spooks.crown

Privacy Policy

for SPOOKS GmbH | Version 09/2020

You can find a german version of our privacy policy here.

The following policy informs you of how we use your personal data. In doing so, we adhere to the strict provisions of data protection laws in Germany and the requirements of the EU General Data Protection Regulation (GDPR). We want you to feel at ease when visiting our website. This is why we are particularly concerned about protecting your privacy. We ask that you carefully read the following summary of how our website works. Rest assured that we will ensure transparent and fair data processing and also that your data is handled carefully and conscientiously.

Please contact our data protection officer if you have any further questions on how we deal with your personal data.

We may have to amend our privacy policy due to continuous advancements in technology, changes to our services, the legal situation or for other reasons. We therefore reserve the right to amend this Privacy Policy at any time and ask that you review the most recent version at regular intervals.

CONTROLLER & SERVICE PROVIDER                            
SPOOKS GmbH
Oberbech 8
51519 Odenthal
Germany

DATA PROTECTION OFFICER
Heiko Deitz
PersCert External Data Protection Officer (TÜV)
Officer in ISMS according to the ISO/IEC 27000 series
Steinenkamp 20
51469 Bergisch Gladbach

Phone: +49 (0) 2202 9275880
Email:    info@dedaco.de
Web:      www.dedaco.de

TABLE OF CONTENTS

 


1. Gerneral information

SPOOKS takes the requirements of data protection and the security of your personal data very seriously. SPOOKS is aware that the trust vested in us by our customers is essential to good customer relations and business success; SPOOKS acknowledges this trust by ensuring the best possible fulfilment of its information obligations.

Our Privacy Policy applies to all processing of personal data carried out by us, both in the context of providing our services and, in particular, on our websites and external online profiles such as our social media profiles (referred to collectively hereinafter as “online presence”).

Hence, the purpose of this Privacy Policy is to explain the extent to which SPOOKS collects and processes personal data, and for which purposes it does so, during a visit to its web presences or when using its mobile applications in different settings.

2. Overview of processing

The following overview provides a summarised account of the processed data and the purposes of processing. It also makes reference to the data subject.

2.1. Types of processed data

  1. Inventory data (e.g. names, addresses)
  2. Applicant data (e.g. information concerning persons, postal and contact details, documents included in applications and the information they contain, including correspondence, curriculum vitae, references and other information about personal circumstances and qualifications that is communicated by applicants either voluntarily or in regard to a specific vacancy)
  3. Content data (e.g. text entries, photographs, videos)
  4. Contact data (e.g. email address, telephone numbers)
  5. Meta/communication data (e.g. device information, IP addresses)
  6. Usage data (e.g. visited websites, interest in content, retrieval times)
  7. Location data (data relating to the location of the device or the user)
  8. Contractual data (e.g. object of the contract, term, customer category)
  9. Payment data (e.g. bank details, invoices, payment history)

2.2. Categories of data subjects

  1. Workers (e.g. employees, applicants, former employees)
  2. Applicants
  3. Business and contractual partners
  4. Prospective customers
  5. Correspondents
  6. Customers
  7. Users (e.g. website visitors, users of online services)
  8. Sweepstake and competition entrants

2.3. Purposes of processing

  1. Provision of our online presence and its ease of use
  2. Evaluation of visitor usage
  3. Application processes (establishment, organisation and termination of employment as applicable)
  4. Office and organisational procedures
  5. Cross-device tracking (processing of user data across multiple devices for marketing purposes)
  6. Direct marketing (e.g. by email or post)
  7. Organisation of sweepstakes and competitions
  8. Interest- and behaviour-based marketing
  9. Contact requests and communication
  10. Conversion tracking (measuring the effectiveness of marketing campaigns)
  11. Profiling (creation of user profiles)
  12. Remarketing
  13. Reach measurement (e.g. access statistics, recognition of returning visitors)
  14. Security measures
  15. Tracking (e.g. use of cookies)
  16. Contractual performance and service
  17. Management of and responding to enquiries
  18. Creation of target audiences (identification of relevant target groups for marketing purposes or other provision of content)

2.4. Authoritative legal bases

The following section provides information on the legal bases for the processing of personal data according to the General Data Protection Regulation (GDPR). Kindly take note that the national data protection regulations in your country of habitual residence or domicile may apply in addition to the GDPR.

Consent (Article 6(1)(1)(a) GDPR)

The data subject has given consent to the processing of his or her personal data for one or more specific purposes.

Contractual performance and requests prior to entering into a contract (Article 6(1)(1)(b) GDPR)

Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

Legal obligation (Article 6(1)(1)(c) GDPR)

Processing is necessary for compliance with a legal obligation to which the controller is subject.

Legitimate interests (Article 6(1)(1)(f) GDPR)

Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

2.5. Security measures

  1. We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
  2. These measures include in particular assuring the confidentiality, integrity and availability of data by monitoring physical and electronic access to the data, as well as relevant access to it, data input, transfer, the assurance of availability and data separation. Moreover, we have implemented procedures to protect the rights of data subjects, to protect the rights of data subjects and to respond to risks to the data. We also consider the protection of personal data through the application of data protection by design and default in the development and selection of hardware, software and processes. We use TLS/SSL encryption to protect your data that is transferred by means of our online presence. The prefix https:// in the address bar of your browser indicates this kind of encrypted connection.

2.6. Transfer and disclosure of personal data

When we process personal data, there are situations in which the data is transferred or disclosed to other bodies, companies, legally independent organisational units or persons. The recipients of this data include payment services providers for the management of payment transactions, service providers commissioned with IT tasks (web hosting, customer care) or providers of services and content that are integrated in a web page (web analytics and marketing providers). In these cases, we comply with the statutory requirements and, in particular, enter into suitable data protection contracts or agreements with the recipients of your data.

2.7. Data processing in third countries

  1. Where we process data in a third country (meaning outside the European Union (EU) and the European Economic Area (EEA)), or where processing involves using the services of third parties or disclosing or transferring data to other persons, bodies or companies, we only do so in compliance with legal obligations.
  2. Subject to explicit consent or transfer that is required by contract or by law, we process or commission the processing of data only in third countries with a recognised level of data protection (Articles 44 to 49 GDPR; EU Commission information page:https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en ).

3. Provision of the website & storage in log files

When you visit our website, the browser installed on your device automatically sends information to our website server where it is temporarily stored in a log file. We have no influence on this. The following information is collected without your active involvement and stored until it is erased automatically:

  1. IP address of the requesting, internet-capable device
  2. date and time of access
  3. name and URL of the accessed file
  4. referrer URL
  5. time zone difference to Greenwich Mean Time (GMT)
  6. content of the request (information on the specific page you accessed)
  7. access status/http status code
  8. data volume transferred in each case
  9. browser (information concerning the browser you are using)
  10. operating system and its interface (operating system installed on the device that you used to access the website or app)
  11. browser language settings and version

The legal basis for processing of the IP address is Article 6(1)(1)(f) GDPR. Our legitimate interest is inferred from the purposes of data processing listed below. Please be aware that the data we collect neither permits any direct conclusions as to your identity, nor do we seek to draw any such conclusions. We use the IP address of your device and the data listed above for the following purposes:

  • to ensure smooth connectivity.
  • to guarantee ease of use on our website/application,
  • to evaluate system security and stability.

The data is stored for a period of 7 days, and the IP address is then erased automatically. For reasons of security, we store this information – but without the IP address – for longer periods in log files that are erased after 31 days. The data contained in the log files is stored separately from the other data concerning you.

4. Third-party hosting services

A third party provides us with services to host and present the website within the scope of a data processing agreement, namely Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany (https://www.hetzner.com/rechtliches/datenschutz).

All data that is collected as described below during use of our website or in the designated forms in our online shop is processed on the servers of this third party. Processing on other servers only takes place in the scope described in this policy. This service provider is domiciled in a Member State of the European Union or the European Economic Area. The hosting provider is used for the performance of contracts on behalf of our potential and existing customers (Article 6(1)(1)(b) GDPR) and in the interests of secure, fast and efficient provision of our online presence by a professional provider (Article 6(1)(1)(f) GDPR).

5. Opening a customer account

We offer our users the option of registering in our shop system in order to simplify the ordering process. The data is entered in an input screen, transferred to us and stored. The following data is collected:

  1. Email address
  2. Password
  3. First name
  4. Surname
  5. Address (billing and shipping address)
  6. Place of residence (country)

A registration email is then sent to the user’s specified email address containing a link to confirm registration and complete the registration process. Once registration is complete, the user can enter their email address and password to open a user account and place orders in our online shop. The legal basis for processing of this data is Article 6(1)(1)(a) GDPR. The user has the right to withdraw consent to the processing of personal data at any time and may do so by deactivating the user account. We will then erase the data, except where we are obliged to adhere to a longer retention period for compliance with contractual and/or legal obligations.

6. Conclusion, performance, or termination of a contract

6.1. Ordering process

When you place orders in our online shop, we process the following personal data concerning you so as to fulfil your order:

  • First name, surname
  • Address (billing and shipping address)
  • Email address
  • Telephone number (if necessary, for delivery, e.g. by DHL Express)
  • Payment details

We use the data to process the order and to communicate with the user if necessary. We transfer the user’s data to our partner companies in accordance with the statutory provisions; these partner companies assist us in the orderly performance of the contract. These companies are also obliged to comply with the relevant data protection regulations. In particular, they may only process the data for the purpose of fulfilling their tasks on our behalf and only according to our instructions. Data processing in connection with the ordering process is based on Article 6(1)(1)(b) GDPR. We erase the data as soon as order fulfilment is complete, except where we are obliged to adhere to a longer retention period for compliance with contractual and/or legal obligations.

6.2. Payment services providers

Kindly take note that the transfer of personal data to payment services providers involves transfer of personal data to third parties. This means that the selected payment services provider is responsible for processing your data in accordance with Article 4(7) GDPR.

Klarna

Our website users can make payments using Klarna. The service provider is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden (referred to hereinafter as “Klarna”).       
Customers from Germany, Austria and the Netherlands can use Klarna as a payment option. This service is only available following a positive credit rating check. We will therefore forward your data to Klarna to perform an address and credit rating check while taking steps prior to entering into a contract and during performance of the purchase contract.

For more information, refer to the Klarna Privacy Policy, which is available at the following link: https://www.klarna.com/de/datenschutz/Klarna uses cookies to optimise use of its checkout solution. Optimisation of the checkout solution is a legitimate interest in the meaning of Article 6(1)(1)(f) GDPR. Click the following link to learn more about the use of Klarna cookies: https://cdn.klarna.com/1.0/shared/content/policy/cookie/de_de/checkout.pdf

If you select the option of payment on account, Klarna will process the following personal data in particular as a controller for the fulfilment of payment and to conduct an identity and credit rating check in this regard.

  • Contact and identification data Name, date of birth, national ID number, title, billing and shipping address, email address, mobile phone number, nationality, salary etc.
  • Payment information: Debit and credit card date (card number, expiry date and CVV reference), account number etc.
  • Information concerning fulfilment of the order, such as product type, product number, price etc.;
  • If the “purchase on account” option is selected, Klarna collects and uses personal data and information about the user’s payment history, as well as probability values for the user’s future payment behaviour (known as scoring), to decide whether the payment option can be offered to the user. The score is calculated using evidence-based mathematical-statistical methods.

Transfer of your data to Klarna takes place on the basis of Article 6(1)(1)(f) GDPR due to our legitimate interest in secure payment processing and fraud prevention in accordance with Article 6(1)(1)(f) GDPR.

Sofortüberweisung

“Sofortüberweisung” is one of the payment options we offer on our website. This payment service is offered by Sofort GmbH, Theresienhöhe 12, 80339 Munich (referred to hereinafter as “Sofort GmbH”).

In the Sofortüberweisung process, we are sent real-time payment confirmation from Sofort GmbH and can start with the performance of our obligations immediately.

If you select Sofortüberweisung as your payment method, you transfer the PIN and a valid TAN to Sofort GmbH, which it uses to log into your online banking account as an independent controller. Sofort GmbH automatically checks your account balance after logging in and then uses the TAN you provide in order to transfer the money to us. It then immediately sends us a confirmation of the transaction. Your turnover, overdraft facility and the existence of other accounts and their balances are also checked automatically after logging in.

In addition to the PIN and the TAN, the payment details entered by you and your personal data are also transferred to Sofort GmbH Your personal data includes your first name, surname, address, telephone number(s), email address, IP address and other details that may be necessary for the fulfilment of payment. Transfer of this data is necessary in order to ascertain unequivocally your identity and to prevent any attempts at fraud.

Transfer of your data to Sofort GmbH takes place on the basis of our legitimate interest in secure payment processing and fraud prevention in accordance with Article 6(1)(1)(f) GDPR.

For more information on payments using Sofortüberweisung, visit the following link:

https://www.sofort.de/datenschutz.html

https://www.klarna.com/sofort/.

PayPal

If you select the payment services provided by PayPal (PayPal (Europe) SARL et Cie., S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg), we transfer the data that is necessary for the processing of the payment and the performance of an identity and credit rating check to PayPal. The legal basis for the credit rating check is Article 6(1)(1)(f) GDPR. The legal basis for the processing of data in the use of payment services by PayPal is Article 6(1)(1)(f) GDPR. The following data may be transmitted to PayPal:

  • Name
  • Date of birth
  • Address
  • Telephone number
  • Email address
  • Data for the fulfilment of payment, e.g. account details

The credit agencies named in PayPal’s Privacy Policy (https://www.paypal.com/uk/webapps/mpp/ua/privacy-full) may be used in Germany to carry out the identity and credit rating check. You may contact PayPal to withdraw your consent to this use of your personal data at any time.

Payone (Visa/Mastercard/American Express)

We have commissioned PAYONE GmbH, Lyoner Strasse 9, 60528 Frankfurt am Main with the settlement of credit card payments. For this purpose, BS PAYONE GmbH needs your name and address, account number and bank code or credit card number (including expiry date), invoice amount, currency and transaction number, among other things. BS PAYONE GmbH is authorised to use this information for the fulfilment of payment and to transfer it to us. PAYONE is obliged to use the information in compliance with German data protection laws.

You may review the PAYONE GmbH Privacy Policy at the following link:

https://www.payone.de/datenschutz/

We have entered into a data processing agreement with PAYONE and implement in full the strict requirements of German data protection authorities when using PAYONE.

Amazon Pay

If you select Amazon Pay as your payment service provider, you may use your Amazon account and the payment methods stored there, without having to provide this information to us. For more information about payments by Amazon Pay, visit https://pays.amazon.de. Payment details are communicated or transferred when you make payments using Amazon Pay (Amazon Payments Europe S.C.A. 5, Rue Plaetis - 2338 Luxembourg and Amazon EU SARL, Amazon Services Europe SARL, Amazon Media EU SARL, all three domiciled at 5, Rue Plaetis L 2338, Luxembourg). The legal basis for the use of payment services via Amazon Pay is Article 6(1)(1)(f) GDPR.

For more information on data processing by Amazon Pay, refer to the Amazon Pay privacy policy: 

https://pay.amazon.com/uk/help/201751600

6.3. Address verification

We use PAYONE GmbH, Lyoner Strasse 9, 60528 Frankfurt am Main to verify your address in the checkout process (during the ordering process). Address verification involves checking whether the ordered goods can be delivered to the address as stated during the ordering process. It also enables you to identify any incorrect entries. This constitutes a legitimate interest in the meaning of Article 6(1)(1)(f) GDPR. We transfer to the service provider the address details provided by you during the ordering process to fulfil this purpose. You may review the PAYONE GmbH privacy policy at https://www.payone.de/datenschutz/. We have entered into a data processing agreement with PAYONE and implement in full the strict requirements of German data protection authorities when using PAYONE.

6.4. Shipping services providers

We cooperate with logistics and transport companies to deliver the goods you order. The following data may be transferred to these companies to deliver the ordered goods or, insofar as this is necessary, to announce their delivery.

  1. First name, surname
  2. Postal address
  3. Email address
  4. Telephone number

The legal basis for processing of this data is Article 6(1)(1)(b) GDPR.

6.5. Reminder function for sold-out & previewed products

As a registered customer, you can sign up on our website to receive a reminder when a sold-out product becomes available again or a previewed product goes online. We process the data exclusively for performance of the reminder function. The legal basis for this is your consent, Article 6(1)(1)(a) GDPR, Article 7 GDPR. 

6.6. Miscellaneous

Pursuant to Article 6(1)(1)(c) and (f), we use and store your personal data and technical information to the extent that is necessary to prevent or prosecute misuse or other illegal behaviour on our website, e.g. to maintain data security in the event of attacks on our IT systems. We also do so to the extent that is necessary for compliance with legal obligations, for example based on official or court orders, and for the exercise of our rights and claims as well as for legal defence.

7. Use of cookies and third-party services

7.1. General informationen

Cookies and third-party services are used on this website to improve its ease of use, to enable the integration of certain functions (e.g. favourites, shopping cart), to compile statistical records of website usage, to manage personalised advertising on third-party sites (e.g. remarketing/retargeting) on the basis of user behaviour and for other purposes. Cookies are small text files that are automatically created by your browser and stored on your device (laptop, tablet, smartphone or similar) when you visit our website. Cookies do not harm your device and do not contain viruses, Trojans or other malware. The cookies store information that depends on the specific device that is used in each case. But this does not mean that we acquire direct knowledge of your identity. Some of the cookies we use are deleted at the end of the browser session (session cookies). Among other things, they enable us to show you the shopping cart as you move between pages, indicating how many items are currently in your shopping cart and their total value. Other cookies remain on your computer and enable us to recognise it when you next visit our website (persistent or permanent cookies). These cookies are used in particular to improve ease of use, efficiency, security and other factors. For instance, these files enable us to show you information on our pages that is specifically tailored to your interests. We use cookies for the collection of data on user behaviour on the basis of Article 6(1)(1)(f) GDPR (legitimate interest in the optimisation and advertising of our offering). Some cookies are used exclusively on the basis of your consent (Article 6(1)(1)(a) GDPR).

7.2. Data processing for the management of consent by OneTrust

Our website uses the cookie consent technology by OneTrust to obtain your consent for the storage of certain cookies in your browser and to document this process in compliance with data protection requirements. This technology is offered by OneTrust, which is represented at two permanent establishments in the USA and in England: Atlanta, GA, USA (Co-Headquarters), 1200 Abernathy Rd NE, Building 600, Atlanta, GA 30328 United States, +1 (844) 847-7154 and London, England (Co-Headquarters), Dixon House, 1 Lloyd’s Avenue, London, EC3N 3DQ, +44 (800) 011-9778. A OneTrust cookie is stored in your browser when you access our website. It is used to store the consents you have given and your withdrawal of these consents.

The collected data is stored until you request us to erase it, until you delete the OneTrust-Cookie itself or until the purpose for which the data is stored no longer applies. Mandatory legal storage periods remain unaffected.

For more information on data processing by OneTrust cookies, see the OneTrust Privacy Policy at https://www.onetrust.com/privacy/

The purpose of OneTrust cookie consent technology is to obtain legally required consent for the use of cookies. The legal basis in this regard is Article 6(1)(1)(c) GDPR. We have entered into a data processing agreement with OneTrust. This data processing agreement is required under data protection laws. It guarantees that OneTrust processes the personal data concerning our website visitors exclusively in accordance with our instructions and in compliance with the GDPR.

7.3. Necessary cookies

We use session cookies (also called temporary or transient cookies) on our website. These session cookies are only stored during your visit to our website. Our session cookies are only used to identify you for as long as you are logged into our website. These cookies are deleted each time you end your session. Session cookies are not used for any additional purpose.

These cookies are absolutely necessary to keep our website running smoothly and cannot be disabled in our systems. In general, these cookies are only set on your device in response to actions triggered by you that are equivalent to a service request, for instance the configuration of your privacy settings, logging in or filling in forms. You can adjust your browser settings to block cookies or to be alerted about these cookies. Note that some areas of our website may not work.

The legal basis for the use of these session cookies is Article 6(1)(1)(f) GDPR. You would be technically unable to access and use the website offerings and the website itself if we did not use these cookies.

7.4. Analysis cookies

These cookies enable us to count visits and the sources of traffic so that we can measure and improve the performance of our website. They help us to identify which pages are most popular, which are least used and how visitors navigate through our website. All information collected by these cookies is aggregated and is therefore anonymous. We are unable to tell when you visited our website if you have disabled these cookies.

We only place analysis cookies on your device with your explicit consent! You can manage your consent to data processing at any time with effect for the future by selecting the consent management service under LEGAL >> Privacy settings.

7.5. Functional cookies

These cookies enable our website to offer extended functions and personalisation options. They may be set by us or by third-party providers whose services we use on our website. Some or even all of these services may not work error-free if you block these cookies.

We only place functional cookies on your device with your explicit consent! You can manage your consent to data processing at any time with effect for the future by selecting the consent management service under LEGAL >> Privacy settings.

7.6. Marketing cookies

Our advertising partners may use our website to set these cookies. These companies can use the cookies to create a profile of your interests and to show you relevant advertising when you visit other websites. They may at times store personal data, as they are based on a unique identification of your browser and internet device. You will experience less targeted advertising if you disable these cookies.

We only place functional cookies on your device with your explicit consent! You can manage your consent to data processing at any time with effect for the future by selecting the consent management service under LEGAL >> Privacy settings.

7.7. Intervention options/browser settings

You can of course adjust your browser settings so that it does not set cookies on your device. The help function in the menu bar of most browsers explains how to prevent your browser from accepting new cookies, how to receive a browser alert when a new cookie is set, how to delete all cookies you have already received and how to block all others. Proceed as follows:

Internet Explorer

  1. Go to Extras and then select the menu item Internet Options.
  2. Click on the Privacy tab.
  3. Now adjust your preferred Internet settings. You can decide which cookies to accept or reject.
  4. Click OK to confirm the new settings.

Firefox

  1. Select Options in the menu on the top left.
  2. Click on Privacy & Security.
  3. Select Enhanced Tracking Protection.
  4. Now you can decide whether you want to accept cookies and how long you want to keep these cookies. You can also add exceptions to certain websites and block cookies entirely.
  5. Click OK to confirm the new settings.

Google Chrome

  1. Click on the Chrome menu in the browser toolbar.
  2. Select Settings and then Advanced.
  3. Click on Privacy & security.
  4. Now select Site settings.
  5. Go to Cookies and site data to adjust the following settings:
  • Allows sites to save and read data
  • Clear cookies and site data when you quit Chrome
  • Block third-party cookies
  • See all cookies and site data

You can also use a Preference Manager if you would like to delete individual cookies that have been set in your browser or find out which service providers set them in your browser. There is one available at www.youronlinechoices.com.

For a list of all the cookies we set, a description of the purposes of these cookies and other information concerning the individual cookie, visit the overview in our consent management service.

8. Data processing for tracking and analysis purposes

8.1. Google Analytics & Google Optimize

Our website uses Google Analytics from the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This is a program by Google Inc. for the statistical analysis of user traffic. We use this web analysis tool to improve the quality of our web pages and their content. Google Analytics uses cookies (see above) that enable analysis of website usage. Data processing in this context is based on your consent within the meaning of Article 6(1)(1)(a) GDPR, also where personal data is processed on servers of Google in the USA (Google LLC).

Website visitors can disable JavaScript and cookies in their internet browsers to prevent web analysis. The product descriptions and instructions by the various browser providers contain detailed guides to making the necessary adjustments. In addition, users can download and install a browser add-on to disable Google Analytics and hence to prevent data processing by Google.

For more information and to access the add-on, visit:

https://tools.google.com/dlpage/gaoptout?hl=en

We have enabled IP anonymisation on our website. This means that the IP addresses of Google users are truncated in Member States of the European Union or in other signatory states to the Agreement on the European Economic Area prior to transfer to the USA. Only in exceptional cases will the user’s full IP address be transferred to a Google server in the United States and truncated there. The user’s IP address will not be associated with other Google data.

For more information on the terms of use and the Google Analytics Terms of Use and Privacy Policy, visit: 

https://marketingplatform.google.com/about/analytics/terms/gb/ 

https://policies.google.com/?hl=en

We use Google Optimize in addition to Google Analytics. Google Optimize uses cookies to analyse how different variants of our website are used and helps us to improve ease of use based on the behaviour of our users on the website. The Google Optimize tool is connected to Google Analytics. Google uses this information on our behalf to evaluate your use of the website, to compile reports on website activities and to provide further services to us as the website operator in connection with the use of the website and the internet.

The legal basis for the use of Google Analytics and Google Optimize is your consent pursuant to Section 15 subsection 3 Telemedia Act (TMG), i.e. Article 6(1)(1)(a) GDPR. The data transferred by us that is associated with cookies, unique identifiers (e.g. user IDs) or advertising IDs is erased automatically after 26 months. Data that has reached the end of its storage period is deleted automatically once each month.

For more information on the terms and conditions of use and data protection, visit:

https://marketingplatform.google.com/about/analytics/terms/gb/ 

https://support.google.com/optimize/answer/6230273 

https://policies.google.com/?hl=en.

You may prevent the storage of cookies by selecting the appropriate settings in your browser; please be aware, however, that doing so may restrict the availability of certain functions on this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google, as well as the processing of this data by Google, by downloading and installing the browser add-on. Opt-out cookies prevent the collection of your data when visiting this website in future

8.2. Google Remarketing / Adwords / DoubleClick

This website use Google Remarketing, a program to show interest-based advertisements to users of our websites, as well as AdWords and DoubleClick. Google Remarketing uses cookies in this process (see above). Data processing in this context is based on your consent within the meaning of Article 6(1)(1)(a) GDPR, also where personal data is processed in a third country. Website visitors can technically prevent this function by disabling JavaScript and cookies in their internet browsers. The product descriptions and instructions by the various browser providers contain detailed guides to making the necessary adjustments. In addition, users can download and install a browser add-on to disable Google and hence to prevent data processing by Google.

For more information on the terms of use and the Google Remarketing/Adwords/DoubleClick privacy policies, visit:

https://policies.google.com/technologies/ads?hl=en

You can manage your consent to data processing at any time with effect for the future by selecting the consent management service under LEGAL >> Privacy settings.

8.3. Google reCaptcha

Some of the forms on this website use the Google reCaptcha service in order to prevent misuse of our web forms and to protect against spam. Google reCAPTCHA is a service by Google Ireland Limited, a company incorporated and operated under the laws of Ireland with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (www.google.de). This service verifies a manual entry to prevent automated software (bots) from carrying out abusive activities on the website. Pursuant to Article 6(1)(1)(f) GDPR, this represents an overriding legitimate interest in the protection of our website from misuse and the smooth operation of our online presence.

As a verification method, Google reCAPTCHA uses a code embedded in the website known as a JavaScript that enables analysis of your website usage, like cookies. The automatically collected information concerning your use of the website, including your IP address, is usually transferred to a Google server in the United States and stored there. In addition, Google reCaptcha analyses other cookies stored in your browser by Google services.
Personal data entered in the input fields of the individual forms is neither extracted nor stored.

You can also prevent the collection of data generated by JavaScript, i.e. the cookie, and related to your use of the website (including your IP address) to Google, as well as the processing of this data by Google, by disabling the execution of JavaScript or the setting of cookies in your browser settings. Please be aware that may restrict the availability of certain functions in our online presence.

For more information on the Google privacy policy, visit:

https://policies.google.com/privacy

8.4. Google Tag Manager

For reasons of transparency we would like to point out that we use Google Tag Manager. Google Tag Manager does not collect personal information itself. Tag Manager helps us to integrate and manage our tags. Tags are small code elements that are used, among other things, to measure traffic and visitor behaviour, to evaluate the impact of online advertising and social channels, to configure remarketing or retargeting and the focus on target audiences and to test and optimise websites.

For more information about Google Tag Manager, visit:

https://marketingplatform.google.com/intl/en/about/analytics/tag-manager/use-policy/.

8.5. Google Fonts

We integrated the fonts (“Google Fonts”) by the provider Google Ireland Limited, a company incorporated and operated under the laws of Ireland with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland. Privacy Policy: https://www.google.com/policies/privacy/

Opt-out: https://adssettings.google.com/authenticated

8.6. Font Awesome

Our website uses web fonts and icons for the standardised presentation of fonts and icons, which are provided by Fonticons, Inc.. When you access a page, your browser loads the necessary fonts or icons into the browser cache in order to ensure the correct display of text, fonts and icons. Your browser must establish a connection to the Fonticons, Inc. server for this purpose. Fonticons, Inc. will therefore  become aware that your IP address was used to access our website. Font Awesome is used in the interests of ensuring a standardised and attractive presentation of our online presence. Data processing in this context is based on your consent within the meaning of Article 6(1)(1)(a) GDPR, also where personal data is processed in a third country.  Your computer will use a default font if the browser does not support Font Awesome.

For more information about Font Awesome, visit

https://fontawesome.com/help

and the Privacy Policy of Fonticons, Inc.

https://fontawesome.com/privacy

8.7. Facebook Custom Audiences Pixel

Our website uses Facebook Custom Audiences Pixel, a marketing tool by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. Facebook Custom Audiences Pixel enables tracking across different websites. Data processing in this context is based on Article 6(1)(1)(a) GDPR, also where personal data is processed in a third country (especially by the parent company Facebook Inc., USA). Website visitors can disable JavaScript and cookies in their internet browsers to prevent this processing. The product descriptions and instructions by the various browser providers contain detailed guides to making the necessary adjustments.

We only use this service with your explicit consent! You can manage your consent to data processing at any time with effect for the future by selecting the consent management service under LEGAL >> Privacy settings.

8.8. Bing Ads

Our website uses technologies by Bing Ads to create pseudonymised user profiles. This service is made available by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. This service enables us to track the activities of users on our website if they have accessed our website by clicking on Bing Ads. Website visitors can disable JavaScript and cookies in their internet browsers to prevent this processing. The product descriptions and instructions by the various browser providers contain detailed guides to making the necessary adjustments. Data processing in this context is based on Article 6(1)(1)(a) GDPR, also where personal data is processed on servers in third countries, especially in the USA. The collected information is transferred to Microsoft in the United States and stored there for no more than 180 days as a rule. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google, as well as the processing of this data by Google, by downloading and installing the browser add-on.

We only use this service with your explicit consent! You can manage your consent to data processing at any time with effect for the future by selecting the consent management service under LEGAL >> Privacy settings.

8.9. Pinterest Ads

We use Pinterest Tag on the basis of your consent in accordance with Article 6(1)(1)(a) GDPR. This is an individual code snippet by Pinterest Inc., 635 High Street, Palo Alto, CA, USA, ("Pinterest") which is integrated into our website. Its purpose is to use and optimise our Pinterest campaigns in line with requirements and to measure their conversion. This makes certain that our Pinterest ads are only displayed to Pinterest users who have shown an interest in our products and services, while at the same time ensuring that our Pinterest ads reflect the potential interest of each user and do not harass them. This means we can also track the actions of Pininterest users once they have viewed or clicked on one of our Pininterest ads. We are hence able to measure conversion rates in the individual campaigns for statistical purpose, market research and billing. The following information is processed in this context:

  1. device information (e.g. model, make)
  2. operating system (e.g. iOS 11)
  3. IP address
  4. time of access
  5. type and content of the campaign, and
  6. response to the specific campaign (e.g. clicking on a button)

The data collected in this way is pseudonymous and does not permit any conclusions as to the identity of the individual user. The data is stored in accordance with the statutory storage periods and then automatically erased. If you log into your Pinterest account after visiting our website or visit our website while logged in, it is possible that this data will be stored and processed by Pinterest. Pinterest may be able to associate this data with your Pinterest user account and use this information for its own advertising purposes.

For more information, visit the Pinterest privacy policy: 

https://policy.pinterest.com/en/privacy-policy.

We only use this service with your explicit consent! You can manage your consent to data processing at any time with effect for the future by selecting the consent management service under LEGAL >> Privacy settings.

8.10. Nosto

This website uses Nosto, a web analytics service by Nosto Solutions Ltd (Nosto). In order to perform tracking, Nosto uses JavaScript and a cookie (2c.cld) that assigns a unique identifier to the customer. This is a first-party cookie, which means that the information can only be extracted from the customer’s domain. Cookies are automatically stored on your computer by your browser and enable Nosto to analyse website usage. Processing takes place based on your consent according to Article 6(1)(1)(a) GDPR and Section 15 subsection 3 TMG.

The automatically collected information concerning your use of the website, including your IP address and your personal internet usage behaviour, is transferred to an Amazon Webservices server on the Eastern Seaboard of the United States and stored there. Nosto uses this information to evaluate on our behalf as website operators your use of the website, to compare internet usage with other online users, to compile reports on website activities and to provide further services to us as the website operator in connection with the use of the website and the internet. Nosto may use the information collected for its own business purposes, provided that the information is collected anonymously and in a manner that precludes its association with any person or online shop. Nosto might also transfer this information to third parties where required for compliance with a legal obligation or if these third parties process data on behalf of Nosto. On no accounts will Nosto associate your IP address with other Nosto data. You can prevent the installation of cookies by making suitable adjustments to your browser software; this also has no influence on the functionality of our online shop.

We only use this service with your explicit consent! You can manage your consent to data processing at any time with effect for the future by selecting the consent management service under LEGAL >> Privacy settings.

8.11. Hotjar

Our web pages use the Hotjar service by the provider Hotjar, Inc., Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta. This service enables us to acquire a better understanding of our users’ needs and to optimise our online presence accordingly. Hotjar uses cookies (see above) that analyse the behaviour of users on our web pages. Hotjar stores this information in a pseudonymised user profile. The information will not be used by Hotjar or by us to identify individual users or associated with other data about individual users. Data processing in this context is based on Article 6(1)(1)(a) GDPR, also where personal data is processed in third countries (USA). We have a legitimate interest in the analysis of behaviour by visitors to our website as a means of continuing to optimise our web pages. Website visitors can disable JavaScript and cookies in their internet browsers to prevent web analysis. The product descriptions and instructions by the various browser providers contain detailed guides to making the necessary adjustments.

For more information about data processing by Hotjar, visit the privacy policy at: https://www.hotjar.com/legal/policies/privacy.

We only use this service with your explicit consent! You can manage your consent to data processing at any time with effect for the future by selecting the consent management service under LEGAL >> Privacy settings.

8.12. YouTube Video Plugin

Third-party content is integrated on this website. This content is made available by Google (“provider”). YouTube is a service by Google Ireland Limited, a company incorporated and operated under the laws of Ireland with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (www.google.de). Privacy-enhanced mode is enabled for YouTube videos that are integrated on our website. This means that YouTube does not collect and store information concerning website visitors, unless they play the video. Data processing in this context is based on your consent within the meaning of Article 6(1)(1)(a) GDPR, also where personal data is processed on servers of Google in the USA (Google LLC). For information concerning the purpose and extent of data collection and further processing, as well as use of the data by the providers on their pages, a contact address and your rights and settings options for the protection of your privacy, refer to the provider’s Privacy Policy:

https://policies.google.com/privacy

For your opt-out option, visit: https://adssettings.google.com/authenticated.

8.13. Social Plugins

Our website uses social plug-ins (“plug-ins”) for social networks. In order to increase the protection of your data when visiting our website, the plug-ins are not fully integrated into the page and can only be accessed by selecting an HTML link (“Shariff solution” by c't). Data processing in this context is based on your consent within the meaning of Article 6(1)(1)(a) GDPR, also where personal data is processed in a third country. This method ensures that merely accessing a page on our website containing this kind of plug-in will not establish a connection to the servers of the individual social network provider. Clicking on one of the buttons will open a new browser window, which will show the page made available by the individual provider and on which you can select the Like or Share buttons and perform other operations (after entering your login details in some cases). For information concerning the purpose and extent of data collection and further processing, as well as use of the data by the providers on their pages and your rights and settings options for the protection of your privacy, refer to the provider’s privacy policy:

http://www.facebook.com/policy.php
https://policy.pinterest.com/en/privacy-policy

9. Data processing for marketing purposes

The following section refers to the processing of personal data for marketing purposes. Article 6(1)(1)(f) GDPR states that this form of data processing is generally conceivable and a legitimate interest. The duration of storage for marketing purposes does not adhere to any rigid principles and is based instead on the question of whether storage is necessary for marketing purposes.

9.1. E-Mail Newsletter

We offer you the option on our website of subscribing to our email newsletter. We will not send you our newsletter until you have provided your consent and an email address.

We process the following personal data when you subscribe to our newsletter:

  1. Surname, first name (optional)
  2. Date of birth (optional)
  3. Email address
  4. IP address of the accessing computer
  5. Data and time of transmission

We use a double opt-in procedure (DOI procedure) to ensure that no mistakes are made when entering your email address: After you have entered your email address in the registration field and given your consent to receive the newsletter, we will send a confirmation link to the email address you provided. Your email address will not be included in our newsletter mailing list until you have clicked on this confirmation link. We also store your IP address, as well as the times of registration and confirmation. The purpose of this procedure is to obtain proof of your registration and, where necessary, to be able to investigate any possible misuse of your personal data. You are only required to provide your email address to subscribe to our newsletter.

The legal basis for this data processing is your consent, which can be withdrawn at any time, according to Article 6(1)(1)(a) GDPR, Article 7 GDPR.

This website uses the MailChimp services to send newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. MailChimp is a service that is used to organise and analyse the dispatch of newsletters, among other things. When you enter data to subscribe to the newsletter (e.g. your email address), this information is stored on the MailChimp servers in the USA.

MailChimp allows us to analyse our newsletter campaigns (e-mail newsletter performance measurement).

Unfortunately you are unable to withdraw your consent to performance measurement separately, and in this case will have to unsubscribe from the newsletter entirely. You must cancel the newsletter if you object to analysis by MailChimp. An unsubscribe link is included in each newsletter for this purpose. You can also cancel the newsletter in your customer account, provided you are a registered user.

Data processing is based on your consent (Article 6(1)(1)(a) GDPR). You may withdraw this consent at any time by cancelling the newsletter. This does not affect the lawfulness of processing carried out until your withdrawal of consent. The data you send to us to subscribe to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and are erased from the newsletter mailing list when you unsubscribe. This does not affect data we have stored for other purposes.

We, i.e. the newsletter service provider, may place your email address in a blacklist to prevent future receipt once you have been removed from the newsletter mailing list. The data on the blacklist is only used for this purpose and will not be associated with other data.

This is in your interests, as well as in our interest to ensure compliance with the legal requirements when sending newsletters (legitimate interest within the meaning of Article 6(1)(1)(f) GDPR). There are no limitations on the blacklist storage period. You may object to the storage, provided that your interests outweigh our legitimate interests.

We have entered into a data processing agreement with MailChimp pursuant to Article 28 GDPR, in which we require MailChimp to protect the data of our customers and to refrain from transferring the data to third parties.

For more information, refer to the MailChimp Privacy Policy at:

https://mailchimp.com/legal/terms/

Information concerning the right to object

You may object at any time to the use of your personal data for the marketing purposes set out above with effect for the future by sending an email to datenschutz@spooks.com.

Your data will blocked from further commercial data processing if you submit an objection. Please take note that in exceptional cases you may continue to receive marketing materials for a short time, even after submitting an objection. This is for technical reasons due to the lead time when sending emails and does not mean that we have not implemented your objection.

9.2. Individual product recommendations by email

We are entitled – even if you have not issued your explicit consent in this regard – to send you emails containing individual product recommendations. You will receive these individual product recommendations, regardless of whether you have subscribed to our newsletter. The legal basis for this is Article 6(1)(1)(f) GDPR (legitimate interest: direct marketing), Section 7 subsection 2 no. 3 Act against Unfair Competition (UWG), i.e. on the basis of our permission under law pursuant to Section 7 subsection 3 UWG. We primarily use, in compliance with legal requirements, your purchasing history and data concerning your interests in order to select the individual product recommendations. We infer this information from your product interests, taking into account the interests and preferences and profile data you have communicated to us. In addition, you are given the opportunity at the end of each email to object to the continued use by SPOOKS of your email address for the aforementioned purpose (individual product recommendations) with effect for the future. If you do not wish to receive individual product recommendations from us by email, you may object to this – without adherence to any formal requirements – at any time, e.g. by email to datenschutz@spooks.com. You will not incur any costs other than the costs of transmitting your objection according to the basic rates (e.g. internet connection costs, postage). An opt-out link is included in each email of course.

We use the MailChimp services to send these emails. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

The legal basis for using this mail service provider is your consent, Article 6(1)(1)(a) GDPR.

Information concerning the right to object

You may object at any time to the use of your personal data for the marketing purposes set out above with effect for the future by sending an email to datenschutz@spooks.com. Your data will blocked from further commercial data processing if you submit an objection. Please take note that in exceptional cases you may continue to receive marketing materials for a short time, even after submitting an objection. This is for technical reasons due to the lead time when sending emails and does not mean that we have not implemented your objection.

9.3. Postal marketing

Furthermore, we reserve the right to store the following data or parts thereof in summarised lists and to use these lists for our own marketing purposes, e.g. to send interesting offers and information on our products by post:

  • First name and surname
  • Postal address
  • Year of birth

This takes place based on a consideration of interests for the protection of our legitimate interests pursuant to Article 6(1)(1)(f) GDPR. These interests are inferred from the individual purposes and, except where stated otherwise, are of a competitive and commercial nature. You may object to the storage and use of your data for these purposes at any time by sending a message to the contact address provided below.

Information concerning the right to object

You may object at any time to the use of your personal data for the marketing purposes set out above with effect for the future by sending an email to datenschutz@spooks.com. Your data will blocked from further commercial data processing if you submit an objection. Please take note that in exceptional cases you may continue to receive marketing materials for a short time, even after submitting an objection. This is for technical reasons due to the lead time when sending emails and does not mean that we have not implemented your objection.

10. Data processing for communication purposes

10.1. Making contact

You can make contact with us in different ways. By

  1. Email
  2. Telephone
  3. Telefax
  4. Contact form
  5. Live chat
  6. WhatsApp
  7. Post

When you make contact with us, we use the personal data that you voluntarily provide in this context solely for the purpose of contacting you and processing your enquiry.

The legal basis for this data processing is Article 6(1)(1)(a), (b), (c) and (f) GDPR. If data is processed based on Article 6(1)(1)(f) GDPR, the necessary legitimate interest in responding to your enquiry is to be able to present our company in a positive light and to achieve a high level of satisfaction among customers and interested third parties.

10.2. Contact form

Our website contains a contact form that can be used to make contact with us electronically. If a user chooses this option, the data they enter in the input screen is transferred to us and stored:

  1. First name
  2. Surname
  3. Email
  4. Free text entered by the user in the designated field

The following data is stored additionally when the message is sent:

  • User’s IP address
  • Data and time of registration

The legal basis for processing of this data is Article 6(1)(1)(f) GDPR (legitimate interest: fast and efficient management of contractual and other matters). The data is used exclusively to process the contact request and any subsequent communication. The data is not transferred to third parties in this context. We obtain prior consent from the users if the data will be used for additional purposes. The personal data from the input screen on the contact form and the data transferred by email will be erased after completion of communication with the user, i.e. as soon as the circumstances indicate that the matter in question has been conclusively clarified and unless legal retention periods necessitate longer storage.

The following data is transferred and stored by us when a user makes contact with us by email:

  1. Email address
  2. Possibly First name and surname (depending on the information in the email)
  3. Possibly Contact details (depending on the information in the email)
  4. Content entered by the user
  5. Data and time

The following data is transferred and stored additionally when an email is sent via the user’s provider:

  • IP address

The legal basis for data collection and storage is again Article 6(1)(1)(f) GDPR. The data is used exclusively to process the contact request and any subsequent communication. The data is not transferred to third parties in this context. We obtain prior consent from the users if the data will be used for additional purposes. The personal data that is transferred by email will be erased after completion of communication with the user, i.e. as soon as the circumstances indicate that the matter in question has been conclusively clarified and unless legal retention periods necessitate longer storage.

10.3. Zendesk ticket system (CRM)

We use the Zendesk ticket system, a customer service platform by Zendesk Inc., 989 Market Street #300, San Francisco, CA 94102, to process customer enquiries on the basis of our legitimate interests according to Article 6(1)(1)(f) GDPR (legitimate interest: efficient processing of enquiries). Our website collects necessary data such as the surname, first name, postal address, telephone number and email address in order to process enquiries and to respond to the request for information.  

We have entered into a data processing agreement with Zendesk and implement in full the strict requirements of German data protection authorities when using Zendesk. Zendesk uses the user data exclusively for the technical processing of enquiries and does not transfer it to third parties. At least a correct email address must be provided in order to use Zendesk. Pseudonymous use is not possible. It may be necessary to collect additional data (name, address) when dealing with service enquiries. The use of Zendesk is optional and is intended to improve and speed up our customer and user service.

For more information on data processing by Zendesk, see the Zendesk Privacy Policy at http://www.zendesk.com/company/privacy

The Zendesk data protection officer can be contacted at the following address if you have further questions: privacy@zendesk.com

When users contact us on our website by email, WhatsApp, via the contact form or the chat function, we use the personal data exclusively to process the specific request. The data is treated confidentially. The data and message thread with our customer service is stored for any follow-on questions and subsequent contact requests. Processing of this data takes place on the basis of your consent (Article 6(1)(1)(a) GDPR).

We offer our customers alternative contact options to submit service requests by telephone, telefax or post if they do not consent to data collection by and data storage in the external Zendesk system.

10.4. Zendesk Chat

We use the Zopim chat tool by Zendesk, a customer service platform by Zendesk Inc., 989 Market Street #300, San Francisco, CA 94102, to process customer enquiries on the basis of our legitimate interests according to Article 6(1)(1)(f) GDPR (legitimate interest: efficient and faster processing of enquiries). Our website collects necessary data such as the surname, first name, and email address in order to process contact enquiries and to respond to the request for information.  

We have entered into a data processing agreement with Zendesk and implement in full the strict requirements of German data protection authorities when using Zendesk. Zendesk uses the user data exclusively for the technical processing of enquiries and does not transfer it to third parties.

The use of Zendesk is optional and is intended to improve and speed up our customer and user service.

For more information on data processing by Zendesk, see the Zendesk Privacy Policy at http://www.zendesk.com/company/privacy

The Zendesk data protection officer can be contacted at the following address if you have further questions: privacy@zendesk.com

When users contact us on our website, we use the personal data exclusively to process the specific request. The data is treated confidentially. The data and message thread with our customer service is stored for any follow-on questions and subsequent contact requests. Processing of this data takes place on the basis of your consent (Article 6(1)(1)(a) GDPR).

We offer our customers alternative contact options to submit service requests by telephone, telefax or post if they do not consent to data collection by and data storage in the external Zendesk system.

10.5. WhatsApp

We offer you the option of contacting us by WhatsApp. We use the Zendesk service (see above) to manage WhatsApp messages we send and receive. This service is only used if you actively make contact with us as a customer. We do not use it actively to make contact with you. This service is only used for the purpose of customer service and not for marketing reasons. At no time will we make contact by sending you marketing content.  The legal basis in this regard is Article 6(1)(1)(f) GDPR. For more information about data protection, visit https://www.whatsapp.com/legal/.

11. Online presence in social networks

Where you are active in social networks, we use our online presence in the individual networks to communicate with you and to offer you information about us. Kindly take note that your data may be processed outside the European Union (EU) in this context. This may make it more difficult for you to exercise your rights.

Your data may also be processed within the social networks for market research and marketing purposes (e.g. user profiles), in order to show you advertisements that match your presumed interests both inside and outside the networks. For this purpose, cookies are usually placed on your computer in which your user behaviour and interests are stored.

We refer you to the privacy policies and information provided by the operators of the individual social networks for more information concerning their processing of data and your options to lodge an objection (opt-out).

We would also like to point out that the most effective way to request information and exercise the rights of data subjects is to make contact with the providers. Only the providers have access to the user data and can take action or provide information directly. You may also make contact with us if you require assistance.

Processing takes place for the purposes of contact requests and communication, tracking, remarketing and reach measurement (e.g. access statistics, recognition of returning visitors). The legal basis is our legitimate interest according to Article 6(1)(1)(f) GDPR.

We use the following services and providers:

11.1. Facebook

Social network; service provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA;

website: https://www.facebook.com

Privacy policy: https://www.facebook.com/about/privacy

Objection option (opt-out): Advertising settings: 

https://www.facebook.com/settings?tab=ads 

Information concerning the joint processing of personal data on Facebook pages: 

https://www.facebook.com/legal/terms/page_controller_addendum

Privacy notice for Facebook pages: 

https://www.facebook.com/legal/terms/information_about_page_insights_data

11.2. Instagram

Social network; service provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland;

website: https://www.instagram.com 

Privacy policy: http://instagram.com/about/legal/privacy

11.3. Pinterest

Social network; service provider: Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, USA; website: https://policy.pinterest.com/de/impressum

Privacy policy: https://policy.pinterest.com/en/privacy-policy

11.4. TikTok

Social network; service provider: TikTok Technology Limited, a company incorporated in Ireland with business address at 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, and the company number 635755. This service is only used if you actively make contact with us as a customer. We do not use it actively to make contact with you. This service is only used for the purpose of customer service and not for marketing reasons. At no time will we make contact by sending you marketing content. For more information about the terms and conditions of use, visit: https://www.tiktok.com/legal/terms-of-use?lang=en For information on data protection, visit https://www.tiktok.com/legal/privacy-policy?lang=en

11.5. Google/YouTube

Social network; service provider: Google Ireland Limited Gordon House, Barrow Street, Dublin 4, Ireland; website: https://www.youtube.com

Privacy Policy: https://policies.google.com/privacy?hl=en&gl=en

12. Data collection and use in online competitions

  1. By entering the competition, each participant consents to the storage by SPOOKS of their personal data (first name and surname, age, email address) that is necessary for the competition on electronic storage media, as well as to the use of this data for competition purposes in compliance with data protection laws. The participant provides assurances by entering the competition that all the information he or she provides is truthful. Where the participant has given consent to the use of his or her personal data for internal marketing purposes (e.g. newsletters and special offers etc.), the data will also be used for this purpose.
  2. The winners will be selected privately and at random from all participants at the end of the designated competition period and will receive their prize after notification. For this purpose, the participant consents to the transfer of the necessary personal data to a possible sponsor of the competition who provides the prizes. Any sponsor is also obliged to comply with data protection regulations.
  3. Where the prize is won by a participant who has not provided a postal address, the participant will be contacted by email and requested to provide a postal address.
  4. The data will be erased after the end of the competition, i.e. after the winner(s) has/have been selected and the prize has/have been presented, as soon as storage is no longer necessary for defence against legal claims.
  5. Competitions that are held on the SPOOKS fan page and/or on the SPOOKS Instagram profile will be decided by a random draw at the end of the stated period. Winners will be notified by @Mention or repost including @Mention or by means of a personal message concerning the prize and will be asked to send contact details by email within 14 days. SPOOKS and Facebook Ireland Limited are joint controllers for the processing of data on the SPOOKS fan page and/or the SPOOKS Instagram site. Nevertheless, SPOOKS is unable to influence processing in this case. For more information concerning processing by Facebook, visit http://www.facebook.com/policy.php and by Instagram, visit https://help.instagram.com/519522125107875.
  6. Where participation requires the creation and transfer of a work (e.g. a photo, video, written entry or other files etc.), the participant provides assurances that they are the sole owners of all rights of use and exploitation to the materials they have submitted. By submitting the entry, the participant agrees that these works may be published by SPOOKS for the purposes of the specific competition, in particular for advertising the competition and for announcing the winners. Publication may take place in the media that SPOOKS uses for the competition (e.g. its Facebook or Instagram profile, the SPOOKS website). In addition, SPOOKS is entitled, without limitation in time or territory, to publish the work for further advertising purposes (e.g. on radio, internet, TV, for commercial exploitation, for advertising or promotion, sales and merchandising purposes). The organiser does not accept liability for any materials submitted, without prejudice to a liability for culpable intent or gross negligence. SPOOKS is entitled to destroy all materials submitted after the end of the competition.

13. Data collection and use during the application procedure

We process the data that you send to us in connection with your application for a vacant position or unsolicited application. Among others, we process the following categories of personal data:

  1. Master data (surname, first name, address, date of birth)
  2. Communication data (telephone number, email address)
  3. Qualification data (references, certificates, application documents, CV, proof of severely handicapped status and others)

The legal basis for the processing of personal data to review and organise the application procedure is:

  • Article 6(1)(1)(a) GDPR – (consent of the data subject)
  • Article 6(1)(1)(b) GDPR in conjunction with Section 26 subsection 1 Federal Data Protection Act (BDSG) – (data processing in connection with an employment relationship)
  • Article 6(1)(1)(c) GDPR – (compliance with a legal obligation)
  • Article 6(1)(1)(f) GDPR – (protection of legitimate interests by the controller or a third party or defence against legal claims, for instance based on the General Law on Equal Treatment (AGG))

If your application documents contain special categories of personal data, e.g. information on health, religious conviction or ethnic origins, we base our processing moreover on Article 9(2)(b), Article 88 GDPR, Section 26 subsection 3 BDSG, due to our legal obligations as an employer and the associated protection of your basic rights.

In addition to the purposes set out above, we also process your data according to Article 6(1)(1)(f) GDPR. This is permissible where processing is necessary for the purposes of our legitimate interests or the interests of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data.

Our legitimate interest in this regard is the assertion of our rights. Our interest is then in the exercise or defence of legal claims.

Access in our company is granted only to such persons that review your suitability for the positions and who may be entrusted with organisation of the application procedure.

As a rule, applicant data is erased 6 months after completion of the application procedure for the position in question. Data contained in unsolicited applications is erased after 70 days at the latest. 

14. Storage periods

The data we process is erased or its processing restricted in compliance with the statutory provisions, in particular in accordance with Articles 17 and 18 GDPR. Unless explicitly stated otherwise in this privacy policy, we erase the data we store once it is no longer required for its intended purpose. Once the purpose no longer applies, data will only be kept if it is required for other, legally permissible purposes or if a longer period of storage is mandated by statutory retention obligations. Processing will be restricted in these cases, so the data will be blocked and not processed for other purposes.

Statutory retention obligations are set out, for example, in Section 257 subsections 1 and 4 German Commercial Code (HGB) (6 years for trading books, inventories, opening balance sheets, annual accounts, accounting receipts etc.) and in Section 147 subsections 1 and 3 German Fiscal Code (AO) (10 years for accounts, records, management reports, accounting receipts, documents pertaining to taxation etc.; 6 years for business correspondence).

15. Rights of the data subject

Where SPOOKS processes your personal data, you are the data subject according to Article 4(1) GDPR and hence have the following rights in dealings with SPOOKS:

Right of access

You have the right, according to Article 15 GDPR, to obtain information as to the data stored concerning you, including any recipients of the data and the envisaged period of storage.

Right to rectification

You have the right, according to Article 16 GDPR, to obtain the rectification of inaccurate data that is processed concerning you.

Right to erasure, right to restriction of processing and right to object

You have the right to obtain erasure or restriction of processing and to object to the processing, provided the legal requirements are satisfied (Articles 17, 18 and 21 GDPR).

Right to lodge a complaint with a supervisory authority

You have the right, according to Article 77(1) GDRP, to lodge a complaint with the supervisory authority of your choice if you believe that the processing of your personal data infringes data protection laws. We recommend that you contact us directly.

16. Withdrawal and validity of the privacy policy

  1. This privacy policy only applies to SPOOKS content. Other data protection and security policies apply to external content accessed by means of hyperlinks. Kindly refer to the legal notices and privacy policies on these pages to find out who is responsible for this content.
  2. It may become necessary to amend this Privacy Policy due to the continued development of our web presence or the implementation of new technologies. We therefore reserve the right to amend this privacy policy at any time with effect for the future. The version accessible at the time of your visit to our website will be valid in every event.

 

Privacy Policy

>> Download (PDF)

All prices incl. VAT. excl. shipping costs Copyright © 2020 SPOOKS GmbH