Data protection

A. General information

1. responsible person

eKomi Holding GmbH, Berlin, Zimmerstrasse 11, 10969 Berlin, HRB 189779 B (District Court Berlin-Charlottenburg) is the person responsible for the processing of personal data, unless it acts as a processor within the scope of the eKomi service.

2. Use of the eKomi websites

Our website can usually be used without providing personal data. Insofar as personal data (e.g. name, address or email address) is collected on our website, this is always done on a voluntary basis as far as possible. We would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) can have security gaps. A complete protection of the data against access by third parties is not possible.

We hereby expressly object to the use of the contact data published as part of the imprint obligation by third parties to send advertising and information materials that have not been expressly requested. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited advertising information, such as spam emails.

3. Access data and log files

When you call up the eKomi website, we register the access data that your browser automatically transmits to us, such as the IP address, the date and time of the call and technical information about your browser and your device. The IP address is a numeric identifier of the device that is used to access the website. The browser information may contain information about the type of browser you are using, the browser language and the time zone.

We collect this information so that we can trace the device used in cases of improper use or illegal actions in connection with accessing or using our website or our services. We also use the IP address to determine your approximate location (at city level) so that we know which of our general terms of use apply to your use of our website or our services.

The data processing is absolutely necessary to enable the visit of the website, to guarantee the permanent functionality and security of our systems as well as to maintain our website administratively in general. For the purposes described above, the data mentioned is also automatically temporarily stored in internal log files on our web server in order to find the cause and take action in the event of repeated or criminal calls that endanger the stability and security of our website .

The legal basis is Art. 6 Para. 1 S. 1 lit. b GDPR, provided that the page is accessed in the course of initiating or executing a contract, and otherwise Art. 6 Par. 1 S. 1 lit.f GDPR due to our legitimate interest in enabling the website to be accessed and the long-term functionality and security of our systems.

The information stored in the log files is stored for 30 days and archived after subsequent anonymization.

4. contact

You have various options for contacting us. This includes in particular the contact form, live chat, our telephone number and our email address. In this context, we process data exclusively for the purpose of communicating with you. Mandatory fields are marked accordingly in the contact form.

Personal data is collected if you voluntarily provide it to us when you contact us. We only use your data to provide you with the information you require, i.e. only the information and data that are absolutely necessary to answer your request or to process the contractual relationship are stored and processed.

The legal basis is Art. 6 Para. 1 S. 1 lit. b GDPR, insofar as your details are required to answer your request or to initiate or execute a contract, and also Art. 6 Para. 1 S. 1 lit. GDPR based on our legitimate interest that you contact us and that we can answer your request. We only make promotional phone calls if you have given your consent. If you are not an existing customer, we will only send you promotional emails on the basis of your consent. The legal basis in these cases is Article 6 Paragraph 1 Sentence 1 Letter a GDPR.

The data collected by us when you contact us will be automatically deleted after your request has been fully processed, unless we still need your request to fulfill contractual or legal obligations.

5. Registration and account usage

You have the option of registering for our login area in order to be able to use our platform. We have highlighted the data you are required to provide by marking them as mandatory fields. These include in particular:

  • Personal data: first and last name, email address, currency, user name;

  • Information about your company: company name, company description, address (street, zip code, city, country), telephone number, website name, website address.

Registration and subsequent use of the platform is not possible without this data. If you order, subscribe to or use products and services, payment data will also be collected (credit card, PayPal, direct debit). The legal basis for processing is Article 6 Paragraph 1 Sentence 1 Letter b GDPR.

We also save the data that you transmit to us during a demo request, such as your name, email address and telephone number. If you require customer care or technical support, you may be asked to fill out a form on which personal information is required in the form of your name, address, email address and telephone number. This information is kept in our database.

6. Newsletters and notification emails

We collect the data of our customers that they tell us when they want to receive our newsletter or want notifications regarding your account, e.g. receipt of the invoice. If you no longer want to use these offers, you can log into the customer access and change the settings or contact us at " dataprotection@ekomi.de ".

To order our newsletters, we use the so-called double opt-in procedure, ie we will only send you newsletters by email if you click on a link in our notification email to confirm that you are the owner of the given email address. If you confirm your e-mail address, we will save your e-mail address, the time of registration and the IP address used for registration until you unsubscribe from the newsletter. The sole purpose of the storage is to send you the newsletter and to be able to prove your registration. You can unsubscribe from the newsletter at any time. A corresponding unsubscribe link can be found in every newsletter. A message to the contact details given above or in the newsletter (e.g. by email or letter) is of course also sufficient. The legal basis for processing is your consent in accordance with Art. 6 Paragraph 1 Sentence 1 lit.

We use standard market technologies in our newsletters, with which the interactions with the newsletters can be measured (e.g. opening of the e-mail, clicked links). We use this data in pseudonymous form for general statistical evaluations as well as to optimize and further develop our content and customer communication. This is done with the help of small graphics that are embedded in the newsletter (so-called pixels). The data is only collected in pseudonymized form and is not linked to your other personal data. The legal basis for this is your consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR. We want to use our newsletter to share content that is as relevant as possible for our customers and to better understand what the readers are actually interested in.

We use the Mailjet services of Mailgun Technologies, Inc., 112 E Pecan St # 1135, San Antonio, TX 78205 ("Mailjet"), with data storage in the European Union, as well as Mandrill's to provide, manage and send the newsletter The Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA ("Mailchimp"). Processing contracts and standard contractual clauses have been concluded with both service providers.

7. Recruitment by email

If you register with us or make a purchase from us, we will also use your contact details to send you further relevant information about our products and services by e-mail ("recruiting existing customers"). This can in particular include innovations, promotions and offers as well as feedback and other surveys.

The legal basis for this data processing is Article 6 Paragraph 1 lit. V. m. § 7 Abs. 3 UWG, according to which data processing is permitted to safeguard legitimate interests, insofar as this relates to the storage and further use of the data for advertising purposes. You can object to the commercial use of your data at any time by means of a corresponding link in the e-mails or by sending a message to the contact details mentioned above (e.g. by e-mail or letter) without incurring any costs other than the transmission costs according to the basic tariffs develop.

8. Applications

If you apply for a position at eKomi, personal data will be collected as part of the application process. The data that you transmit to us as part of your application will be used exclusively for the purpose of filling the advertised position and checking and processing your application submitted in this context.

The legal basis for processing your application documents is Article 6 Paragraph 1 Sentence 1 Letter b and Article 88 Paragraph 1 GDPR in conjunction with Section 26 Paragraph 1 Sentence 1 BDSG.

After completion of the application process with regard to the specific job advertised, this data will be blocked for further use and deleted after the expiry of any storage obligations; unless you have agreed in writing that we can use the data to contact you at a later date.

We use the assessment tool Plum.io from Plum.io, Inc., 60 Bathurst Drive, Unit 9, Waterloo, ON N2V 2A9, Canada (“Plum.io”) to qualify applicants. Participation in the assessment tool is voluntary.

It is generally possible to send unsolicited applications. By submitting your documents for an unsolicited application, you give us your consent to process the personal data you have sent for the purpose of assessing your application (Art. 6 GDPR). If you are interested in your application, we will contact you. Otherwise your applicant data will be deleted immediately.

9. Cookies and Similar Technologies

In order to make visiting our website and our rating platform attractive and to enable the use of certain functions, we use cookies and comparable technologies (collectively "tools").

Cookies are small text files that are stored on your device and that save certain settings and data for exchange with our system via your browser. Some of the cookies we use are deleted at the end of the browser session, i.e. after you close your browser. Other cookies remain on your device and enable us to recognize your browser the next time you visit. Comparable technologies are in particular web storage (local / session storage), fingerprints, tags or pixels.

Most browsers are set by default in such a way that they accept cookies and comparable technologies. However, you can usually adjust your browser settings so that cookies or comparable technologies are rejected or only saved with prior consent. If you reject cookies or similar technologies, it is possible that not all of our offers will function properly for you.

Legal basis

We use the tools necessary for the operation of the website or the rating platform (e.g. enabling login) without consent in accordance with Section 25 (2) TTDSG. The processing of personal data takes place on the basis of our legitimate interest in accordance with Art. 6 Paragraph 1 Sentence 1 lit. In certain cases, these tools may also be required for the fulfillment of a contract or for the implementation of pre-contractual measures, in which case the processing takes place in accordance with Art. 6 Para. 1 S. 1 lit. b GDPR.

We use all other tools, especially those for analysis and marketing purposes, based on your consent in accordance with Section 25 (1) TTDSG. The processing of personal data takes place in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR. Data processing using these tools will only take place if we have received your prior consent.

If a transfer of personal data takes place in third countries, we refer to the paragraph "Data transfer to third countries". We will let you know if we have entered into standard contractual clauses or other guarantees with the providers of certain tools. If you have given your consent to the use of certain tools, we will transmit the data processed during the use of the tools (also) on the basis of this consent to third countries.

Consent management

We use the CookieScript tool from Objectis Ltd., Žalgirio st. 88, LT-09303 Vilnius, Lithuania ("CookieScript"). This generates a banner that informs you about the data processing on our website and gives you the opportunity to consent to all, individual or none of the data processing using optional tools. This banner appears when you visit our website for the first time and when you select your settings again to change them or to revoke your consent. The banner also appears on subsequent visits to our website, provided that the settings saved by CookieScript in the cookie have been deleted.

Your consent or revocation, your anonymized IP address, information about your browser, your device and at the time of your visit are transmitted to CookieSkript when you visit the website (https://cookie-script.com/record-visitor-consents.html). In addition, CookieSkript stores the necessary information in a cookie ("CookieSkriptConsent") in order to save your given consents and revocations and to assign them by means of an ID. If you delete your cookies, we will ask you for your consent again when you visit the site at a later date.

The data processing by cookie script is necessary in order to provide you with the legally required consent management and to comply with our documentation obligations. The legal basis for the use of CookieScript is Article 6, Paragraph 1, Sentence 1, Letter f GDPR, based on our interest in meeting the legal requirements for consent management.

10. Transfer of data

The data we collect will only be passed on if:

a. You have given your express consent in accordance with Art. 6 Para. 1 S. 1 lit.

b. the transfer according to Art. 6 Para. 1 S. 1 lit.

c. we are legally obliged to pass on according to Art. 6 Para. 1 S. 1 lit.

d. this is legally permissible and required according to Art. 6 Paragraph 1 Sentence 1 lit.

Part of the data processing can be carried out by our service providers. In addition to the service providers mentioned in this data protection declaration, this includes in particular:

a. Third parties, including contracted providers, consultants and other service providers, to enable them to provide services on our behalf,

b. eKomi subsidiaries and other companies within the eKomi group of companies,

c. to ensure compliance with applicable laws and to respond to lawsuits and legal steps (including, among other things, subpoenas or court orders) or to demands from public and state authorities,

d. to cooperate with regulators and government agencies, including but not limited to Trading Standards, The Competition and Markets Authority and the Danish Consumer Ombudsman, in connection with inquiries or complaints,

e. Third parties in connection with the enforcement of our Terms of Use and Policies,

f. third parties to protect our business activities or those of our affiliated companies,

G. Third parties to allow us to seek legal remedies and limit any damage we may suffer,

H. Third parties so that we can investigate, prevent, or take action against suspected or actual improper conduct, including but not limited to fraud or misuse of our website,

i. Third parties in the event of any reorganization, merger, acquisition, sale, joint venture, assignment, transfer or other disposition of all or part of our business or assets (including in connection with any bankruptcy or similar proceedings).

If we pass on data to our service providers, they may only use the data to fulfill their tasks. The service providers have been carefully selected and commissioned by us. They are contractually bound by our instructions, have suitable technical and organizational measures to protect the rights of the persons concerned and are regularly checked by us. In addition, data can be passed on in connection with official inquiries, court orders and legal proceedings if this is necessary for legal prosecution or enforcement.

11. Data transfer to third countries

As explained in this data protection declaration, we use services whose providers are partly located in so-called third countries (outside the European Union or the European Economic Area) or process personal data there, i.e. countries whose data protection level does not correspond to that of the European Union. If this is the case and the European Commission has not issued an adequacy decision (Art. 45 GDPR) for these countries, we have taken appropriate precautions to ensure an adequate level of data protection for any data transfers. These include the standard contractual clauses of the European Union or binding internal data protection regulations.

Where this is not possible, we base the data transmission on the exceptions of Art. 49 GDPR, in particular your express consent or the necessity of the transmission to fulfill the contract or to carry out pre-contractual measures.

If a third country transfer is planned and there is no adequacy decision or suitable guarantees, it is possible and there is a risk that authorities in the respective third country (e.g. secret services) can gain access to the transmitted data in order to record and analyze them, and that the enforceability of your data subject rights cannot be guaranteed. If you obtain your consent via the cookie banner, you will also be informed of this.

12. Storage period

In principle, we only store personal data for as long as is necessary to fulfill the purposes for which we collected the data. We then delete the data immediately, unless we still need the data until the expiry of the statutory limitation period for evidence purposes for claims under civil law or due to statutory retention requirements.

For evidence purposes, we have to keep contract data for three years from the end of the year in which the business relationship with you ends. Any claims become statute-barred after the statutory limitation period at the earliest at this point in time.

Even after that, we still have to save some of your data for accounting reasons. We are obliged to do so because of statutory documentation obligations that may result from the Commercial Code, the Tax Code, the Banking Act, the Money Laundering Act and the Securities Trading Act. The periods specified there for the retention of documents are two to ten years.

13. Your rights

You have the right to request information about the processing of your personal data by us at any time. As part of the provision of information, we will explain the data processing to you and provide an overview of the data stored about your person. If the data stored by us is incorrect or no longer up-to-date, you have the right to have this data corrected. You can also request the deletion of your data. If, in exceptional cases, deletion is not possible due to other legal provisions, the data will be blocked so that they are only available for this legal purpose. You can also restrict the processing of your data, e.g. B. if you are of the opinion that the data we have stored is incorrect.

In order to assert your rights described here, you can contact the above contact details at any time. This also applies if you would like to receive copies of guarantees to prove an adequate level of data protection. If the respective legal requirements are met, we will comply with your data protection request.

Your inquiries about the assertion of data protection rights and our responses to them will be stored for documentation purposes for a period of up to three years and in individual cases for the assertion, exercise or defense of legal claims. The legal basis is Art. 6 Para. 1 S. 1 lit.f GDPR, based on our interest in defending against any civil law claims under Art. 82 GDPR, avoiding fines under Art. 83 GDPR and fulfilling our accountability under Art. 5 para. 2 GDPR.

Finally, you have the right to complain to a data protection supervisory authority. You can assert this right, for example, with a supervisory authority in the member state of your place of residence, your place of work or the place of the alleged violation. In Berlin, the seat of eKomi, the responsible supervisory authority is: Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin.

14. Right of withdrawal and objection

According to Article 7 (2) GDPR, you have the right to revoke your consent at any time. As a result, we will no longer continue the data processing based on this consent in the future. Revoking your consent does not affect the legality of the processing carried out on the basis of your consent up to the point of revocation.

Insofar as we process your data on the basis of legitimate interests in accordance with Art. 6 Paragraph 1 Sentence 1 lit. Situation. If you object to data processing for direct marketing purposes, you have a general right of objection, which we will implement without giving reasons.

If you would like to make use of your right of revocation or objection, it is sufficient to send an informal message to the contact details given above.

15. Responsible data protection officer

eKomi confirms that we have appointed a data protection officer in accordance with Article 37 GDPR and, if applicable, in accordance with Section 38 BDSG and monitor compliance with the data protection and data security regulations with the involvement of the data protection officer. EKomi’s data protection officer is currently:

Kathrin Schürmann

Lawyer

ISiCO data protection GmbH

At Hamburger Bahnhof 4 │ 10557 Berlin

T: +49 (0) 30-213 00 28 50 │ F: +49 (0) 30-213 00 28 99

dataprotection@ekomi.dewww.isico-datenschutz.de

16. Changes to this data protection declaration

We reserve the right to make changes to this data protection declaration. If we make material changes to this statement, we will notify you of this on our website or in another way so that you have the opportunity to review the changes before they take effect.

B. Use of our website

In the following, we will explain to you how tools are used when you visit our website.

1. Necessary tools

We use certain tools to enable the basic functions of our website ("necessary tools"). Without these tools we would not be able to provide our service. Therefore, necessary tools are used without consent in accordance with Section 25 (2) TTDSG or when processing personal data on the basis of our legitimate interests in accordance with Article 6 (1) sentence 1 lit.f GDPR or to fulfill a contract or to carry out pre-contractual measures in accordance with Art. 6 Para. 1 S. 1 lit.b GDPR.

Own cookies

The following absolutely necessary cookies are used:

  • "PHPSESSID" (Session): Maintaining the user's session.

We use the following absolutely necessary pixels:

  • "P.gif" (session): Recognition of special fonts for internal analyzes, whereby no visitor data is recorded.

Chargebee

We use the external payment service provider Chargebee from Chargebee, Inc., 44 Montgomery Street, San Francisco, CA, 94104, USA (“Chargebee”), who works with various payment providers and accepts payment information for payment processing. In connection with the processing of such payments, we do not retain any personally identifiable information or financial information such as credit card numbers. Rather, this data (in particular contact and transaction data such as credit card data or bank details) is sent directly to Chargebee, whose use of your personal data is regulated by their privacy policy.

The legal basis is Art. 6 Para. 1 S. 1 lit. Payment service provider is based on our legitimate interest in being able to offer you an additional payment option with Chargebee.

We have an order processing contract with Chargebee (https://www.chargebee.com/privacy/dpa/) closed. Some of the data processing by Chargebee takes place on servers in the USA. In the event that personal data is transferred to the USA or other third countries, we have concluded standard contractual clauses with Chargebee in accordance with Art. 46 Paragraph 2 lit. c GDPR.

You can find more information in Chargebee's privacy policy: https://www.chargebee.com/privacy/.

Google reCAPTCHA

Our website uses the Google reCAPTCHA service, which is offered for users from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and for all other users by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (together "Google").

reCAPTCHA prevents automated software (so-called bots) from carrying out abusive activities on the website, ie it is checked whether the entries made actually come from a person. To determine this, the following data is processed:

  • Referrer URL (address of the page from which the visitor came);

  • IP address;

  • Cookies set by Google;

  • Snapshot of the browser window;

  • Input behavior of the user (e.g. answering the reCAPTCHA question, input speed in form fields, order of selection of input fields by the user, number of mouse clicks);

  • Technical information: browser type, browser plug-ins, browser size and resolution, date, language setting, display instructions (CSS) and scripts (Javascript).

Furthermore, Google reads the cookies from other Google services such as Gmail, Search and Analytics.If you do not want this assignment to your Google account, you must log out of Google before calling up a page in which we have integrated Google reCAPTCHA.

The data mentioned is sent to Google in encrypted form. Google's evaluation decides in which form the captcha is displayed on the page. The use of reCAPTCHA is evaluated statistically. According to Google, your data will not be used for personalized advertising.

The legal basis is the necessity to fulfill a contract or to carry out pre-contractual measures according to Art. 6 Para. 1 S. 1 lit. Subscriptions to a newsletter. Google reCAPTCHA serves to protect IT security, guarantee the stability of our website and prevent misuse.

Some of the data can also be processed on servers in the USA. In the event that personal data is transferred to the USA or other third countries, this is done on the basis of Art. 49 Paragraph 1 Clause 1 lit. b GDPR in order to enable the performance of a contract with you or the implementation of pre-contractual measures. For more information, please refer to Section A.10 ("Data transfer to third countries").

You can find more information on this in the Data protection as well as the Terms of Use from Google.

2. Functional tools

We also use tools to improve the user experience on our website and to be able to offer you more functions (“functional tools”). Although these are not absolutely necessary for the basic functionality of the website, they can provide users with considerable advantages, in particular with regard to user-friendliness and the provision of additional communication, display or payment channels. Unless otherwise stated, the legal basis is your consent in accordance with Section 25 Paragraph 1 of the TTDSG or, in the case of processing of personal data, in accordance with Article 6 Paragraph 1 Clause 1 lit. a GDPR. In the event that personal data is transferred to the USA or other third countries, your consent expressly extends to the transfer of data (Art. 49 Paragraph 1 Clause 1 lit. a GDPR).

Own cookies

The following functional cookies are used:

  • "Ekomi_tracking_SHOP_ID" (1 year): Recording of whether a customer has viewed the certificate page of a shop.

Intercom

If you use the live chat tool to contact us, the data you voluntarily enter there (name, email address, message) will be sent to our service provider Intercom R&D Unlimited Company, 2nd Floor, Stephen Court, 18-21 St. Stephen's Green, Dublin 2, Ireland with server location in the USA and processed by us solely for the purpose of answering the request and then deleted. Any further use of the data entered by Intercom does not take place.

Intercom processes the following data:

  • If given: first and last name, email address, telephone number;

  • Technical information about your device, your browser, your operating system and your selected language;

  • IP address including the originating location;

  • Usage data when using the live chat tool: time and duration of use, links clicked and pages viewed;

  • the data entered in the chat.

For more information, see: https://www.intercom.com/de/legal/privacy.

Intercom uses the following cookies:

  • "Intercom-id- | 19o7sog" (9 months): ID to identify a user, in particular to display existing conversations;

  • "Intercom-session- | 19o7sog" (7 days): Storage of a user's conversation until the intended logout, for a maximum of 7 days.

Further information can be found at: https://www.intercom.com/legal/cookie-policy#messenger-cookies.

The following information is stored in the local / session storage:

  • "Intercom.played-notifications";

  • "Intercom.intercom-state- | 19o7sog".

Standard contractual clauses have been concluded with Intercom.

Adobe Fonts (formerly Typekit)

We use Adobe Fonts, a service provided by Adobe Systems Software Ireland Ltd., 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland ("Adobe"), to make our website look appealing. It enables us to access the Adobe font library . So that the fonts we use can be integrated, your web browser must connect to an Adobe server in the USA and download the required font. This provides Adobe with technical information that our website was accessed from the IP address of your device. This information is used for the provision of the fonts, the diagnosis of problems with the provision and the billing for their use, in particular through aggregated reports on the use of the fonts.Adobe's privacy policy.

3. Analysis tools

In order to improve our website, we use tools for statistical recording and analysis of general usage behavior based on access data ("analysis tools"). We also use analysis services to evaluate the use of our various marketing channels. Unless otherwise stated, the legal basis is your consent in accordance with Section 25 Paragraph 1 of the TTDSG or, in the case of processing of personal data, in accordance with Article 6 Paragraph 1 Clause 1 lit. a GDPR. In the event that personal data is transferred to the USA or other third countries, your consent expressly extends to the transfer of data (Art. 49 Paragraph 1 Clause 1 lit. a GDPR). The associated risks can be found in the section "Data transfer to third countries".

Google Analytics

Our website uses the web analysis service Google Analytics, which is offered for users from Europe, the Middle East and Africa (EMEA) by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and for all other users by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (together "Google").

Google Analytics uses cookies and similar technologies to analyze and improve our website based on your user behavior. Google will process the information obtained in order to evaluate your use of the website, to compile reports on website activity for the website operator and to provide other services relating to website activity and internet usage. The data arising in this context can be transmitted by Google to a server in the USA for evaluation and stored there. The IP address is shortened before the evaluation (IP anonymization) so that no conclusions can be drawn about your identity.

The following data are processed by Google Analytics:

  • Anonymized IP address;

  • Referrer URL (previously visited page);

  • Pages accessed (date, time, URL, title, length of stay);

  • Downloaded files;

  • Links to other websites clicked;

  • if necessary, achievement of certain goals (conversions);

  • Technical information: operating system; Browser type, version and language; Device type, brand, model and resolution;

  • Approximate location (country and possibly city, based on anonymous IP address).

Google Analytics sets the following cookies for the specified purpose with the respective storage period:

  • "_Ga" (2 years) and "_gid" (24 hours): Recognition and differentiation of website visitors by means of a user ID;

  • "_Gat" (1 minute): Reduction of requests to the Google server;

  • “__Utma” (2 years): differentiation between visitors and meetings;

  • “__Utmb” (30 minutes): determination of new sessions and the duration of the visits;

  • “__Utmc” (Session): determination of new sessions and the duration of the visits;

  • "__Utmt" (10 minutes): throttling of requests;

  • "__Utmz" (5 months): Storage of the campaign or the source from which the visitor came.

We have concluded an order processing contract with Google for the use of Google Analytics as well as standard contractual clauses in the event that personal data is transferred to the USA or other third countries.

You can find more information on this in the Data protection from Google.

Yieldify

We use Yieldify, a usage analysis tool from Zeus Enterprises Limited, Floor 1, TechSpace Whitechapel, 38-40 Commercial Rd, London E1 1LN, United Kingdom (“Yieldify”).

Yieldify collects the following data in particular:

  • called URL;

  • pages / products viewed;

  • IP address;

  • Technical information on the device used, the browser and the operating system.

This information is stored in the European Union. We use them to evaluate the use of our website. Yieldify also uses anonymized aggregated data to improve usage analysis. The above data is stored for a maximum of 90 days and then anonymized.

Further information can be found in the Yieldify privacy policy.

4. Marketing tools

We also use tools for advertising purposes (“Marketing Tools”). Some of the access data generated when using our website is used for interest-based advertising. By analyzing and evaluating this access data, we are able to present you with personalized advertising, i.e. advertising that corresponds to your actual interests and needs, on our website and on the websites of other providers. Unless otherwise stated, the legal basis is your consent in accordance with Section 25 Paragraph 1 of the TTDSG or, in the case of processing of personal data, in accordance with Article 6 Paragraph 1 Clause 1 lit. a GDPR. In the event that personal data is transferred to the USA or other third countries, your consent expressly extends to the transfer of data (Art. 49 Paragraph 1 Clause 1 lit. a GDPR).

In the following section we would like to explain these technologies and the providers used for them in more detail. The data collected can include in particular:

  • the device's IP address;

  • the identification number of a cookie or information in the web storage;

  • the device ID of mobile devices;

  • Referrer URL (previously visited page);

  • Pages accessed (date, time, URL, title, length of stay);

  • Downloaded files;

  • Links to other websites clicked;

  • if necessary, achievement of certain goals (conversions);

  • Technical information: operating system; Browser type, version and language; Device type, brand, model and resolution;

  • Approximate location (country and possibly city).

However, the data collected is only stored under a pseudonym, so that no direct conclusions can be drawn about the persons.

Google Ads Conversion Tracking and Ads Remarketing (formerly AdWords)

Our website uses the "Google Ads" service, which is provided for users from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and for all other users by Google LLC 1600 Amphitheater Parkway Mountain View, CA 94043, USA (together "Google") are offered.

With Google Ads, customer actions defined by us (such as clicking on an ad, page views, downloads) are recorded and analyzed using “Google Ads conversion tracking”. We use “Google Ads Remarketing” to show you individualized advertising messages for our products on partner websites from Google. We also use the functions of "GA Audience" in this context. Both services use cookies and similar technologies for this.

The data arising in this context can be transmitted by Google to a server in the USA for evaluation and stored there. In the event that personal data is transferred to the USA, we have concluded standard contractual clauses with Google.

If you use a Google Account, depending on the settings stored in the Google Account, Google can link your web and app browsing history to your Google Account and use information from your Google Account to personalize ads. If you do not want this assignment to your Google account, you must log out of Google before calling up our website.

If you have not consented to the use of Google Ads, Google will only display general advertising that was not selected based on the information collected about you on this website. In addition to revoking your consent, you also have the option of deactivating personalized advertising in the advertising settings on Google.

The following cookies can be set by Google for the above-mentioned purposes:

  • "_Gcl_au" (90 days);

  • "_Gcl_aw" (90 days).

You can find more information on this in the Notes on data usage and the Data protection from Google.

Google Marketing Platform and Ad Manager (formerly DoubleClick)

Our website uses the Google Marketing Platform and the Google Ad Manager, services provided for users from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and for all other users by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (together “Google”).

These services use cookies and similar technologies to present advertisements that are relevant to you. The use of the services enables Google and its partner websites to place advertisements on the basis of previous visits to our or other websites on the Internet.

The data arising in this context can be transmitted by Google to a server in the USA for evaluation and stored there. In the event that personal data is transferred to the USA, we have concluded standard contractual clauses with Google.

If you have not consented to the use of Google Marketing Platform and Ad Manager, Google will only display general advertising that was not selected based on the information collected about you on this website. In addition to revoking your consent, you also have the option of receiving personalized advertising in theAdvertising settings to deactivate on Google.

In particular, Google can set the following cookies for the specified purpose with the respective storage period:

  • “IDE” (13 months): Recognition and differentiation of website visitors by means of a user ID, recording of interaction with advertising, display of personalized advertising;

  • "1P_JAR" (1 month): Optimization of personalized advertising, avoidance of repeated display of the same advertising;

  • "DV" (5 minutes): user preferences, such as language;

  • "NID" (6 months): Settings for Google services and other functions for advertising purposes.

You can find more information on this in the Data protection from Google.

C. Use of our rating platform

Our customers act as clients and thus as the responsible body. As the responsible body in accordance with the General Data Protection Regulation (GDPR), the client is responsible for compliance with data protection regulations. The company is also responsible for

i. how end users are addressed and informed about the possibility of leaving star ratings and reviews and obtaining necessary declarations of consent from end users;

ii. to check the legal admissibility of the advertising (including its manner) with the star ratings and reviews given in relation to the company and / or its products, in particular from the point of view of competition law and advertising law (e.g. according to the drug advertising law); and

iii. To check the competition law, data protection law and other legal requirements and to obtain the necessary declarations of consent from end users.

A LIABILITY OF EKOMI FOR DAMAGES ARISING FROM BREACH OF THE ABOVE OBLIGATIONS IS EXCLUDED.

1. Type and purpose of data processing

The type and purpose of the processing of personal data by the processor result from the main contract with our customer. This includes the following activity (s) and purpose (s):

a. Generating reviews;

b. Moderation of reviews;

c. Marketing services (including SEO optimization) & reputation management (including provision of certificate pages, seals & awards);

d. Data collection, analysis and processing of the collected data as part of the service.

For information on the categories used, please contact our customer / service provider directly. As part of the information obligations, eKomi provides information to authorized persons. Please send a request to:dataprotection@ekomi.com.

2. Categories of data subjects

The categories result from the eKomi main contract with our customers who act as clients and can include the following categories:

a. Client;

b. Interested persons;

c. End customers;

d. Employees who have been contacted on behalf of our customers to submit reviews;

e. Interested parties, end customers or employees of our customers who provide data in order to be able to submit reviews.

For information on the categories used, please contact our customer / service provider directly. As part of the information obligations, eKomi provides information to authorized persons. Please send a request to:dataprotection@ekomi.com.

3. Type of personal data

The type of personal data results from the eKomi main contract with our customers, who act as clients and can include the following data, among other things:

a. Personal master data (name, salutation, title / academic degree, date of birth);

b. Contact details (email address, telephone number, address);

c. Contract data (contract details, services, customer number);

d. Employee data;

e. Photos;

f. videos;

G. Electronic communication data (IP address, websites accessed, information on the device used, operating system and browser);

H. Details (size, hair color, etc.).

For information on the transmitted personal data, please contact our customer / service provider directly. As part of the information obligations, eKomi provides information to authorized persons. Please send a request to:dataprotection@ekomi.com.

4. Data retention and deletion

The following applies to data storage and deletion:

a. Evaluation: Personal data, which are mentioned in an evaluation, are made unrecognizable by the eKomi Customer Feedback Management Team in accordance with the eKomi communication rules; After this measure, the personal data can only be accessed by the system administrators and team leaders of the Customer Feedback Management Team and will be deleted from the eKomi systems by eKomi at the time the customer's main contract is terminated.

b. Customer dialogue: Personal data that is made available by the person concerned as part of the customer dialogue will be deleted from the eKomi systems by eKomi at the time the customer's main contract is terminated.

c. Complaint: Personal data that has been passed on to the processor by data subjects as part of a complaint or a review link query will be deleted from the eKomi systems by eKomi after the case has been closed by eKomi.

After the end of the main customer contract, eKomi is obliged to hand over to the customer all personal data, documents and created processing and usage results that come into its possession that are in connection with the contractual relationship, in compliance with data protection and data security and in accordance with the customer's instructions Clear. This also applies to any data backups at eKomi.

This does not affect the data generated in connection with a third-party service commissioned by the customer (e.g. Google Feed); these are deleted in accordance with the guidelines of the third-party service provider after the end of the main customer contract. Even data that has become the property of eKomi in accordance with the main customer contract will not be deleted after the main contract has ended, but will be kept in accordance with current data protection regulations.

5. Information about children

Our website is not designed for children. If you receive a message that a child under the age of 13 has left personal data, please contact us.

6. Review links / verification

Evaluators have the option of requesting an evaluation link via the certificate pages provided by eKomi if it can be proven that no evaluation link has been sent to them by their provider and the request is authorized in accordance with the communication rules; make a complaint or ask a question about a review. The transaction must be proven by means of an invoice or other meaningful documents. The provision of the invoice or other meaningful documents and the associated data is voluntary and is required to verify the transaction and the authorization to submit a rating. Information that is not relevant for the proof of the transaction can be blacked out by the evaluator. After verification, the documents made available will be destroyed.

7. Necessary tools

We use certain tools to enable the basic functions of our rating platform (“necessary tools”). Without these tools we would not be able to provide our service. Therefore, necessary tools are used without consent in accordance with Section 25 (2) TTDSG or when processing personal data on the basis of our legitimate interests in accordance with Article 6 (1) sentence 1 lit.f GDPR or to fulfill a contract or to carry out pre-contractual measures in accordance with Art. 6 Para. 1 S. 1 lit.b GDPR.

The following absolutely necessary session cookies are used:

  • “PHPSESSID” (Session): Storage of PHP information for the current session;

  • "Laravel_session" (session);

  • "Cookie_test" (session);

  • "SyncConnect" (session): Synchronization of the user hierarchy;

  • "_Rpt_session" (session);

  • "SESSION_ID" (session);

  • "Current_language" (session): Storage of the current language of the user;

  • "Sf_redirect" (session).

The following absolutely necessary persistent cookies are used:

  • "XSRF-TOKEN" (2 hours): Storage of the CSRF token;

  • “AWSALB” (7 days): Load balancing the AWS server;

  • “Remember_token” (5 years);

  • "_Pulse-backend_session" (30 minutes): Storage of the server session information.

8. Functional tools

We also use tools to improve the user experience on our rating platform and to be able to offer you more functions (“functional tools”). Although these are not absolutely necessary for the basic functionality of the rating platform, they can provide users with considerable advantages, in particular with regard to user-friendliness and the provision of additional communication, presentation or payment channels. Unless otherwise stated, the legal basis is your consent in accordance with Section 25 Paragraph 1 of the TTDSG or, in the case of processing of personal data, in accordance with Article 6 Paragraph 1 Clause 1 lit. a GDPR. In the event that personal data is transferred to the USA or other third countries, your consent expressly extends to the transfer of data (Art. 49 Paragraph 1 Clause 1 lit. a GDPR).

Own cookies

The following functional cookies are used:

  • “Product_id__swlik__shopId__swlik__orderId” (5 years) and “product_id__swdis__shopId__swdis__orderId” (5 years): Enables the functionality for “like” and “dislike” in the Intersport widget;

  • “_Easyadmin_navigation_iscollapsed” (1 year);

  • “Current_language” (Session): Storage of the currently selected language;

  • "Bing_translator_access_token" (10 minutes)

  • “Current_organization” (10 minutes): Storage of the company ID;

  • "Advanced_referer_title" (10 minutes): Storage of the page title;

  • "Advanced_referer_url" (10 minutes): Storage of the requested URL;

  • "Compaign" (10 minutes): storage of campaign information;

  • “Venue_sorting” (10 minutes): venue sorting;

  • “Venue_cost_information” (10 minutes): Storage of the display of hidden venue costs;

  • "Coupon" (10 minutes): storage of the coupon values;

  • "Promo" (10 minutes): storage of the promo values;

  • "App_maintenance_notice_ID" (10 minutes): Storage of the maintenance ID;

  • "_Rpt_session" (50 years): Storage of the user session.

Addthis

We use the social media plugins from Addthis, a service of Oracle America, Inc., 500 Oracle Parkway, Redwood Shores, CA 94065, USA, to simplify and standardize the sharing of content via social networks. The following data are processed by Addthis:

  • Visitor ID, saved as a cookie;

  • IP address including the geographical location determined by it;

  • Technical information about your device, browser, operating system and language;

  • Time of visit;

  • Previously visited page (referrer URL) and, if applicable, the search engine used.

Addthis also uses this information to make an interest-based assignment to customer segments or to create profiles based on your use of Addthis. For more information, see:https://www.oracle.com/legal/privacy/addthis-privacy-policy.html

The following cookies are used by Addthis:

  • "__Atuvc" (1 year): Display of the updated number of shared content;

  • “__Atuvs” (30 minutes): Displays the updated number of shared content;

  • "Uvc" (1 year): Analysis of the use of Addthis services;

  • "Ssc" (1 year): Analysis of the use of Addthis services;

  • "Loc" (1 year): Geolocation of Addthis users.

Standard contractual clauses have been concluded with AddThis.

9. Analysis tools

In order to improve our rating platform, we use tools for statistical recording and analysis of general usage behavior based on access data ("analysis tools"). We also use analysis services to evaluate the use of our various marketing channels. Unless otherwise stated, the legal basis is your consent in accordance with Section 25 Paragraph 1 of the TTDSG or, in the case of processing of personal data, in accordance with Article 6 Paragraph 1 Clause 1 lit. a GDPR. In the event that personal data is transferred to the USA or other third countries, your consent expressly extends to the transfer of data (Art. 49 Paragraph 1 Clause 1 lit. a GDPR). The associated risks can be found in the section "Data transfer to third countries".

Google Analytics

Our website uses the web analysis service Google Analytics, which is offered for users from Europe, the Middle East and Africa (EMEA) by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and for all other users by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (together "Google").

Google Analytics uses cookies and similar technologies to analyze and improve our website based on your user behavior. Google will process the information obtained in order to evaluate your use of the website, to compile reports on website activity for the website operator and to provide other services relating to website activity and internet usage. The data arising in this context can be transmitted by Google to a server in the USA for evaluation and stored there. The IP address is shortened before the evaluation (IP anonymization) so that no conclusions can be drawn about your identity.

The following data are processed by Google Analytics:

  • Anonymized IP address;

  • Referrer URL (previously visited page);

  • Pages accessed (date, time, URL, title, length of stay);

  • Downloaded files;

  • Links to other websites clicked;

  • if necessary, achievement of certain goals (conversions);

  • Technical information: operating system; Browser type, version and language; Device type, brand, model and resolution;

  • Approximate location (country and possibly city, based on anonymous IP address).

Google Analytics sets the following cookies for the specified purpose with the respective storage period:

  • "_Ga" (2 years) and "_gid" (24 hours): Recognition and differentiation of website visitors by means of a user ID;

  • "_Gat" (1 minute): Reduction of requests to the Google server.

We have concluded an order processing contract with Google for the use of Google Analytics as well as standard contractual clauses in the event that personal data is transferred to the USA or other third countries.

You can find more information on this in the Data protection from Google.

10. Marketing tools

We also use tools for advertising purposes (“Marketing Tools”). Some of the access data generated when using our rating platform is used for interest-based advertising. By analyzing and evaluating this access data, we are able to present you with personalized advertising, i.e. advertising that corresponds to your actual interests and needs, on our website and on the websites of other providers. Unless otherwise stated, the legal basis is your consent in accordance with Section 25 Paragraph 1 of the TTDSG or, in the case of processing of personal data, in accordance with Article 6 Paragraph 1 Clause 1 lit. a GDPR. In the event that personal data is transferred to the USA or other third countries, your consent expressly extends to the transfer of data (Art. 49 Paragraph 1 Clause 1 lit. a GDPR).

In the following section we would like to explain these technologies and the providers used for them in more detail. The data collected can include in particular:

  • the device's IP address;

  • the identification number of a cookie or information in the web storage;

  • the device ID of mobile devices;

  • Referrer URL (previously visited page);

  • Pages accessed (date, time, URL, title, length of stay);

  • Downloaded files;

  • Links to other websites clicked;

  • if necessary, achievement of certain goals (conversions);

  • Technical information: operating system; Browser type, version and language; Device type, brand, model and resolution;

  • Approximate location (country and possibly city).

However, the data collected is only stored under a pseudonym, so that no direct conclusions can be drawn about the persons.

Google Marketing Platform and Ad Manager (formerly DoubleClick)

Our website uses the Google Marketing Platform and the Google Ad Manager, services provided for users from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and for all other users by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (together “Google”).

These services use cookies and similar technologies to present advertisements that are relevant to you. The use of the services enables Google and its partner websites to place advertisements on the basis of previous visits to our or other websites on the Internet.

The data arising in this context can be transmitted by Google to a server in the USA for evaluation and stored there. In the event that personal data is transferred to the USA, we have concluded standard contractual clauses with Google.

If you have not consented to the use of Google Marketing Platform and Ad Manager, Google will only display general advertising that was not selected based on the information collected about you on this website. In addition to revoking your consent, you also have the option of receiving personalized advertising in theAdvertising settings to deactivate on Google.

In particular, Google sets the following cookies for the specified purpose with the respective storage period:

  • "IDE" (1 year): Recognition and differentiation of website visitors by means of a user ID, recording of interaction with advertising, display of personalized advertising.

You can find more information on this in the Data protection from Google.

YouTube

We have integrated videos on our website that are stored on YouTube and can be played from our website, provided you have given your consent. YouTube is a multimedia service provided by YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (“YouTube”), a subsidiary of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”).

When you visit our website, YouTube and Google receive the information that you have accessed the corresponding subpage of our website. This happens regardless of whether you are logged in to YouTube or Google or not. YouTube and Google use this data for the purposes of advertising, market research and the needs-based design of their websites. If you call up YouTube on our website while you are logged into your YouTube or Google profile, YouTube and Google can also link this event to the respective profiles. If you do not want the assignment, it is necessary that you log out of Google before calling up our website.

The following cookies are used by YouTube:

  • "VISITOR_INFO1_LIVE" (5 months): Calculation of the bandwidth of the user to determine the appropriate user interface of the embedded video;

  • "GPS" (30 minutes): Storage of a unique ID for tracking users based on their location data;

  • "YSC" (Session): Acquisition and storage of the embedded videos played.

In addition to revoking your consent, you also have the option of receiving personalized advertising in the Google settings for advertisingto deactivate. In this case, Google will only display non-individualized advertising.

Further information can be found in the also valid for YouTube Data protection information from Google.

AdRoll

We use the e-commerce marketing platform AdRoll from NextRoll Limied, 1, Burlingston Plaza, Burlingston Road, Dublin 4, Ireland, with a parent company in the USA, to analyze user behavior, to divide users into customer segments, to display interest-based advertising and to ensure success evaluate our advertising campaigns.

AdRoll processes the following data:

  • If given: e-mail address, shopping data;

  • IP address including the geographical location determined by it;

  • Technical information about your device, your browser, your operating system and the selected language;

  • Browser history;

  • Data about displayed advertisements;

  • Data on the success of advertising campaigns (conversion);

  • Advertising partner data.

Further information can be found at: https://www.nextroll.com/privacy.

The following cookies are used by AdRoll:

  • "__Adroll_fpc" (10 minutes) and "__ar_v4" (1 year): Detection and tracking of a website visitor across multiple visits and devices.

A data processing agreement and standard contractual clauses have been concluded with AdRoll.