Important information
Due to Brexit, we have to discontinue our service on momox.co.uk for the moment!
Open sales will be processed and you can still access your account.
I. Name and address of the controller
The controller in the sense of Article 4 Para. 7 EU regulation 2016/679, referred to as the General Data Protection Regulation (GDPR), other national data protection laws of the member states and other data protection regulations is:
momox GmbH
represented by managing directors Christian von Hohnhorst and Heiner Kroke
Schreiberhauer Straße 30
10317 Berlin
II. Name and address of the data protection officer
The controller’s data protection officer is
PROLIANCE GmbH
www.datenschutzexperte.de
Leopoldstr. 21
80802 München, Germany
datenschutzbeauftragter(at)datenschutzexperte.de
III. General information about data processing
1. Scope of processing personal data
You can generally visit us (Internet services, notably momox GmbH websites) without telling us who you are. Your browser automatically transmits various data when visiting our website, see below “IV. Provision of the website and creation of log files”. This information is analysed purely for statistical purposes and then erased. Our services are reserved for adult visitors.
Personal data is only collected on our website if you provide it to us of your own accord (e.g. when opening a user account or as part of the order process). We use this data exclusively for the purposes stated in each case, as listed below.
We contractually bind external service providers who process personal data for us, so-called “external processors”, in accordance with Article 28 GDPR. These external processors have been carefully selected by us, specifically commissioned and are bound to our instructions. The GDPR refers to states outside the European Union/European Economic Area as third countries and regulates transfers there separately in accordance with Articles 44 to 49 GDPR. In some cases, we use external processors in third countries. Cooperation with these contract processors is based on standard contractual clauses in accordance with Art. 46 Para. 2 lit. c GPDR.. We maintain current technical measures to guarantee the protection of personal data. These are adapted to the current state of the art.
2. Legal basis for processing personal data
If we obtain the consent of the data subject for processing personal data, Article 6 Para. 1 lit. a GDPR serves as the legal basis for processing personal data.
When processing personal data required for the performance of a contract to which the data subject is a party, Article 6 Para. 1 lit. b serves as the legal basis. This also applies to processing required for executing precontractual measures.
In accordance with Article 6 Para. 1 lit. f), processing personal data is also lawful if it is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail, in particular if the data subject is a child.
3. Data erasure and storage duration
The personal data of the data subject is erased or blocked as soon as the purpose for storage ceases to exist. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
IV. Provision of the website and creation of log files
1. Description and scope of data processing
On every visit to our website, our system automatically collects data and information from the computer system of the computer being used.
The following data is collected:
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user. However, in the event of an error in an interface query, we also log the ID (identification under a pseudonym), the IP address and the relevant http query, if used by the requesting user to enable subsequent error analysis and correction.
2. Legal basis for data processing
If our log files mean the processing of personal data, the legal basis is Article 6 Para. 1 lit. b and f GDPR.
3. Purpose of data processing
The temporary storage of the IP address by the system is necessary within the meaning of Article 6 Para. 1 lit. b GDPR to enable delivery of the website to the user’s computer. The user’s IP address must be stored for its duration for this purpose. The repeated automatic reading of websites (so-called “scraping”) is also made more difficult by recording the IP address. Data storage in the event on an error is necessary in the meaning of Article 6 Para. 1 lit. f GDPR to ensure the functionality of the website.
4. Storage duration
The data is erased as soon as it is no longer necessary for achieving the purpose of its collection. In the case of the IP address, this is truncated, therefore made anonymous when the respective session has ended. The data therefore no longer contains personal references. All log files are erased after 50 days.
5. Objection or removal option
The collection of the data for website provision and data storage in log files is necessary for operating the website. As a result, there is no objection option for the user.
V. Use of cookies
1. Description and scope of data processing
The websites use so-called “cookies” in several places. Their purpose is to make our website more user-friendly and effective. Cookies are small text files that are placed on your computer and saved by your browser. Some of the cookies we use are so-called “session cookies” that are automatically erased when you close your browser. In addition, there are also some persistent cookies that we use to recognise you as a visitor. Cookies do not harm your computer and do not contain any viruses. If you do not want cookies to be installed, you can deactivate the acceptance of cookies in your browser. However, we would like to point out that you may not be able to use our website in full with deactivated cookies.
The user data collected in this way is pseudonymised by technical precautions. Therefore, it is not possible to assign the data to the accessing user as a person. The data will not be stored together with the user’s other personal data unless otherwise described below.
The first time our website is accessed, users are informed about the use of cookies via an info banner and are referred to this data privacy policy. This also includes an indication of how the storage of cookies can be prevented in the browser settings.
The following data is stored and transmitted in the technically necessary cookies:
We also use cookies on our website that enable an analysis of the usage behaviour, the advertising success (so-called conversion) and retargeting of the users on websites of third parties and on our website (e.g. last viewed offers or favourites). Third parties can store cookies on the user’s device directly when visiting our websites or we transmit IDs without personal reference.
The following data can be transmitted in this way:
We use the following third-party providers to analyse usage behaviour:
We use the following third-party providers to re-target the user (remarketing):
We use the following third-party providers to analyse advertising effectiveness:
We use the following third-party vendors to protect against attacks and improve performance:
cloudflare
We use services from our technology partner CloudFlare Inc., 101 Townsend St, San Francisco, CA 94107 USA for our website to protect against attacks, harmful bots and to improve performance. All data to and from this server is transferred through Cloudflare's CDN ("Content Delivery Network"). Cloudflare provides Internet security services and distributed Domain Name Server (DNS) services that act as reverse proxies for Web sites.
Cloudflare collects statistical data about visits to this website. The access data includes: Name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, user's operating system, referrer URL (previously visited page), IP address and requesting provider. Cloudflare uses the log data for statistical evaluations for the purpose of operation, security and optimization of its own offer.
When a customer account is deleted, the data is deleted from the servers. In addition, you can clean up data from the cache at any time. Log files are kept for up to 7 days.
Further information on the provider's data processing, in particular on data protection and data security, can be found at: https://www.cloudflare.com/security-policy/
Google reCaptcha
We use reCaptcha v2 on our websites. reCaptcha is an offer from Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) and serves to prevent abusive automated input into web forms and thus the protection of the host's technical systems. When you visit one of our websites, in which reCaptcha is integrated, a connection to the servers of Google is established. A reCaptcha cookie is set. Your IP address will be transmitted to Google.
In addition, reCaptcha captures the following data using fingerprinting:
- browser plugin used-
- the cookies set by Google in the last 6 months
- number of mouse clicks and touches you have made on this screen
- CSS information for the page accessed- Javascript objects- the date
- the browser language
You may refuse the use of cookies and fingerprinting by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.
Google's Privacy Policy and Terms of Use can be found here: https://www.google.com/policies/privacy/ and here: https://policies.google.com/terms.
2. Legal basis for data processing
If our use of cookies means the processing of personal data, the legal basis is Article 6 Para. 1 lit. b and f GDPR.
3. Purpose of data processing
The purpose of using of technically necessary cookies according to Article 6 Para. 1 lit. b GDPR is to simplify the use of websites for users. Some functions on our website cannot be offered without using cookies. For this it is necessary that the browser is recognised even after a page change.
We require cookies for the following applications:
The user data collected by technically necessary cookies is not used to create user profiles.
If the other cookies are processed, we have a legitimate interest in processing the personal data in accordance with Article 6 Para. 1 lit. f GDPR:
The use of analysis cookies is for the purpose of improving the quality of our website and its content. Through analysis cookies, we learn how the website is used and can therefore constantly optimise what we offer. We recognise which advertising measures caused our websites to be visited (conversion tracking). We can determine how successful the individual advertising measures are in relation to the data of the advertising measures. We are interested in showing you advertisements that are of interest to you, in making our website more interesting and easier for you and in achieving a fair calculation of advertising costs.
Retargeting is done to address previous users of our websites again on third party websites and to motivate them to interact. Users receive advertising content on third party websites that is related to their interests rather than general.
4. Storage duration
Cookies are stored on the user’s computer and transmitted to our site. Therefore, you as the user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that are already stored can be erased at any time. This can be done automatically. If cookies are deactivated for our website, it is possible that not all functions can be used to their full extent (see “technically necessary cookies” above).
The cookie storage duration is indicated above. Otherwise, they are set indefinitely until you erase the memory in the browser.
5. Objection or removal option
You can disable or restrict the processing of cookies by the service providers used by us using the aforementioned links. Furthermore, you can use the preference management of the “yourchoices” commitment for Internet-based advertising: http://www.youronlinechoices.com/de/praferenzmanagement/
The objection is valid as long as the related opt-out cookie is not erased. This cookie is set for the domain, per browser and user of a computer. If you access our website from multiple devices and browsers, you must therefore object to data collection separately and again on each of these devices and in each browser.
VI. Advertising emails (newsletter)
1. Description and scope of data processing
On our website there is the option of subscribing to a free newsletter with advertising contents of our purchase and sales service. This data is transmitted to us when you register for the newsletter:
Your consent is obtained for data processing and reference is made to this data privacy policy during the registration process. You will then receive an email asking you to confirm your registration (double opt-in process). If you are a customer, we will create the newsletter for you as individually as possible, taking into account your previous purchases and sales and scanned items that were not included in the shopping cart.
We will send you reminders for incomplete transactions (shopping basket) and ask you to participate in surveys by email. In addition, you will receive loyalty messages by email if you did not carry out any transactions at all on a particularly regular basis or for a longer period of time.
If you buy or sell goods on our website and provide us with your email address, we may subsequently use it to send you a newsletter. If this is the case, only direct advertising for our own similar goods or services will be sent via the newsletter.
This regulation will be brought to your attention when you register or when buying or selling.
We would like to point out that we measure the use of the newsletter. For the evaluation, the emails sent contain so-called “web beacons” or “tracking pixels” which represent single-pixel image files stored on our website. For the evaluation we link the data and the web beacons with your email address and an individual ID. Links contained in the newsletter are also provided with an ID. With the data obtained in this way, we create a user profile in order to tailor the newsletter to your individual interests. We create a user profile with the data obtained in this way to tailor the newsletter to your individual interests. When you read our newsletter, we record which links you click on in it and deduce your personal interests. We link this data to your actions on our website.
No data is passed on to third parties for their own purposes in connection with data processing for sending of newsletters.
We use the optivo broadmail service from Episerver GmbH, Wallstraße 16, 10179 Berlin for sending the newsletter.
2. Legal basis for data processing
The legal basis for processing the data after the user has registered for the newsletter is Article 6 Para. 1 lit. a GDPR if the user has given consent.
The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 Para. 3 Unfair Competition Act (UWG).
The legal basis for providing shopping basket reminders, surveys and measuring usage is Article 6 Para. 1 lit. a Lit. f GDPR.
3. Purpose of data processing
Collecting the user’s email address is for delivering the newsletter.
The collection of other personal data as part of the registration process serves to prevent misuse of the services or the email address used.
Messages to customers for shopping basket reminders or loyalty campaigns offer targeted communication for users and us. Requests for surveys and reviews are also in our legitimate interests because they improve our services.
Profiling based on previous purchases, sales and use of the newsletter is in our legitimate interest in order to send relevant news to users.
4. Storage duration
The data is erased as soon as it is no longer necessary for achieving the purpose of its collection. The user’s email address will therefore be stored as long as the newsletter subscription is active.
The other personal data collected during the registration process will generally be erased after a period of seven days.
After cancellation, we store the data purely statistically and anonymously.
5. Objection or removal option
The newsletter subscription can be cancelled by the user concerned at any time. There is a corresponding link in each newsletter for this purpose. Furthermore, you have the option of cancelling the newsletter in your customer account. For more information see “Rights of the data subject” below.
You can also restrict usage measurements by deactivating the images displays in your email program as standard.
VII. Emails for reviews
1. Description and scope of data processing
When you visit our website, you may be asked to participate in surveys with separate windows (pop-ups). If you register, buy or sell goods on our website and provide your email address or subscribe to the newsletter, we may ask you by email to review our performance and/or the product. This is done using the services specified in the email or on third platforms (such as Shopauskunft or Trustpilot). Participation in reviews is always voluntary. The platforms do not receive any personal data from us unless otherwise stated here.
We use the following third parties:
We work with zenloop GmbH, Pappelallee 78/79, 10437 Berlin. zenloop is a business-to-business software-as-a-service platform that enables us to collect and analyze feedback from our customers through various channels. This enables us to align and improve our services to the needs of our customers.
The following data is collected for this purpose:
- email address
- Customer ID
- Customer type
- Terminal
- Sales or order number
- Shopping cart value
- Shipping partner
- Number of packages
- Newsletter Status
- Number of orders or sales
- Gender
Additionally zenloop collects your survey answers. You can find more information about zenloop's data processing in the privacy policy at https://www.zenloop.com/de/legal/privacy.
2. Legal basis for data processing
The legal basis for asking for reviews is Article 6 Para. 1 lit. f GDPR.
3. Purpose of data processing
Data processing by us or our contractors is in the legitimate interest of improving our services for users and increasing our reach through (positive) reviews. The purpose of collecting the email address and information about using our service is to send the message with a review request.
4. Storage duration
The data is erased as soon as it is no longer necessary for achieving the purpose of its collection. For cookies in surveys, our instructions above "Use of cookies" also apply.
5. Objection or removal option
Cancelling the newsletter means that you will no longer receive emails from us asking for reviews. You can object to the processing at any time. Please send your objection to the above mentioned email address. In case of objections in connection with evaluation requests to Customer Support, you can also use the online form provided by our contract processor Google LLC. For cookies in surveys, our instructions above "Use of cookies" also apply.
VIII. Push notifications
1. Description and scope of data processing
There is an option on our website to consent to push notifications. These are brief pieces of information that you receive via your browser. This data is transmitted to us when you register for push notifications:
Please note that we measure the use of push notifications.
We use the service accengage from accengage S. A., 31 rue du 4 septembre, 75 002 Paris, France for managing push notifications. In this context, data (name, email address) is collected and stored from which user profiles are created using pseudonyms. These usage profiles are used to analyse visitor behaviour and are evaluated to improve and design our offer in line with demand. You will find more information on accengage and data privacy at https://www.accengage.com/privacy-policy. Accengage only receives the relevant data if the user accepts push notifications (in the browser). Accengage will automatically erase this user data after opting out (in the browser) or after 12 months of inactivity by the user.
2. Legal basis for data processing
The legal basis for processing the data after the user has registered for push notifications is Article 6 Para. 1 lit. a GDPR if the user has given consent.
3. Purpose of data processing
Collection of the aforementioned data is for delivering push notifications.
4. Storage duration
The data is erased as soon as it is no longer necessary for achieving the purpose of its collection. It is therefore stored as long as the subscription is active. The other personal data collected during the registration process will generally be erased after a period of seven days. After cancellation, we store the data purely statistically and anonymously.
5. Objection or removal option
The push notification subscription can be cancelled by the user concerned at any time. Please use your browser configuration: settings for contents/websites, then switch off the notifications/messages. You can also use the symbol to the left of the URL in the browser for the respective website’s settings. For more information see “Rights of the data subject” below.
IX. Advertising mail
1. Description and scope of data processing
If you buy or sell goods on our website and provide us with your postal address, we may subsequently use it to send you advertising mail. If this is the case, only direct advertising for our own similar goods or services will be sent. This regulation will be brought to your attention when you register or when buying or selling.
For sending advertising mail, we use the letter shop adressdruck.de, Wilhelm-Kabus-Straße 21-35, 10829 Berlin and www.optilyz.com, a service of optilyz GmbH, Neue Schönhauser Str. 19, 10178 Berlin.
2. Legal basis for data processing
The legal basis for sending advertising mail as a result of the sale of goods or services is Section 7 Para. 3 Unfair Competition Act (UWG).
3. Purpose of data processing
Collection of the postal address is for delivering advertising mail.
4. Storage duration
The data is erased as soon as it is no longer necessary for achieving the purpose of its collection. The user’s postal address will therefore be stored until there is no further registration (see below).
5. Objection or removal option
You can object to the receipt of advertising mail for the future according to Article 21 Para. 2, 3 GDPR.
X. Registration
1. Description and scope of data processing
On our website, we offer users the option of registering by providing personal data. The data is entered into an input screen, transmitted to us and saved. No data is passed on to third parties. The following data is collected as part of the registration process:
The following data will also be stored at the time of registration:
As part of the registration process, the user’s consent to the processing of this data is obtained with reference to our general terms and conditions and this data privacy policy.
2. Legal basis for data processing
The legal basis for processing the data is Article 6 Para. 1 lit. a and lit. b GDPR.
3. Purpose of data processing
The user gives his/her consent. The user’s registration is necessary for fulfilling a contract with the user and/or for executing precontractual measures. This concerns our purchase and sale of goods by or to the user.
4. Storage duration
The data is erased as soon as it is no longer necessary for achieving the purpose of its collection. This is the case for the data for fulfilling a contract or executing precontractual measures if the data is no longer required for executing the contract. Even after conclusion of the contract, it may still be necessary to store the contractual partner’s personal data in order to fulfil contractual or legal obligations. If there is no activity in the customer account for a period of 6 years, the customer account will be deleted.
5. Objection or removal option
As the user, you have the option of cancelling registration at any time by sending an email to our support team or using our contact form. You can change the data stored about you at any time. For more information see “Rights of the data subject” below.
If the data is required to fulfil a contract or to execute precontractual measures, premature erasure of the data is only possible if there are no contractual or statutory obligations to the contrary.
XI. Buying and selling goods
1. Description and scope of data processing
On our website, we offer customers the option of selling us good and buying goods from us. The user’s consent to the processing of this data is obtained as part of the buying and selling process.
The data will be transmitted to us and stored in accordance with the user’s registration data in connection with goods, means of payment and shipping information selected by the user. The following user data is collected during the purchase and sale process and transmitted to the service providers named here:
a. Klarna: Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden, is the responsible party. You will find information on data privacy and also possible credit checks, etc. by BillPay GmbH, Zinnowitzer Str. 1, 10115 Berlin, here: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy
b. Paypal: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, is the responsible party. You will find information on data privacy and also possible credit checks by other service providers here: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE
c. PayOne: BS PAYONE GmbH, Lyoner Straße 9, 60528 Frankfurt am Main, is the responsible party (credit cards and direct debits). You will find information on data privacy and also possible credit checks by other service providers here: https://www.bs-card-service.com/de/datenschutz/
d. Amazon Payments: All personal data that you provide to Amazon Payments or that is collected during the payment process is primarily checked by Amazon Payments s.c.a. (as the responsible party) and secondarily by Amazon EU SARL, Amazon Services Europe SARL and Amazon Media EU SARL, all three located on 5, Rue Plaetis L 2338, Luxembourg. You confirm the data privacy policy when you register for Amazon: https://pay.amazon.com/de/help/201751600
5. As part of the purchasing process, we also process your IP address. We collect the IP address for the approximate determination of the residence of our customers and a corresponding personalized pricing on our website in real time. Therefore, it is possible that - depending on the IP address of your device - different purchase prices may be displayed on our website.
6. Delivery information: if we have goods delivered to you, we pass your data on to the transport company commissioned with delivery if this is required for delivery or status update. The service provider is always indicated in the order. These are currently:
7. Inclusion in the Trusted Shops quality label: The Trusted Shops trust badge is included on this website to display our Trusted Shops quality label and the collected reviews as well as to offer Trusted Shops products to buyers after an order. This serves to protect our prevailing legitimate interests in the optimal marketing of our offer as part of balanced interests. The trust badge and associated services are an offer of Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne. When clicking the trust badge, the web server automatically saves a so-called “server log file”, which contains e.g. your IP address, date and time of the click, transferred data volume and the requesting provider (access data) and documents the click. This access data is not evaluated and is automatically overwritten seven days after the end of your website visit at the latest. Other personal data is only transferred to Trusted Shops if you decide to use Trusted Shops products after completing an order or have already registered for use. In this case, the contractual agreement between you and Trusted Shops applies.
8. If you purchase new books on our website, we use the dealer Libri GmbH, Friedensallee 273, 22763 Hamburg, for selling the goods. Libri GmbH therefore receives information regarding the ordered book and the delivery address.
9. Providers of customer contact centres (e.g. call centres): Within the framework of customer support, data is passed on to our service providers Yoummday GmbH, Belgradstraße 68, 80804 Munich and Trizma d.o.o. Beograd, Belgrade - Novi Beograd, 272 Tosin bunar st., Serbia within the framework of order processing.
2. Legal basis for data processing
The legal basis is Article 6 Para. 1 Lit. a, b and f GDPR.
3. Purpose of data processing
The user gives his/her consent. Processing data for customer services, logistics, payment and delivery is necessary for the fulfilment of the contract in accordance with Article 6 Para. 1 lit. b GDPR. This concerns our purchase and sale of goods by or to the user. With regard to the inclusion of the Trusted Shop quality label and work of Libri GmbH, there is a legitimate interest in accordance with Article 6 Para. 1 lit. f GDPR.
4. Storage duration
The data is erased as soon as it is no longer necessary for achieving the purpose of its collection.
This is the case for data during the purchase and sale contract or for executing precontractual measures if the data is no longer required for the execution of the contract. Even after conclusion of the contract, it may still be necessary to store the contractual partner’s personal data in order to fulfil contractual or legal obligations.
5. Objection or removal option
If the data is required to fulfil a contract or to execute precontractual measures, premature erasure of the data is only possible if there are no contractual or statutory obligations to the contrary.
You can change the data stored about you at any time. For more information see “Rights of the data subject” below.
XII. Contact form and email contact
1. Description and scope of data processing
There is a contact form on our website that can be used for electronic contact. If a user uses this option, the data entered in the input screen will be transmitted to us and stored. The user’s message and email address are required. Other information is optional:
Your consent is obtained for data processing and reference is made to this data privacy policy during the sending process.
Alternatively, you can contact us via the email address provided. In this case, the user’s personal data transmitted by email will be stored.
2. Legal basis for data processing
The legal basis for processing data is Article 6 Para. 1 lit. a GDPR if the user has given consent.
If the aim of the email is concluding a contract, the additional legal basis for processing is Article 6 Para. 1 lit. b GDPR.
3. Purpose of data processing
The user gives his/her consent. Processing personal data from the input screen is for processing any contact.
4. Storage duration
The data is erased as soon as it is no longer necessary for achieving the purpose of its collection. For personal data from the contact form input screen and that which was sent by email, this is the case when the respective conversation with the user is finished. The conversation is terminated when the circumstances show that it is certain that the matter in question has been conclusively resolved.
5. Objection or removal option
The user has the option of revoking his/her consent to the processing of personal data at any time. If the user contacts us via email, he/she can object to the storage of his/her personal data at any time. In a case such as this, the conversation cannot be continued. For more information see “Rights of the data subject” below.
XIII. Social Media Plug-Ins
1. Description and scope of data processing
You can also find us on social networks. A social network is a social meeting point operated on the Internet, an online community that usually enables users to communicate with each other and interact in virtual space. A social network can serve as a platform for the exchange of opinions and experiences or enables the Internet community to provide personal or company-related information. In addition, we have integrated individual functions of these networks into our online services as so-called plug-ins. However, you can only use functions if you are registered and logged in to the respective social network. Please note that the use of the respective social network is subject to the terms of use and data protection of this company, over which we have no control. However, we will be happy to explain to you how such networks process your personal data in this context:
On this website we have integrated components of the company Facebook. Facebook is a social network. The operating company of Facebook is Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. The person responsible for processing personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland if a data subject lives outside the USA or Canada. Each time one of the individual pages of this website is accessed, which is operated by us and on which a Facebook component (Facebook plug-in) has been integrated, the Internet browser on the information technology system of the data subject is automatically prompted by the respective Facebook component to download a representation of the corresponding Facebook component from Facebook. A complete overview of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/?locale=en_DE. As part of this technical process, Facebook obtains information about which specific subpage of our website is visited by the data subject. If the data subject is logged into Facebook at the same time, Facebook recognizes which specific subpage of our website the data subject is visiting each time the person visits our website and for the entire duration of that person's visit to our website. This information is collected by the Facebook component and assigned by Facebook to the respective Facebook account of the data subject. If the data subject clicks one of the Facebook buttons integrated into our website, such as the "Like" button, or if the data subject makes a comment, Facebook assigns this information to the data subject's personal Facebook user account and stores this personal data. Facebook receives information through the Facebook component that the data subject has visited our site whenever they are logged into Facebook at the same time as they visit our site, whether or not they click on the Facebook component. If the data subject does not choose to submit this information to Facebook in this way, he or she can prevent the submission by logging out of his or her Facebook account before visiting our website. Facebook's published privacy policy, available at https://de-de.facebook.com/about/privacy/, discloses Facebook's collection, processing and use of personal information. It also explains what settings Facebook offers to protect the privacy of the data subject. In addition, various applications are available that make it possible to suppress data transmission to Facebook. Such applications can be used by the data subject to suppress data transmission to Facebook.
Our website uses plug-ins from Instagram, which is operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram"). When you visit a page on our site that contains such a plugin, your browser connects directly to Instagram's servers. The content of the plugin is sent by Instagram directly to your browser and integrated into the page. This integration tells Instagram that your browser has accessed the appropriate page on our site, even if you do not have an Instagram profile or are not logged into Instagram. This information (including your IP address) is transferred directly from your browser to an Instagram server in the USA and stored there. If you are logged in to Instagram, Instagram can directly associate your visit to our website with your Instagram account. If you interact with the plugins, for example by pressing the "Instagram" button, this information will also be sent directly to an Instagram server and stored there. The information is also published to your Instagram account and displayed to your contacts. The purpose and scope of the data collection and the further processing and use of the data by Instagram, as well as your related rights and privacy settings, can be found in Instagram's privacy policy: https://www.instagram.com/legal/privacy/
YouTube
We use YouTube, LLC 901 Cherry Ave, 94066 San Bruno, CA, USA, a company of Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA, on our website.
To protect your personal information, we use YouTube's enhanced privacy option. When you visit a page that embeds a YouTube video, YouTube connects to the YouTube servers and displays the content on the website by notifying your browser. However, according to YouTube, "Advanced Privacy Mode" only transmits data to the YouTube server when you actively start the video.
If you are logged into YouTube at this time, the information about the videos you view will be associated with your YouTube member account. You can prevent this by logging out of your account before you visit our site.
More information about YouTube's privacy practices is provided by Google at the following link: https://www.google.de/intl/de/policies/privacy/
2. Legal basis for data processing
Insofar as our use of cookies involves the processing of personal data, the legal basis is Art. 6 Para. 1 lit. b, lit. f GDPR.
3. Purpose of data processing
In the case of processing, our legitimate interest lies in the processing of personal data in accordance with Art. 6 Para. 1 lit. f GDPR: The websites are enriched with more attractive content and the users of the networks can interact directly with them.
4. Duration of storage
The collection takes place through the networks mentioned, where you as a member receive information about the storage duration.
5. Objection or removal option
If you do not want Facebook or Instagram networks to directly associate the information collected through our website with your account, you must log out before visiting our website. You can assert your rights as a member in accordance with the data protection regulations against the networks. You can also use add-ons for your browser to completely prevent plugins from loading, e.g. the script blocker "NoScript" (http://noscript.net/).
XIV. Facebook fan page
Both Facebook Ireland Limited ("Facebook Ireland") and momox GmbH are jointly responsible for the operation of our Facebook fan page. The joint responsibility concerns in particular the use of the "Facebook Insights" function, more precisely the collection, storage and further processing of the Insights data. Facebook Ireland Limited ("Facebook Ireland") is responsible for the collection and storage of the data; momox GmbH only receives anonymized evaluations of the Insights data.
The parties have concluded an agreement on joint responsibility (https://www.facebook.com/legal/terms/page_controller_addendum). For the processing of Insights data, it was agreed that Facebook Ireland assumes the obligation to protect the rights of the data subject and the necessary information obligations according to Art. 13 and 14 GDPR. Data protection rights can be asserted both at Facebook Ireland and at momox GmbH. momox GmbH will forward all requests from data subjects concerning processing for which Facebook Ireland is responsible to Facebook Ireland for processing.
1. Description and scope of data processing
The following data is collected during the registration process;
Facebook cookies
Demographic data (e.g. based on age, place of residence, language or gender)
Statistical data on user interactions in aggregated form, i.e. without personal reference (e.g. page activities, page views, page previews, likes, recommendations, articles, videos, page subscriptions incl. origin, times of day)
The promotional use of your personal data is particularly important for Facebook. We use the statistics function to learn more about the visitors of our fan page. Using this function enables us to adapt our content to the respective target group. In this way, we also use demographic information on the age and origin of the users, for example, whereby no personal reference is possible for us here.
In order to provide the social media service in the form of our Facebook fan page and to use the Insight function, Facebook generally stores cookies on the user's end device.
These include session cookies, which are deleted when the browser is closed, and permanent cookies, which remain on the end device until they expire or are deleted by the user.
According to Facebook, the cookies used by Facebook are for authentication, security, website and product integrity, advertising and measurement, website features and services, performance, and analysis and research. Details of the cookies used by Facebook (e.g., cookie names, duration of function, recorded content and purpose) can be viewed here: https://www.facebook.com/policies/cookies/ by following the links there. There you will also find the option to deactivate the cookies used by Facebook. You can also change the settings for your advertising preferences there.
The collection and storage of data through the use of the above-mentioned Facebook cookies can also, and at any time in the future, be refused via the following opt-out link: http://www.youronlinechoices.com/de/praferenzmanagement/.
Under the above-mentioned link you can manage your preferences regarding usage-based online advertising. If you object to usage-based online advertising with a particular provider using the preference manager, this only applies to the specific business data collection via the web browser you are currently using. Preference management is cookie-based. If you delete all browser cookies, the preferences that you set using the preference manager are also removed.
2. Note on Facebook Insights
For statistical evaluation purposes we use the function Facebook Insights. In this context, we receive anonymous data on the users of our Facebook fan page. A conclusion on your person is not possible for us. For further information please refer to the Facebook cookie policy.
3. Pursued legitimate interests, if the legal basis is Art. 6 para. 1 lit. f) DSGVO
We see our justified interest in data processing in the presentation of our company and our products and services for your information.
4. Recipients or categories of recipients
As far as you interact within the framework of Facebook, Facebook naturally also has access to your data. In particular, it is possible that Facebook Inc, 1601 Willow Road, Menlo Park, California 94025, USA, has access to your data. Facebook is located here in an insecure third country, where the level of data protection is lower. Facebook uses standard contractual clauses approved by the European Commission and, for data transfers from the EEA to the US and other countries, the Adequacy Decisions issued by the European Commission regarding certain countries.
XV. Comments on our website
1. Description and scope of data processing
Personal data is collected when you rate our websites (e.g. the blog). In this context, the data given in the respective form and your IP address are collected. Name and e-mail address details are voluntary.
2. Legal basis of data processing
The legal basis for processing data is Article 6 Para. 1 lit. a GDPR if the user has given consent.
3. Purpose of data processing
The user gives his consent. The processing of the personal data from the input mask serves us for the treatment of the comment.
4. Storage duration
The data will be erased if requested by the author of the comment. In addition, an unlimited
agreement of the representation is to be assumed.
5. Objection and removal option
The user has the possibility to revoke his consent to the processing of personal data at any time. He can also have information anonymized by us, e.g. by shortening the previously mentioned name. For further information, see "Rights of the data subject" below.
XVI. Rights of the data subject
If your personal data is processed, you are the data subject according to GDPR and you are entitled to the following rights with regard to the controller:
1. Right to information
You can ask the controller to confirm whether personal data concerning you will be processed by us.
If processing has taken place, you can request the following information from the controller:
2. Right to correction
You have a right to the correction and/or completion by the controller if the personal data processed concerning you is incorrect or incomplete. The controller must make the correction without delay.
3. Right to restrict processing
You may request that the processing of personal data concerning you be restricted under the following conditions:
If the processing of personal data concerning you has been restricted, this data may only be processed – aside from being stored – with your consent or for the purpose of asserting, exercising or defending rights or for protecting the rights of another natural or legal person or on grounds of important public interest of the European Union or a member state.
If the processing restriction has been restricted in accordance with the aforementioned conditions, you will be informed by the controller before the restriction is lifted.
4. Right to erasure
a) Erasure obligation
You can request that the controller erase the personal data concerning you without delay and the controller is obliged to erase this data without delay if one of the following reasons applies:
b) Information to third parties
If the controller has made personal data concerning you public and is obliged to erase it according to Article 17 Para. 1 GDPR, it shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform those responsible for data processing who process the personal data that you as the data subject have requested the erasure of all links to this personal data or of copies or replications of this personal data.
c) Exceptions
The right to erasure does not exist if processing is required
5. Right to notification
If you have exercised your right to have the controller correct, erase or limit processing, it is obliged to inform all recipients to whom the personal data concerning you has been disclosed of this correction or erasure of the data or processing restriction, unless this proves impossible or involves a disproportionate effort.
You shall also have the right to be informed about these recipients by the controller.
6. Right to data transferability
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, common and machine-readable format. Furthermore, you have the right to transmit this data to another controller without any obstruction by the controller to whom the personal data was made available provided that
In exercising this right, you also have the right to affect that the personal data concerning you be transferred directly from one controller to another if this is technically feasible. Freedoms and rights of other people may not be affected because of this.
The right to data transferability does not apply to processing personal data necessary for performing a task in the public interest or in the exercise of public authority assigned to the controller.
7. Right to objection
You have the right, for reasons arising from your particular situation, to object to the processing of personal data concerning you under Article 6 Para. 1 lit. e or f GDPR at any time; this also applies to profiling based on these provisions.
The controller no longer processes the personal data concerning you, unless it can prove compelling legitimate reasons for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the personal data concerning you is processed for direct marketing purposes, you have the right to object to the processing of personal data concerning you for the purpose of this kind of advertising at any time according to Article 21 Para. 2, 3 GDPR; this also applies to profiling if it is in connection with this kind of direct marketing.
If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You have the option of exercising your right of objection using automated procedures in which technical specifications are used, in connection with the use of information society services, notwithstanding Directive 2002/58/EC.
8. Right to revoking the declaration of consent relating to data privacy
You have the right to revoke your declaration of consent relating to data privacy at any time. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.
9. Automated decision on a case-by-case basis, including profiling
You have the right not to be subject to a decision based exclusively on automated processing, including profiling, that has legal effect against you or significantly impairs you in a similar manner. This does not apply if the decision
However, these decisions may not be based on special categories of personal data according to Article 9 Para. 1 GDPR unless Article 9 Para. 2 Lit. a or g applies, and appropriate measures have been taken to protect your rights, freedoms and legitimate interests.
In the cases referred to in (1) and (3), the controller shall take reasonable measures to safeguard your rights, freedoms and legitimate interests, including at least the right to obtain the intervention of a person by the controller, to state its own position and to challenge the decision.
10 Right to complain to a supervisory authority
Irrespective of any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the member state in which you are residing, working or suspected of violation, if you believe that the processing of personal data concerning you is contrary to the GDPR.
The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.
11. Validity of this data privacy policy
We reserve to right to makes changes to these data privacy guidelines from time to time. The current version can be seen on our website. If a change significantly restricts the rights of registered users, we will notify them. Furthermore, the currently available data privacy policy is valid for our website users.