Data Protection Policy
Protecting your privacy is important to us. Therefore, we always uphold European and English data protection law when processing your data (e.g. collecting, processing and transferring).The following declaration will provide you with an overview of what data is requested on the website, in what manner this data is used and passed on, how you can find out about the information submitted to us and what security measures we take to protect your data.
1. Who is your contact (controller) for your data protection concerns?
The controller in the sense of data protection regulations for all data processing taking place via our website is: EPODEX
18 Soho Square
Telephone: +49 2842 12 19 594 In accordance with statutory regulations, we have appointed a data protection agent. You can contact them on email@example.com.
2. What data do we need from you to use our website? What data is collected and saved during use?
Personal data is any information that can be traced back to an identified or identifiable natural entity (‘data subject’), such as your name, address, telephone number, date of birth, bank details and IP address.We collect and use personal data about our users only insofar as is necessary to provide a functional website, surrounding our content and our services. Our users’ personal data is only usually collected and used with the user’s consent. The only exception is in cases where prior permission is not possible for reasons of practicality and the processing of such data is permitted by legal regulations.
The following data is logged when using our website. This is only for internal, system-related and statistical purposes, i.e. usage data:1. Information about browser type and version
2. Resolution used to display the website
3. The user’s operating system and other information about the end device
4. The user’s IP address
5. Duration of access
6. Websites from which the user’s system was referred to our website
7. Pages on our website viewed by the userThis data will also be saved in our system’s log files. This data is not saved together with any of the user’s other personal data.The legal basis for the temporary saving of data and log files is article 6 paragraph 1 lit f of the GDPR. The temporary saving of the IP address by the system is required to facilitate the provision of the website to the user’s computer. To this end, the user’s IP address must be saved for the duration of the session.Log files are saved to ensure the website’s functionality. The data also allows us to optimise the website and ensure the security of our IT systems. This data is not evaluated for marketing purposes in this context. For this purpose, our legitimate interest is based on data processing in accordance with article 6 paragraph 1 lit f of the GDPR.This data is deleted as soon as it is no longer required to fulfil the purpose of its collection. If data is collected in order to provide the website, this applies from the end of the relevant session. When data is saved in log files, it is deleted after seven days at the latest. Longer saving periods are possible. In this case, the users’ IP addresses will be deleted or disguised so the visiting client can no longer be identified.Data collection to provide the website and the saving of data in log files is necessary for the operation of the website. Therefore, the user has no right to contest.
On our website, we offer users the chance to register by providing personal data. This data is entered into a form before being transferred and saved by us. The following data is processed within the registration process: – Name
– Company name
– Email address
– Telephone numberThe date and time of registration will be saved at the time of registration.By checking the box in the registration form to confirm that you have acknowledged our data protection policy and completing the registration process by clicking the ‘submit’ button at the end of the form, you are granting permission for your data to be used for the following purposes:- Processing orders
– Sending newsletters
– Website administrationIf the user has granted their permission, the legal basis for data processing is article 6 paragraph 1 lit a of the GDPR.If the registration serves to fulfil a contract with the user or to carry out pre-contractual measures, there is additional legal basis for data processing in accordance with article 6 paragraph 1 lit b of the GDPR.This data is deleted as soon as it is no longer required to fulfil the purpose of its collection. This applies to the data collected during the registration process if you have objected to us using your data. If you have any questions regarding this matter, please contact our customer service team on firstname.lastname@example.org.This applies to data collected during the registration process to fulfil a contract or to carry out pre-contractual measures if the data is no longer required to carry out the contract. Even after the contract is completed, it may be necessary to save the contractual partner’s personal data in order to fulfil contractual or statutory obligations.If the data is required to fulfil a contract or carry out pre-contractual measures, premature deletion of the data is only possible as long as no contractual or statutory obligations prevent deletion.
We provide a contact form for you on our website, which you can use to easily contact us regarding a request. We only collect your name and email address via the contact form. The provision of your telephone number is optional.Alternatively, you can contact us using the email address provided. In this case, the user’s personal data transferred in the email shall be saved.We only use your data to process your request and may contact you for this purpose using the contact details you provided. This data will not be used for advertising purposes or forwarded to third parties.The legal basis for processing data sent via the contact form or via email transfer is article 6 paragraph 1 lit f of the GDPR. If the contact refers to the completion of a contract, additional legal basis for the processing is article 6 paragraph 1 lit b of the GDPR.The processing of personal data from the form only serves the purpose of processing the communication. If we are contacted by email, the required legitimate interest for data processing applies.This data is deleted as soon as it is no longer required to fulfil the purpose of its collection. This is the case for personal data from the contact form and from email communication once the conversation with the user is over. The conversation is over when the circumstances show that the relevant situation has been resolved.If the user contacts us via email or via the contact form, they may object to the saving of their personal data at any time. However, the conversation will not be able to continue in this case. To object to the use of your data, please contact our customer service team on email@example.com. In this case, all personal data saved as part of the communication will be deleted.
3. How is my data used and passed onto third parties, and for what purpose?
The personal data provided by you will be used to answer your questions, process your order in the EPODEX online shop and for technical website administration purposes. We will only use your data for a credit check if your order is to be paid after receipt.Your data will only be passed on, sold or otherwise transferred to third parties if this is necessary to complete the contract, for billing purposes, for collection of payment (shipping company or payment service provider) or if you have explicitly given your permission. Furthermore, we are permitted to forward your personal data for debt collection purposes.The legal basis for the transfer of data to third parties for the purposes of order processing or billing is article 6 paragraph 1 lit b of the GDPR, and for transfer in legally required cases, article 6 paragraph 1 lit c of the GDPR.
Payment via PAYONE
To take payments in our online shop, we use a payment system provided by external payment service provider PAYONE GmbH, Fraunhoferstraße 2-4, 24118 Kiel (hereafter “PAYONE”). If you would like to pay by credit card or PayPal, a connection to the PAYONE online payment system is automatically created via a technical interface. The payment data submitted by you will only be transferred via an encrypted connection to PAYONE and only transferred, saved and processed to process your payment. Data is processed exclusively for said purpose of processing payment for your order, whereby payment data must be transferred from PAYONE to your bank in order to authorise the payment process. If you select PayPal as your payment method, PAYONE will forward you directly to PayPal via an interface; there, you can authorise the payment process yourself by logging into your PayPal account.
4. Links to External Services Provided by Social Networks
On our website, we link to the social media platforms Facebook, Instagram, Pinterest, Google+, YouTube and Twitter. This is done using a symbol on our website, which is labelled with the logo of the relevant social media platform and which includes a link to the relevant social media service. Social plugins (such as the Facebook ‘like’ button) are not included.When we link to social media services, no data about you is sent to these services. These are normal hyperlinks, which are not generally used to transfer data. When you click on the link, you will be forwarded directly to our page on the relevant social media network. Data is only transferred if you are logged into your user account on the relevant social media service. You can then directly link or share content from our website with the social media service, or in the case of YouTube, view the videos on our YouTube channel. The relevant social media service will then find out what content you viewed on our website.The following are exclusively responsible for the social media services linked to by us:
for Facebook and its online presence, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA;
for Instagram and its online presence, Instagram, LLC, 1601 Willow Rd. Menlo Park, CA 94025, USA;
for Pinterest and its online presence, Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, USA;
for Google+ and its online presence, Google Inc., 1600 Amphitheatre Park-way, Mountain View, CA 94043, USA;
for YouTube and its online presence, YouTube, LLC, 901 Cherry Ave., St. Bruno, CA 94066, USA;
for Twitter and its online presence, Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA.
for the WhatsApp Sharing Button, WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
You can find more information about the purpose and scope of data collection and further processing and use of your data by the relevant social media service in the relevant service’s data protection policy. These can be found online here:
Google+ und YouTube: https://www.google.de/intl/de/policies/privacy/
You can use these links to find information about settings options to protect your privacy and about your further rights concerning the collection, processing and use of your data by the relevant social network.You are responsible for data transfer to these social network services, as you are active in logging into your account with the relevant social network and clicking on the link, initiating data processing by the relevant social network.
5. What security measures have we undertaken to protect your data?
We have taken a number of security measures to reasonably and sufficiently protect personal data.Our databases are protected by physical and technical measures as well as procedural measures that limit access to information to specifically authorised persons in accordance with this data protection policy. Our information system is located behind a dedicated hardware firewall to prevent access from other networks connected to the internet. Only employees who need the information to fulfil a special task will be granted access to personal information. Our employees are trained in security and data protection practices.When collecting and transferring data via our website, we use standardised SSL encryption technology. Personal data is transferred within the order process via an SSL encryption, which can be identified by the lock symbol in the browser and the ‘https://’ prefix in the URL bar.You should never give out your password to access our website to third parties, and you should change your password regularly. You should not use the same password for our website as you use to access other password-protected websites (email address, online banking etc). When you leave our website, you should log out of your user account and close your browser to avoid unauthorised access to your user account.When communicating by email, complete data protection cannot be guaranteed.
6. Advertising via Email (e.g. email newsletter)
– Email addressDuring the registration process on our website, a note will be displayed on the use of your data for processing by XQueue and this data protection policy will be referenced.As soon as you purchase products or services on our website and submit your email address, we may use it to send a newsletter. In such cases, the newsletter will only be used to send direct advertising for similar products or services.The legal basis for sending the newsletter after the purchase of goods or services is article 6 paragraph f of the GDPR, §7 paragraph 3 of the UWG.This data is deleted as soon as it is no longer required to fulfil the purpose of its collection. The user’s email address is only saved for as long as the newsletter subscription is active.
Right of Withdrawal
The user can cancel their newsletter subscription at any time. A link is provided in each newsletter.
The newsletters sent by XQueue contain a tracking pixel (see: 7) that transfers information to XQueue as soon as you open the newsletter. The following information is collected:
– Your IP address
– Information about the browser used
– Information about the system used
– Time of openingThe legal basis for the processing of personal data by the XQueue service provider for analysis purposes is article 6 paragraph 1 lit f of the GDPR.The use of tracking software serves to improve the quality of our newsletter and its content. Tracking software tells us how our newsletter is used so we can constantly optimise our offerings.For this purpose, our legitimate interest is based on the processing of personal data in accordance with article 6 paragraph 1 lit f of the GDPR.
7. When using our website, a cookie and tracking pixel are saved to your computer. What does this mean?
1. Language settings
2. Items in the cart
3. Log-in information
4. User’s session ID
5. Recently viewed categories and products
1. IP address
2. Search terms used
8. Use of Services for Marketing and Analysis Purposes
We use analysis and marketing software on our website. We use the following analytical tools for the statistical and analytical evaluation of certain data:
– Google Analytics
– Bing AdsThe relevant data is hereby collected in a pseudonymised form and only used for statistical purposes. The data collected by this analytical software will not be merged or linked to create user profiles. The legal basis for the use of the following services is article 6 paragraph 1 lit f of the GDPR. We have a legitimate interest in the collection and evaluation of statistical data as this is necessary to keep the products and services on our website available to our customers and constantly improve our offerings. You can find out how you can object to the evaluation of your data in the relevant service’s data protection policy.
a) We use Google Analytics. What does this mean for your data?
On our website, we use Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses “cookies”, text files that are saved to your computer to facilitate the analysis of your website use (see: 7). The information about your use of this website collected by cookies is generally transmitted to a Google server in the USA and saved there. If IP anonymisation is activated on this website, your IP address will be shortened by Google before leaving the European Union or the European Economic Area. In exceptional cases, the full IP address may be sent to a Google server in the USA and shortened there. Google will use this information to evaluate your use of the website, create reports on website activity and provide other services related to website use and internet use on behalf of the website operator. The IP address transferred from your browser as part of Google Analytics activity will not be combined with any of Google’s other data. You can prevent the saving of cookies by using the relevant settings in your browser software; however, we should inform you that you may not be able to use all of this website’s features in full if you do so.
Right to Objection
You can also prevent Google from receiving data about your website use (including your IP address) collected by the cookie, and from processing your data, by downloading and installing the browser plug-in available here: (https://tools.google.com/dlpage/gaoptout?hl=en-GB).Alternatively, you can prevent data collection by Google Analytics by installing a browser plug-in to internet-capable mobile end devices by clicking the following link:
b) We use Hotjar. What does this mean for you?
Our website uses Hotjar. This name refers to an analytical software provided by Hotjar Ltd. You can view their website at http://www.hotjar.com. The company is based at 3 Lyons Range- 20 Bisazza Street- Sliema SLM 1640 in Malta. This software lets us analyse the behaviour of our visitors by measuring and evaluating clicks, mouse movements and similar on our website. The information created by the tracking code and cookies is transferred to the Hotjar server. This information mostly comprises device related information like the device’s IP address and your email address with your full name insofar as you have made this information available to us. The size of your device’s screen, device type and browser information such as type and version, your geographical location and preferred language for the displayed websites are also collected. User interactions are also collected, such as mouse actions (movement, position and clicks). Typical log file data, such as the domain, visited pages, access data and access time, is also collected. The collected IP address will be automatically anonymised by Hotjar and only saved in this form. Furthermore, website users are assigned a “unique user identifier” (UUID) so Hotjar can recognise returning visitors to our website without having to establish any link to personal data (such as IP address). The software uses this data for evaluation purposes and may also use other third party services, such as Google Analytics. These service providers may also process and save suitable user data. By using our website, you consent to the use of Hotjar. You can prevent the collection and use of your data by Hotjar using the following link: https://www.hotjar.com/legal/compliance/opt-out. Please note the specific data protection policies of other service providers, such as Google Analytics.We will occasionally ask you to provide information via Hotjar in the form of anonymous surveys. We need these to make our products and services more interesting to you and to always provide up-to-date information. These surveys are voluntary, and your entries will be handled both anonymously and confidentially. User identification is not possible.
c) We use Nosto. What does this mean for you?
We also use Nosto, a web analysis service provided by Nosto Solutions GmbH, Schützenstr. 6, 10117 Berlin / Nosto Solutions Ltd, Bulevardi 21 00180 Helsinki, Finland (‘Nosto’) on our website. Nosto uses “cookies”, text files that are saved to your computer to facilitate the analysis of your website use (see: 7). The information about your use of this website collected by the cookie is generally transmitted to a Nosto server and saved there.Collected data:
Registered users Guests
– IP address / user ID
– Full name
– Email address
– Browser used
– Interactions with the website (e.g. products viewed, items in wish list)
– IP address / user ID
This data is used to evaluate your use of our website and to thus show and highlight to you interesting and suitable offers on our website.The legal basis for the comprehensive processing of your personal data as a registered user by the Nosto service is the permission granted by you upon registration, article 6 paragraph 1 sentence 1 lit a of the GDPR. This data processing by Nosto takes place on our behalf and is secured contractually by an agreement to order processing in accordance with article 28 of the GDPR.If you have not registered with our website (‘guest’), only your IP address will be retrieved by Nosto and no further personal data will be collected.If you visit our website as a guest, your IP address will be anonymised as Nosto will shorten your IP address upon collection and before it is transferred to their servers. In exceptional cases, the full IP address may be sent to a Nosto server and shortened there. On our behalf, Nosto will use this information to evaluate your use of the website and to create anonymised reports about website activity.The processing of guests’ data is based on legitimate interests in accordance with article 6 paragraph 1 sentence 1 lit f of the GDPR. Data processing takes place under the assumption that you are not interested in being addressed on our website by personalised advertising. Further anonymised data processing takes place in our interest in being able to evaluate user behaviour on our website and in improving our services and constantly improving our website by establishing use intensity in individual areas of our website.
Right of Withdrawal
You can prevent the collection of data (including your IP address) created by the cookie about your website use by Nosto by clicking this link and downloading an opt-out cookie which will prevent Nosto from collecting any further data.The technical implementation of your right to withdraw your granted permission also serves as your right to object based on legitimate interests (article 6 paragraph 1 sentence 1 lit f of the GDPR).Please note that you must click on the link and download the opt-out cookie again if you delete all cookies in your browser settings.
d) We use Bing Ads. What does that mean for you?
This website uses the remarketing technology “Bing Ads” of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft”). Microsoft saves a cookie on your computer (“conversion cookie”) if you have reached our website via a Microsoft Bing ad. Microsoft and Bing Ads customers can recognise that the ad has been clicked, and the browser redirected to our site. In this way, these can be used for targeted product recommendations and interest-based advertising on Microsoft and other “Bing Ads” sites.The information gathered using the conversion cookie is also used to generate conversion statistics. We are learning the total number of users who clicked on a Microsoft Bing ad and were thus redirected to our site. In addition, further anonymous data (e.g., the number of page views and the time spent on the websites) is collected. We do not receive any information that personally identifies users.
e) We use retargeting and remarketing technology on our website. What does this mean?
We use retargeting and remarketing technology on our website. This is a tracking process in online marketing, where the visitors to a website are marked and then shown targeted advertising on other websites. We use this technology to make our services more attractive and to inform and remind you of current offers that you already viewed in our online shop. The following retargeting and/or remarketing technologies are used:
– Google DoubleClick Remarketing Pixel
– Google AdWords Remarketing
– Facebook Remarketing
– Google AdWords Conversion Tracking
– OptinMonsterFrom a technical perspective, either an additional cookie will be saved to your computer or browser or an existing cookie will be used (see: 7), depending on the retargeting service, to anonymously identify you, your computer or your browser as an internet user using the cookie ID and log your surfing behaviour, especially which pages you visit on our website. The cookie can then be read and evaluated by the targeting providers with which we cooperate (see below). This results in you being shown our products or recommendations for similar products by third parties on other websites e.g. as personalised advertising banners.Within the DoubleClick Remarketing Pixel and Facebook Remarketing, web bugs fulfil a similar function to cookies (see: 7). Web bugs send your IP address, the URL, the time that the web bug was seen, your browser type, and the previously set cookie information to a web server.The data collected about your surfing behaviour by cookies or web bugs cannot be used to personally identify you as a user of our website. We only use the data to improve our services and to evaluate user behaviour on our website (e.g. reactions to promotions); no further use or transfer to third parties takes place. This data is anonymous and not connected to personal data on your computer or linked to a database.All of the following services are used for marketing and advertising purposes with the aim of making our products and services more attractive and offering you a pleasant shopping experience. As described for the individual services, we take your right to data protection seriously so you can object to all services and we will inform you of these data protection options in advance. The legal basis for the above data processing is article 6 paragraph 1 lit f of the GDPR.
Google DoubleClick Remarketing Pixels and Google AdWords Remarketing or “Similar Audiences”
We also use Criteo services (“Criteo”) on our website, which is a service provided by Criteo SA, Rue Blanche, 75009 Paris, France (http://www.criteo.com). This service is also a retargeting service as outlined in general above, which bundles together many third party providers in a network in order to deliver the widest possible range of user-related advertisements and other advertising.When you visit our website, Criteo saves an anonymous browser cookie to your browser (“tagging”). As a “tagged” user, you will then receive an anonymous identifier, whereby Criteo confirms that no personal data is collected. Your browser cookie only traces products that you looked at on our website i.e. pages you visited on our website. The browser cookie makes it possible to recognise you when you visit other websites whose operators also use Criteo, so that you are shown targeted, interest-based ads for our products and services there.You can find more information about Criteo, the details of data processing via this service and Criteo’s relevant data protection provisions here: https://www.criteo.com/privacy/.To disable the use of Criteo in your browser, click on the relevant link in the grey box further down in this section.
For retargeting/remarketing purposes, we also use “Custom Audiences” on our website, a service provided by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). We can use this service to target you with advertising because Facebook Ads are activated for the users of our website when they visit the Facebook social network.To this end, we have implemented Facebook remarketing pixels on our website (see: 7). When visiting our website, the pixel creates a direct connection to Facebook’s servers. Facebook is able to identify you using your browser ID because this is linked to other data saved about you in your user account. Facebook then displays our advertisements tailored to suit you in your Facebook timeline or another location within Facebook.We are not able to personally identify you using the Facebook pixel because, apart from your browser ID, no further personal data is saved by us via the Facebook remarketing pixel.You can find out more about Facebook’s Custom Audiences, the details of data processing via this service and Facebook’s relevant data protection provisions here: https://www.facebook.com/about/privacy/.You can deactivate the use of Facebook Remarketing by clicking this link and thereby setting an opt-out cookie. This prevents any further data collection through Facebook remarketing on our pages.
Right to Objection
If you do not want to be shown advertising generated by the relevant targeting service, you can object to the use of retargeting technology on our website by contacting the relevant targeting service. The relevant links to the websites for targeting services used by us are as follows:
Google DoubleClick remarketing pixels and Google AdWords remarketing or “similar audiences”
You can find details about data processing by the relevant targeting services in the service’s data protection provisions as we have listed for you above. By clicking the link, you will find out how you can object to the use of targeting services on your computer.
Google AdWords Conversion Tracking
We also use Google AdWords conversion tracking functions, a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). If you click on an ad displayed by Google AdWords, a conversion tracking cookie will be saved to your computer. This cookie is valid for 30 days and does not contain any personal data, meaning that we cannot identify you personally.Using conversion tracking, we and Google will know which AdWords ad you clicked and whether you were forwarded to our website, as long as you visit our website and the cookie is still valid. We receive our own cookie from Google that is different from the cookies of other customers using this Google service, so that we can measure the reach of just our cookie and not all websites of customers using the Google AdWords service. The cookie lets us establish our own conversion statistics via customers that visited our website via AdWords ads.To object to participate in Google AdWords conversion tracking, you must disable the saving of Google tracking cookies by using the relevant settings in your browser. You will then no longer be included in our conversion tracking statistics.You can find more information about Google’s AdWords conversion tracking, the details of data processing via these services and Google’s relevant data protection provisions here: http://www.google.com/policies/technologies/ads/
We use OptinMonster software from the provider Retyp LLC to make additional offers available on our website as overlays. 3701 Savoy Ln West Palm Beach, FL 33417 Florida, USA. Please see OptinMonster’s data protection policy for details on how OptinMonster handles your personal data and your related rights.
9. We use software to link to our databases. What does this mean for you?
We use the Zapier service, provided by Zapier Inc., 548 Market Str. #62411, San Francisco, CA 94104-5401, United States, to transfer data between databases and applications on our website. Zapier provides interfaces to facilitate the transfer and transmission of database information between individual systems.Data saved by you may also be hereby transferred to Zapier Inc. This transfer solely serves the administration and organisation of our databases and applications, and the legal grounds for the processing of personal data using Zapier is article 6 paragraph 1 lit f of the GDPR.You can find more information about data protection at Zapier at https://zapier.com/privacy/
10. Push Notifications
With your prior permission, we may send you push messages or notifications via your browser, even when you are not logged into our website. We use push notifications to inform you of our offers and interesting products. The first time you visit our website, you can consent to receiving push notifications. You can prevent the future display of push notifications at any time by using the relevant settings in your browser.The legal basis for the sending of push notifications is article 6 paragraph 1 lit a of the GDPR.
11. Data Subject Rights
If personal data about you is processed, you are the data subject in the sense of the GDPR and you have the following rights in relation to the controller:
Information, correction, limitation of processing and deletion
You have the right to receive free information about personal data saved about you at any time, including its origin, recipient and purpose of data processing. You also have the right to correct, delete or limit the processing of your personal data as long as the statutory conditions are met.
Right to Data Transferability
You have the right to receive personal data concerning you that you submitted to the controller in a standard, structured and machine-readable format. We can fulfil this obligation by providing a csv export of processed customer data concerning you.
Right to Information
If you exercise your right to information, deletion or limitation of processing against the controller, it shall be obliged to notify all recipients that received any personal information concerning you of your request for information, deletion or the limitation of processing, unless this is impossible or would require disproportionate effort.You have the right to be informed of these recipients by the controller.
Right to Objection
You have the right to object to the processing of personal data concerning you being carried out based on article 6 paragraph 1 lit e or f of the GDPR due to grounds arising from your specific situation at any time; this also applies to profiling supported by these conditions.The controller shall then cease processing personal data concerning you, unless it can provide grounds for the processing that are worthy of protection and that outweigh your interests, rights and freedoms, or if such processing is required to exercise, enforce or defend legal claims.If personal data concerning you is processed to operate direct advertising, you have the right to object to the processing of personal data concerning you for the purposes of such advertising; this also applies to processing related to such direct advertising.If you object to data processing for the purposes of direct advertising, your personal data will no longer be processed for these purposes.In relation to the use of information society services and 2002/58/EG notwithstanding, you have the option of exercising your right to object using an automated process whereby technical specifications are used.
Revocability of Data Protection Permissions
Furthermore, you can revoke any permissions granted with effect for the future by contacting us using the contact details below.
Automated Individual Decision Making, including Profiling
You have the right to not be subjected to decisions solely based on automated processing – including profiling – that may have legal consequences or put you at a considerable disadvantage in any similar way. This does not apply if the decision
(1) is required for the commencement or fulfilment of a contract between you and the controller,
(2) is permitted under the legal provisions of the Union or the member state to which the controller is subject, and these legal regulations contain reasonable measures to uphold your rights and freedoms as well as your legitimate interests or
(3) is made with your express permission.In any case, these decisions may not be based on special categories of personal data in accordance with article 9 paragraph 1 of the GDPR, insofar as article 9 paragraph 2 lit a or g does not apply and reasonable measures to protect your rights and freedoms as well as your legitimate interests have been implemented.Regarding the cases outlined in (1) and (3), the controller shall take reasonable measures to uphold your rights, freedoms and legitimate interests, at least including the right to obtain human intervention on the part of the controller, to express his/her point of view and to contest the decision.
Right to Complain to a Supervisory Authority
Regardless of any deviating administrative guidelines or judicial remedy, you have the right to complain to a supervisory authority, especially in the member state of your residence, your place of work or the suspected violation, if you believe that the processing of your personal data violates the EU’s GDPR.The supervisory authority to which you complain shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy in accordance with article 78 of the GDPR.
12. Notes on data processing regarding campaigns on social media platforms
Name and contact details of the controller and company data protection officer
Telephone: +49 2842 12 19 594
The company data protection officer of EPODEX can be reached at firstname.lastname@example.org.
Collection and storage of personal data as well as nature, purpose and use
For the realisation of our competitions, we collect the following information:
First name and Surname
Address (only for winners of a raffle)
Facebook profile picture
The collection of this data takes place in order to:
enable you to participate in our sweepstakes
identify the winners of our competitions
correspond with the participants of the raffle (for example, prize notification)
statistical evaluation of the competitions.
The storage of the above-mentioned data follows your request to particpate and is in accordance with Art. 6 para. 1 p. 1 lit. b DS-GMO. This data is required to participate in the sweepstakes, determine the winners, distribute prizes and enable correspondence with the participants.In addition, the winner’s Facebook username will be posted in a comment below the contest entry. The legal basis for this is Art. 6 para. 1 sentence 1 lit. b DS-GMO in order to inform the winner of the respective competition that they have won. Further legal basis for the publication of the Facebook name is also Art. 6 para. 1 sentence 1 lit. f DS-GMO. The legitimate interest in this publication is to document the draw result of the competitions and to communicate the result and the end of the raffle to all participants.Rights: You have the option to opt out of publishing your Facebook username at any time. Please use the contact options listed above. The personal data collected by us will be stored until the abovementioned purposes are abolished and then deleted, unless we comply with Art. 6 para. 1 sent. 1 lit. c DS-GMO and are obliged to store for a longer period of time due to tax and commercial storage and documentation obligations (HGB, StGB or AO) or are obliged to make further storage in accordance with Art. 6 para. 1 sentence 1 lit. a DS-GMO upon consent.
Disclosure of data to third parties
A transfer of your personal data to third parties for purposes other than those listed below does not take place.EPODEX uses the evaluation service “Fanpage Karma Glücksfee” by uphill GmbH, Oranienstr. 188, 10999 Berlin, Germany. For this purpose, the information for a raffle posting via the Facebook API is recorded and then evaluated in the Fanpage Karma Tool based on the predetermined criteria. As a result, profiles of Facebook users are displayed, which could have won a raffle according to various possible criteria (the name, the profile picture and a link to the profile are displayed). In addition, duplicate entries (if a user comments multiple times) are removed. The system then randomly triggers the winner based on a random Java feature. This data is only available for the purpose of EPODEX’s post and is not stored by the service provider.The legal basis for the use of this service is Article 6 (1) sentence 1 lit. b DS-GMO to determine the winner of the respective competition. The forwarded data may only be used by uphill GmbH for the stated purposes.
You have the right:
In accordance with Art. 7 para. 3 DS-GMO, to revoke your given consent to us at any time. As a result, we are not allowed to continue the data processing based on this consent for the future;
To request information about your personal data processed by us in accordance with Art. 15 DS-GMO. In particular, you can request information on the processing purposes, the category of personal data, the categories of recipients to whom your data has been disclosed, the planned retention period, the right to rectification or deletion, the right to limitation of processing or opposition, the right to complain, the source of the data, if not collected from us, and the existence of automated decision-making including profiling and, where appropriate, meaningful information about their details;
In accordance with Art. 16 DS-GMO, immediately request the correction of incorrect or completed personal data stored by us;
To demand, in accordance with Art. 17 DS-GMO, the deletion of your personal data stored by us, unless processing for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of the public interest or for the assertion, exercise or defence of legal rights is required;
To demand the restriction of the processing of your personal data in accordance with Art. 18 DS-GMO, if you dispute the accuracy of the data or the processing is unlawful. This also applies if you reject its deletion and we no longer need the data, but by asserting, exercising or defending legal claims or you have objected to the processing in accordance with Art. 21 DS-GMO;
In accordance with Art. 20 DS-GMO, to receive your personal data provided to us in a structured, standard and machine-readable format or to request that it be forwarded to another person in charge and
To complain to a supervisory authority in accordance with Art. 77 DS-BER. As a rule, you can contact the supervisory authority of your usual place of residence or work or our place of business.
Right to object
If your personal data, based on legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f DS-GMO is processed, you have the right to object to the processing of your personal data in accordance with Art. 21 DS-GMO, provided there are reasons for this arising from your particular situation. After your opposition, we will no longer process the personal data, unless we can establish compelling legitimate grounds for processing that outweigh the interests, rights and freedoms of the data subject, or the processing is for the purpose of enforcing, pursuing or defending legal claims.If you would like to exercise your right to object, just send an e-mail to email@example.com.
13. Changes to this Data Protection Policy
We reserve the right to change this data protection policy as required without any prior notice. Please therefore regularly check this page for any changes to this data protection policy.