Wish List 0

Terms & Conditions

Terms & Conditions and Privacy Policy

Privacy policy

We are extremely pleased that you have shown interest in our company. Data protection is a particularly high priority for the management of Rivana Limited. The use of the websites of Rivana Limited is possible without instructions for personal data; however, if a data subject wishes to use special corporate services through our website, the processing of personal data may be necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.

The processing of personal data, such as the name, address, e-mail address or telephone number of the data subject, must always comply with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection data applicable to Rivana Limited. With this privacy statement, our company would like to inform the general public about the nature, scope and purpose of the personal data we collect, use and process. In addition, data subjects are informed through this data protection statement and of the rights to which they are entitled.

As an administrator, Rivana Limited implements a number of technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based technologies can generally have security vulnerabilities, so absolute protection cannot be guaranteed. For this reason, each data subject has the freedom to transfer personal data to us by alternative means, e.g. by phone.

1. Definitions

The data protection declaration of Rivana Ltd is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection statement must be legible and understandable to the general public, as well as to our customers and business partners. To ensure this, we would first like to explain the terminology used.

In this data protection statement we use the following terms:

• a) Personal data

Personal data means any information relating to an identified or identifiable natural person ("data subject"). A distinguishing individual may be identified directly or indirectly, in particular by an identifier such as name, identification number, location data, online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of this individual.

B) data subject

A data subject is any identified or identifiable natural person whose personal data are processed by the controller responsible for the processing.

• In progress

Processing is any operation or set of operations that is performed on personal data or on sets of personal data, whether by automated means such as collection, recording, organization, structuring, storage, adaptation or modification, retrieval, disclosure by transmission, distribution or otherwise grant, arrange or combine, limit, delete or destroy.

• d) Restriction of processing

Restriction of processing is the marking of stored personal data in order to limit their processing in the future.

• e) Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data for the assessment of certain personal aspects relating to an individual, in particular for the analysis or prediction of aspects related to the work of the individual in the workplace, economic situation, health, interests, reliability, behavior, location or movements.

• f) Alias

Pseudonymisation is the processing of personal data in such a way that personal data can no longer be attributed to a specific individual without the use of additional information, provided that this additional information is kept separate and subject to technical and organizational measures to ensure that personal data are not attributed to an identified or identifiable natural person.

• g) Controller responsible for processing

The controlling authority or the controller responsible for the processing is a natural or legal person, public authority, agency or other authority which, alone or jointly with others, determines the purposes and means for the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for his nomination may be provided for by Union or Member State law.

• h) Processor

The processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.

• i) Recipient

The recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the context of a specific investigation in accordance with Union or Member State law shall not be considered as recipients; the processing of this data by these public authorities is in accordance with the applicable data protection rules in accordance with the purposes of the processing.

• j) a third party

The third party is a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct right of the controller or processor, have the right to process personal data.

j) Consent

The consent of the data subject is any free, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by statement or by clear action, consents to the processing of personal data relating to him or her,

2. Name and address of the administrator

The controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in the Member States of the European Union, and other provisions related to data protection are:

 

Rivana Limited

Bulgaria Blvd. 240

4000 Plovdiv

Bulgaria Plovdiv

Phone: 032 210 820

Email: info@rivana.eu

Website: www.rivana.eu

3. Name and address of the data protection officer

The controller's data protection officer is:

Mr. Zhivko Zhelev

Rivana Limited

Bulgaria Blvd. 240

4000 Plovdiv

Bulgaria

Phone: 0988818511

Email: info@rivana.eu

Website: www.rivana.eu

Any data subject can at any time contact our data protection officer directly with any questions and suggestions regarding data protection.

 

4. Cookies

The websites of Rivana Limited use cookies. Cookies are text files that are stored on a computer system through an Internet browser.

Many websites and servers use cookies. Many cookies contain the so-called "ID cookie". A cookie ID is a unique identifier for a cookie. It consists of a string of characters through which web pages and servers can be assigned to the specific internet browser in which the cookie is stored. This allows the websites and servers visited to distinguish the individual browsers of the object data from other internet browsers that contain other cookies. A specific internet browser can be recognized and identified by the unique identifier of the cookie

By using cookies, Rivana Limited may provide users of this website with easier-to-use services that would not be possible without the setting of cookies.

With the help of a cookie, the information and offers on our website can be optimized for the user. Cookies allow us , as already mentioned, to recognize our website users. The purpose of this recognition is to make it easier for users to use our website. The user of the website who uses cookies, e.g. it is not necessary to enter access data every time the website is accessible, because this is taken over by the website and so the cookie is stored in the user's computer system. Another example is the shopping cart cookie in an online store. The online store remembers the articles that the customer has placed in a virtual shopping cart through a "cookie".

The data subject may at any time prevent the setting of cookies through our website through the appropriate setting of the Internet browser used and thus permanently refuse the setting of cookies. In addition, pre-set cookies can be deleted at any time via an Internet browser or other software programs. This is possible with all popular internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable.

5. Collection of general data and information

The site of Rivana collects a series of general data and information when a data object or an automated system calls the website. This general data and information is stored in server logs. Collected can be (1) the types and versions of the browser used, (2) the operating system used by the access system, (3) the website from which it reaches our website (the so-called References), (4) 5) the date and time of access to the website, (6) the address of the Internet Protocol (IP address), (7) the ISP of the access system and (8) all other similar data and information that may be used in case of attacks on our information technology systems.

When using this general data and information, Rivana Limited does not draw any conclusions about the data subject. Rather, this information is needed to: (1) make the right content for our website, (2) optimize the content of our website as well as its advertising, (3) ensure the long-term viability of our information and web technologies. , and (4) provide law enforcement authorities with the necessary information to prosecute in the event of a cyber attack. Therefore, Rivana Limited analyzes statistically anonymously collected data and information in order to increase data protection and data security of our company and to ensure an optimal level of protection of personal data that we process. The anonymous data of the server log files is stored separately from all personal data provided by the data subject.

6. Registration on our website

The data subject has the opportunity to register on the administrator's website with personal data. Which personal data is transmitted to the controller is determined by the corresponding input mask used for registration. The personal data entered by the data subject are collected and stored exclusively for internal use by the controller and for his own purpose. The controller may request a transfer to one or more processors (eg parcel services) that also use personal data for internal purposes that can be attributed to the controller.

With your registration on the administrator's website, the IP address determined by the Internet service provider (ISP) and used by the respective site - date and time of registration is also saved. The storage of this data takes place against the background of the fact that this is the only way to prevent the misuse of our services and, if necessary, to enable the investigation of committed crimes. To the extent that the storage of this data is necessary to provide the controller. These data shall not be transferred to third parties unless there is a legal obligation to transfer the data or if the transfer serves the purpose of criminal prosecution.

The registration of a data subject with voluntary indication of personal data is intended to enable the controller to provide the data subject with content or services that can only be offered to registered users due to the nature of the issue in question. Registered persons may at any time change the personal data specified during the registration or delete them completely from the data of the administrator.

The controller shall at any time provide information at the request of each data subject on what personal data is stored for the data subject. In addition, the data controller shall correct or delete personal data at the request or indication of the data subject, insofar as there are no legal retention obligations. All staff of the controller shall be available to the data subject in this respect as contact persons.

7. Subscribe to our newsletters

In the site of Rivana Limited users get the opportunity to subscribe to the newsletter of our company. The input mask used for this purpose determines which personal data is transmitted and when the bulletin is ordered by the administrator.

Rivana Limited regularly informs its customers and business partners through a newsletter for proposals for companies. The enterprise information bulletin may be obtained from the data subject only if (1) the data subject has a valid e-mail address and (2) the data registers for the transmission of the bulletin. The confirmation email address will be sent to the email address registered by the data subject for the first time to send a newsletter for legal reasons in the double inclusion procedure. This confirmation email is used to prove that the owner of the email address as the data subject is authorized to receive the newsletter.

During the registration for the newsletter, we also store the IP address of the computer system determined by the Internet Service Provider (ISP) and used by the data subject during the registration, as well as the date and time of the registration. The collection of this data is necessary to understand the (possible) misuse of the data subject's e-mail address at a later date and therefore serves the purpose of the legal protection of the controller.

Personal data collected as part of the newsletter registration will only be used to send our newsletter. In addition, newsletter subscribers may be informed by e-mail to the extent necessary for the functioning of the newsletter or the registration in question, as this may happen in the event of changes in the newsletter offer or in the event of a change in technical circumstances. . There will be no transfer of personal data collected from the newsletter to third parties. Subscription to our newsletter may be terminated by the data subject at any time. The consent to the storage of personal data provided by the data subject for the transmission of the newsletter may be revoked at any time. For the purposes of revoking the consent, there is a corresponding link in each bulletin. It is also possible to unsubscribe from the newsletter at any time directly on the administrator's website or to inform the administrator in a different way.

 

8. Tracking the newsletter

The bulletin of Rivana Limited contains the so-called tracking pixels. The tracking pixel is a miniature graphic embedded in such emails that are sent in HTML format to allow logging and analysis. This allows statistical analysis of the success or failure of online marketing campaigns. Based on the built-in tracking pixel, Rivana Limited can see if and when e-mail was detected by a data subject and which links in the e-mail were called by the data subjects.

Such personal data collected in the tracking pixels contained in the newsletters are stored and analyzed by the controller in order to optimize the sending of the newsletter, as well as to adapt the content of future newsletters even better to the interests of the data subject. This personal data will not be passed on to third parties. Data subjects have the right at any time to revoke the relevant separate declaration of consent issued through the double inclusion procedure. After cancellation, this personal data will be deleted by the administrator. Rivana Limited automatically considers withdrawal from the receipt of the cancellation bulletin.

9. Opportunity to contact through the website

The site of Rivana Ltd. contains information that allows quick electronic contact with our company, as well as direct communication with us, which includes a general address of the so-called e-mail (email address). If a data subject contacts the controller by e-mail or contact form, the personal data transmitted by the data subject are stored automatically. Such personal data, transferred on a voluntary basis by a data subject to the data controller, shall be stored for the purpose of processing or communication with the data subject. There is no transfer of this personal data to third parties.

10. The function for comments in the blog of the website

Rivana Ltd. offers users the opportunity to leave separate comments for individual blog contributions to a blog that is on the administrator's page. A blog is a web-based, publicly accessible portal through which one or more people, called bloggers or web bloggers, can publish articles or write thoughts in so-called blogposts. Blogposts can usually be commented on by third parties.

If a data subject leaves a comment on the blog published on this website, the comments made by the data subject are also stored and published, as well as information about the date of the comment and the user's chosen nickname (nickname). The IP address set by the data service provider's Internet Service Provider (ISP) is also recorded. This storage of the IP address is done for security reasons, and in cases where the data subject infringes the rights of third parties or releases illegal content through a comment. The retention of this personal data is therefore in the data controller's own interest so that he can be justified in the event of a breach. The collected personal data will not be transferred to third parties, unless this transfer is required by law or serves to protect the data controller.

11. Subscribe to comments on the website blog

The comments made in the blog of Rivana EOOD can be recorded by third parties. In particular, a commenter is likely to subscribe to comments following his comments on a specific blog post.

If a data subject chooses to subscribe to the option, the administrator will automatically send a confirmation email to check the double-opt-in procedure to verify that the owner of the specified email address has decided in favor of this option. The option to subscribe to comments can be terminated at any time.

12. Routine deletion and blocking of personal data

The controller shall process and store the data subject's personal data only for the period necessary to achieve the purpose of storage, or to the extent provided by the European legislator or other legislative bodies in laws or regulations to which the controller is subject.

If the purpose of retention is not applicable or if the retention period set by the European legislator or other competent legislator expires, personal data is routinely blocked or deleted in accordance with legal requirements.

13. Rights of the data subject

• a) Right of confirmation

Every data subject has the right, given by the European legislator, to receive confirmation from the controller whether the personal data concerning him or her are being processed. If a data subject wishes to exercise this right of confirmation, he or she may at any time contact any employee of the controller.

• b) Right of access

Every data subject has the right, provided by the European legislator, to receive from the controller free of charge information about his personal data stored at any time and a copy of this information. In addition, European directives and regulations provide the data subject with access to the following information:

• the purposes of the processing;

• the categories of the relevant personal data;

• the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;

• where possible, the intended period for which the personal data will be stored or, if this is not possible, the criteria used to determine that period;

• the existence of the right to request the controller to correct or delete personal data or to restrict the processing of personal data relating to the data subject, or to oppose such processing;

• the existence of the right to lodge a complaint with a supervisory authority;

• when personal data are not collected by the data subject, the available information about their source;

• the existence of automated decision-making, including profiling, as referred to in Article 22 (1) and (4) of the GSRP, and at least in these cases relevant information on the relevant logic, as well as the significance and intended consequences of such processing for the data subject.

In addition, the data subject has the right to receive information on whether personal data are transferred to a third country or to an international organization. Where this is the case, the data subject shall have the right to be informed of the appropriate safeguards related to the transfer.

If a data subject wishes to exercise this right of access, he or she may at any time contact any employee of the controller.

• c) Right of rectification

Every data subject has the right, granted by the European legislator, to receive from the controller without undue delay the correction of inaccurate personal data concerning him. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data filled in, including by providing an additional statement.

If a data subject wishes to exercise this right of rectification, he or she may at any time contact any employee of the controller.

• c) Right of rectification

Every data subject has the right, granted by the European legislator, to receive from the controller without undue delay the correction of inaccurate personal data concerning him. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data filled in, including by providing an additional statement.

If a data subject wishes to exercise this right of rectification, he or she may at any time contact any employee of the controller.

• d) Right to be deleted (right to be forgotten)

Every data subject has the right, granted by the European legislator, to obtain from the controller the deletion of personal data relating to him without undue delay and the controller is obliged to delete personal data without undue delay when one of the following grounds exists. apply in so far as processing is not necessary:

Personal data are no longer needed for the purposes for which they were collected or otherwise processed.

• The data subject withdraws the consent on which the processing is based in accordance with Article 6 (1) (a) of the GDPR or Article 9 (2) (a) of the GDPR, and where there is no other legal basis for the land to be cultivated.

• The data subject objects to the processing under Article 21 (1) of the GDPR and has no overriding legitimate grounds for the processing or the data subject objects to the processing under Article 21 (2) of the GDPR.

• Personal data has been illegally processed.

• Personal data must be deleted in order to comply with a legal obligation under Union or Member State law to which the controller is subject.

• Personal data are collected in connection with the provision of information society services referred to in Article 8 (1) of the GDPR.

If one of the above reasons applies and the data subject wishes to request the deletion of personal data stored by Rivana EOOD, he or she may at any time contact any employee of the administrator. An employee of Rivana EOOD will immediately make sure that the request for deletion is complied with immediately.

Where the controller has made personal data public and is obliged to delete personal data in accordance with Article 17 (1), the controller shall, taking into account available technology and implementation costs, take reasonable steps, including technical measures, to inform other controllers. which the data subject has requested from those controllers to delete any link to a copy or copy or replication of that personal data in so far as no processing is required. Employees of Rivana EOOD will organize the necessary measures in individual cases.

• e) Right to limit processing

Each data subject has the right, granted by the European legislator, to receive processing restrictions from the controller when one of the following applies:

• The accuracy of personal data is challenged by the data subject for a period that allows the controller to verify the accuracy of personal data.

• The processing is illegal and the data subject opposes the deletion of personal data and instead requests that their use be restricted.

o The controller no longer needs the personal data for the purposes of processing, but they are required by the data subject to establish, exercise or defend legal claims.

• The data subject objects to the processing under Article 21 (1) of the GDPR until it has been verified that the controller's legitimate grounds exceed those of the data subject.

If one of the above conditions is met and the data subject wishes to request a restriction on the processing of personal data stored by Rivana EOOD, he or she may at any time contact any employee of the administrator. The employee of Rivana EOOD will arrange the restriction of the processing.

• f) Right to data portability

Each data subject has the right, provided by the European legislator, to receive his personal data, which have been provided to the controller, in a structured, frequently used and machine-readable format. He has the right to transfer this data to another controller without hindrance from the controller to whom the personal data have been provided, provided that the processing is based on the consent of Article 6 (1) (a) of the GDPR or Article 9 (2) (a) by the GDPR or a contract pursuant to Article 6 (1) (b) of the GDPR, and the processing is carried out automatically, in so far as the processing is not necessary for a task carried out in the public interest or in the exercise of public authority by the controller.

In addition, in exercising his right to data portability under Article 20 (1) of the GDPR, the data subject has the right to provide personal data directly from one controller to another where this is technically feasible and where this does not adversely affect the rights. and the freedoms of others.

In order to establish the right to data portability, the data subject may at any time contact any employee of Rivana Limited.

• g) Right to object

Every data subject has the right, granted by the European legislator, to object at any time on grounds relating to his or her specific situation to the processing of personal data concerning him or her based on point (e) or point (f). )) of Article 6 (1) of the GDPR. This also applies to profiling based on these provisions.

Rivana Limited no longer processes personal data in the event of an objection, unless we can prove convincing reasons for the processing that go beyond the interests, rights and freedoms of the data subject or for the establishment, exercise or protection of legal claims.

If Rivana Limited processes personal data for the purposes of direct marketing, the data subject has the right to object at any time to the processing of personal data relating to him for this marketing. This applies to profiling insofar as it relates to such direct marketing. If the data subject objects to Rivana Limited for processing for direct marketing purposes, Rivana EOOD will no longer process personal data for these purposes.

In addition, the data subject has the right, on grounds relating to his or her specific situation, to object to the processing of personal data relating to him or her by Rivana Limited for scientific or historical research or statistical purposes in accordance with Article 89 (1). of the GDPR, unless the processing is necessary for the performance of a task performed for reasons of public interest.

In order to exercise his right to object, the data subject may contact any employee of Rivana Limited. In addition, the data subject is free in the context of the use of information society services and, notwithstanding Directive 2002/58 / EC, to exercise his right to oppose by automated means using technical specifications.

• h) Automated individual decision making, including profiling

Every data subject has the right, granted by the European legislator, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on him or a similar significant impact on him, insofar as decision (1) is not necessary for the conclusion or performance of a contract between the data subject and the data controller, or 2) is not permitted by Union or Member State law to which the controller is subject and which also lays down appropriate measures to protect the rights and freedoms of the data subject and the legitimate interests or (3) is not based on the explicit consent of the data subject.

If the decision (1) is necessary for the conclusion or performance of a contract between the data subject and the data controller, or (2) it is based on the explicit consent of the data subject, Rivana Limited must apply appropriate measures to: protect the rights and the data subject's freedoms and legitimate interests, at least the right to receive human intervention from the controller, to express his point of view and to challenge the decision.

If the data subject wishes to exercise his rights with regard to the automated making of individual decisions, he can at any time contact any employee of Rivana Limited.

• i) Right to refuse consent to data protection

Every data subject has the right, given by the European legislator, to withdraw his or her consent to the processing of his or her personal data at any time.

If the data subject wishes to exercise his / her right to withdraw his / her consent, he or she may at any time contact any employee of Rivana Limited.

14. Data protection for applications and application procedures

The administrator collects and processes the personal data of the candidates for the purposes of processing the application procedure. Processing can also be done electronically. This is the case, in particular, if the applicant submits to the administrator the relevant application documents by e-mail or via a web form on the website. If the data controller enters into an employment contract with an applicant, the data provided will be stored for the purpose of processing the employment relationship in accordance with legal requirements. If no employment contract has been concluded with the candidate by the administrator, the application documents are automatically deleted two months after the notification of the decision to refuse, provided that there are no other legitimate interests of the administrator that oppose the deletion. Another legitimate interest in this regard is, e.g. burden of proof in a procedure under the General Equal Treatment Act (AGG).

15. Data protection provisions regarding the application and use of Facebook

On this website, the administrator has integrated components of the Facebook enterprise. Facebook is a social network.

The social network is a place for social meetings on the Internet, an online community that usually allows users to communicate with each other and interact in cyberspace. The social network can serve as a platform for exchanging opinions and experiences or enable the Internet community to provide personal or business related information. Facebook allows social media users to include creating private profiles, uploading photos and networking through friendship requests.

The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If a person lives outside the United States or Canada, the administrator is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland.

Each time you log in to one of the individual pages of this admin-controlled website that integrates the Facebook component (Facebook plug-ins), the data subject's information technology web browser is automatically prompted to download the display of the respective Facebook component from Facebook through the Facebook component. An overview of all Facebook plugins can be found at https://developers.facebook.com/docs/plugins/. During this technical procedure, Facebook is notified of which specific sub-site of our website is visited by the data subject.

If the data subject has logged in to Facebook at the same time, Facebook discovers each time the data subject calls our website - and for the entire period of residence of our website - which specific subtype of our website has been visited by the data subject. This information is collected through the Facebook component and associated with the relevant Facebook account of the data subject. If the data subject clicks on one of the Facebook buttons integrated in our website, e.g. "Like" button or if the data subject comments, Facebook matches this information with the data subject's personal Facebook account and stores the personal data.

Facebook always receives, through the Facebook component, information about a visit to our website by the data subject when the data subject has logged in to Facebook at the same time during the invocation of our website. This is done regardless of whether the data subject clicks on the Facebook component or not. If such transmission of information to Facebook is not desirable for the data subject, then he or she can prevent this by logging out of his or her Facebook account before calling our website.

The data protection guide published by Facebook, available at https://facebook.com/about/privacy/, provides information on the collection, processing and use of personal data by Facebook. It also explains what setup options Facebook offers to protect the privacy of the data subject. In addition, there are various configuration options that allow you to remove data transmission on Facebook. These applications can be used by the data subject to eliminate data transmission on Facebook.

16. Data protection provisions regarding the application and use of Google Analytics (with anonymization function)

On this website, the administrator has integrated the Google Analytics component (with the anonymity feature). Google Analytics is a web analytics service. Web analytics is the collection, collection and analysis of data on the behavior of website visitors. The website analysis service collects, inter alia, data about the website from which a person came (the so-called referrer), which subpages were visited, how often and for how long a subpage was viewed. Web analytics is mainly used to optimize a website and to analyze the costs and benefits of Internet advertising.

The operator of the Google Analytics component is Google Inc., 1600 Pkwy Amphitheater, Mountain View, CA 94043-1351, USA.

For web analytics through Google Analytics, the administrator uses the "_gat. _AnonymizeIp" application. With the help of this application, the IP address of the data subject's Internet connection is abbreviated by Google and anonymized when accessing our websites from a Member State of the European Union or another Contracting State to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyze the traffic to our website. Google uses the collected data and information, inter alia, to evaluate the use of our website and to provide online reports showing the activities of our websites and to provide other services related to the use of our website to us.

Google Analytics places a cookie in the data subject's information technology system. The definition of "cookies" is explained above. By setting the cookie, Google can analyze the use of our website. Each time you call one of the individual pages of this admin-controlled website that incorporates a Google Analytics component, the data subject's Internet browser will automatically send data through a Google Analytics Component for online purposes. Google advertising and commissioning. During this technical process, Google acquires knowledge of personal information, such as the IP address of the data subject who serves Google, inter alia, to understand the origin of visitors and clicks, and subsequently to create commission agreements.

The cookie is used to store personal information, such as the time of access, the location from which the access was made, as well as the frequency of visits to our website by the data subject. Each time you visit our website, such personal data, including the IP address of the Internet access used by the data subject, will be transmitted to Google in the United States. This personal information is stored by Google in the United States. Google may transfer this personal information collected through the technical process to third parties.

The data subject may, as stated above, prevent the setting of cookies through our website at any time by appropriate correction of the web browser used and thus refuse to set the cookies permanently. Such an adjustment to the Internet browser used would also prevent Google Analytics from setting a cookie in the data subject's information technology system. In addition, cookies already used by Google Analytics can be deleted at any time via a web browser or other software programs.

In addition, the data subject has the possibility to object to the collection of data generated by Google Analytics, which is related to the use of this website, as well as the processing of this data by Google and the possibility to exclude such, To this end, the data subject must download the browser add-on at https://tools.google.com/dlpage/gaoptout and install it. This browser add-on tells Google Analytics via JavaScript that all data and information about website visits may not be transmitted to Google Analytics. Installing add-ons in the browser is considered a Google objection. If the data subject's information technology system is later deleted, formatted, or newly installed, then the data subject must reinstall browser add-ons to disable Google Analytics. If the browser add-on has been uninstalled by the data subject or by another person attributable to their area of ​​competence or has been deactivated, it is possible to reinstall or reactivate the add-ons in the browser.

Additional information and applicable Google data protection policies can be downloaded at https://www.google.com/intl/en/policies/privacy/ and http://www.google.com/analytics/terms / us. HTML. Google Analytics is further explained at the following link https://www.google.com/analytics/ . 

 

17. Payment method: Data protection provisions regarding the use of PayPal as a payment operator

The administrator has integrated PayPal components on this website. PayPal is an online payment service provider. Payments are processed through so-called PayPal accounts, which are virtual private or business accounts. PayPal can also process virtual credit card payments when a user does not have a PayPal account. The PayPal account is managed via an email address, so there are no classic account numbers. PayPal allows you to trigger online payments to third parties or receive payments. PayPal also accepts trustee functions and offers customer protection services.

PayPal's European operating company is PayPal (Europe) S.à.rl & Cie. SCA, 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.

If the data subject chooses "PayPal" as the payment option in the online store during the order, we automatically transfer the data subject's data to PayPal. By choosing this method of payment, the data subject agrees to the transfer of personal data necessary for the processing of payments.

Personal data transmitted to PayPal is usually a first name, last name, address, email address, IP address, telephone number, mobile phone number or other data necessary for the processing of payments. The processing of the purchase contract also requires such personal data that are related to the respective order.

The transmission of data is aimed at processing payments and preventing fraud. The controller will transfer personal data to PayPal, in particular if there is a legitimate interest in the transfer. Personal data exchanged between PayPal and the data controller are transferred by PayPal to economic credit agencies. This transmission is intended to verify identity and creditworthiness.

If necessary, PayPal will transfer personal data to subsidiaries and service providers or subcontractors to the extent necessary to fulfill contractual obligations or to process data in the order.

The data subject has the possibility to withdraw his consent to the processing of personal data at any time by PayPal. The cancellation does not affect the personal data that must be processed, used or transmitted in accordance with the (contractual) processing of payments.

The applicable PayPal data protection provisions can be downloaded at https://www.paypal.com/us/webapps/mpp/en/privacy-full.

18. Legal basis for the processing

Art. 6 (1) (b) The GDPR serves as the legal basis for processing transactions for which we consent for a specific purpose of processing. If the processing of personal data is necessary for the performance of a contract to which the person concerned is a party, as is the case where processing operations are necessary for the supply of goods or for the provision of another service, the processing shall be based on Article 6 (2). 1 (a). b GDPR. The same applies to such processing operations that are necessary to carry out pre-contractual measures, for example in the case of inquiries about our products or services. Whether our company is subject to a legal obligation requiring the processing of personal data, for example for the performance of tax obligations, the processing is based on Art. 6 (1) (b) c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another individual. This would be the case, for example, if a visitor was injured in our company and the name, age, health insurance details or other important information would have to be passed on to a doctor, hospital or other third party. Then the processing will be based on Art. 6 (1) (b) d GDPR. Finally, processing operations may be based on Article 6 (1) (b). f GDPR. This legal basis is used to process transactions that are not covered by any of the above legal bases, if the processing is necessary for the purposes of the legitimate interests of our company or a third party, unless such interests are neglected by the interests or the fundamental rights and freedoms of the data subject that require the protection of personal data. Such processing operations are particularly admissible because they are specifically specified by the European legislator. He considers that a legitimate interest can be accepted if the data subject is a customer of the controller (recital 47, sentence 2, GDPR).

19. The legitimate interests pursued by the administrator or by a third party

When the processing of personal data is based on Article 6 (1), the GDPR is in our legitimate interest to do business for the benefit of all our employees and shareholders.

20. Period for which personal data will be stored

The criteria used to determine the retention period of personal data are the corresponding mandatory retention period. After the expiry of this period, the relevant data are routinely deleted to the extent that they are no longer necessary for the performance of the contract or for the occurrence of a contract.

21. Provision of personal data as legal or contractual requirements; Requirement necessary for concluding a contract; Obligation of the data subject to provide personal data; the possible consequences of the lack of such data 

We clarify that the provision of personal data is partially required by law (eg tax provisions) or may also be the result of contractual provisions (eg information about the contractual partner). Sometimes it may be necessary to enter into a contract that the data subject provides us with personal data that must subsequently be processed by us. The data subject is, for example, obliged to provide us with personal data when our company enters into a contract with him. The lack of provision of personal data would lead to the fact that the contract with the individual cannot be concluded. Before the person provides personal data, the data subject must contact each employee. The employee shall explain to the data subject whether the provision of personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide personal data and the consequences of not providing personal data.

22. Existence of automated decision making

As a responsible company, we do not use automatic decision making or profiling.

This Privacy Policy is generated by the Generator of the Privacy Policy of External Data Protection Officers, developed in collaboration with WBS-LAW Media Lawyers.