Privacy Policy
Privacy Policy
1.Contact
Hama GmbH & Co KG
Dresdner Straße 9
86653 Monheim
Phone.: +49 9091 502-0
E-Mail: info.de@hama.com
Web: de.hama.com
Place of Business - D-86653 Monheim, Dresdner Str. 9
Commercial Register - County Court Augsburg A 12159
Managing Director: Christoph Thomas, Christian Sokcevic
2.General information on data
processing
1.General information on data
processing
We only process our users’
personal data to the extent necessary for the provision of a functionalwebsite
as well as the provision of our content and services. In general, we only
process our users’ personal data with the users’ consent. One exception is in
cases when it is not possible to obtain the user’s consent in advance for
practical reasons and the company is permitted to process this data within the
scope of the law.
2.Legal basis
for the processing of personal data
When consent has been obtained
from the data subject for the processing operations for the processing of
personal data, point (a) of Article 6(1) of the EC General Data Protection
Regulation (GDPR) serves as the legal basis.
When the processing of personal data is necessary for the performance of a
contract to which the data subject is party, point (b) of Article 6(1) of the
GDPR serves as the legal basis. This also applies for processing operations that
are required in order to take the necessary steps prior to entering into a
contract.
When the processing of personal data is necessary for compliance with a legal
obligation to which our company is subject, point (c) of Article 6(1) of the
GDPR serves as the legal basis.
When processing of personal data is necessary in order to protect the vital
interests of the data subject or of another natural person, point (d) of
Article 6(1) of the GDPR serves as the legal basis.
If the processing is necessary for the purposes of the legitimate interests
pursued by our company or by a third party, and such interests are not
overridden by the interests or fundamental rights and freedoms of the data
subject which require protection of personal data, then point (f) of Article
6(1) of the GDPR serves as the legal basis for the processing.
3.Deletion of
data and storage period
The personal data of the data
subject is deleted or made unavailable to users once the purpose of the storage
of the data no longer applies. Furthermore, data may also be stored if this
storage is permitted by the European or national legislative authorities in EU
regulations, laws or other guidelines that the controller is subject to. Data
is also deleted or made unavailable to users once the storage period defined by
the specified norms elapses as long as continued storage of the data is not
required in order to conclude or perform a contract.
3.Provision of
the website and the creation of log files
1.Description
and scope of data processing
Every time our website is
accessed, our system automatically records data and information from the system
of the computer that is being used to access the website.
We use our website to collect personal data, e.g. your name and address or
e-mail address, that you voluntarily provide us with in the form of entries
made in contact forms or data entered for newsletter subscriptions. We store
and use this data in order to process your requests and orders, maintain your
customer account, or to provide you with access to specific information. We do
not share this confidentialinformation with third parties.
Furthermore, information is automatically collected that is not assigned to a
specific person (e.g. the IP address currently being used by your end device,
the browser and operating system used to access the website, the date and time
the website was accessed, the number of visits, average time spent on the
website, pages accessed). We use this information to determine the appeal of
our website and improve its functions and content.
This data is also stored in our system’s log files. This data is not stored
together with the user’s other personal data.
2.Legal basis for data processing
The legal basis for the
temporary storage of data and log files is point (f) of Article 6(1) of the
GDPR.
3.Purpose of data processing
The system must temporarily
store the IP address so that it can transmit the website to the user’s
computer. In order to do this, the user’s IP address must be stored during the
entire session.
The IP address is then saved in a log file in order to ensure that the website
works properly. Furthermore, we use this information to optimise our website
and ensure that our information technology systems are secure. The data saved
for these reasons is not used for marketing purposes.
These purposes also constitute legitimate interests within the scope of point
(f) of Article 6(1) of the GDPR.
4.Storage period
Data is deleted as soon as it
is no longer required for the purpose for which it was obtained. In terms of
the data recorded for the provision of the website, this is the case as soon as
the session in question ends.
Data saved in the log files is deleted after 30 days. It is possible that data
could be stored for longer than 30 days. In this case, the IP address of the
user is deleted or anonymised so that it is no longer possible to associate it
with the client that accessed the website.
5.Opt-out and disposal options
The collection of data
required for the provision of the website and the storage of data in log files
is essential in order to operate the website. For this reason, the user cannot opt out.
4.Cookies
This website uses two
different types of cookies:
oPersistent
cookies are stored on your computer and stay there until they expire or are
deleted. Closing your
browser does not delete these cookies.
oSession cookies are generated
every time you visit one of our website pages. A session cookie is
automatically deleted when you close your browser. All of the information saved
in the cookie file is also deleted then.
With cookies, it is impossible
to download personal information from the user’s computer on which the cookies
are saved.
3.Use of cookies
§Tracking cookies collect data
about how the user uses the websites that he or she accesses.
§Cookies store information
about the way the website is used in terms of the history, favourite content
and personal settings.
§Third-party cookies make it
possible to exchange data with third-party websites.
§Advertising cookies make it
possible to show the user personalised advertising.
4.Consent to
the storage of cookies and retrieval of the information stored within those
cookies
The user must give their
consent to allow cookies to store information on their computer and allow the
information stored in those cookies to be retrieved. This consent is given via
the cookie settings in the user’s installed browser. Every Internet browser
automatically has cookies enabled as standard. To this effect, we ask that our
customers check their browser settings and, if necessary, change the settings
to enable cookies.
Furthermore, we allow you to choose to agree to the use of cookies directly on
our website. If you use this opportunity to agree to the use of cookies, you
will automatically deactivate the do-not-track function.
5.Legal basis for data processing
The legal basis for the
processing of personal data using the technically required cookies is point (f)
of Article 6(1) of the GDPR.
The legal basis for the
processing of personal data using cookies for analysis purposes with the
consent of the user is point (a) of Article 6(1) of the GDPR.
6.Purpose of data processing
The purpose of the use of
technically required cookies is to make it easier for the user to use the
website. A number of functions on our website cannot be offered without the use
of cookies. For these functions, it is necessary that the browser is still recognised
when the user moves from one page to another.
The user data recorded by technically required cookies is not used to create
user profiles. Analysis cookies are used for the purpose of improving the
quality of our website and its content. The analysis cookies tell us how the
website is used. These purposes also constitute legitimate interests for the
processing personal data within the scope of point (f) of Article 6(1) of the
GDPR.
7.Storage
period, opt-out and disposal options
Cookies are stored on the
user’s computer and transmitted to our website from there. For that reason you,
as the user, have total control over the use of cookies. By changing the
settings in your browser, you can disable or limit the use of cookies. Cookies
that have already been saved to your computer can be deleted at any time. You
can also change your settings so they are deleted automatically. If you disable
cookies for our website, you may not be able to fully utilise all of the
functions of the website.
5.Contact form
and e-mail addresses
0.Description
and scope of data processing
Our website contains contact
forms that can be used to contact us electronically. If a user takes advantage
of this opportunity, we will record and store the data that they enter into the
fields of the form. The personal data that is transmitted in this way is
determined by the fields in the form.
Furthermore, when the user sends a message, the following data is also saved:
§The user’s IP address; however
this information is masked by a byte
§The date and time the user
registered
Alternatively, the user can
also contact us by writing an e-mail to the e-mail address provided. In this
case, the user’s personal data that is transmitted with the e-mail will be
saved.
The data collected in this way
is not passed on to third parties. The data is only used to process the user’s
e-mail.
1.Legal basis for data processing
The legal basis for the
processing of data with the consent of the user is point (a) of Article 6(1) of
the GDPR.
The legal basis for the processing of the data that is transmitted when the
user sends an e-mail is point (f) of Article 6(1) of the GDPR. If the purpose
of the e-mail is to conclude a contract, then the additional legal basis for
the processing is point (b) of Article 6(1) of the GDPR.
2.Purpose of data processing
We only process the personal
data included in the contact form to process the user’s message. If the user
contacts us via e-mail, this also constitutes a legitimate interest in the
processing of the data. Any other personal data processed during the sending
operation is used to prevent third parties from misusing the contact form and
to ensure the security of our information technology systems.
3.Storage period
Data is deleted as soon as it
is no longer required for the purpose for which it was obtained. In terms of
the personal data from the fields in the contact form and the personal data
that is sent via e-mail, this is the case when the conversation in question
with the user comes to an end. The conversation ends when it is clear from the
circumstances that the issue in question has been clarified conclusively.
4.Opt-out and disposal options
The user has the option at any
time to revoke his or her consent to the processing of his or her personal
data. If the user writes us an e-mail, he or she can object to the storage of
his or her personal data at any time. Furthermore, the user can contact one of
our employees at any time. In this case, the conversation cannot be continued.
All personal data that is stored during the course of the user contacting us
will be deleted in this case.
6.Analysis by Matomo
0.Scope of the
processing of personal data
We use the open-source
software tool Matomo (formerly PIWIK) on our website to analyse the surfing
patterns of our users. The software saves a cookie in the user’s browser (for
more information on cookies, see above). When a user accesses individual pages
on our website, the following data is stored:
§A byte of the IP address of
the system the user is using to access the website
§The website accessed
§The website that referred the
user to the website accessed (referrer)
§The sub-pages that the user
accesses from the accessed website
§The amount of time spent on
the website
§The frequency with which the
user accesses the website
The software runs solely on
our website’s servers. The user’s personal data is not saved on these servers.
The data is not passed on to third parties.
The software is set up so that IP addresses are not saved in full but rather
one byte of the IP addresses are masked (e.g.: 192.168.001.xxx). This masking
means it is no longer possible to allocate the abbreviated IP address to the
computer that accessed the website.
1.Legal basis
for the processing of personal data
The legal basis for the
processing of the user’s personal data is point (f) of Article 6(1) of the
GDPR.
2.Purpose of data processing
Processing the user’s personal
data allows us to analyse the user’s surfing patterns and behaviour. By
evaluating the data we obtain, we are able to compile information about the way
the various components of our website are used. This helps us to continuously
improve our website and make it more userfriendly. These purposes also
constitute legitimate interests for the processing of personal data within the
scope of point (f) of Article 6(1) of the GDPR. By anonymising the IP address,
we sufficiently take into account the interests of the user regarding the
protection of their personal data.
3.Storage period
The data is deleted as soon as
it is no longer required for our purposes.
4.Opt-out and disposal options
Cookies are stored on the
user’s computer and transmitted to our website from there. For that reason you,
as the user, have total control over the use of cookies. By changing the
settings in your browser, you can disable or limit the use of cookies. Cookies
that have already been saved to your computer can be deleted at any time. You
can also change your settings so they are deleted automatically. If you disable
cookies for our website, you may not be able to fully utilise all of the
functions of the website. For more information on Matomo software’s privacy
settings, click here: https://matomo.org/docs/privacy/. 7.Analysis of
user behaviour by Web Extend
0.Scope of personal data processing
Web Extend is the data
collection script of the e-mail marketing software Emarsys, which analyses the
user behaviour of logged-in users. The software sets both its own cookies and
third-party cookies on the user’s computer (see above for more about cookies).
The domain of the third-party cookie is scarabresearch.com
The following data is
collected:
§Information about the service
oIP address
oBrowser
oCookie identifiers
oPseudonymised identifiers
(external IDs or encrypted e-mail address) for logged-in users
§Information about browsing behaviour
oItemIDs that were viewed
oItemIDs added to the shopping
basket
oItemIDs that were purchased
All personal data is generally
recorded anonymously or pseudonymised. The data is stored in the database of
the e-mail marketing software Emarsys.
1.Legal basis
for personal data processing
The legal basis for the
processing of users’ personal data is Art. 6 para. 1 lit. f of the GDPR.
2.Purpose of data processing
The processing of the personal
user data enables us to analyse user behaviour. User profiles can be enhanced
with the acquired data. This allows us to provide users registered for the
newsletter with a bespoke offer via the newsletter.
3.Data storage period
We store your data until your
consent is withdrawn. We will delete data as soon as it is no longer needed for
our purposes.
4.Objection and removal
If you do not wish to receive
personalised advertising, you can object at any time. You have the following two options:
§Under “My account” in the
“Newsletter” section you have the option to deactivate Web Extend. §At the beginning of the
privacy policy you have the option of refusing the general consent to cookies.
8.Analysis by Google Analytics
Our website uses the web
analysis service Google Analytics by Google Inc. (1600 Amphitheatre Parkway,
Mountain View, CA 94043, USA; “Google”). The processing of data serves to
analyse this website and its visitors. Google will use this information on
behalf of the operator of this website to evaluate your use of the website, to
compile reports on website activity and to provide other services to the website
operator relating to website and internet use. The IP address communicated by
your browser as part of Google Analytics is not associated with any other data
held by Google. Google Analytics uses cookies, which make it possible to
analyse your use of the website. The information generated by the cookie
regarding your use of this website is usually transferred to a Google server in
the USA and stored there. IP anonymisation is activated on this website.
Google uses this to shorten
your IP address beforehand within Member States of the European Union or in
other signatories to the Agreement on the European Economic Area. Only in
exceptional cases will the full IP address be transferred to a Google server in
the USA and shortened there. Your data may be transmitted to the USA.
Transmission of data to the USA is covered by an adequacy decision by the
European Commission. Processing is carried out on the basis of art. 6 (1) lit.
f GDPR due to our justified interest in needs-based and targeted design of the
website. You have the right to veto this processing of your personal data
according to art. 6 (1) lit. f GDPR by contacting us, for reasons relating to
your personal situation.You can prevent the storage of cookies by
choosing corresponding technical settings in your internet browser; we would,
however, like to point out that this may prevent you from making full use of
all the functions of this website. You can also prevent collection of the data
(including your IP address) generated by the cookies and related to your use of
the website by Google as well as the processing of this data by Google by
downloading and installing the browser plug-in available at the following link
[https://tools.google.com/dlpage/gaoptout?hl=en]. You can set an opt-out cookie
to prevent collection by Google Analytics across devices. Opt-out cookies
prevent the future collection of your data when you visit this website. You
need to opt-out on all systems and devices in use for this to work
comprehensively. If you click here, the opt-out cookie is set:
9.Rights of the data subject
When your personal data is
processed, then you are a data subject as defined in the GDPR and you have the
following rights vis-à-vis the controller:
0.Right of access
You have the right to obtain
confirmation from the controller as to whether or not we are processing any
personal data which concerns you.
Where this is the case, you
also have the right to access the following information from the controller:
§the purposes for which the
personal data is being processed
§the categories of personal
data being processed
§the recipients or categories
of recipient to whom the personal data has been or will be disclosed
§the envisaged period for which
the personal data will be stored, or, if not possible, the criteria used to
determine that period
§the existence of the right to
request from the controller rectification or erasure of personal data or
restriction of processing of personal data concerning the data subject or to
object to such processing
§the right to lodge a complaint
with a supervisory authority
§where the personal data is not
collected from the data subject, any available information as to the source
§the existence of automated
decision-making, including profiling, referred to in Article 22(1) and (4) of
the GDPR and – at least in those cases – meaningful information about the logic
involved, as well as the significance and the envisaged consequences of such
processing for the data subject.
You have the right to be
informed if your personal data is to be transferred to a third country or to an
international organisation. Where this is the case, you also have the right to
be informed of the appropriate safeguards pursuant to Article 46 of the GDPR
relating to the transfer.
1.Right of rectification
You have the right to obtain
the rectification of inaccurate personal data from the controller in the event
that the personal data being processed that concerns you is incorrect or
incomplete. The
controller must rectify the data without undue delay.
2.Right to restriction of processing
You have the right to obtain
restriction of processing of the personal data that concerns you where one of
the following applies:
§you contest the accuracy of
the personal data concerning you for a period enabling the controller to verify
the accuracy of the personal data
§the processing is unlawful and
you oppose the erasure of the personal data and request the restriction of its
use instead
§the controller no longer needs
the personal data for the purposes of the processing, but they are required by
you for the establishment, exercise or defence of legal claims, or
§you have objected to
processing pursuant to Article 21(1) of the GDPR pending the verification
whether the legitimate grounds of the controller override your grounds.
Where the processing of your
personal data has been restricted, such personal data shall – with the
exception of storage – only be processed with your consent or for the establishment,
exercise or defence of legal claims or for the protection of the rights of
another natural or legal person or for reasons of important public interest of
the Union or of a Member State.
If you have obtained
restriction of processing pursuant to the grounds listed above, you will be
informed by the controller before the restriction of processing is lifted.
3.Right to erasure
§Erasure obligation
You have the right to obtain
the erasure of personal data concerning you without undue delay, and the controller
is obligated to erase this personal data without undue delay where one of the
following grounds applies:
othe personal data is no longer
necessary in relation to the purposes for which it was collected or otherwise
processed
oyou withdraw the consent on
which the processing is based according to point (a) of Article 6(1), or point
(a) of Article 9(2) of the GDPR, and there is no other legal ground for the
processing
oyou object to the processing
pursuant to Article 21(1) of the GDPR and there are no overriding legitimate
grounds for the processing, or you object to the processing pursuant to Article
21(2) of the GDPR
othe personal data concerning
you has been unlawfully processed
othe personal data concerning
you has to be erased for compliance with a legal obligation in Union or Member
State law to which the controller is subject
othe personal data concerning
you has been collected in relation to the offer of information society services
referred to in Article 8(1) of the GDPR.
§Sharing information with third
parties
Where the controller has made
the personal data concerning you public and is obliged pursuant to Article
17(1) of the GDPR to erase the personal data, the controller, taking account of
available technology and the cost of implementation, must take reasonable
steps, including technical measures, to inform the controllers who are
processing the personal data that you have requested the erasure by such
controllers of any links to, or copy or replication of, that personal data.
§Exceptions
The right to erasure does not
apply to the extent that processing is necessary
ofor exercising the right of
freedom of expression and information
ofor compliance with a legal
obligation which requires processing by Union or Member State law to which the
controller is subject or for the performance of a task carried out in the
public interest or in the exercise of official authority vested in the
controller
ofor reasons of public interest
in the area of public health in accordance with points (h) and (i) of Article
9(2) as well as Article 9(3) of the GDPR;
ofor archiving purposes in the
public interest, scientific or historical research purposes or statistical purposes
in accordance with Article 89(1) of the GDPR in so far as the right referred to
in Section a) is likely to render impossible or seriously impair the
achievement of the objectives of that processing; or
ofor the establishment,
exercise or defence of legal claims.
4.Right to information
If you exercise your right of
rectification, to erasure or to restriction of processing vis-à-vis the
controller, the controller is obligated to communicate any rectification or
erasure of personal data or restriction of processing to each recipient to whom
the personal data has been disclosed, unless this proves impossible or involves
disproportionate effort.
You also have the right to be
informed about those recipients by the controller upon request.
5.Right to data portability
You have the right to receive
the personal data concerning you, which you have provided to a controller, in a
structured, commonly used and machine-readable format. Furthermore, you have
the right to transmit that data to another controller without hindrance from
the controller to which the personal data has been provided, where:
§the processing is based on
consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of
Article 9(2) of the GDPR or on a contract pursuant to point (b) of Article 6(1)
of the GDPR; and
§the processing is carried out
by automated means.
In exercising your right to
data portability, you also have the right to have your personal data
transmitted directly from one controller to another, where technically
feasible. The freedoms and rights of others may not be affected by the exercise
of this right.
The right of data portability
does not apply to processing of personal data necessary for the performance of
a task carried out in the public interest or in the exercise of official
authority vested in the controller.
6.Right to object
You have the right to object,
on grounds relating to your particular situation, at any time to processing of
personal data concerning you which is based on point (e) or (f) of Article 6(1)
of the GDPR, including profiling based on those provisions.
The controller will no longer
process the personal data unless the controller demonstrates compelling
legitimate grounds for the processing which override your interests, rights and
freedoms, or for the establishment, exercise or defence of legal claims.
Where your personal data is
processed for direct marketing purposes, you have the right to object at any
time to processing of personal data concerning you for such marketing, which
includes profiling to the extent that it is related to such direct marketing.
If you object to processing
for direct marketing purposes, your personal data will no longer be processed
for such purposes.
In the context of the use of
information society services – and notwithstanding Directive 2002/58/EC – you
may exercise your right to object by automated means using technical
specifications.
7.Right to
withdraw the declaration of consent under data protection law
You have the right to withdraw
your declaration of consent under data protection law at any time. Withdrawing
your consent does not affect the lawfulness of processing based on consent
before its withdrawal.
8.Automated
individual decision-making, including profiling
You have the right not to be
subject to a decision based solely on automated processing – including
profiling – which produces legal effects concerning you or similarly
significantly affects you. However, this does not apply if the decision:
§is necessary for entering into
or performance of a contract between you and the controller
§is authorised by Union or
Member State law to which the controller is subject and which also lays down
suitable measures to safeguard your rights and freedoms and legitimate interests;
or
§is based on your express
consent.
However, these decisions may
not be based on special categories of personal data referred to in Article 9(1)
of the GDPR, unless point (a) or (g) of Article 9(2) of the GDPR applies and
suitable measures to safeguard your rights and freedoms and legitimate
interests are in place.
In the cases referred to above
in points (1) and (3), the data controller shall implement suitable measures to
safeguard your rights and freedoms and legitimate interests, at least the right
to obtain human intervention on the part of the controller, to express your
point of view and to contest the decision.
9.Right to
lodge a complaint with a supervisory authority
Without prejudice to any other
administrative or judicial remedy, you have the right to lodge a complaint with
a supervisory authority, in particular in the Member State of your habitual
residence, place of work or place of the alleged infringement if you consider
that the processing of personal data relating to you violates the GDPR.
The supervisory authority with
which the complaint has been lodged shall inform the complainant on the
progress and the outcome of the complaint including the possibility of a
judicial remedy pursuant to Article 78 of the GDPR.
10.Use of social media plugins
0.Facebook
Our website uses Facebook
components. Facebook is a social network. Facebook is a service of Facebook,
Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. Facebook Ireland Ltd., 4 Grand
Canal Square, Grand Canal Harbour, Dublin 2, Ireland, is responsible for the
processing of personal data from persons in Europe. You can recognise the
plugins by the use of the Facebook logo. For more information on all Facebook
plugins, go to: https://developers.facebook.com/docs/plugins/. The plugin
creates a direct connection between your browser and the Facebook servers. We
have no influence on the nature and the scope of the data that the plugin
transmits to the Facebook Inc. server. You can find more information on this
here: https://www.facebook.com/help/186325668085084 The plugin
informs Facebook Inc. that you are a user of our website. It is possible that
the plugin will save your IP address. If you are logged in to your Facebook
account while you visit the website, the information specified will be linked
to your account. If you use the functions of the plugin – for example, by
sharing or liking an entry – the corresponding information will also be
transferred to Facebook Inc. If you would like to prevent Facebook Inc. from
linking this data to your Facebook account, please log out of Facebook before
visiting our website. 1.Facebook pixel
The Facebook pixel makes it possible
for Facebook to define visitors to our website as a target audience for the
display of ads (so-called ‘Facebook ads’). Accordingly, we use the Facebook
pixel to display the Facebook ads placed by us, on Facebook and within the
services of Facebook partners (so-called ‘Audience Network’ https://www.facebook.com/audiencenetwork/ ), only to
those users who have also shown an interest in our website or have particular
characteristics (for example, interest in particular topics or products that
appear when the web pages are visited), which we transmit to Facebook
(so-called ‘Custom Audiences’). With the help of the Facebook pixel, we would
also like to ensure that our Facebook ads are likely to be of interest to the
users and are not annoying. Furthermore, the Facebook pixel enables us to track
the effectiveness of the Facebook ads for statistical and market research
purposes, as we can see whether users were redirected to our website after
clicking a Facebook ad (so-called ‘conversion measurement’). ·Types of data processed: Usage data
(for example, web pages visited, interest in contents, access times),
meta/communications data (for example, device information, IP addresses),
location data (data that specifies the location of an end user’s device).
·Affected persons: Users (for
example, web page visitors, users of online services).
·Purposes of the processing: Tracking
(for example, interest-based/behavioural profiling, use of cookies), remarketing,
conversion tracking, interest-based and behavioural marketing, profiling
(creation of user profiles), conversion measurement (measurement of the
effectiveness of marketing measures), target audience creation (definition of
target audiences relevant for marketing purposes or other output of contents),
cross-device tracking (cross-device processing of user data for marketing
purposes).
·Security measures: IP masking
(IP address pseudonymisation).
·Legal bases: Consent
(Art. 6 para 1 page 1 lit. a GDPR), Legitimate interests (Art. 6 para 1 page 1
lit. f. GDPR).
Used services and service
providers:
·Facebook pixel: service
provider: https://www.facebook.com, Facebook
Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland,
parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; website: https://www.facebook.com; Data
Policy: https://www.facebook.com/about/privacy; Privacy
Shield (ensuring a level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active; opt-out
option: https://www.facebook.com/settings?tab=ads. 2.LinkedIn
3.Twitter
Our website uses the Twitter
button. This button is operated by Twitter Inc. (795 Folsom St., Suite 600, San
Francisco, CA 94107, USA). If you visit a page that has this button, it will
create a direct connection between your browser and the Twitter servers. We
have no influence on the nature or scope of the data that the plugin transfers
to the Twitter Inc. servers. According to Twitter Inc., they will only collect
and save your IP address. For more information on how Twitter Inc. uses your
personal data, click here: https://twitter.com/privacy?lang=en 4.YouTube
Among other providers, we use
YouTube to embed videos on our website. YouTube is operated by YouTube LLC,
which is headquartered at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube
is represented by Google Inc., which is headquartered at 1600 Amphitheatre
Parkway, Mountain View, CA 94043, USA. We use plugins provided by YouTube on
our website. If you access a page of our website on which one of these plugins
is installed, the plugin will create a connection to the YouTube servers in
order to display the plugin. As a result, the plugin tells the YouTube server
which of our pages you visited. If you are logged in to your YouTube account,
YouTube will allocate this information to your personal account. If you use the
plugin, e.g. by clicking the start button of a video, this information is also
allocated to your YouTube account. If you would like to prevent this information
from being connected to your account, log out of your YouTube account as well
as other accounts connected to the companies YouTube LLC and Google Inc. and
delete the associated cookies before accessing our website. For more
information about data processing and how YouTube (Google) protects your
privacy, click here: https://policies.google.com/privacy?hl=en&gl=de. 5.Pinterest
Our website includes the
Pinterest button from Pinterest Inc., 808 Brannan St, San Francisco, CA 94103,
USA. This button transmits your IP address to Pinterest. If you are logged in
to Pinterest in the same browser that you use to access our website, this
information can be linked to your account. When you click the “Pin It” plugin,
this information is also transmitted to Pinterest and published to your
account. You can adjust your Pinterest privacy settings at
http://pinterest.com/about/privacy/. If you do not consent to having your data
sent to Pinterest, log out of Pinterest in the browser that you are using to
visit our website.
6.AddThis
Our website uses social
plugins (“plugins”) from the bookmarking service AddThis, which is operated by
AddThis LLC, Inc. 8000 Westpark Drive, Suite 625, McLean, VA 2210, USA
“AddThis”). These plugins generally feature an AddThis logo, for example in the
form of a white plus sign on an orange background. For an overview of the
AddThis plugin and its appearance, click here: www.addthis.com/get/sharing When you
access a page on our website that contains one of these plugins, the browser
connects directly to the AddThis servers. The content of the plugin is directly
communicated to your browser and integrated into the page by AddThis. This
integration provides AddThis with information that your browser has accessed
the corresponding page of our website and saves a cookie on your end device to
identify your browser. This information (including the IP address) is directly
communicated from your browser to one of AddThis’ servers in the US and saved
there. AddThis uses the data to create anonymised user profiles that serve as
the basis for personalised, interest-based advertising for users who visit
websites with AddThis plugins. For information on the purpose and scope of the
data collection as well as further processing and use of the data by AddThis,
please refer to AddThis’ data privacy policy:
www.addthis.com/privacy/privacy-policy. If you object to AddThis collecting
your data, you can set an opt-out cookie which you can download by clicking the
following link: www.addthis.com/privacy/opt-out You can
also use browser extensions to completely block the AddThis plugin from
loading, e.g. with the NoScript script blocker (http://noscript.net/). 11.Registering for the Retailer area
0.Description
and scope of data processing
On our website we offer users
the opportunity to register by submitting their personal data. The data is
entered into the fields of the registration form and then transferred to and
stored by us. The data is not passed on to third parties. The following data is
recorded as part of the registration process:
Furthermore, when the retailer
submits his or her data for registration, the following data is also saved:
·The user’s IP address; however
this information is masked by a byte
·The date and time the user
registered
The user’s consent for the
processing of this data is obtained as part of the registration process.
1.Legal basis for data processing
The legal basis for the
processing of data with the consent of the user is point (a) of Article 6(1) of
the GDPR. If registration as a retailer is necessary for the performance of a
contract to which the retailer is party or required in order to take the
necessary steps prior to entering into a contract, then point (b) of Article
6(1) of the GDPR serves as an additional legal basis for the processing of the
data.
2.Purpose of data processing
The user must register in
order to gain access to specific content and in order to use specific services
on our website. The user must register in order to enter into or perform a
contract or carry out the necessary steps prior to entering into a contract.
3.Storage period
Data is deleted as soon as it
is no longer required for the purpose for which it was obtained. This is the
case for the data recorded as part of the registration process if the
registration on our website is cancelled or changed in some way.
4.Opt-out and disposal options
As a user, you have the option
to cancel your registration at any time. You can make changes to the personal
data concerning you that we have saved at any time. To delete your account,
please contact one of our employees using one of the contact options specified
in this data privacy policy. You can change or edit your data in the “My
Account” area of our website.
12.Newsletter
0.We
distinguish between two types of newsletter:
·Hama dealer newsletter for
exclusively registered trade customers
·Hama bargain market newsletter
for every visitor of the website
1.Description of the data processing
If you would like to receive
one of the newsletters offered on the website, we require an e-mail address
from you, as well as information that allows us to verify that you are the
owner of the e-mail address provided and agree to receive the newsletter. When
you subscribe to the newsletter, your e-mail address will be used by us, for
our own promotional purposes, until you unsubscribe. We use the e-mail
marketing software Emarsys for e-mail marketing. The data is stored on both the
Hama and Emarsys servers..
·With the Hama dealer
newsletter, you will receive several newsletters per month, informing you about
our new products, current top themes and exclusive offers. In addition to the
e-mail address, the user profile for the dealer newsletter is enhanced with
additional known customer master data. Furthermore, your user behaviour on the
website is analysed. The purpose is to provide you with a bespoke offer via the
newsletter. If you do not agree with the analysis of user behaviour, you can
object to it at any time and deactivate this functionality. For further
information please refer to VII. Analysis of user behaviour by Web Extend.
·With the Hama bargain market
newsletter we inform you about current offers approximately once a month. In
addition to the e-mail address, the user profile is only enhanced by the
additional, optional data you can enter in the registration form.
If you have subscribed to one
of our newsletters, the data you provided when registering will be used for the
purpose of sending our newsletter to you. Your data will not be disclosed to
third parties, except where such parties are partner companies that are
responsible for the technical process of sending out the newsletter. In these
cases, the scope of the transmitted data is, however, restricted to the
required minimum. Our data protection regulations are compliant with the
General Data Protection Regulation (GDPR) and the German Act to Adapt Data
Protection Law to Regulation (EU) 2016/679 and to Implement Directive (EU)
2016/680 (in German: DSAnpUG-EU).
2.Legal basis
for personal data processing
Art. 6 para 1 lit. a GDPR is
the legal basis for processing of the data after the user has subscribed to the
newsletter and where the user has given their consent.
3.Purpose of data processing
Hama dealer newsletter: we use
the data we collect to create a user profile to provide you with a newsletter
tailored to your interests. This is the only way for us to be able to offer you
the newsletter in a targeted way that is in line with your interests.
Hama bargain market
newsletter: the user’s e-mail address is collected to deliver the newsletter.
The collection of other personal data during the registration process serves to
prevent misuse of the services or the e-mail address used.
4.Data storage period
The data is deleted as soon as
it is no longer required for the purpose for which it was collected.
5.Objection and removal
Hama dealer newsletter: If you
do not wish to receive personalised advertising, you can object at any time.
Simply deactivate the Web Extend data collection script under My Account. Please
note that this may lead to limited functionality. Furthermore, the newsletter
subscription can be cancelled by the user at any time. You will find a
corresponding link for this purpose at the end of the newsletter. You can also
send a cancellation by e-mail to news@reply.hama.de. Hama bargain market
newsletter: the user can cancel their subscription to the newsletter at any
time. You will find a corresponding link for this purpose at the end of the
newsletter. You can also send a cancellation by e-mail to news@reply.hama.de. 13.Google Tag Manager
Google Tag Manager is a
solution we use to manage website tags via an interface in order to be able to
integrate Google Marketing services into our online presence. The Tag Manager
itself (which implements the tags) does not process any of the user's personal
data. With regard to the processing of the user's personal data, reference is
made to the following information regarding Google services. Usage policy: https://www.google.com/intl/de/tagmanager/use-policy.html. 14.Google Maps
This site uses the Google Maps
map service via an API. It is operated by Google Inc., 1600 Amphitheatre
Parkway, Mountain View, CA 94043, USA. To use Google Maps, it is necessary to
save your IP address. This information is generally transmitted to a Google
server in the USA and stored there. The provider of this site has no influence
on this data transfer. The use of Google Maps is in the interest of making our
website appealing and to facilitate the location of places specified by us on
the website. This constitutes a justified interest pursuant to Art. 6 (1)
sentence 1 lit. f GDPR. Further information about handling user data, can be
found in the data protection declaration of Google at https://www.google.de/intl/de/policies/privacy/. 15.Google reCAPTCHA
Based on our legitimate
interest in the prevention of spam and abuse, we also use the reCAPTCHA feature
of Google on Jimdo websites. This function is primarily used to distinguish
whether an input is made by a natural person or abusive by automated
processing. The service includes the sending of the IP address and possibly
other data required by Google for the reCAPTCHA service to Google. Additional
information about Google reCAPTCHA and Google's privacy policy can be found at:
https://policies.google.com/privacy. 16.OpenStreetMap
This site uses
the Open-Source-Mapping-Tool „OpenStreetMap“ (OSM) map service
via an API. It is operated by the OpenStreetMap
Foundation. To use „OpenStreetMap“
(OSM), it is necessary to save your IP address. This information is generally
transmitted to an „OpenStreetMap“ (OSM) server and stored there. The provider
of this site has no influence on this data transfer. The use
of „OpenStreetMap“ (OSM) is in the interest of making our website
appealing and to facilitate the location of places specified by us on the
website. This constitutes a justified interest pursuant to Art. 6 (1) (f)
DSGVO. Further information about handling user data, can be found in the data protection
declaration of OpenStreetMap or here http://wiki.openstreetmap.org/wiki/Legal_FAQ. 17.Use of WhatsApp Business
In order to improve our
customer service, we use the service provider MessageBird, MessageBird B.V.,
Trompenburgstraat 2C, 1079 TX Amsterdam, The Netherlands, to provide and
initiate communication through WhatsApp, a service of WhatsApp, Inc., 1601
Willow Road, Menlo Park, California 94025, USA, privacy policy at
https://www.whatsapp.com/legal/business-data-processing-terms/?lang=en. When you
communicate with us through WhatsApp, we collect and store information such as
your name and surname, telephone number and chat or message history. The legal
basis for data processing is Art. 6 (1) (f) of the GDPR, whereby our legitimate
interests are better customer service and the efficiency of processing customer
enquiries. 18.Webanalyse durch Amazon Pixel
This website uses the web
analysis services Amazon Conversion Pixel and Amazon Remarketing Pixel
developed by Amazon.com, Inc., 410 Terry Ave. North Seattle, WA, USA.
When you visit this website,
Amazon receives the information that you have accessed our website. For this
purpose, Amazon downloads a so-called web beacon (invisible graphics), thereby
setting a cookie on your computer. The data specified under the ‘Data
processing on this website’ section of this Policy is then transmitted to
Amazon. The IP address communicated by your browser in this respect is not
combined with other Amazon data.
Amazon uses the cookie placed
on your computer to recognise you on other websites, in apps and within Amazon
services, and to provide you with personalised advertising, where appropriate.
You can prevent cookies from
being stored on your computer by adjusting your browser settings accordingly.
We must point out, however, that in this case not all functions of this
website, such as the shopping cart, may be available to you to their full
extent. You can also prevent the collection of data generated by the cookie and
related to your use of the website for Amazon, as well as the processing of
this data by Amazon, by clicking on this link and selecting the setting ‘Do not
personalise ads from Amazon for this Internet browser’: https://www.amazon.de/adprefs.
Alternatively, you can select the appropriate settings at: http://www.youronlinechoices.com. An opt-out cookie is then
activated in your browser, which prevents your data from being collected by
Amazon Pixel when you visit our website in future. This applies until such time
as you delete the opt-out cookie.
We have no influence over the
data collected, nor are we aware of the full scope of data collection. This
data is transferred to the USA and evaluated there.
Further information on the
purpose and scope of data collection and processing and further information on
your rights in this connection and the setting options to protect your privacy
is set out in the above Privacy Policy and is available from: Amazon EU
S.à.r.l, Amazon Services Europe S.à.r. l. and Amazon Media EU S.à.r. l., all
located at 5, Rue Plaetis, 2338 Luxembourg; email: ad-feedback@amazon.de. Amazon.de
GmbH, Marcel-Breuer-Str. 12, 80807 Munich is commissioned as the data
processor. 19.Use of smart home products;
Use of fitness tracking products
0.Smart Home Products
Our smart home software
partner and its subsidiaries recognize that our customers' privacy is important
and takes it seriously.
The privacy policy of our
smart home software partner describes how he collects, receives, uses, stores
and shares your data when you use the various services of our smart home
software partner. The services may contain links to other websites or online
services that are operated and maintained by third parties and that are not
under the control of or maintained by our smart home software partner. The
privacy policy of our smart home software partner does not apply to the way in
which third parties collect, use, disclose or store information. We recommend
that you check the data protection guidelines of the websites or services of
these third-party providers.
The privacy policy of our
smart home software partner also includes information on how it processes data
that it receives on behalf of and under the guidance of its customers via
mobile applications from its customers' OEM brands. The processing of such data
is limited to the purpose of providing his service for which he has been commissioned
by his customers.
You are not obliged to provide
your personal data to our smart home software partner. However, certain
products and / or services of our smart home software partner may not be made
available to you if you refuse to provide such data. You can find more details
on the data protection guidelines of our smart home software partner at: data protection declaration for
smart home software partners 1.Fitness Tracker
Hama FIT-App
Pro der Shenzhen DO Intelligent Technology Co., Ltd, 11th Floor, 3# Buidling,
Guole Tech Park,Lirong Road,Dalang / 518109 Longhua District,Shenzhen / CHINA
VeryFitPro understands the
importance of privacy and takes the greatest care to protect your privacy.
Please take note of the privacy policy, which can be accessed via the link
below, before submitting personal or private data to VeryFitPro.
Please note that this policy
only applies to VeryFitPro consumer electronics and associated data cards,
computer applications, tools, software, web sites, and services that display or
refer to this policy. This policy describes how VeryFitPro processes your
personal and private data and confirms its commitment to protecting your
privacy. More details on the privacy policy can be found here Hama FIT-App
der Fa. Shenzhen Keeprapid Co., Ltd, 1103, C Building, Shennan Huayuan, Nanshan
,Shenzhen
The provider respects and
protects the privacy of all users who use its service.
In order to be able to offer you more precise and personalized services, the
provider will use your personal data in accordance with the privacy policy
which can be accessed via the link below. The provider will treat this
information with a high degree of care and caution. Unless otherwise stated in
the privacy policy, the provider will not disclose the information to third
parties without your prior consent. The provider will update the privacy policy
from time to time. By accepting this Application Services User Agreement, it is
assumed that you have consented to all of the contents of the Privacy Policy.
This Privacy Policy is an integral part of this Application Service Agreement. More details on the privacy policy
can be found here
20.Legal regulations or
contractual provisions for the provision of personal data; necessity for the
conclusion of a contract; obligation of the data subject to provide personal
data; possible consequences of failure to provide data
The provision of personal data
is legally required in some cases (e.g. in tax law) or is delineated in
contractual provisions.
In order to conclude a contract, it may be necessary to provide us with
personal data that we need to process for this purpose. Without the provision
of this data, it may be impossible to conclude the contract.
For more information about the
necessity of the provision of personal data with regards to a specific case,
you can contact our employees at any time. Our employees will also inform you
as to the possible consequences of the failure to provide this data.
21.Name and address of the data
security officer
The data security officer of
the controller is: