Important information

Due to Brexit, we have to discontinue our service on momox.co.uk for the moment!
Open sales will be processed and you can still access your account.

Data privacy policies (Android)

Privacy policy

I. Name and address of the controller

The controller in the sense of Article 4 Para. 7 EU regulation 2016/679, referred to as the General Data Protection Regulation (GDPR), other national data protection laws of the member states and other data protection regulations is:


momox GmbH
represented by managing directors Christian von Hohnhorst and Heiner Kroke
Schreiberhauer Straße 30
10317 Berlin


II. Name and address of the data protection officer

The controller’s data protection officer is

PROLIANCE GmbH
www.datenschutzexperte.de
Leopoldstr. 21
80802 München, Germany
datenschutzbeauftragter(at)datenschutzexperte.de

 

III. General information about data processing

1. Scope of processing personal data

You can generally visit us (Internet services, notably momox GmbH websites, especially with this app) without telling us who you are. Your browser automatically transmits various data when visiting our website, see below “IV. Provision of the app and creation of log files”. This information is analysed purely for statistical purposes and then erased. Our services are reserved for adult visitors.

Personal data is only collected on our website if you provide it to us of your own accord (e.g. when opening a user account or as part of the order process). We use this data exclusively for the purposes stated in each case, as listed below.

We contractually bind external service providers who process personal data for us, so-called “external processors”, in accordance with Article 28 GDPR. These external processors have been carefully selected by us, specifically commissioned and are bound to our instructions. The GDPR refers to states outside the European Union/European Economic Area as third countries and regulates transfers there separately in accordance with Articles 44 to 49 GDPR. In some cases, we use external processors in third countries. Cooperation with these contract processors is based on standard contractual clauses in accordance with Art. 46 Para. 2 lit. c GPDR.  

We maintain up-to-date technical measures to guarantee the protection of personal data. These are always adapted to state-of-the-art technology. 

If you visit our web pages from within the app, the data protection notices stated there also apply.

2. Legal basis for processing personal data

If we obtain the consent of the data subject for processing personal data, Article 6 Para. 1 lit. a GDPR serves as the legal basis for processing personal data.

When processing personal data required for the performance of a contract to which the data subject is a party, Article 6 Para. 1 lit. b serves as the legal basis. This also applies to processing required for executing precontractual measures.

In accordance with Article 6 Para. 1 lit. f), processing personal data is also lawful if it is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail, in particular if the data subject is a child.

3. Date deletion and storage duration

The personal data of the data subject is erased or blocked as soon as the purpose for storage ceases to exist. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

IV. Provision of the website and creation of log files

1. Description and scope of data processing

When downloading the mobile app, the necessary information is transferred to the AppStore, in particular the username, e-mail address and customer number of your account, time of download, payment information and the individual device identification number. We have no influence on this data collection and are not responsible for it. We only process the data if it is necessary for downloading the mobile app to your mobile device.

When you use our mobile app, we collect the following data, which is technically necessary for us to offer you the functions of your mobile app and to ensure stability and security.

The following data is collected:

  1. User’s device type and operating system
  2. the user’s Internet service provider
  3. the user’s IP address data and time of access/time zone
  4. amount of data transferred

The data is also stored in the log files of our system. This data is not stored together with that of the user’s other personal data. However, in the event of an error in an interface query, we also log the ID (identification under a pseudonym), the IP address and the relevant http query, if used by the requesting user to enable subsequent error analysis and correction.

We use a so-called “session-token”, which is stored locally in the app when a user logs in. The purpose of this is that users do not have to log on to the server again when they are logged in. A user remains logged in even if he closes the app (and does not log out explicitly). The token is valid for 6 months, and then a new login is required. 

For advertising purposes, we use the Advertising ID (“AdID”). This is a unique but nonpersonalized and non-permanent identification number for a specific device provided by your device system. The data collected via AdID is not linked to other device-related information. We use the AdID to provide you with personalized advertising and to evaluate your use.

If you select “Preferences/Google/Adverts” in the Android settings, then “Disable personalized advertising”, we can only take the following measures: Measure your interaction with banners by counting the number of banner ads without clicking on them (“frequency capping”), click rate, unique user detection, security measures, fraud prevention and elimination of errors. You can erase the AdID at any time in “Preferenses/Google/Ads”, then “Reset Ad ID”, then a new AdID will be created, which will not be merge with the previously collected data.

You can also erase the app’s memory in your device’s setting. 

The use of the scan function when collecting media for sale to us requires access to the camera function. However, this does not allow access to image files etc. created so far.

2. Legal basis for data processing

If our log files mean the processing of personal data, the legal basis is Article 6 Para. 1 lit. b and f GDPR.

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary within the meaning of Article 6 Para. 1 lit. b GDPR to enable delivery of the contents to the user’s device. The user’s IP address must be stored for its duration for this purpose. The repeated automatic reading of websites (so-called “scraping”) is also made more difficult by recording the IP address. Data storage in the event on an error is necessary in the meaning of Article 6 Para. 1 lit. f GDPR to ensure the functionality of the app.

4. Storage duration

The data is erased as soon as it is no longer necessary for achieving the purpose of its collection. In the case of the IP address, this is shortened, therefore made anonymous when the respective session has ended. The data therefore no longer contains personal references. All log files are erased after 90 days.

5. Objection or removal option

The collection of the data for website provision and data storage in log files is necessary for operating the website. As a result, there is no objection option for the user.

V. Analysis of user behaviour

1. Description and scope of data processing

By using the apps we store local information (“token”) in the device. They serve to make our website more user-friendly and effective, e.g. by recognizing you as a visitor.

The user data collected in this way is pseudonymised by technical precautions. Therefore, it is not possible to assign the data to the accessing user as a person. The data will not be stored together with the user’s other personal data unless otherwise described below.

The following technically necessary data are stored and transmitted to us:

  1. Settings for language and country (region)
  2. Items in a shopping cart
  3. Log-in information: E-mail address, first and last name, gender, SessionID (no password entered)

We also use IDs on our website that enable an analysis of usage behaviour, advertising success (so-called conversion) and a re-targeting of users on third-party websites (so-called retargeting). Third parties can store tokens on the user's device directly when visiting our websites or we transmit IDs without personal reference.

In this way, the following data can be transmitted:

  1. Entered search terms
  2. Frequency of page views
  3. Use of website functions
  4. Log-In (e-mail address)

We also use cookies on our website that enable an analysis of the usage behaviour, the advertising success (so-called conversion) and retargeting of the users on websites of third parties. Third parties can store cookies on the user’s device directly when visiting our websites or we transmit IDs without personal reference.

The following data can be transmitted in this way:

  1. search terms entered
  2. frequency of page views
  3. use of website functions
  4. Login (email address)

We use the following third-party providers to analyse usage behaviour:

  1. "adjust" of adjust GmbH, Saarbrücker Str. 37A, 10405 Berlin, ("adjust") as contract processor for us. adjust uses anonymized IP addresses of users, the AdID of the device and interactions of the app. Interactions are events within the app, i.e. the "screens" visited (e.g. opening, number of scans, sales, clicks on advertising etc.). It is not possible to draw any conclusions about a natural person. Detailed information is available here: https://www.adjust.com/privacy-policy/ (point 3) The marketing service provider Remerge GmbH, Oranienburger Str. 27, 10117 Berlin and AppLift GmbH, Rosenstraße 17, 10178 Berlin, Germany are involved. He receives the aforementioned information on the device ID in order to pseudonymise users on other platforms with offers from us to address.
  2. "Firebase" of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google") as part of an order processing and at the appropriate data protection level. This is based on pseudonyms such as a device ID. The service is used with various functions: a) Firebase Google Analytics: action-oriented analysis of usage behavior (user group formation, measurement of conversion rate, sales, product calls, push messages, etc.). The information regarding the device ID is stored for 60 days. b) Firebase Crashlytics: technical analysis of crashes, so that we can be informed about problems and solve them. The information is stored for 180 days. c) Firebase Performance: Analysis of the performance of the app. Hereby we determine e.g. the average start time of the app. The information is stored for 180 days. You can find Firebase's privacy policy at https://firebase.google.com/support/privacy/
  3. "Accengage" Usage information for push messages (see in this chapter)

2. Legal basis for data processing

Insofar as the technology mentioned here means the processing of personal data, the legal basis is Art. 6 para. 1 lit. b, lit. f GDPR.

3. Purpose of data processing

The purpose of using technically necessary IDs according to Art. 6 Para. 1 lit. b GDPR is to simplify the use of the app for users. Some functions of our website cannot be offered without the use of IDs.

We need IDs for the following applications:

  1. registration
  2. login
  3. Shopping cart for purchase and sale

The user data collected by technically necessary IDs are not used to create user profiles.

In the case of processing in accordance with the analysis technology, our legitimate interest is in the processing of personal data pursuant to Art. 6 para. 1 lit. f GDPR.

The analysis technology is used to improve the quality of our website and its content. In this way, we learn how the app is used and can continuously optimize our offering. We recognize which advertising measures caused our Internet services to be visited (so-called conversion tracking). We can determine in relation to the data of the advertising campaigns how successful the individual advertising measures are. We are interested in showing you advertisements that are of interest to you, to make our website more interesting and easier for you and to achieve a fair calculation of advertising costs.

4. Storage Duration 

The device ID is stored as indicated above and for an unlimited period until the objection is raised.

5. Objection or removal option

You can deactivate the adjust analysis service here.

You can switch off the Google Analytics analysis service here.

You can deactivate the Accengage analysis service here.

You can deactivate the analysis service Crashlytics here.

You can erase the AdID in the Android settings under "Settings/Google/Display", then "Reset AdID", then a new AdID will be created, which will not be merged with the previously collected data.

VI. Advertising emails (newsletter)

1. Description and scope of data processing

On our website there is the option of subscribing to a free newsletter with advertising content from our buying and selling service. This data is transmitted to us when you register for the newsletter:

  1. email address and salutation as specified
  2. title, first and last name (optional)
  3. IP address of the visiting computer
  4. date and time of registration

Your consent is obtained for data processing and reference is made to this data privacy policy during the registration process. You will then receive an email asking you to confirm your registration (double opt-in process). If you are a customer, we will create the newsletter for you as individually as possible, taking into account your previous purchases and sales and scanned items that have not been added to the shopping cart.

We will send you reminders for incomplete transactions (shopping basket) and ask you to participate in surveys by email. In addition, you will receive loyalty messages by email if you did not carry out any transactions at all on a particularly regular basis or for a longer period of time.

If you buy or sell goods on our website and provide us with your email address, we may subsequently use it to send you a newsletter. If this is the case, only direct advertising for our own similar goods or services will be sent via the newsletter. 

This regulation will be brought to your attention when you register or when buying or selling.

We would like to point out that we measure the use of the newsletter. For the evaluation, the emails sent contain so-called “web beacons” or “tracking pixels” which represent single-pixel image files stored on our website. For the evaluation we link the data and the web beacons with your email address and an individual ID. Links contained in the newsletter are also provided with an ID. We create a user profile with the data obtained in this way to tailor the newsletter to your individual interests. When you read our newsletter, we record which links you click on in it and deduce your personal interests. We link this data to your actions on our website.

No data is passed on to third parties for their own purposes in connection with data processing for sending of newsletters.

We use the optivo broadmail service from Episerver GmbH, Wallstraße 16, 10179 Berlin for sending the newsletter.

2. Legal basis for data processing

The legal basis for processing the data after the user has registered for the newsletter is Article 6 Para. 1 Lit. a GDPR if the user has given consent.

The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 Para. 3 Unfair Competition Act (UWG).

The legal basis for providing shopping basket reminders, surveys and measuring usage is Article 6 Para. 1 Lit. a Lit. f GDPR.

3. Purpose of data processing

Collecting the user’s email address is for delivering the newsletter.

The collection of other personal data as part of the registration process serves to prevent misuse of the services or the email address used.

Messages to customers for shopping basket reminders or loyalty campaigns offer targeted communication for users and us. Requests for surveys and reviews are also in our legitimate interests because they improve our services.

Profiling based on previous purchases, sales and use of the newsletter is in our legitimate interest in order to send relevant news to users.

4. Storage duration

The data is erased as soon as it is no longer necessary for achieving the purpose of its collection. The user’s email address will therefore be stored as long as the newsletter subscription is active.

The other personal data collected during the registration process will generally be erased after a period of seven days. The scanned articles will be stored for 30 days.

After cancellation, we store the data purely statistically and anonymously.

5. Objection or removal option

The newsletter subscription can be cancelled by the user concerned at any time. There is a corresponding link in each newsletter for this purpose. Furthermore, you have the option of cancelling the newsletter in your customer account. For more information see “Rights of the data subject” below.

You can also restrict usage measurements by deactivating the images displays in your email program as standard.

VII. Emails for reviews

1. Description and scope of data processing

When you visit our website, you may be asked to participate in surveys with separate windows (pop-ups). If you register, buy or sell goods on our website and provide your e-mail address or subscribe to the newsletter, we may ask you by email to review our performance and/or the product. This is done using the services specified in the email or on third platforms (such as Shopauskunft or Trustpilot). Participation in reviews is always voluntary. The platforms do not receive any personal data from us unless otherwise stated here.

We use the following third parties:

  1. survey pop-ups are delivered by SurveyMonkey Europe UC, 2 Shelbourne Buildings, Second Floor, Shelbourne Road, Dublin 4 and SurveyMonkey Inc., One Curiosity Way, San Mateo, CA 94403, USA. Cookies (see above "Use of cookies" and https://de.surveymonkey.com/mp/legal/survey-page-cookies/) and device data (see https://de.surveymonkey.com/mp/legal/privacy-policy/#pp-section-2 - Respondents) are processed. The service provider is used in the context of order processing and at an appropriate level of data protection.
  2. We send emails for reviews via the service provider Mandrill Inc., 512 Means Street, Sweet, 404, Atlanta, GA 30318, USA, a company of the Rocket Science Group, LLC d/b/a MailChimp LLC. Mandrill manages customers’ emails and organises processing. Mandrill processes content and communication for us. This is done in the context of external processing and with the appropriate level of data protection. You fill find more information on data processing by Mandrill in the data privacy policy at https://mailchimp.com/legal/privacy.
  3. We work with zenloop GmbH, Pappelallee 78/79, 10437 Berlin. zenloop is a business-to-business software-as-a-service platform that enables us to collect and analyze feedback from our customers through various channels. This enables us to align and improve our services to the needs of our customers.
    The following data is collected for this purpose:
  • email address
  • Customer ID
  • Customer type
  • Terminal
  • Sales or order number
  • Shopping cart value
  • Shipping partner
  • Number of packages
  • Newsletter Status
  • Number of orders or sales
  • Gender

Additionally, zenloop collects your survey answers. You can find more information about zenloop's data processing in the privacy policy at https://www.zenloop.com/de/legal/privacy.

4. We use the analysis software “wootric” from Wootric, Inc. 220 27th St., San Francisco, CA 94131, USA to survey users (of the newsletter). Wootric processes the user’s email address, review and optional comments for us and is an external processor and works with the appropriate level of data protection.

2. Legal basis for data processing

The legal basis for asking for reviews is Article 6 Para. 1 Lit. f GDPR.

3. Purpose of data processing

Data processing by us or our contractors is in the legitimate interest of improving our services for users and increasing our reach through (positive) reviews. The purpose of collecting the email address and information about using our service is to send the message with a review request.

4. Storage duration

The data is erased as soon as it is no longer necessary for achieving the purpose of its collection. For cookies in surveys, our instructions above "Use of cookies" also apply.

5. Objection or removal option

Cancelling the newsletter means that you will no longer receive emails from us asking for reviews. For cookies in surveys, our instructions above "Use of cookies" also apply.

VIII. Push notifications

1. Description and scope of data processing

In the app, it is possible to consent to push messages. This is brief information you receive about your device. Your device may accept push messages by default. Then you can turn off push messages altogether or on a case-by-case basis. This data is transmitted to us when you register for the push message: 

  1. IP address of the calling computer
  2. Date and time of registration

We use the service accengage from accengage S. A., 31 rue du 4 septembre, 75 002 Paris, France for managing push notifications. In this context, data (name, email address) is collected and stored from which user profiles are created using pseudonyms. These usage profiles are used to analyse visitor behaviour and are evaluated to improve and design our offer in line with demand. You will find more information on accengage and data privacy at https://www.accengage.com/privacy-policy. accengage only receives the relevant data if the user accepts push notifications (in the browser). accengage will automatically erase this user data after opting out (in the browser) or after 12 months of inactivity by the user.

2. Legal basis for data processing

The legal basis for processing the data after the user has registered for push notifications is Article 6 Para. 1 Lit. a GDPR if the user has given consent.

3. Purpose of data processing

Collection of the aforementioned data is for delivering push notifications.

4. Storage duration

The data is erased as soon as it is no longer necessary for achieving the purpose of its collection. It is therefore stored as long as the subscription is active. The other personal data collected during the registration process will generally be erased after a period of seven days. After cancellation, we store the data purely statistically and anonymously.

5. Objection or removal option

The subscription to push messages can be cancelled by the user concerned at any time. Please use the configuration of your app settings and the settings of your device.

IX. Advertising mail

1. Description and scope of data processing

If you buy or sell goods on our website and provide us with your postal address, we may subsequently use it to send you advertising mail. If this is the case, only direct advertising for our own similar goods or services will be sent. This regulation will be brought to your attention when you register or when buying or selling.

For sending advertising mail, we use the letter shop adressdruck.de, Wilhelm-Kabus-Straße 21-35, 10829 Berlin.

2. Legal basis for data processing

The legal basis for sending advertising mail as a result of the sale of goods or services is Section 7 Para. 3 Unfair Competition Act (UWG).

3. Purpose of data processing

Collection of the postal address is for delivering advertising mail.

4. Storage duration

The data is erased as soon as it is no longer necessary for achieving the purpose of its collection. The user’s postal address will therefore be stored until there is no further registration (see below).

5. Objection or removal option

You can object to the receipt of advertising mail for the future according to Article 21 Para. 2, 3 GDPR.

X. Registration

1. Description and scope of data processing

On our website, we offer users the option of registering by providing personal data. The data is entered into an input screen, transmitted to us and saved. No data is passed on to third parties. The following data is collected as part of the registration process:

  1. title, first and surname
  2. email address
  3. self-chosen password
  4. address (street, house number, postcode, location)
  5. optional consent for newsletter
  6. optional entry for telephone number
  7. optional entry date of birth 
  8. your account data (for buying on momox, after registration)

The following data will also be stored at the time of registration:

  1. date and time of registration
  2. access source of registration: web, iOS app, Android app

As part of the registration process, the user’s consent to the processing of this data is obtained with reference to our general terms and conditions and this data privacy policy.

2. Legal basis for data processing

The legal basis for processing the data is Article 6 Para. 1 lit. a and lit. b GDPR.

3. Purpose of data processing

The user gives his/her consent. The user’s registration is necessary for fulfilling a contract with the user and/or for executing precontractual measures. This concerns our purchase and sale of goods by or to the user.

4. Storage duration

The data is erased as soon as it is no longer necessary for achieving the purpose of its collection. This is the case for the data for fulfilling a contract or executing precontractual measures if the data is no longer required for executing the contract. Even after conclusion of the contract, it may still be necessary to store the contractual partner’s personal data in order to fulfil contractual or legal obligations. If there is no activity in the customer account for a period of 6 years, the customer account will be deleted.   

5. Objection or removal option

As the user, you have the option of cancelling registration at any time by sending an email to our support team or using our contact form. You can change the data stored about you at any time. For more information see “Rights of the data subject” below.

If the data is required to fulfil a contract or to execute precontractual measures, premature erasure of the data is only possible if there are no contractual or statutory obligations to the contrary.

XI. Buying and selling goods

1. Description and scope of data processing

On our website, we offer customers the option of selling us good and buying goods from us. The user’s consent to the processing of this data is obtained as part of the buying and selling process.

The data will be transmitted to us and stored in accordance with the user’s registration data in connection with goods, means of payment and shipping information selected by the user. The following user data is collected during the purchase and sale process and transmitted to the service providers named here:

1. email address

2. title, first and surname, address

3. goods

4. payment information: Your payment details will be sent to the appropriate payment service provider depending on the payment method you have chosen. The payment service provider is responsible for your payment data. When selecting certain means of payment, payment service providers may carry out a credit risk assessment on the basis of mathematical-statistical procedures (so-called “scoring”) at a credit agency. We have no influence on the assessment and do not receive any results. The payment service providers will provide you with information, in particular about the payment service providers’ controller, the contact details of the payment service providers’ data protection officers and the categories of personal data processed by the payment service providers:

a) Klarna: Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden, is the responsible party. You will find information on data privacy and also possible credit checks, etc. by BillPay GmbH, Zinnowitzer Str. 1, 10115 Berlin, here: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy

b) Paypal: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, is the responsible party. You will find information on data privacy and also possible credit checks by other service providers here: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE

c) PayOne: BS PAYONE GmbH, Lyoner Straße 9, 60528 Frankfurt am Main, is the responsible party (credit cards and direct debits). You will find information on data privacy and also possible credit checks by other service providers here: https://www.bs-card-service.com/de/datenschutz/

d)Amazon Payments: All personal data that you provide to Amazon Payments or that is collected during the payment process is primarily checked by Amazon Payments s.c.a. (as the responsible party) and secondarily by Amazon EU SARL, Amazon Services Europe SARL and Amazon Media EU SARL, all three located on 5, Rue Plaetis L 2338, Luxembourg. You confirm the data privacy policy when you register for Amazon: https://pay.amazon.com/de/help/201751600

5. As part of the purchasing process, we also process your IP address. We collect the IP address for the approximate determination of the residence of our customers and a corresponding personalized pricing on our website in real time. Therefore, it is possible that - depending on the IP address of your device - different purchase prices may be displayed on our website.

6. Delivery information: if we have goods delivered to you, we pass your data on to the transport company commissioned with delivery if this is required for delivery or status update. The service provider is always indicated in the order. These are currently:

a) Deutsche Post AG and DHL Paket GmbH

b) Hermes Germany GmbH

c) PIN Mail AG

d) Asendia Management SAS

e) Postcon Deutsch-land B.V. & Co. KG

6. Inclusion in the Trusted Shops quality label: The Trusted Shops trust badge is included on this website to display our Trusted Shops quality label and the collected reviews as well as to offer Trusted Shops products to buyers after an order. This serves to protect our prevailing legitimate interests in the optimal marketing of our offer as part of balanced interests. The trust badge and associated services are an offer of Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne. When clicking the trust badge, the web server automatically saves a so-called “server log file”, which contains e.g. your IP address, date and time of the click, transferred data volume and the requesting provider (access data) and documents the click. This access data is not evaluated and is automatically overwritten seven days after the end of your website visit at the latest. Other personal data is only transferred to Trusted Shops if you decide to use Trusted Shops products after completing an order or have already registered for use. In this case, the contractual agreement between you and Trusted Shops applies.

7. If you purchase new books on our website, we use the dealer Libri GmbH, Friedensallee 273, 22763 Hamburg, for selling the goods. Libri GmbH therefore receives information regarding the ordered book and the delivery address.

8. Providers of customer contact centres (e.g. call centres): Within the framework of customer support, data is passed on to our service providers Yoummday GmbH, Belgradstraße 68, 80804 Munich and Trizma d.o.o. Beograd, Belgrade - Novi Beograd, 272 Tosin bunar st., Serbia within the framework of order processing.

2. Legal basis for data processing

The legal basis is Article 6 Para. 1 Lit. a, b and f GDPR.

3. Purpose of data processing

The user gives his/her consent. Processing data for customer services, logistics, payment and delivery is necessary for the fulfilment of the contract in accordance with Article 6 Para. 1 lit. b GDPR. This concerns our purchase and sale of goods by or to the user. With regard to the

inclusion of the Trusted Shop quality label and work of Libri GmbH, there is a legitimate interest in accordance with Article 6 Para. 1 lit. f GDPR.

4. Storage duration

The data is erased as soon as it is no longer necessary for achieving the purpose of its collection.

This is the case for data during the purchase and sale contract or for executing precontractual measures if the data is no longer required for the execution of the contract. Even after conclusion of the contract, it may still be necessary to store the contractual partner’s personal data in order to fulfil contractual or legal obligations.

5. Objection or removal option

If the data is required to fulfil a contract or to execute precontractual measures, premature erasure of the data is only possible if there are no contractual or statutory obligations to the contrary.

You can change the data stored about you at any time. For more information see “Rights of the data subject” below.

XII. Contact form and email contact

1. Description and scope of data processing

There is a contact form on our website that can be used for electronic contact. If a user uses this option, the data entered in the input screen will be transmitted to us and stored. The user’s message and email address are required. Other information is optional:

  1. title, first and surname
  2. order number
  3. telephone number

Your consent is obtained for data processing and reference is made to this data privacy policy during the sending process.

Alternatively, you can contact us via the email address provided. In this case, the user’s personal data transmitted by email will be stored.

  1. We use software from the company Zendesk Inc., 1019 Market St San Francisco, CA 94103 (“Zendesk”) for processing customer enquiries. Zendesk manages customers’ emails and organises processing. Zendesk processes the name, content and technical information of the communication for us. This is done in the context of external processing and with the appropriate level of data protection. You fill find more information on data processing by Zendesk in Zendesk’s data privacy policy at http://www.zendesk.com/company/privacy.
  2. We send emails in connection with the purchase and sale of goods (so-called transaction e-mails) via the following service providers 
    1. Mandrill Inc., 512 Means Street, Sweet, 404, Atlanta, GA 30318, USA, a company of the Rocket Science Group, LLC d/b/a MailChimp LLC. Mandrill manages customers’ emails and organises processing. Mandrill processes content and communication for us. This is done in the context of external processing and with the appropriate level of data protection. You fill find more information on data processing by Mandrill in the data privacy policy at https://mailchimp.com/legal/privacy.
    2. SendGrid Inc. 1801 California St., Suite 500, Denver, Colorado 80202, U.S.A. SendGrid processes content and technology of communication for us. This takes place within the framework of order processing and at an appropriate level of data protection. Further information on data processing by SendGrid can be found in the privacy policy at https://sendgrid.com/resource/general-data-protection-regulation/.

2. Legal basis for data processing

The legal basis for processing data is Article 6 Para. 1 lit. a GDPR if the user has given consent.

If the aim of the email is concluding a contract, the additional legal basis for processing is Article 6 Para. 1 lit. b GDPR.

3. Purpose of data processing

The user gives his/her consent. Processing personal data from the input screen is for processing any contact.

4. Storage duration

The data is erased as soon as it is no longer necessary for achieving the purpose of its collection. For personal data from the contact form input screen and that which was sent by email, this is the case when the respective conversation with the user is finished. The conversation is terminated when the circumstances show that it is certain that the matter in question has been conclusively resolved.

5. Objection or removal option

The user has the option of revoking his/her consent to the processing of personal data at any time. If the user contacts us via email, he/she can object to the storage of his/her personal data at any time. In a case such as this, the conversation cannot be continued. For more information see “Rights of the data subject” below.

XIII. Social Media Plug-Ins

1. Description and scope of data processing

You can also find us on social networks. A social network is a social meeting point operated on the Internet, an online community that usually enables users to communicate with each other and interact in virtual space. A social network can serve as a platform for the exchange of opinions and experiences or enables the Internet community to provide personal or company-related information. In addition, we have integrated individual functions of these networks into our online services as so-called plug-ins. However, you can only use functions if you are registered and logged in to the respective social network. Please note that the use of the respective social network is subject to the terms of use and data protection of this company, over which we have no control. However, we will be happy to explain to you how such networks process your personal data in this context:

Facebook

On this website we have integrated components of the company Facebook. Facebook is a social network. The operating company of Facebook is Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. The person responsible for processing personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland if a data subject lives outside the USA or Canada. Each time one of the individual pages of this website is accessed, which is operated by us and on which a Facebook component (Facebook plug-in) has been integrated, the Internet browser on the information technology system of the data subject is automatically prompted by the respective Facebook component to download a representation of the corresponding Facebook component from Facebook. A complete overview of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/?locale=en_DE. As part of this technical process, Facebook obtains information about which specific subpage of our website is visited by the data subject. If the data subject is logged into Facebook at the same time, Facebook recognizes which specific subpage of our website the data subject is visiting each time the person visits our website and for the entire duration of that person's visit to our website. This information is collected by the Facebook component and assigned by Facebook to the respective Facebook account of the data subject. If the data subject clicks one of the Facebook buttons integrated into our website, such as the "Like" button, or if the data subject makes a comment, Facebook assigns this information to the data subject's personal Facebook user account and stores this personal data. Facebook receives information through the Facebook component that the data subject has visited our site whenever they are logged into Facebook at the same time as they visit our site, whether or not they click on the Facebook component. If the data subject does not choose to submit this information to Facebook in this way, he or she can prevent the submission by logging out of his or her Facebook account before visiting our website. Facebook's published privacy policy, available at https://de-de.facebook.com/about/privacy/, discloses Facebook's collection, processing and use of personal information. It also explains what settings Facebook offers to protect the privacy of the data subject. In addition, various applications are available that make it possible to suppress data transmission to Facebook. Such applications can be used by the data subject to suppress data transmission to Facebook.

Instagram

Our website uses plug-ins from Instagram, which is operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram"). When you visit a page on our site that contains such a plugin, your browser connects directly to Instagram's servers. The content of the plugin is sent by Instagram directly to your browser and integrated into the page. This integration tells Instagram that your browser has accessed the appropriate page on our site, even if you do not have an Instagram profile or are not logged into Instagram. This information (including your IP address) is transferred directly from your browser to an Instagram server in the USA and stored there. If you are logged in to Instagram, Instagram can directly associate your visit to our website with your Instagram account. If you interact with the plugins, for example by pressing the "Instagram" button, this information will also be sent directly to an Instagram server and stored there. The information is also published to your Instagram account and displayed to your contacts. The purpose and scope of the data collection and the further processing and use of the data by Instagram, as well as your related rights and privacy settings, can be found in Instagram's privacy policy: https://www.instagram.com/legal/privacy/

YouTube

We use YouTube, LLC 901 Cherry Ave, 94066 San Bruno, CA, USA, a company of Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA, on our website.

To protect your personal information, we use YouTube's enhanced privacy option. When you visit a page that embeds a YouTube video, YouTube connects to the YouTube servers and displays the content on the website by notifying your browser. However, according to YouTube, "Advanced Privacy Mode" only transmits data to the YouTube server when you actively start the video.

If you are logged into YouTube at this time, the information about the videos you view will be associated with your YouTube member account. You can prevent this by logging out of your account before you visit our site.

More information about YouTube's privacy practices is provided by Google at the following link: https://www.google.de/intl/de/policies/privacy/

2. Legal basis for data processing

Insofar as our use of cookies involves the processing of personal data, the legal basis is Art. 6 Para. 1 lit. b, lit. f GDPR.

3. Purpose of data processing

In the case of processing, our legitimate interest lies in the processing of personal data in accordance with Art. 6 Para. 1 lit. f GDPR: The websites are enriched with more attractive content and the users of the networks can interact directly with them.

4. Duration of storage

The collection takes place through the networks mentioned, where you as a member receive information about the storage duration.

5. Objection or removal option

If you do not want Facebook or Instagram networks to directly associate the information collected through our website with your account, you must log out before visiting our website. You can assert your rights as a member in accordance with the data protection regulations against the networks. You can also use add-ons for your browser to completely prevent plugins from loading, e.g. the script blocker "NoScript" (http://noscript.net/).

XIV. Facebook fan page

Both Facebook Ireland Limited ("Facebook Ireland") and momox GmbH are jointly responsible for the operation of our Facebook fan page. The joint responsibility concerns in particular the use of the "Facebook Insights" function, more precisely the collection, storage and further processing of the Insights data. Facebook Ireland Limited ("Facebook Ireland") is responsible for the collection and storage of the data; momox GmbH only receives anonymized evaluations of the Insights data.

The parties have concluded an agreement on joint responsibility (https://www.facebook.com/legal/terms/page_controller_addendum). For the processing of Insights data, it was agreed that Facebook Ireland assumes the obligation to protect the rights of the data subject and the necessary information obligations according to Art. 13 and 14 DSGVO. Data protection rights can be asserted both at Facebook Ireland and at momox GmbH. momox GmbH will forward all requests from data subjects concerning processing for which Facebook Ireland is responsible to Facebook Ireland for processing.

 

1. Description and scope of data processing

The following data is collected during the registration process;

  • User interactions (postings, likes etc.) - Purpose: User communication via social media
  • Facebook cookies      
  • Demographic data (e.g. based on age, place of residence, language or gender)
  • Statistical data on user interactions in aggregated form, i.e. without personal reference (e.g. page activities, page views, page previews, likes, recommendations, articles, videos, page subscriptions incl. origin, times of day)

 

The promotional use of your personal data is particularly important for Facebook. We use the statistics function to learn more about the visitors of our fan page. Using this function enables us to adapt our content to the respective target group. In this way, we also use demographic information on the age and origin of the users, for example, whereby no personal reference is possible for us here.

In order to provide the social media service in the form of our Facebook fan page and to use the Insight function, Facebook generally stores cookies on the user's end device.

These include session cookies, which are deleted when the browser is closed, and permanent cookies, which remain on the end device until they expire or are deleted by the user.

According to Facebook, the cookies used by Facebook are for authentication, security, website and product integrity, advertising and measurement, website features and services, performance, and analysis and research. Details of the cookies used by Facebook (e.g., cookie names, duration of function, recorded content and purpose) can be viewed here: https://www.facebook.com/policies/cookies/ by following the links there. There you will also find the option to deactivate the cookies used by Facebook. You can also change the settings for your advertising preferences there.

The collection and storage of data through the use of the above-mentioned Facebook cookies can also, and at any time in the future, be refused via the following opt-out link: http://www.youronlinechoices.com/de/praferenzmanagement/.

Under the above-mentioned link you can manage your preferences regarding usage-based online advertising. If you object to usage-based online advertising with a particular provider using the preference manager, this only applies to the specific business data collection via the web browser you are currently using. Preference management is cookie-based. If you delete all browser cookies, the preferences that you set using the preference manager are also removed.

 

2. Note on Facebook Insights

For statistical evaluation purposes we use the function Facebook Insights. In this context, we receive anonymous data on the users of our Facebook fan page. A conclusion on your person is not possible for us. For further information please refer to the Facebook cookie policy.

 

3. Pursued legitimate interests, if the legal basis is Art. 6 para. 1 lit. f) DSGVO

We see our justified interest in data processing in the presentation of our company and our products and services for your information.

 

4. Recipients or categories of recipients

Facebook

As far as you interact within the framework of Facebook, Facebook naturally also has access to your data. In particular, it is possible that Facebook Inc, 1601 Willow Road, Menlo Park, California 94025, USA, has access to your data. Facebook is located here in an insecure third country, where the level of data protection is lower. Facebook uses standard contractual clauses approved by the European Commission and, for data transfers from the EEA to the US and other countries, the Adequacy Decisions issued by the European Commission regarding certain countries.

XV. Comments on our website

1. Description and scope of data processing

Personal data is collected when you rate our websites (e.g. the blog). In this context, the data given in the respective form and your IP address are collected. Name and e-mail address details are voluntary.

2. Legal basis of data processing

The legal basis for processing data is Article 6 Para. 1 lit. a GDPR if the user has given consent.

3. Purpose of data processing

The user gives his consent. The processing of the personal data from the input mask serves us for the treatment of the comment.

4. Storage duration 

The data will be erased if requested by the author of the comment. In addition, an unlimited 

agreement of the representation is to be assumed.

5. Objection and removal option

The user has the possibility to revoke his consent to the processing of personal data at any time. He can also have information anonymized by us, e.g. by shortening the previously mentioned name. For further information, see "Rights of the data subject" below.

XVI. Rights of the data subject

If your personal data is processed, you are the data subject according to GDPR and you are entitled to the following rights with regard to the controller:

1. Right to information

You can ask the controller to confirm whether personal data concerning you will be processed by us.

If processing has taken place, you can request the following information from the controller:

(1) the purposes for which personal data is being processed;

(2) the category of personal data being processed;

(3) the recipient or categories of recipients to whom the personal data concerning you has been or is still being disclosed;

(4) the planned storage duration the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period; the existence of a right to have the personal data concerning you corrected or erased, a right to have processing restricted by the controller or a right to object to this kind of processing;

(5) the existence of a right to complain to a supervisory authority;

(6) all available information regarding the origin of the data if the personal data is not collected from the data subject;

(7) the existence of automated decision-making, including profiling in accordance with Article 22 Para. 1 and 4 GDPR and – at least in these cases – significant information on the logic involved and the scope and intended effects of this kind of processing for the data subject.

(8) You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you can request to be informed of the appropriate guarantees according to Art. 46 GDPR in connection with the transmission.

2. Right to correction

You have a right to the correction and/or completion by the controller if the personal data processed concerning you is incorrect or incomplete. The controller must make the correction without delay.

3. Right to restrict processing

You may request that the processing of personal data concerning you be restricted under the following conditions:

(1) if you dispute the accuracy of the personal data concerning you for a period of time that enables the controller to verify the accuracy of the personal data;

(2) processing is unlawful and you refuse the erasure of the personal data and instead request that the use of the personal data be restricted;

(3) the controller no longer needs the personal data for processing purposes but you do need it to assert, exercise or defend legal claims, or

(4) if you have filed an objection to the processing according to Article 21 Para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the controller outweigh your reasons.

If the processing of personal data concerning you has been restricted, this data may only be processed – aside from being stored – with your consent or for the purpose of asserting, exercising or defending rights or for protecting the rights of another natural or legal person or on grounds of important public interest of the European Union or a member state.

If the processing restriction has been restricted in accordance with the aforementioned conditions, you will be informed by the controller before the restriction is lifted.

 

4. Right to erasure

a) Erasure obligation

You can request that the controller erase the personal data concerning you without delay and the controller is obliged to erase this data without delay if one of the following reasons applies:

(1) The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.

(2) You revoke your consent on which the processing was based according to Article 6 Para. 1 lit. a or Article 9 Para. 2 lit. a GDPR and there is no other legal basis for processing.

(3) You file an objection against processing according to Article 21 Para. 1 GDPR and there are no overriding legitimate reasons for processing, or you file an objection against processing according to Article 21 Para. 2 GDPR.

(4) The personal data concerning you has been unlawfully processed.

(5) The erasure of personal data concerning you is necessary to fulfil a legal obligation under EU law or the member state law to which the controller is subject.

(6) The personal data concerning you has been collected in relation to information society services offered according to Article 8 Para. 1 GDPR.

 

b) Information to third parties

If the controller has made personal data concerning you public and is obliged to erase it according to Article 17 Para. 1 GDPR, it shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform those responsible for data processing who process the personal data that you as the data subject have requested the erasure of all links to this personal data or of copies or replications of this personal data.

 

c) Exceptions

The right to erasure does not exist if processing is required

(1) to exercise the right to freedom of expression and information;

(2) to perform a legal obligation required for processing under EU law or member states’ law to which the controller is subject or to perform a task in the public interest or to exercise public authority that has been signed to the controller (this is, for example, commercial and tax-related retention obligations);

(3) for reasons of public interest in the field of public health according to Article 9 Para. 2 lit. h and i and Article 9 Para. 3 GDPR;

(4) for archiving purposes in the public interest, academic or historical research purposes or for statistical purposes according to Article 89 Para. 1 GDPR, if the right referred to in a) is likely to make it impossible or seriously impair the attainment of the objectives of this processing or 

(5) for asserting, exercising or defending legal claims.

5. Right to notification

If you have exercised your right to have the controller correct, erase or limit processing, it is obliged to inform all recipients to whom the personal data concerning you has been disclosed of this correction or erasure of the data or processing restriction, unless this proves impossible or involves a disproportionate effort.

You shall also have the right to be informed about these recipients by the controller.

6. Right to data transferability

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, common and machine-readable format. Furthermore, you have the right to transmit this data to another controller without any obstruction by the controller to whom the personal data was made available provided that

(1) processing is based on consent according to Article 6 Para. 1 lit. a GDPR or Article 9 Para. 2 lit. a GDPR or on a contract according to Article 6 Para. 1 lit. a GDPR and

(2) processing is carried out using automated methods.

In exercising this right, you also have the right to affect that the personal data concerning you be transferred directly from one controller to another if this is technically feasible. Freedoms and rights of other people may not be affected because of this.

The right to data transferability does not apply to processing personal data necessary for performing a task in the public interest or in the exercise of public authority assigned to the controller.

7. Right to objection

You have the right, for reasons arising from your particular situation, to object to the processing of personal data concerning you under Article 6 Para. 1 lit. e or f GDPR at any time; this also applies to profiling based on these provisions.

The controller no longer processes the personal data concerning you, unless it can prove compelling legitimate reasons for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data concerning you is processed for direct marketing purposes, you have the right to object to the processing of personal data concerning you for the purpose of this kind of advertising at any time according to Article 21 Para. 2, 3 GDPR; this also applies to profiling if it is in connection with this kind of direct marketing.

If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the option of exercising your right of objection using automated procedures in which technical specifications are used, in connection with the use of information society services, notwithstanding Directive 2002/58/EC.

8. Right to revoking the declaration of consent relating to data privacy

You have the right to revoke your declaration of consent relating to data privacy at any time. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.

9. Automated decision on a case-by-case basis, including profiling

You have the right not to be subject to a decision based exclusively on automated processing, including profiling, that has legal effect against you or significantly impairs you in a similar manner. This does not apply if the decision

(1) is necessary for concluding or fulling a contract between you and the controller,

(2) is admissible due to EU law or the member state law to which the controller is subject and where this law contains appropriate measures to safeguard your rights, freedoms and legitimate interests or

(3) takes place with your explicit consent.

However, these decisions may not be based on special categories of personal data according to Article 9 Para. 1 GDPR unless Article 9 Para. 2 Lit. a or g applies, and appropriate measures have been taken to protect your rights, freedoms and legitimate interests.

In the cases referred to in (1) and (3), the controller shall take reasonable measures to safeguard your rights, freedoms and legitimate interests, including at least the right to obtain the intervention of a person by the controller, to state its own position and to challenge the decision.

10. Right to complain to a supervisory authority

Irrespective of any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the member state in which you are residing, working or suspected of violation, if you believe that the processing of personal data concerning you is contrary to the GDPR. 

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

11. Validity of this data privacy policy

We reserve to right to makes changes to these data privacy guidelines from time to time. The current version can be seen on our website. If a change significantly restricts the rights of registered users, we will notify them. Furthermore, the currently available data privacy policy is valid for our website users.