-click solution, meaning that no personal data is initially transferred to the plug-in providers when you visit our website. You can recognise the plug-in provider by the marking in the box above its initials or logo. We give you the option to communicate directly with the plug-in provider by clicking on the button. The plug-in provider receives the information that you have accessed the corresponding page of our website only when you click on the marked field, thus activating it. By activating the plug-in, you therefore transfer personal data to the respective plug-in provider, where it is stored (in the USA in the case of US providers). As the plug-in provider collects the data particularly through cookies, we recommend that you delete all cookies in the security settings of your browser before clicking on the grey box.
We do not have any influence over the data collected and data processing activities nor are we aware of the full scope of data collection, the purposes of data processing and its retention periods. We also do not have any information of the deletion of the collected data by the plug-in provider.
The plug-in provider stores your personal data collected as user profiles and uses it for the purpose of advertising, market research and/or needs-based design of its website. Such analysis is performed, in particular (including for logged out users), for displaying needs-based advertising and for informing other social network users of your activities on our website. You have the right to object to the creation of these user profiles. Please contact the respective plug-in provider directly if you wish to exercise this right. With the plug-ins we provide you with the option of interacting with the social networks and other users so that we can improve our website and create more interesting content for you.
The data is transferred regardless of you having an account with the plug-in provider and being logged in or not. If you are logged in with the plug-in provider, your data collected by us is allocated directly to your account with the plug-in provider. If you click on the activated button and link the page, for instance, the plug-in provider also stores this information in your user account and publically displays it to your contacts. We recommend that you log out every time you have used a social network, but particularly before activating the button as you can avoid an allocation to your profile with the plug-in provider by doing so.
For further information on the purpose and scope of data collection and processing by the plug-in provider, please read the data protection policies of these providers below. You can also contact these providers to obtain information on your related rights and settings options to protect your privacy:
YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is a subsidiary of Google LLC, which has agreed to comply with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA; for further information please go to the Instagram data protection policy: http://instagram.com/about/legal/privacy/ ; Instagram has agreed to comply with the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework
Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA; for further information on the Twitter data protection policy go to http://twitter.com/privacy ; Twitter Inc. has agreed to comply with the principles of the EU-US Privacy Shield. For further information in this respect please go to: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active
Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland; Facebook Inc., the US parent company of Facebook Ireland Ltd., is certified in accordance with the EU-US Privacy-Shield and therefore undertakes to comply with the provisions of European data protection law. For further information on the Facebook Privacy Shield status go to: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active. You can read the full Facebook data protection policy here: https://de-de.facebook.com/full_data_use_policy
These data processing activities are based on the provisions of Art. 6 (1) S. 1 lit. a GDPR and your consent as well as on Art. 6 (1) S. 1 lit. f GDPR for the maintenance of the legitimate interests of RELEEZER, namely the optimisation of the website.
Section 8 Use of toolsThis website uses web fonts provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, for the standardised display of fonts. Google Fonts are installed locally. No connection with the Google servers is created.
Google reCAPTCHAWe use the “Google reCAPTCHA” function (hereinafter referred to as “reCAPTCHA”) of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (“Google“).
reCAPTCHA is used for checking if the data has been entered on our website (e.g. in a contact form) by a human or automated program. To do so, reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. This analysis is performed automatically as soon as the visitor enters the website. reCAPTCHA analyses various information for this purpose (e.g. IP address, duration of visit to the website by the user or mouse movements carried out by the user). The data collected during the analysis is transferred to Google. The reCAPTCHA analyses run entirely in the background. Website visitors are not notified that an analysis is being carried out.
For further information on Google’s reCAPTCHA and data protection policy go to the following links: https://policies.google.com/privacy?hl=de and https://www.google.com/recaptcha/intro/android.html.
The data is processed for the purpose of maintaining the legitimate interests of RELEEZER, namely the protection of the website against malicious spybots and SPAM: The legal basis for these data processing activities is Art. 6 (1) S. 1 lit. f GDPR.
Section 9 Facebook fan pageFor the information service provided in this case, RELEEZER uses the technical platform and services of Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland (“Facebook”) In the opinion of the European Court of Justice, there is a joint responsibility within the meaning of Art. 26 GDPR between Facebook and the operator of a Facebook fan page for the personal data processed through the Facebook fan page. For this reason, Facebook and RELEEZER have concluded an agreement on their joint responsibility, which you can access on the fan page.
RELEEZER provides you with the following data processing information on our Facebook fan page:
(1) Controllers
Your personal data on the RELEEZER Facebook fan page is processed in joint responsibility with: Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland
(2) Data processing
When accessing a Facebook fan page, the IP address of your device is transferred to Facebook. According to the information provided by Facebook, this IP address is anonymised and deleted after 90 days, if it is a German IP address. Facebook also stores further information on the devices of its users, such as the browser used. Facebook may therefore be able to allocate IP addresses to individual users. If you are logged into your Facebook account while visiting our fan page, there will be a cookie on your device with your Facebook ID. This cookie enables Facebook to trace that you have visited our fan page and how you have used it. Facebook uses this information for presenting you with tailored contents and advertising.
If you do not wish for this to happen, you should log out of your Facebook account and/or deactivate the “Stay logged in” function. We further recommend that you delete any cookies stored on your device and close and re-open your browser. Facebook information, through which Facebook can create a link to you, is deleted during this process. However, if you wish to use the interactive functions of our fan page, you have to log into your Facebook account again with your Facebook registration data. This enables Facebook again to create a link to you. Facebook does not conclusively and clearly state how Facebook uses the data collected during the visit of Facebook pages for its own purposes, to which extent activities on the Facebook page can be allocated to individual users, how long Facebook stores this data and if the data collected during a visit to a Facebook page is transferred to third parties and we also do not have any knowledge of these matters. We are therefore only able to refer you to the Facebook data protection policy in this respect as a user of our fan page. Your data collected in this respect is processed by Facebook and may be transferred to non-EU countries in the process.
If you do not wish for this to happen, you should log out of your Facebook account and/or deactivate the “Stay logged in” function. We further recommend that you delete any cookies stored on your device and close and re-open your browser. Facebook information, through which Facebook can create a link to you, is deleted during this process. However, if you wish to use the interactive functions of our fan page, you have to log into your Facebook account again with your Facebook registration data. This enables Facebook again to create a link to you. Facebook does not conclusively and clearly state how Facebook uses the data collected during the visit of Facebook pages for its own purposes, to which extent activities on the Facebook page can be allocated to individual users, how long Facebook stores this data and if the data collected during a visit to a Facebook page is transferred to third parties and we also do not have any knowledge of these matters. We are therefore only able to refer you to the Facebook data protection policy in this respect as a user of our fan page. Your data collected in this respect is processed by Facebook and may be transferred to non-EU countries in the process.
Facebook gives a general description of the type of information received by Facebook and its use in its data processing policy. This policy also contains information on way to contact Facebook as well as the settings options for adverts. The data processing policy is available at the following link: http://de-de.facebook.com/about/privacy
You can read the full Facebook data protection policy here: https://de-de.facebook.com/full_data_use_policy
The Facebook data protection policy contains further information on data processing:
https://www.facebook.com/about/privacy/
You can opt out here: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com
Facebook Inc., the US parent company of Facebook Ireland Ltd., is certified in accordance with the EU-US Privacy-Shield and therefore undertakes to comply with the provisions of European data protection law. For further information on the Facebook Privacy Shield status go to: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
We, the operator of the Facebook fan page, are unable to assess the transfer and further processing of personal user data to and in third countries, such as the USA, and possible related risks to you, the user.
(3) Insight function
Facebook also provides a number of statistical data for SBS-Legal as a fan page operator within the scope of the “Insights” function. Facebook prepares and provides these statistics. We, the operator of the fan page, do not have any influence of the preparation and, in particular, are unable to prevent this function. The following information is provided to us as part of the “Insight” function for the categories “Fans”, “Subscribers”, “Persons reached” and “Interactive persons”, for a specifiable period of time each:
Page activities, such as page accesses, page preview, activities on the page, reach activities, such as “Like”, persons reached and recommendations, contributions, such as interactions with contributions, video views, comments and shared content. We are also provided with statistical information on the Facebook groups that are linked to our fan page. In accordance with Facebook’s terms and conditions of use, which every user has agreed with when creating a Facebook profile, we can also identify the subscribers and fans of the page and access their profiles and other shared information.
For further information in this respect, please go to the following link provided by Facebook: http://de-de.facebook.com/help/pages/insights.
RELEEZER uses this aggregated data for creating more attractive contributions and activities for users on the fan page, such as the planning and scheduling of contributions. The legal basis for these data processing activities is Art. 6 (1) S. 1 lit. f GDPR, namely our legitimate interest in optimising our content.
(4) Storage period
We store the information transferred by Facebook only for as long as your interest in its deletion or anonymisation does not outweigh our interests.
If in the future, you no longer wish for the data to be processed as described in this policy, please unsubscribe from our fan page by using the “Unlike this page” and/or “Unsubscribe” functions to unlink your user profile from our fan page.
(5) Your rights as a data subject
We recommend that you contact Facebook directly with any requests for information or other questions regarding your rights that are stated at the end of this Data Protection Policy as only Facebook has full access to the user data. However, we shall naturally deal with any questions you may send to us and additionally forward them to Facebook. Section 10 Rights of the data subjects Data subjects have the right to:
For a list of supervisory authorities in Germany go to https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
Austrian data protection authority: https://www.dsb.gv.at/
We hope that this information has helped you in the assertion of your rights. Please do not hesitate to contact us should you require further information on the data protection regulations.
Data Protection Policy version: 10/05/2019