Politique de confidentialité
Data Protection Declaration
Thank you for your interest in our website and our company. The protection of your personal data during collection, processing, and usage during your visit to our homepage is of great importance to us. We collect, process, and use your personal data in accordance with the laws and regulations of the Federal Republic of Germany as well as paramount European legal regulations. Below, you will find information on which data we collect during your visit to our website, and how this data is used:
- Name and Address of Responsible Authority
The responsible authority within the meaning of the Federal Data Protection Act as well as other data protection provisions is:
titus GmbH
Scheibenstr. 121
48153 Münster
Germany
Tel.: 0251 / 777 111
Fax: 0251 / 52 000 49
E-Mail: datenschutz@titus.de
Website: www.titus.de, www.titus.at, www.titus-shop.com
- Name and Address of Data Protection Officer
The responsible data protection officer is:
Frank Thiel
titus GmbH
Scheibenstr. 121
48153 Münster
Telephone: 0251 / 777 111
E-Mail: datenschutz@titus.de
Website: www.titus.de, www.titus.at, www.titus-shop.com
III. General Information Regarding Data Processing
- Definitions
Following the example of Art. 4 DSGVO, this data protection declaration is based on the following definitions:
"Personal data" (Art. 4 No. 1 DSGVO) means any information relating to an identified or identifiable natural person ("data subject"). A person is identifiable if he or she can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, an online identifier, location data or by means of information regarding his or her physical, physiological, genetic, mental, economic, cultural or social identity characteristics. The identifiability can also be given by means of a linkage of such information or other additional knowledge. The origin, form or embodiment of the information is irrelevant (photographs, video or audio recordings may also contain personal data).
"Processing" (Art. 4 No. 2 DSGVO) means any operation which involves the handling of personal data, whether or not by automated (i.e. technology-based) means. This includes in particular the collection (i.e. obtaining), recording, organisation, arrangement, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, restriction, erasure or destruction of personal data, as well as the change of a purpose or intended purpose on which a data processing was originally based.
"Controller" (Art. 4 No. 7 DSGVO) means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
"Third party" (Art. 4 No. 10 DSGVO) means any natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or processor, are authorised to process the personal data; this also includes other group-affiliated legal entities.
"Processor" (Art. 4 No. 8 DSGVO) is a natural or legal person, authority, institution or other body that processes personal data on behalf of the controller, in particular in accordance with the controller's instructions (e.g. IT service provider). In the sense of data protection law, a processor is in particular not a third party.
"Consent" (Art. 4 No. 11 DSGVO) of the data subject means any freely given, specific, informed and unambiguous indication of his or her wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.
- Processing of Personal Data
Titus GmbH only processes personal data of users and/or customers if it is necessary to provide a functional website, to provide our content and services, to fulfill purchase contracts with our customers, or to comply with legal regulations. The processing of personal data of our users and/or customers takes place only with the consent of the user and/or customer. An exception applies in cases which prior consent cannot be obtained for valid reasons and/or the processing of the data is permitted by legal regulations.
- Legal Basis for the Processing of Personal Data
The legal basis for consensually obtained personal data is Art. 6 (1) lit. a EU Data Protection Ordinance (DSGVO).
In processing personal data required for the performance of a contract to which the data subject is a party, Art. 6 (1) lit. b DSGVO serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures. When processing of personal data is required to fulfill a legal obligation to which our company is obliged, Art. 6 (1) lit. c DSGVO serves as the legal basis.
In the event that the vital interests of a data subject or another natural person requires processing of personal data, Article 6 (1)(d) DSGVO serves as the legal basis.
If data processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests and fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) lit. f DSGVO serves as the legal basis.
- Transfer of personal data to third countries
In the course of our business relationships, your personal data may be transferred or disclosed to third party companies. These may also be located outside the European Economic Area (EEA), i.e. in third countries. Such processing takes place exclusively for the fulfilment of contractual and business obligations and to maintain your business relationship with us. We will inform you about the respective details of the transfer in the relevant places below.
The European Commission certifies data protection comparable to the EEA standard in some third countries by means of so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions is available here). However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is sufficiently guaranteed. This is possible through binding company regulations, standard contractual clauses of the European Commission for the protection of personal data, certificates or recognised codes of conduct. Please contact our data protection officer (see II.) if you would like more information on this.
- Deletion of Data and Data Storage Time
The personal data of the user concerned will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if it has been provided for the European or national legislator in EU regulations, laws or other provisions to which the person responsible is subject. The data will be blocked or deleted if a storage period set forth by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.
- Hosting
The hosting services we use serve to provide the following services: Infrastructure and platform services, computing capacity, storage and database services, security services and technical maintenance services that we use for the purpose of operating this online offering.
We or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta- and communication data of customers, interested parties and visitors of our online offerings on the basis of our legitimate interests in an efficient and secure provision according to Art. 6 (1) lit. f DSGVO in conjunction with. Art. 28 DSGVO (conclusion of order processing contract).
- Website Provisions and Creation of Log Files
- Description and Scope of Data Processing
Each time a user visits our website, our system automatically collects data and information from the (computer) system operated by the user.
The following data is collected:
- Time stamp
- Transmission protocol
- HTTP status code
- Amount of data transferred
- URL
- Web browser / Operating system
The log files contain data that enable assignment to a user. This could be the case, for example, if the link to the website from which the user accesses our website or the link to our website to which the user switches to contains personal data.
The data is stored in the log files of our system. This data is not stored together with other personal data of the user.
- Legal Basis for Data Processing
The legal basis for data processing and log files is Art. 6 (1) lit. f DSGVO.
- Purpose of Data Processing
The temporary storage of the IP address by our system is necessary to enable the website to be delivered to the user's computer. For this, the IP address of the user must remain stored for the duration of the user’s session.
The data is stored in log files to ensure functionality of our website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
Our legitimate interest in data processing is pursuant to Art. 6 (1) lit. f DSGVO.
- Duration of Data Storage
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
If the data is stored in log files, this is the case after seven days. However, further storage is possible. In the case of further storage, the IP address of the users are deleted or alienated, so that it is no longer possible to associate the data with a specific user.
- Possibility of Opposition For Users
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
- Use of Cookies
- Description and Scope of Data Processing
Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. If a user visits a website, a cookie may be stored on the user's internet browser. This cookie contains a character string that enables a unique identification of the browser when the website is visited again.
We use the following cookies to make our website more user-friendly. Some elements of our website require that the browser can be identified even after a page change.
- CSRF-Cookie: You can find information for CSRF-Protection here: CSRF-Protection
- Session-Cookie: Using the session cookie, our website decides whether the respective user has an active shopping basket and whether the user is logged in. It serves as identification between browser and server. No further information except the session ID is stored in the browser.
- x-cache-context-hash-Cookie: A cookie used to tell what content should be cached.
- x-ua-device-Cookie
- Currency-Cookie
- selectedCountry-Cookie
In addition to the data listed above, the following data is stored and transmitted in cookies:
- Language settings
- Items in shopping cart
- Log-In information
- Selected country
- Selected currency
- Device type
We also use cookies on our website to enable analysis of the user's surfing behavior. For this, the following data can be transmitted:
- Entered search terms
- Frequency of page views
- Use of website functions
- Accessed web pages
- Registrations in customer account
- Adding/Removing items from shopping cart
- Website purchases
- Use of Titus live chat function
- Registration to newsletter
- Purchases with advertising partners
When you visit our website, an information banner informs you about the use of cookies for analytical purposes and refers you to this data protection statement. In this context, there is also a note on how the storage of cookies can be prevented in the browser settings.
- Legal Basis for Data Processing
The legal basis for data processing and logfiles is Art. 6 Abs. 1 lit. f DSGVO.
- Purpose of Data Processing
The purpose of using necessary cookies is to simplify the use of our websites for users. Some functions of our website cannot be offered without the use of cookies. For this, it is necessary that the browser is recognized even after a page change.
Cookies are necessary for the following uses:
- Functionality of shopping cart features
- Language settings
- Remembering search terms
- Display of offers on the home page
- Keeping track of acceptance during processing steps
The user data collected by necessary cookies are not used to create user profiles.
The analysis cookies are used to improve the quality of our website and its content. Through use of analysis cookies, we learn how the website is used and can thus continuously optimize the website.
For these purposes, our legitimate interest also lies in the processing of personal data in accordance with Art. 6 (1) lit. f DSGVO.
- Duration of Storage and Possibility of User Objection
Cookies are stored on the user's computer and transmitted to our website. Therefore, you, as a user, have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.
- Cookie Consent with CookieFirst
Our website uses the CookieFirst cookie consent technology to obtain your consent to the storage of certain cookies on your device and data protection legislation compliant documentation of the former. The party offering this technology is Digital Data Solutions B.V., Plantage Middenlaan 42a, 1018 GH Amsterdam, website: https://cookiefirst.com/ (hereinafter referred to as „CookieFirst“).
Whenever you visit our website, the following personal data will be transferred to CookieFirst:
- Your declaration(s) of consent or your revocation of your declaration(s) of consent
- Your IP address
- Information about your browser
- Information about your device
- The date and time you visited our website
Moreover, CookieFirst shall store a cookie in your browser to be able to allocate your declaration(s) of consent or any revocations of the former. The data that are recorded in this manner shall be stored until you ask us to eradicate them, delete the CookieFirst cookie or until the purpose for archiving the data no longer exists. This shall be without prejudice to any mandatory legal retention periods.
CookieFirst uses cookies to obtain the declarations of consent mandated by law. The legal basis for the use of such cookies is Art. 6 Sect. 1 Sentence 1 lit. c GDPR.
Contract data processing agreement
Our company has executed a Contract Data Processing Agreement with CookieFirst. This is an Agreement mandated by data privacy protection legislation that warrants that CookieFirst processes all personal data of our website visitors exclusively in compliance with our instructions and in compliance with the GDPR.
Show cookie settings Withdraw your consent
VII. Newsletter
- Description and Scope of Data Processing
Our website offers the option to subscribe to a free newsletter.
- a) When registering for our Email Newsletter, the following data is transmitted to us:
Mandatory Data:
- Email address of the user
Voluntary Data:
- Salutation
- First name
- Last name
- Street and house number
- ZIP code
- City
- Type of newsletter – men‘s or women‘s
In addition, the following data is automatically collected during registration:
- Date of registration
- Source of contact
- Language of registration
- Opt-In status
In the course of the registration process, reference is made to this privacy policy and your consent to receive the newsletter and have your voluntary data processed is obtained.
If you purchase goods or services on our website and provide us with your email address, we may subsequently use it to send you a newsletter. In such a case, the newsletter will only send direct advertising for similar goods or services of our own.
In connection with the data processing for the dispatch of newsletters, data is passed on to our service provider Klaviyo Inc. 125 Summer Street, Floor 6, Boston, MA 02110, USA.
The following data will be passed on to Klaviyo Inc. 125 Summer Street, Floor 6, Boston, MA 02110, USA:
- E-mail address
- First name – when given by the user
- Last name – when given by the user
- Street and house number – when given by the user
- ZIP code – when given by the user
- City – when given by the user
- Type of newsletter – male or female – when given by the user
- Language Settings
The data will be used exclusively for sending the newsletter. To protect your data, a contract has been concluded with Klaviyo Inc. for the processing of order data.
The newsletters contain a so-called "web-beacon", i.e. a small file that is retrieved from our service provider's server when the newsletter is opened. Within the scope of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval are collected.
This information is used to improve the services based on technical data of the target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or access times. The statistical surveys also include determination of whether the newsletters are opened, when they are opened, and which links are clicked. For technical purposes, this information can be assigned to individual newsletter recipients. However, it is not our intention, nor that of the service provider, to observe individual users. The evaluations serve us to recognize the reading habits of our users and to adapt our content to them according to their interests.
- b) When Registering for our WhatsApp Newsletter, the following data is transmitted:
- Mobile phone number
- Sent messages
- Date of registration
- Any other data that the user transmits while using the Whatsapp Messaging service
The WhatsApp newsletter is sent via the WhatsApp Messenger application. WhatsApp's privacy policy can be found here: https://www.whatsapp.com/legal/?lang=en
- Legal Basis for Data Processing
The legal basis for the processing of the data after registration for the newsletter is Art. 6 (1) lit. a DSGVO.
If the information serves the fulfilment of a contract to which the user is a party, e.g. the provision of a free service or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 (1) lit. b DSGVO.
The legal basis for the processing of data transmitted in the course of registration for the newsletter is Art. 6 (1) lit. f DSGVO.
The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 (3) UWG.
- Purpose of Data Processing
The collection of the user's email address serves to send the newsletter. By voluntarily providing further data by the user, the newsletter can be personalized for the user.
The collection of other personal data as part of the registration process serves to prevent misuse of the services or the email address provided.
- Duration of Data Storage
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. The user's email address will therefore be stored for as long as the subscription to the newsletter is active.
- Possibility of User Objection
The subscription to the newsletter can be cancelled by the user at any time. For this purpose, there is a corresponding link in every newsletter.
If the user deletes our telephone number from the phone book of their mobile phone, the sending of the newsletter is automatically stopped and resumed as soon as our number is saved again. To permanently end the sending of the WhatsApp newsletter, a message stating "STOP" must be sent to us. However, the user can also unsubscribe from receiving the newsletter by sending any other message which makes it clear that the user no longer wishes to receive the newsletter.
This also makes it possible to revoke consent to the storage of personal data collected during the newsletter registration process.
VIII. Status Emails and Analysis with Mailjet
Our shop system uses Mailjet services to send status updates and other automated emails. The service is operated by Mailjet GmbH, Rankestr. 21, 10789 Berlin ("Mailjet").
These emails include:
- Registration confirmation after account creation
- Order confirmation
- Updates on order status
- Confirmation of dispatch
- Information on returns and cancellations
- Birthday greetings
- New products from favorite brands the user has subscribed to
- Information about changes to products on the user’s wish list
- Forgotten password emails
- Digital goods such as coupon codes or download links
Each of these mails are sent in response to an interaction on our website, such as ordering items or placing an item on the wishlist of a customer account. This entire process is documented and stored, including the storage of login and confirmation time as well as the user’s IP address. This data collection is necessary so that we can trace processes in the event of misuse of the email service, serving as a legal safeguard.
User data is stored on the Mailjet servers. Mailjet uses this information to send and evaluate the emails. The evaluation takes place on our behalf, but mailjet can also use the data for quality assurance and to improve the quality of their own service.
These emails contain a "web beacon", i.e. a pixel-sized file that is retrieved from our service provider's server when the email is opened by a user. Upon retrieval, technical information such as browser or system information, as well as the user’s IP address and time of retrieval are collected.
This information is used for the technical improvement of services. Analysis can be made based on data of the target groups and reading behaviour based on their access locations (determined by the user’s IP address) or access times. Statistical analysis also includes whether emails are opened, when they are opened, and which links are clicked. For technical reasons, this information can be assigned to individual email recipients. However, it is neither our nor the dispatch service provider's intention to observe individual users. The evaluations serve us to recognise the reading habits of our users overall and to adapt our content accordingly or to send different content according to the interests of our users.
The following user data will be shared with Mailjet GmbH, Rankestr. 21, 10789 Berlin:
- Email address
- First name - if specified by the user
- Last name - if specified by the user
- Content of the email, including address data provided by the user and items ordered or saved by the user, if applicable
You can revoke your consent to the storage and use of your personal data to receive these emails and to the statistical analysis described above at any time with effect for the future. To revoke your consent, you can use the link provided for this purpose within each of the emails, delete your customer account on our website, or notify us of your revocation by email at the following address: datenschutz@titus.de.
Further information on data protection can be found in the privacy policy of Mailjet at: https://www.mailjet.com/privacy-policy/.
- Other Emails Sent to Users
- Description and Scope of Data Processing
On our website, users have the possibility to use the following functions:
- Notification when an item becomes available again – „Coming Soon“
The following data will be transmitted to us:
- Email address of user
- Item that the user chooses to be notified about
In addition, the following data is collected during registration:
- IP Address of the user’s computer
- Time and date that the request was made
- Opt-In Status
- Language
As soon as the notifications requested by the user have been sent, the status "sent" is saved by us.
Within the framework of setting up the notification function, your consent is obtained for the processing of data and reference is made to this privacy policy.
The data will only be used for sending the desired notifications.
- Legal Basis for Data Processing
The legal basis for the processing of the data transmitted by the user when setting up the notification function is Art. 6 (1) lit. a DSGVO if the user has given his consent.
If the information serves the fulfilment of a contract to which the user is a party, e.g. the provision of a free service or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 (1) lit. b DSGVO.
The legal basis for the processing of data transmitted in the course of setting up the notification function is Art. 6 (1) lit. f DSGVO.
- Purpose of Data Processing
The collection of the user's e-mail address and the article for which information is requested serves to transmit the Coming Soon information to the user.
The collection of other personal data as part of the activation of Coming Soon mailings serves to prevent misuse of the services or the e-mail address used.
- Duration of Data Storage
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. The user's email address will therefore be stored for as long as the notification function is active.
- Possibility of User Objection
The notification function can be cancelled by the user at any time. For this purpose, there is a corresponding cancellation link in each notification.
It is possible to revoke consent to the storage of personal data collected during registration for notifications.
- Registration
- Description and Scope of Data Processing
On our website, we offer users the option to register for an account by providing personal data. The data is entered into an input mask, transmitted to us, and saved. The following data is collected during the registration process:
Mandatory data:
- Salutation – With option of “no gender” selection
- First name
- Last name
- Email address
- Password
- Birth date/age
- Address (street and house number, ZIP code, city, country)
Voluntary data:
- Additional address info
- Phone number
- Shipping address
- Pack station shipping address
- Pack station number
If you create a wishlist, the following data will be saved:
- Customer number
- Item description
- Item number
- Color (if applicable)
- Size (if applicable)
- Unit price
- VAT included in the unit price
- Currency
- Price changes of the item as long as it is stored in the wishlist.
You have the possibility to create a link from your wishlist and send it to others. Please note before sending the link that the recipient of the link can not only see the content of your wishlist when sending the link, but also any future changes to your wishlist are visible to the recipient.
If you put items into the shopping cart but do not complete the purchase, the following data will be stored:
- Customer number
- Email Address
- Item description
- Item number
- Color (if applicable)
- Size (if applicable)
- Amount
- Discount (if applicable)
- Unit price
- Total price
- Shipping fees
- Order total
- Order total including VAT
- Currency and exchange rate
- Voucher code (if applicable)
- Value of voucher
- Cashpoints – See XII. Sec. 1 - Cashpoints
- Billing address
- Shipping address
- Shipping method
- Payment method and details
At the time of registration, the following data is also stored:
- IP Address of the user
- Time and date of registration
- Cookie session ID
- Device type
- User agent (browser, country, language, operating system, etc.)
- Language
- Last login
- Failed login attempts
For the processing of the data within the registration process, reference is made to this data protection declaration and user consent is obtained for the processing of voluntary data.
- Legal Basis for Data Processing
The legal basis for the processing of data is Art. 6 (1) lit. a DSGVO if the user has given their consent.
If registration serves the fulfillment of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 (1) lit. b DSGVO.
The legal basis for the processing of data transmitted in the course of creating the customer account is Art. 6 (1) lit. f DSGVO.
- Purpose of Data Processing
User registration is necessary for the fulfillment of a contract with the user or for the implementation of pre-contractual measures.
The creation of a customer account facilitates the ordering process for the user. The customer account eliminates the need to re-enter the data for each new order. The user only has to log into his customer account with his user name and password and can place an order.
For the creation of a customer account, it is necessary to secure it with a user name/email and password to prevent third parties from misusing the account to place orders.
In order to fulfill sales contracts concluded with the user, the following data is necessary to deliver the items ordered by the user and to create order confirmations and invoices for the items ordered by the user:
- First name
- Last name
- Address (street and house number, ZIP code, city, country)
- Additional address info
The indication of a birth date is necessary to check the user's legal capacity and, in the event of loss of receivables by the user, to be able to request the user's address from the registration office to assert claims.
Further information serves to optimize communication with the user. The salutation serves to address the user correctly gender-specifically, for example with "Hello Mr...." or "Hello Mrs..." and the correct title. The email address is intended to facilitate communication in order to transmit order confirmations, invoices and the order status to the user. If the user enters a telephone number, this should also be used to optimize communication for the processing of purchase contracts, in particular to clarify any queries that may arise regarding orders or complaints quickly with the customer.
The user has the possibility to indicate a different delivery address, if he wishes that the order is not delivered to his home address. This can also be a packing station, for example. In this case we need the number of the packing station to deliver the order.
The storage of item descriptions such as item number, color, or size in connection with the wishlist is necessary to identify the item, which you would like to save. The storage of email addresses, unit prices, VAT included in the unit price and currency is necessary to inform you later about price changes of items on your notepad by email. We have to save the customer number in order to assign your shopping cart to you as a customer.
The storage of the data in connection with putting goods into the shopping cart is necessary in order to fulfill the later possibly resulting sales contract. Please also see point X, sec. 3. The data stored by us varies depending on when the purchase process was aborted. In order to ensure that you are informed that you have not completed a purchase process and are therefore not waiting for the goods, we will send you an email informing you that the purchase process has not been completed so that you can complete the purchase at a later time.
In addition, maintaining contact with our customers is very important to us. For this reason, we send you birthday greetings and ask you to rate items and your shopping experience with us and inform you if there are price changes or stock shortages for your wishlist items. In addition, users have the option of being informed by email about new shipments from your favorite brands at your express request.
The other personal data processed during the registration process serves to prevent misuse of the registration function and to ensure the security of our information technology systems.
Furthermore, the storage of device type and user data is necessary to ensure the functionality of the website. In addition, the data serves us for optimization, especially user-friendly display of the website, e.g. display of the website in the correct language, currency and optimized for the device used. An evaluation of the data for marketing purposes does not take place in this context.
- Duration of Data Storage
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected.
This is the case for those during the registration process to fulfill a contract or to carry out pre-contractual measures when the data is no longer required for the execution of a contract. Even after conclusion of the contract, it may still be necessary to store personal data of the contractual partner in order to fulfill contractual or legal obligations.
- Possibility of User Objection
Every user has the possibility to cancel their customer registration at any time. Users can also change the data stored about them at any time.
Please contact our data protection officer with the following information:
Frank Thiel
titus GmbH
Scheibenstr. 121
48153 Münster
Telephone: 0251 / 777 111
E-Mail: datenschutz@titus.de
If the data is required to fulfill a contract or to carry out pre-contractual measures, deletion of user data is only possible insofar as there are no contractual or statutory obligations to the contrary.
In addition, users can object to the transmission of birthday greetings, requests for product evaluations, price change notifications, scarcity of stock of your wishlist items, or notifications of non-completion of purchase. Users can also object to their consent of brand notifications at any time. For this purpose, there is a corresponding link in each message.
- Conclusion of Sales Contracts
- Description and Scope of Data Processing
On our website, we offer users the opportunity to place orders, therefore concluding purchase contracts. For this, it is necessary to collect personal data. The data is entered into an input mask, transmitted to us, and saved.
The following data is saved during the sales contract process:
- Customer Number
- Item Name
- Item Number
- Color (if applicable)
- Size (if applicable)
- Quantity
- Discount (if applicable)
- Unit Price
- Total Item Price
- Shipping Costs
- Total Order Price
- Value added tax included in purchase price
- Currency and conversion factor
- Discount Codes (if applicable)
- Value of Discount Codes
- Cashpoints – Please reference XII. Ziff. 1 - Cashpoints
- Billing Address
- Shipping Address
- Shipping Method
- Payment Method and payment details
When paying by credit card, the following info is also collected:
- Transaction ID
- Order ID
- Temporary Order ID
- Alias for display
- Active Alias
- Payment Machine Name(Credit card or Postifance Efinance)
- Payment Methode
- Payment ID
- Transaction Object
- Authorization Type
- Customer ID
- Created On
- Updated On
- Authorization Amount
- Authorization Status
- Paid
- Currency
- Shop ID
- Transaction Binary Object
- Session Binary Data
When the order process is started, the following data is also collected:
- IP Address of the user
- Time and date of the order
- Language
- Device type
In the context of the purchase process, reference is made to this privacy policy and consent is obtained from the user for the conclusion of the purchase contract (order processing) and for all data which is not necessary for order processing or collection of which we have no legitimate interest.
During the processing of an order, the status of the order changes continuously from e.g. "order received", "order confirmation sent", "order delivered to customer" or "return completed". Every change of the status of the order is saved with date and time as well as the corresponding status.
In addition, it is necessary to assign identification numbers at various points in order to process the order. These are required by our service providers to provide individual partial services. For example, the respective payment service providers assign PaymentIDs, the shipping service provider assigns a ShippingID (tracking code) which are stored by us.
If you purchase goods or services from us, we may use your address to send you promotional mail, such as our product flyers. In connection with data processing for the dispatch of advertising mail, data is passed on to our service provider mediaport production GmbH & Co. KG, Oststrasse 104a, 22844 Norderstedt. The following data is sent to mediaport production GmbH & Co. KG, Oststraße 104a, 22844 Norderstedt, Germany:
- First Name
- Last Name
- Street and House Number
- ZIP Code
- City
The data will be used exclusively for sending advertising mail. For the protection of your data, a contract exists between us and mediaport production GmbH & Co. KG for order data processing.
In order to process sales contracts and fulfill the mutual obligations arising from sales contracts, we have partly commissioned service providers to whom we must pass on personal data. These are the following service providers:
- a) Payment Services and Procedures
- aa) SIX Payment Services (Europe) S.A.
SIX Payment Services (Europe) S.A. processes user credit card payments. They are a Luxembourg-based Société Anonyme with a registered office at 10, rue Gabriel Lippmann, 5365 Munsbach, Luxembourg. If the user chooses this payment method, the necessary data for payment processing will be transmitted to SIX Payment Services (Europe) S.A.
Your data will be used by SIX Payment Services (Europe) S.A. exclusively for processing your credit card payment.
- bb) PostFinance AG
PostFinance AG, Obernauerstrasse 18, 6010 Kriens, Switzerland, processes Sofortüberweisungen (Online Bank Transfers). If the user chooses this payment method, the data required for payment processing will be passed on to PostFinance AG.
Your data will be used by PostFinance AG exclusively for processing user bank transfers.
- cc) BS PAYONE GmbH
BS Payone GmbH, Lyoner Straße 9, 60528 Frankfurt/Main, Germany, processes credit card payments and bank transfer payments. If the user chooses one of these payment methods, the necessary data for payment processing will be transmitted to BS Payone GmbH.
Your data will be used by BS Payone GmbH exclusively for processing user credit card or bank transfer payments.
- dd) Klarna
Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden processes Sofortüberweisungen (Online Bank Transfers). If the user chooses this payment method, the data required for payment processing will be passed on to Klarna Bank AB (publ).
Your data will be used by Klarna Bank AB (publ) exclusively for processing user bank transfers.
- ee) PayPal
PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg processes the payment method of PayPal. If the user chooses this payment method, the data necessary for payment processing will be transmitted to PayPal (Europe) S.à r.l. et Cie, S.C.A..
Your data will be used by PayPal (Europe) S.à r.l. et Cie, S.C.A. exclusively for processing user PayPal payments.
- ff) DHL Nachname
The DHL Vertriebs GmbH & Co. KG processes the payment method of Cash on Delivery. If the user chooses this payment method, the data necessary for payment processing will be sent to DHL Vertriebs GmbH & Co. KG.
User data will be used by DHL Vertriebs GmbH & Co. KG exclusively for the processing of Cash on Delivery payments.
- gg) American Express
American Express Services Europe Limited, Branch office Frankfurt am Main, Theodor-Heuss-Allee 112, 60486 Frankfurt am Main processes credit card payments. If the user chooses this payment method, the data necessary for payment processing will be transmitted to American Express Services Europe Limited.
American Express Services Europe Limited uses customer data exclusively for processing credit card payments.
- b) Logistics Services
We have commissioned a service provider for logistics services. These are the following services:
- Packaging of items ordered by the customer
- Printing of invoices as well as personalized return labels included in packages
- Transfer of shipping data to the shipping service provider
- Acceptance and processing of returns
- Acceptance and processing of customer disputes
For the purposes stated above, all data necessary for the provision of the stated services are transmitted to Dittmann GmbH, our logistics service provider.
The data will be used exclusively for the provision of the logistics services listed above.
- c) Shipping Service Provider
DHL Vertriebs GmbH & Co. KG is commissioned by Titus GmbH to send orders to customers. For this purpose, we transmit the recipient's first and last name and address information to DHL Vertriebs GmbH & Co. KG. The data is only used to send parcels to customers.
- Legal Basis for Data Processing
The legal basis for the processing of data is Art. 6 (1) lit. a DSGVO if the user has given consent.
If the information serves to fulfill a contract or the implementation of pre-contractual measures to which the user is a party, the additional legal basis for data processing is Art. 6 (1) letter b DSGVO.
The legal basis for transmission of data to service providers is Art. 6 (1) lit. b DSGVO and Art. 6 para. 1 lit. f DSGVO.
The legal basis for the processing of data transmitted in the course of the order is Art. 6 (1) lit. f DSGVO.
- Purpose of Data Processing
The data collected during the order process will be used exclusively to process the order and payment, in particular to create order confirmations, invoices, dispatch of the order, processing of returns and complaints, creation of credit notes and reversal of the purchase contract. In addition, we refer to the further explanations under item IX, article 3 (Registration of customer account/purpose of data processing).
To optimize the shipping of your order and to enable an overview of the current status of your order, we use stored data to send you status update emails when the status of your order changes as follows, for example:
- Order is ready for delivery
- In the case of partial delivery: order has been partially delivered
- Order has been completely delivered
- If you cancel or return (part of) the order: order was cancelled/returned
The transfer of your personal data to our service providers is necessary in order to fulfill our obligations under the purchase contract concluded with you efficiently.
The other personal data processed during the order process serve to prevent misuse of the order function and to ensure the security of our information technology systems. Furthermore, the storage of data on device type and language is necessary to ensure the functionality of the website. In addition, the data serves us for optimization, especially user-friendly display of the order page, e.g. display of the order page in the correct language and optimized for the device used as well as continuation of further communication, e.g. transmission of the invoice and status messages in the correct language. An evaluation of the data for marketing purposes does not take place in this context.
Our legitimate interest in data processing is pursuant to Art. 6 (1) lit. f DSGVO.
- Duration of Data Storage
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected.
This is the case for the performance of a contract or for the implementation of pre-contractual measures when the data is no longer required for the implementation of a contract. Even after conclusion of the contract, it may still be necessary to store personal data of the contractual partner in order to fulfill contractual or legal obligations.
- Possibility of User Objection
Users can change their stored user data at any time. Please contact our data protection officer using the following info:
Frank Thiel
titus GmbH
Scheibenstr. 121
48153 Münster
Telephone: 0251 / 777 111
E-Mail: datenschutz@titus.de
If the data is required to fulfill a contract or to carry out pre-contractual measures, deletion of user data is only possible insofar as there are no contractual or statutory obligations to the contrary.
XII. Product Reviews
- Description and Scope of Data Processing
A form on our website can be used for the submission of product reviews or comments. If a user utilizes this feature, the data will be entered into the input mask and transmitted to us, stored, and published on our online shop on the product page of the evaluated product.
User product reviews or comments can be found on the following web pages:
The following data is collected when a user product review/comment is submitted:
Mandatory Data:
- Name – possibility of entering a pseudonym
- „Star“ rating
Voluntary Data:
- Entry title
- „Your opinion“ comment
The following data is also stored when a user submits a product review/comment:
- Language of the user
- Time and date of the user entry
User consent must be obtained for the processing of the data within the framework of the product evaluations and reference is made to this privacy policy.
In this context, the data will not be passed on to third parties. The data will be used exclusively for publication on our websites and on the product page of the evaluated product.
- Legal Basis for Data Processing
The legal basis for the processing of data is Art. 6 (1) lit. a DSGVO if the user has given their consent.
If registration serves the fulfillment of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 (1) lit. b DSGVO.
- Purpose of Data Processing
The processing of personal data from the input mask serves for the publication of a user product evaluation the evaluated product on our web pages, in order to help other prospective buyers with purchase decisions.
The other personal data processed during the sending process serve to prevent misuse of the product evaluation form and to ensure the security of our information technology systems includes:
- Language type is used to publish the product evaluation in the corresponding language version of our website. For example, product reviews are published in Spanish on our Spanish website.
- The date and time of the product evaluation should be published together with the product evaluation so that other interested parties can also classify the product evaluation over time and, for example, get an overall picture of product quality changes over time.
- Duration of Data Storage
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For the personal data from the input mask of the product evaluation form, this is the case if the evaluated product is no longer available for purchase.
- Possibility of User Objection
The user has the possibility to revoke their consent to the processing of personal data at any time. Please contact our data protection officer using the following info:
Frank Thiel
titus GmbH
Scheibenstr. 121
48153 Münster
Telephone: 0251 / 777 111
E-Mail: datenschutz@titus.de
Following contact with us, all personal data used for product review/comment purposes will be deleted upon request.
XIII. Collecting Cashpoints
- Description and Scope of Data Processing
A specific number of cash points are assigned to each product - except gift vouchers - which is offered in our webshop and in physical Titus shops (including Titus franchise partners). The amount of cash points is displayed in our webshop under the item price on each product page. In our physical Titus shops, we cannot guarantee that the cashpoint value is also stated for each item. For this reason, the number of cash points can be requested at the checkout when shopping in a Titus store. With each purchase, the cashpoints assigned to the purchased items are transferred to us, stored, and credited to the user's points account. If the purchase takes place in a physical Titus shop, it is necessary that you log into your customer account. Cashpoints balances are found under "My account" on the "Cashpoints" page. If you are in the Cashpoints program, a QR code will be displayed. The QR code can be scanned at the checkout, and the cashpoints collected with the purchase will be credited to your customer account. As soon as the user has collected enough cashpoints, they can be exchanged for a discount voucher. The cashpoints expire 2 years after they have been credited to the user's Cashpoints account.
The following data is collected for the Cashpoints program:
- Email address of the user
- Customer number
- Number of Cashpoints collected
- Currency type
- Time when Cashpoints were collected
- Order number that Cashpoints were earned
- Expiration date of Cashpoints
- Number of deleted Cashpoints
- Number of redeemed Cashpoints
- If the cash points were collected during a purchase in a stationary Titus store, we will save the Titus store location in which the cash points were collected.
- If the cash points were collected by participating in a competition, the respective competition will be saved.
For processing of data within the scope of registration with the Cashpoints program, reference is made to this privacy policy for your participation in the Cashpoints program, for all data which is not necessary for your participation in the Cashpoins program, and in the collection of data which we have no legitimate interest. Your consent for the processing of this data is obtained.
User data will not be passed on to third parties.
- Legal Basis for Data Processing
The legal basis for the processing of data is Art. 6 (1) lit. a DSGVO if the user has given their consent.
If the information serves the fulfilment of a contract to which the user is a party, e.g. the provision of a free service or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 (1) lit. b DSGVO.
- Purpose of Data Processing
The user's email address is used within the scope of the Cashpoint program in order to inform the user about the imminent expiry in good time before cashpoints expire.
Other data is necessary to document the number of cashpoints, in the correct currency, their validity period, and expiration. The customer number must be saved in order to be able to assign the cashpoints to the user's customer account. It is necessary to save the store, since the conditions for the creation and expiration of cash points in over-the-counter stores differ. It is also necessary to be able to delete the corresponding cashpoints when returning items.
- Duration of Data Storage
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected.
This is the case if the cash points have been redeemed by the user or expire over time.
- Possibility of User Objection
The user has the possibility to revoke his consent to the processing of personal data at any time. In this case, further participation of the user in the Cashpoint program cannot be granted. Please contact our data protection officer using the following info:
Frank Thiel
titus GmbH
Scheibenstr. 121
48153 Münster
Telephone: 0251 / 777 111
E-Mail: datenschutz@titus.de
Following contact with us, all personal data used for Cashpoints purposes will be deleted upon request.
XIV. Sweepstakes/Raffle Participation
- Description and Scope of Data Processing
We offer sweepstakes on our website at random intervals. When registering for a sweepstakes, data will be transmitted to us, which the user specifies himself. Since different types of sweepstakes are offered, the data collected from the user in connection with participation in the lottery varies. If you participate in a sweepstakes, the data from the input mask will be transmitted to us when you register for the competition.
Mandatory Data:
- First and last name
- Birth date
- Street, house number, ZIP code, city
- Country
- If participant is a minor – yes/no
- Consent to publication of personal data on our homepage or newsletter
Voluntary Data:
- Gender
- Email address
- Telephone number
Depending on the sweepstakes, it may be necessary to collect additional data. These can be, for example, clothing size, shoe size, or other questions related to the specific sweepstakes criteria.
In addition, the following data is collected upon submission of a sweepstakes entry:
- Language
- Name of sweepstakes entered
- Time and date of registration
Upon submission of an entry for our sweepstakes, the user’s consent is obtained for participation in the sweepstakes, for the processing of voluntary information, and reference is made to this privacy policy.
Winner notifications
A service provider, Mailjet SAS, 13-13 bis, rue de l'Aubrac, 75012 Paris, France, has been contracted to send out winning/losing notifications to participants.
All necessary data to send corresponding email notifications will be transmitted to Mailjet SAS.
Transmitted data will be used exclusively for sending the email notifications mentioned above.
- Legal Basis for Data Processing
The legal basis for the processing of data is Art. 6 (1) lit. a DSGVO if the user has given their consent.
If the information serves the fulfilment of a contract to which the user is a party, e.g. the provision of a free service or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 (1) lit. b DSGVO.
Legal basis for the transfer of data to service providers is Art. 6 (1) lit. b DSGVO.
- Purpose of Data Processing
To complete the competition, the following information is required to send the prizes to the winner and to ensure that each entrant participates only once in the competition:
- First name
- Last name
- Address (street and house number, ZIP code, city, country)
The date of birth is necessary to verify the user's legal capacity.
The voluntary information serves to optimize communication with the user. The salutation serves to address the user correctly gender-specifically, for example with "Hello Mr...." or "Hello Mrs..." The email address is intended to facilitate communication in order to send prize notifications to the lottery participant. If the lottery participant enters a telephone number, this number should also be used to optimize communication for handling the lottery, in particular to inform the lottery participant about a prize.
Depending on the prizes awarded, it may be necessary to request a clothing size in the course of the competition, for example, in order to send the desired size if you win clothing. In some cases, we also use competition questions that may have a personal connection to the participants involved.
The other personal data processed during the participation in the competition serves to prevent misuse of the competition and to ensure the security of our information technology systems.
- Duration of Data Storage
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected.
Data of participants who have not won any of the prizes will be deleted after the winners have been drawn. Data of participants who have been drawn as winners will be deleted as soon as they are no longer required for the processing of the prize.
- Possibility of User Objection
The user has the possibility to revoke his consent to the processing of personal data at any time. In this case, further participation of the user in the competition cannot be granted.
Please contact our data protection officer using the following info:
Frank Thiel
titus GmbH
Scheibenstr. 121
48153 Münster
Telephone: 0251 / 777 111
E-Mail: datenschutz@titus.de
Following contact with us, all personal data used for sweepstakes purposes will be deleted upon request.
- Contact forms, Email contact, contact per WhatsApp and Skype
- Description and Scope of Data Processing
There is a contact form on our website which can be used for contacting us online. If a user takes advantage of this possibility, the data entered in the input mask will be transmitted to us and stored. This data is:
Mandatory Data:
- First name
- Last name
- Email address
- Question provided
Voluntary Data:
- Customer number
- Street and house number
- ZIP code and city
- Country
- Telephone
The following data is also collected upon submission of data using the contact form:
- The IP Address of the user
- Date and time the message was submitted
We refer to this privacy policy for the processing of the data within the scope of the sending process. Your consent is obtained for the sending of messages and processing of voluntary data.
Alternatively, you can contact us via the email address provided, Skype and the WhatsApp messaging service. In this case, the user's personal data transmitted with the email, Skype or WhatsApp message will be stored.
User data will not be passed on to third parties. The data is used exclusively for processing the conversation involved.
We point out that information sent to us unencrypted by electronic mail, by WhatsApp or by using our contact form, may be read by third parties via transmission. We cannot verify your identity and do not know who is behind an email address. A legally secure communication by Email, WhatsApp or the contact form is therefore not guaranteed. For the transmission of messages worthy of protection, we recommend that you send your request by conventional mail.
Persons under 16 years of age should not transmit any personal data to us unless the consent of their legal guardians has been granted. The consent must then be expressly noted in the message. We do not request or knowingly collect personal data from children under 16 years old.
- Legal Basis for Data Processing
The legal basis for the processing of data is Art. 6 (1) lit. a DSGVO if the user has given consent.
The legal basis for the processing of data transmitted in the course of sending an e-mail, Skype, or WhatsApp message is Art. 6 (1) lit. f DSGVO. If the e-mail/skype or WhatsApp message is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) lit. b DSGVO.
- Purpose of Data Processing
The processing of personal data from the input mask serves us only for the contact itself. If you contact us by e-mail, Skype or WhatsApp, you have a legitimate interest in the processing of your data.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
- Duration of Data Storage
User data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For the personal data from the contact form input mask and those sent by e-mail, Skype or WhatsApp, this is the case when the conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the facts in question have been clarified.
- Possibility of User Objection
The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, Skype or WhatsApp, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.
Please contact our data protection officer using the following info:
Frank Thiel
titus GmbH
Scheibenstr. 121
48153 Münster
Telephone: 0251 / 777 111
E-Mail: datenschutz@titus.de
Following contact with us, all personal data used during the contact form process will be deleted upon request.
XVI. Disclosure of Data to Service Providers
- Userlike
- a) Description and Scope of Data Processing
Users can contact us via our website via Titus live chat. If a user takes advantage of this feature, the content of the call is transmitted to us.
At the time a message is sent via Titus live chat, we store the following data:
- IP Address of the user
- Time and date of the chat log
- Name of the Titus employee that user communicated with
The Titus live chat is offered by a service provider commissioned by us. This is the company Userlike UG (limited liability), Probsteigasse 44-46, 50670 Cologne.
Userlike UG stores the following data about users:
- Complete conversation of each chat log
- Chat language
- Duration
- URL from which the chat began
- URL from which the chat ended
- Name of Titus employee that user communicated with
The data is used exclusively for the conversation. However, we expressly point out the direct storage of data by Userlike UG during the Titus live chat.
- b) Legal Basis for Data Processing
The legal basis for the processing of data is Art. 6 (1) lit. a DSGVO if the user has given consent.
Additional legal basis for the processing of personal data is Art. 6 (1) lit. f DSGVO.
- c) Purpose of Data Processing
Other personal data processed by us during use of the Titus Live Chat serves to prevent misuse of the contact form and ensure the security of our information technology systems.
Regarding data collected by our service provider - Userlike UG - please refer to the Userlike UG privacy policy, found here: https://www.userlike.com/de/terms#privacy-policy.
- d) Duration of Data Storage
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected.
The additional personal data collected by us during the use of the Titus Live Chat will be deleted after a period of seven days at the latest.
The data collected by Userlike UG will be deleted after a period of one month.
- e) Possibility of User Objection
The user has the possibility to revoke their consent to the processing of personal data at any time by contacting us via email. In such a case, a Userlike chat conversation cannot be continued.
Please contact our data protection officer using the following info:
Frank Thiel
titus GmbH
Scheibenstr. 121
48153 Münster
Telephone: 0251 / 777 111
E-Mail: datenschutz@titus.de
Following contact with us, all personal data retrieved by Titus GmbH during use of the Userlike system will be deleted upon request.
- Eprofessional
- a) Description and Scope of Data Processing
After your agreement, we use the services of Eprofessional GmbH, Heidenkampsweg 74-76, 20097 Hamburg (hereafter referred to as "EProfessional") in accordance with Art. 6 para. 1 lit. a. (DSGVO).
We use EProfessional's online marketing system to place ads on the Google advertising network (e.g., in search results, videos, on websites, etc.) targeted towards users who have a suspected interest in the ads. Their services allow us to display ads for and within our online offering to present users with ads that potentially correspond to their interests. For example, a user is shown ads for products in which he is interested in while visiting other online offers, referred to as "remarketing". For these purposes, when our and other websites on which the Google advertising network is active, Google directly executes a code that accesses remarketing tags (graphics or code, also known as "web beacons") that are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user's browser (comparable technologies can also be used instead of cookies). In this file, it is noted which websites the user visits, which contents he is interested in, which offers the user has clicked on, technical information such as the browser and operating system, referring websites, visiting time, and further information on the use of the online offer.
We also receive an individual "conversion cookie". The information collected with the help of the conversion cookie is used by Eprofessional to generate conversion statistics for us. However, Titus GmbH only sees the total number of anonymous users who clicked on our ad and were redirected to a page with a conversion tracking tag. However, we do not receive any information that personally identifies users.
User data is processed by Eprofessional under a pseudonym. This means that EProfessional does not store and process, for example, the names or email addresses of users, but processes the relevant cookie-related data within pseudonymous user profiles. This means that from Eprofessional's point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who the cookie holder is. The following information collected about users is transmitted and stored by Eprofessional:
- New or existing customer
- Currency of the order
- Net total of the order
- Unique identification number assigned by Eprofessional that can be used to link a purchase to an advertisement
- Order number
- b) Legal Basis for Data Processing
The legal basis for processing users' personal data is Art. 6 (1) lit. f DSGVO.
- c) Purpose of Data Processing
The purpose of data processing is the targeted placement of advertisements on the Google advertising network and the subsequent billing of the service with our service provider, EProfessional.
- d) Duration of Data Storage, Possibility of User Objection
Cookies are stored on the user's computer and transmitted to our site. Therefore, as a user, you have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated while using our website, it may not be possible to use all of the website functions in full.
XVII. Google Online Marketing Services
- Google Analytics
After your agreement, we use Google Analytics, a web analytics service provided by Google Ireland Limited ("Google"), a company incorporated and operated under Irish law (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland ("Google") in accordance with Art. 6 (1) lit. a (DSGVO).
Google uses cookies. The information generated by the cookie about your use of our website (including your IP address) will be transmitted to and stored by Google on its computers. It cannot be ruled out that data processing may take place outside the scope of EU law. Google will use this information on our behalf to evaluate the use of our websites by users, to compile reports on the activities within our online offer, and to provide us with further services associated with the use of our online offer. Pseudonymous user profiles can be created from the processed data. We always use Google Analytics with IP anonymization enabled. This means that Google will reduce the IP address of users within Member States of the European Union or in other states to the Agreement of the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA before it is shortened. The IP address transmitted by the user's browser is not merged with other Google data. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent Google from collecting the data generated by the cookie and relating to their use of an online offer and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en. Further information on data use by Google, possible settings or objections can be found in Google's privacy policy (https://policies.google.com/technologies/ads) and in the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated). Users personal data will be deleted or made anonymous after 14 months.
We use Google Analytics to display the ads placed by Google and its partners within advertising services only to users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products that are determined by web pages visited) that we transmit to Google (so-called "remarketing" or "Google Analytics Audiences"). With the help of remarketing audiences we would also like to ensure that our ads correspond to the potential interests of users.
- Google Tag Manager
Google Tag Manager is used to manage “website tags” via an interface (and thus integrate Google Analytics and other Google marketing services into our online offering, for example). The Tag Manager (which implements the tags) does not process any personal data of users. With regard to the processing of users' personal data, reference is made to the following information on the Google services usage guidelines: https://www.google.com/analytics/tag-manager/use-policy/.
- Google AdWords and Conversion Measurements
After your agreement, we use the services of Google Ireland Limited ("Google"), a company incorporated and operated under Irish law (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland ("Google") in accordance with Art. 6 (1) lit. a (DSGVO).
We use the online marketing system of Google "AdWords" to place ads in the Google advertising network (e.g., in search results, in videos, on websites, etc.) targeted towards users who have a suspected interest in the ads. Their services allow us to display ads for and within our online offering to present users with ads that potentially correspond to their interests. For example, a user is shown ads for products in which he is interested in while visiting other online offers, referred to as "remarketing". For these purposes, when our and other websites on which the Google advertising network is active, Google directly executes a code that accesses remarketing tags (graphics or code, also known as "web beacons") that are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user's browser (comparable technologies can also be used instead of cookies). In this file, it is noted which websites the user visits, which contents he is interested in, which offers the user has clicked on, technical information such as the browser and operating system, referring websites, visiting time, and further information on the use of the online offer.
We also receive an individual "conversion cookie". The information collected with the help of the conversion cookie is used by Google to generate conversion statistics for us. However, Titus GmbH only sees the total number of anonymous users who clicked on our ad and were redirected to a page with a conversion tracking tag. However, we do not receive any information that personally identifies users.
User data is processed pseudonymously within the Google advertising network. This means that Google does not store and process, for example, the names or email addresses of users, but processes the relevant cookie-related data within pseudonymous user profiles. This means that from Google's point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly permitted Google to process the data without this pseudonymisation. The information collected about the users is transmitted to Google and stored there. It is not excluded that data processing may take place outside the scope of EU law.
Further information on data use by Google, possible settings, and objections can be found in Google's Privacy Policy (https://policies.google.com/technologies/ads) and in the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated).
- Google-Re/Marketing-Services
After your agreement, we use the marketing and re-marketing services (Google Marketing Services) of Google Ireland Limited ("Google"), a company incorporated and operated under Irish law (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland ("Google") in accordance with Art. 6 (1) lit. a (DSGVO).
Google marketing services allow us to target ads for and on our websites in order to present users with ads that potentially match their interests. For example, if a user sees ads for products he has been interested in on other websites, this data can be referenced and used for "remarketing" purposes. For these purposes, when our and other websites on which Google marketing services are active, Google directly creates remarketing tags (graphics or code, also known as "web beacons") which are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user's device (comparable technologies can also be used instead of cookies). Cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. In this file it is noted which websites the user visits, which contents he is interested in and which offers he has clicked on. Furthermore, technical information about the browser and operating system, referring websites, visiting time as well as further information about the use of the online offer is saved. The IP address of the user is also recorded, within the framework of Google Analytics, the IP address is shortened within member states of the European Union or in other signatory states of the European Economic Area Agreement and only in exceptional cases is it completely transmitted to a Google server in the USA before it is shortened. The IP address is not combined with the user's data within other Google offers. The above information may also be linked by Google to information from other sources. If the user then visits other websites, the ads tailored to his interests can be displayed. User data is processed pseudonymously within the framework of Google marketing services. This means that Google does not store and process, for example, the names or email addresses of users, but processes the relevant cookie-related data within pseudonymous user profiles. This means from Google's point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly permitted Google to process the data without this pseudonymisation. The information Google Marketing Services collects about users is transmitted to and stored by Google. It is not excluded that data processing may take place outside the scope of EU law. One of the Google marketing services we use is the online advertising program "Google AdWords". In the case of Google AdWords, each AdWords customer receives a different "conversion cookie". Cookies cannot therefore be traced through the websites of AdWords customers. The information collected by the cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers see the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, you will not receive any information that personally identifies users. We may include third-party advertisements based on the Google marketing service "AdSense". AdSense uses cookies to enable Google and its partner sites to serve ads based on users' visits to this site or other sites on the Internet. We can also use the "Google Tag Manager" to integrate and manage Google analysis and marketing services into our website. Further information on Google's use of data for marketing purposes can be found on the overview page: https://www.google.com/policies/technologies/ads, Google's Privacy Policy can be accessed at https://www.google.com/policies/privacy If you wish to object to interest-based advertising by Google marketing services, you can use the setting and opt-out options provided by Google: http://www.google.com/ads/preferences.
XVIII. Facebook Analytics
After your agreement, our website uses the “Facebook pixel” from the social network of Facebook for analysis, optimization and economic operation of our website. The Facebook pixel is operated by Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are located in the EU, Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). The Facebook pixel enables Facebook to determine the visitors of our online offering as a target group for the presentation of ads (so-called "Facebook ads").
Accordingly, we use the Facebook pixel to display the Facebook ads we post only to Facebook users who have also shown an interest in our online offering or who have certain features (e.g. interests in certain topics or products that are determined by the websites visited) that we transmit to Facebook (so-called "custom audiences"). We use the Facebook pixel to ensure that our Facebook ads meet the potential interest of users and are not a nuisance. The Facebook pixel also helps us understand the effectiveness of Facebook ads for statistical and market research purposes by showing whether users have been redirected to our website after clicking on a Facebook ad (so-called "conversion"). Facebook processes the data in accordance with Facebook's Data Usage Policy. Accordingly, general information on the display of Facebook ads can be found in the Facebook Data Usage Policy: https://www.facebook.com/policy.php. Special information and details about the Facebook pixel and how it works can be found in the Facebook help section: https://www.facebook.com/business/help/651294705016616. You can object to data collection by the Facebook pixel and use of your data to display Facebook ads. To set what types of ads you see within Facebook, you can visit Facebook and follow the instructions on usage-based advertising settings: https://www.facebook.com/settings?tab=ads. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices. You may also object to the use of cookies for range measurement and advertising purposes via the deactivation page of the network advertising initiative (http://optout.networkadvertising.org/) and the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
XVII. a TikTok Pixel
After your agreement, our website uses the “TikTok pixel” from the social network of TikTok for analysis, optimization and economic operation of our website. The TikTok Pixel is a TikTok advertiser tool from the two providers TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, and TikTok Information Technologies UK Limited, WeWork, 125 Kingsway, London, WC2B 6NH, United Kingdom (both are jointly referred to below referred to as “TikTok”). The TikTok pixel enables TikTok to determine the visitors of our online offering as a target group for the presentation of ads (so-called "TikTok ads").
Accordingly, we use the TikTok pixel to display the TikTok ads we post only to TikTok users who have also shown an interest in our online offering or who have certain features (e.g. interests in certain topics or products that are determined by the websites visited) that we transmit to TikTok (so-called "custom audiences"). We use the TikTok pixel to ensure that our TikTok ads meet the potential interest of users and are not a nuisance. The TikTok pixel also helps us understand the effectiveness of TikTok ads for statistical and market research purposes by showing whether users have been redirected to our website after clicking on a TikTok ad (so-called "conversion"). TikTok processes the data in accordance with TikTok's Data Usage Policy. Accordingly, general information on the display of TikTok ads can be found in the TikTok Data Usage Policy: https://www.tiktok.com/legal/privacy-policy?lang=de-DE.. Special information and details about the TikTok pixel and how it works can be found in the TikTok help section: Hilfebereich von TikTok. You can object to data collection by the TikTok pixel and use of your data to display TikTok ads. You may also object to the use of cookies for range measurement and advertising purposes via the deactivation page of the network advertising initiative (http://optout.networkadvertising.org/) and the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
XVII. b Pinterest Pixel
Within our online offer, the so-called "Pinterest pixel" of the social network Pinterest is used after your consent for the analysis, optimisation and economic operation of our online offer. The Pinterest pixel is an advertiser tool of the provider Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. With the help of the Pinterest pixel, we can track the effectiveness of the Pinterest ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Pinterest ad (so-called "conversion"). The processing of the data by Pinterest takes place within the framework of the Pinterest data usage policy. Accordingly, general information on the display of Pinterest ads, in Pinterest's data usage policy: https://policy.pinterest.com/de/privacy-policy. You can object to the collection by the Pinterest pixel and the use of your data for the display of Pinterest ads. You can also opt out of the use of cookies for reach measurement and advertising purposes on the web on Pinterest in your personalisation settings or mobile ad recognition settings, via the Network Advertising Initiative opt-out page (http://optout.networkadvertising.org/) and additionally the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
XIX. Bing Ads
After your agreement, we use the conversion and tracking tool "Bing Ads” of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA in accordance with Art. 6 (1) lit. a (DSGVO).
Microsoft and we can recognize in this way that someone has clicked on an ad, has been redirected to our online offering, and has reached a previously defined target page (so-called "conversion page"). We only see the total number of users who clicked on a Bing ad who were then redirected to the conversion page. No IP addresses are stored. No personal information about the identity of the users is stored or communicated.
If users do not wish to participate in the Bing Ads tracking process, they can deactivate the necessary setting of a cookie via browser settings or use Microsoft's opt-out page: http://choice.microsoft.com/de-DE/opt-out.
Users can find further information on data protection and the cookies used for Microsoft Bing Ads in Microsoft's Privacy Policy: https://privacy.microsoft.com/en-us/privacystatement.
- Cloudflare
- Description and scope of data processing
Cloudflare offers web optimization and security services which we use to improve and protect our website. These include a reverse proxy, a pass-through security service and a content distribution network. Because Cloudflare is a reverse proxy, the IP addresses of Cloudflare may appear in the WHOIS and DNS records of our website. Cloudflare is a channel for information controlled by us. We and you, as our customer, are responsible for the content transmitted through Cloudflare's network (e.g. pictures, written content, graphics, etc.)
Cloudflare collects your information when you use our website, web applications and APIs. This information may include, but is not limited to, IP addresses, system configuration information and information about traffic to and from our website (collectively referred to as "log data").
- Legal basis for the processing of personal data
The legal basis for the processing of the data is Art. 6 (1) lit. f DSGVO.
- Purpose of the data processing
Cloudflare collects and uses log data to operate, maintain and improve Cloudflare's services in accordance with its obligations to us. For example, Cloudflare log data can help detect new threats, identify malicious third parties and provide us with more robust security protection.
These purposes also include our legitimate interest in data processing in accordance with Art. 6 (1) lit. f DSGVO.
- Duration of storage, possibility of objection, and removal
Cloudflare keeps data logs only as long as necessary. This data is usually deleted within 24 hours. Cloudflare does not store personal data such as your IP address. However, there is information that Cloudflare stores indefinitely as part of its permanent logs to improve the overall performance of Cloudflare Resolver and to identify security risks. You can find out exactly which permanent logs are stored at https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/privacy-policy/. All data collected by Cloudflare, (temporary or permanent), is purged of all personal data. All permanent logs are anonymized by Cloudflare.
You can completely stop the collection and processing of your data by Cloudflare by deactivating the execution of script code in your browser or by including a script blocker in your browser.
XXI. Online Presence in Social Media
We maintain online presences within social media networks and platforms in order to communicate with active customers, interested parties, and users to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and the data processing guidelines of their respective operators apply.
Unless otherwise stated in our privacy policy, we process the data of users who communicate with us within social networks and platforms, e.g. write articles on our websites or send us messages.
XXII. Integration of Third Party Content
After your agreement, we integrate content offers from third parties, e.g. videos (referred to as "content"). in accordance with Art. 6 (1) lit. a DSGVO.
This always presupposes that the third party content providers receive the IP address of the users, because the IP Address is necessary for them to send the content to the user. The IP address is therefore required for the display of this content. We will only use content whose respective providers use the IP address only for the delivery of the contents, whenever possible for us to do so. Third-party providers may also use pixel tags ("web beacons") for statistical or marketing purposes. Pixel tags can be used to evaluate information such as visitor traffic on the pages of a website. The pseudonymous information may also be stored in cookies on the user's device and may include technical information about the browser and operating system, referring websites, visiting time and other information about the use of our online offering, as well as being linked to such information from other sources.
- Youtube
We incorporate videos from the YouTube platform of Google Ireland Limited ("Google"), a company incorporated and operated under Irish law (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.
- Vimeo Videos
We integrate the videos from the platform "Vimeo" of Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA; Website: https://vimeo.com; Privacy policy: https://vimeo.com/privacy; Opt-out: We would like to point out that Vimeo may use Google Analytics and refer you to the privacy policy (https://policies.google.com/privacy) and opt-out options for Google Analytics (https://tools.google.com/dlpage/gaoptout?hl=de) and the settings of Google for the use of data for marketing purposes (https://adssettings.google.com/).
- Google Maps
We incorporate the maps from the "Google Maps" service provided by Google Ireland Limited ("Google"), a company incorporated and operated under Irish law (registration number: 368047) with registered offices at Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The data processed may include, but are not limited to, IP addresses and location data of users which are not collected without their consent (usually as part of the settings of their mobile devices). It cannot be ruled out that data processing may take place outside the scope of EU law. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.
- Use of Facebook Social Plugins
After your agreement, we use Social Plugins "Plugins” of the social network Facebook.com (Facebook) located at Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland in accordance with Art. 6 (1) lit. a DSGVO.
The plugins can display interaction elements or content (e.g. videos, graphics or text contributions) and are identified by one of the Facebook logos (white "f" on blue tile, the terms "like", "like" or a "thumbs up" sign) or are marked with "Facebook Social Plugin". The list and appearance of Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/. When a user activates a function of our online offering that contains such a plugin, his device establishes a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to the user's device and integrated into the online offering. The processed data can be used to create user profiles. We therefore have no influence on the amount of data Facebook collects with the help of this plugin or ability to inform users according to respective level of knowledge. By integrating the plugins, Facebook receives information that a user has requested the corresponding page of the online offer. If the user is logged in to Facebook, Facebook can assign the visit to his Facebook account. When users interact with the plugins, such as pressing the Like button or posting a comment, the information is sent directly from your device to Facebook and stored there. If a user is not a member of Facebook, it is still possible for Facebook to obtain and store their IP address. According to Facebook, only an anonymized IP address is stored for users in Germany. The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as the relevant rights and setting options for the protection of users' privacy, can be found in Facebook's data protection information: https://www.facebook.com/about/privacy/. If a user is a Facebook member and does not want Facebook to collect data via this online offer and link it to his membership data stored on Facebook, they must log out of Facebook before using our online offering and delete their cookies. Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US page http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices of the user.
Should data of the user also be stored on our side, the user has the possibility to revoke his consent to the processing of personal data at any time.
To do so, please contact our data protection officer. You can reach him as follows:
Frank Thiel
titus GmbH
Scheibenstr. 121
48153 Münster
Phone: 0251 / 777 111
E-mail: datenschutz@titus.de
All personal data stored in the course of visiting our online offer will be deleted in this case.
Functions and contents of the Twitter service, offered by Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, can be integrated into our online offering. This may include, for example, content such as images, videos or texts and buttons with which users can express their appreciation of the content, subscribe to the authors of the content or our contributions. If the users are members of the Twitter platform, Twitter can assign the above content and functions to their user profiles. Privacy Policy: https://twitter.com/en/privacy, Opt-Out: https://twitter.com/personalization.
Within our online offering, functions and contents of the Instagram service, offered by Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA, can be integrated. This may include, for example, content such as images, videos or texts and buttons with which users can express their appreciation of the content, subscribe to the authors of the content or our contributions. If the users are members of the Instagram platform, Instagram can assign the the above contents and functions to the profiles of their users. Instagram Privacy Policy: http://instagram.com/about/legal/privacy/.
Within our online offering, functions and contents of the Pinterest service, offered by Pinterest Inc. 635 High Street, Palo Alto, CA, 94301, USA, can be integrated. This may include, for example, content such as images, videos or texts and buttons with which users can express their appreciation of the content, subscribe to the authors of the content or our contributions. If the users are members of the Pinterest platform, Pinterest can assign the the above contents and functions to the profiles of their users. Pinterest's privacy policy: https://about.pinterest.com/en/privacy-policy.
XXIII. Presence in Social Networks
We maintain online presences within social networks and platforms in order to communicate with active customers, interested parties, and users to inform them about our services.
We point out that user data can be processed outside the European Union. This can pose risks for users as the enforcement of users' rights could be made more difficult.
Furthermore, user data can be processed for market research and advertising purposes. For example, user profiles can be created from user behavior and the resulting interests of users. The usage profiles can in turn be used, for example, to place advertisements inside and outside the platforms that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the user's computer, in which the user's usage behavior and interests are stored. Furthermore, data can be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to these).
The processing of users' personal data is carried out on the basis of our legitimate interests in effective user information and communication with users pursuant to Art. 6 (1) lit. f. DSGVO. If the users are asked by the respective providers for consent to data processing (i.e. to give their consent e.g. by ticking a checkbox or confirming a button), the legal basis of processing is Art. 6 (1) lit. a., Art. 7 DSGVO.
For a detailed description of the respective data processing and possibility of objection (opt-out), please refer to the information given by the providers below.
In the case of requests for information and the assertion of user rights, we point out that these can be asserted most effectively with the providers directly. Only the providers have access to user data and can take appropriate measures to provide information. If further assistance is required, please contact us.
- Facebook (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland) – Privacy Policy: https://www.facebook.com/about/privacy/, Opt-Out: https://www.facebook.com/settings?tab=ads und http://www.youronlinechoices.com
- Google/YouTube (Google Ireland Limited ("Google"), a company incorporated and operated under Irish law (registration number: 368047) with registered offices at Gordon House, Barrow Street, Dublin 4, Ireland ("Google") - Privacy Statement: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated
- Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) – Privacy Policy/ Opt-Out: https://help.instagram.com/519522125107875.
- Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) – Privacy Policy: https://twitter.com/en/privacy, Opt-Out: https://twitter.com/personalization
- Pinterest (Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA) – Privacy Policy/ Opt-Out: https://policy.pinterest.com/en-gb/privacy-policy.
- Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Deutschland) – Privacy Policy/ Opt-Out: https://privacy.xing.com/en/privacy-policy.
XXIV. Data Subject‘s Rights
If personal data is processed for a user, the user is affected within meaning of the DSGVO and has the following rights:
- Right to Information
The user may ask the person in charge to confirm whether personal data concerning them will be processed by us.
If such processing has taken place, you can request the following information from the responsible person:
- a) the purposes for which the personal data is processed;
- b) the categories of personal data processed;
- c) the recipients or categories of recipients to whom the personal data concerning you have been or are still being disclosed;
- d) the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
- e) the existence of a right to have your personal data concerning you corrected or deleted, a right to have processing restricted by the controller or a right to object to such processing;
- f) the existence of a right of appeal to a supervisory authority;
- g) any available information on the origin of the data if the personal data was not collected from the data subject;
- h) the existence of automated decision-making, including profiling in accordance with Article 22 (1) and (4) DSGVO and - at least in these cases - meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to request information as to whether the personal data concerning you is transferred to a third party or to an international organization. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 DSGVO related to the transmission.
This right to information may be limited to the extent that it is likely to make it impossible or to impair the realization of research or statistical purposes and the limitation is necessary for the fulfillment of research or statistical purposes.
- Right to Rectification
Users have a right of rectification and/or correction by the data controller if the personal data processed concerning a user is incorrect or incomplete. The person responsible shall make the correction without delay.
Your right to rectification may be limited to the extent that it is likely to render impossible or to impair research or statistical purposes and the limitation is necessary for the fulfillment of the research or statistical purposes.
- Right to Limitation of Processing
Under the following conditions, you may request that the processing of personal data concerning you be restricted:
- a) if you dispute the accuracy of the personal data concerning you for a period of time that enables the person responsible to verify the accuracy of the personal data;
- b) if the data processing is unlawful;
- c) if the controller no longer needs the personal data for processing purposes and the user objects to further storage, or
- d) if the user has filed an objection to the processing pursuant to Art. 21 para. 1 DSGVO and it has not yet been determined whether the legitimate reasons of the person responsible outweigh the user’s reasons.
If the processing of personal data concerning you has been restricted, such data may only be processed - apart from being stored - with your consent or for the purpose of asserting, exercising, or defending rights or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State.
If the processing restriction has been set in place according to the above conditions, you will be informed by the person responsible before the restriction is lifted.
Your right to limitation of processing may be limited to the extent that it is likely to render impossible or seriously impair research or statistical purposes and the restriction is necessary for the fulfillment of research or statistical purposes.
- Right of Deletion
- a) Duty to Delete
Users may request that the data officer delete the personal data relating to them without delay and the controller is obliged to delete this data without delay if one of the following reasons applies:
- aa) The personal data concerning you is no longer necessary for the purposes for which they were collected or otherwise processed.
- bb) You revoke your consent, on which the processing was based pursuant to Art. 6 (1) lit. a or Art. 9 (2) lit. a DSGVO, and there is no other legal basis for the processing.
- cc) You file an objection against the processing pursuant to Art. 21 (1) DSGVO and there are no overriding legitimate reasons for the processing.
- dd) The personal data concerning the user has been processed unlawfully.
- ee) The deletion of personal data concerning the user is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the data officer is subject.
- ff) The personal data concerning the user has been collected in relation to information society services pursuant to Art. 8 (1) DSGVO.
- b) Third Party Information
If the data controller has made the personal data concerning you public and is obliged to delete it pursuant to Art. 17 para. 1 DSGVO, he shall take appropriate measures, taking into account the available technology and the implementation costs, to inform data processors who process the personal data that you as the data subject have requested deletion of all links to this personal data or of copies or replications of this personal data.
- c) Exceptions
The right to cancellation does not exist insofar as the processing is necessary:
- aa) to exercise freedom of expression and information;
- bb) for the performance of a legal obligation required for processing under the law of the Union or of the Member States to which the controller is subject or for the performance of a task in the public interest or in the exercise of official authority conferred on the controller;
- cc) for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 DSGVO;
- dd) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 DSGVO, insofar as the law referred to under a) is likely to render impossible or to impair the attainment of the objectives of such processing, or
- ee) to assert, exercise or defend legal claims.
- Right to Information
If you have exercised your right to have the data officer correct, delete or limit the data processing, he/she is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort.
The person responsible shall have the right to be informed of such recipients.
- Right to Data Transferability
You have the right to receive the personal data concerning you that you have provided to the person responsible in a structured, common and readable format. In addition, you have the right to pass this data on to another person in charge without obstruction by the person in charge to whom the data was provided, in that;
- a) the processing is based on consent pursuant to Art. 6 (1) lit. a DSGVO or Art. 9 (2) lit. a DSGVO or on a contract pursuant to Art. 6 (1) lit. b DSGVO and
- b) the processing is carried out using automated methods.
In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one data controller to another data controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.
The right to transferability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the controller.
- Right to Objection
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you under Article 6 (1) (f) of the DSGVO; this also applies to profiling based on these provisions.
The data controller no longer processes the personal data concerning you, unless he can prove logical reasons to why the data processing is required, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the personal data concerning a user is processed for direct marketing purposes, the user has the right to object at any time to the processing of the personal data concerning them for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct marketing.
If a user is subject to the processing for direct marketing purposes, the personal data concerning said user will no longer be processed for these purposes.
You have the possibility to exercise your right of objection in connection with the use of Information Society services by means of automated procedures using technical specifications, notwithstanding Directive 2002/58/EC.
You also have the right to object to the processing of personal data concerning you for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) DSGVO.
Your right of objection may be limited to the extent that it is likely to make it impossible or to impair the realization of the research or statistical purposes and the limitation is necessary for the fulfillment of the research or statistical purposes.
- Right to Object Consent to Privacy Policy
You have the right to revoke your consent to the privacy policy at any time. The revocation of consent shall not affect the legality of data processing carried out on the basis of the consent until revocation.
- Automated Decision in Individual Cases Including Profiling
Users have the right not to be subject to a decision based exclusively on automated data processing - including profiling - that has a legal effect against the user or significantly impairs the user in a similar manner. This does not apply if the decision
- a) is necessary for the conclusion or performance of a contract between you and the person responsible,
- b) is admissible by law of the Union or of the Member States to which the person responsible is subject and that law contains appropriate measures to safeguard your rights, freedoms and legitimate interests, or
- c) is processed with the users express consent.
These decisions may not be based on special categories of personal data pursuant to Art. 9 (1) DSGVO, unless Art. 9 (2) lit. a or g DSGVO applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.
In the cases referred to in (1) and (3), the person responsible shall take reasonable measures to safeguard their rights, freedoms and legitimate interests, including the right to obtain an intervention by the person responsible, to state their own position and to challenge the decision.
- Right to Appeal to a Supervisory Authority
Without prejudice to any other administrative or judicial body, users have the right of appeal to a supervisory authority, in particular in the Member State where they reside, work, or suspect infringement, if they believe that the processing of personal data concerning them is contrary to the DSGVO.
The supervisory authority to which the complaint has been filed shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 DSGVO.