• the type of personal data processed;
• the purposes and means of processing personal data;
• the identity and contact details of the controller (s);
• The contact details of the data protection officer;
• To all third parties involved in the editing activities;
• the storage period of personal data;
• The security measures taken to protect personal data;
• To the privacy rights of users.
Users younger than 16 (sixteen) years of age can not consent to the processing of personal data without parental consent.
R E S P O N S I B L E
According to the GDPR, the person responsible is the one who alone or together with others decides on the purposes and means of processing personal data.
Responsible for the processing in connection with the activities of the website is:
DANNY DELUXE, Paul-Heyse-Str. 25, 80336 Munich;
The person responsible for the treatment of the data is:
DANNY DELUXE, Paul-Heyse-Str. 25, 80336 Munich;
A Data Protection Officer has been appointed to ensure that the Website processes personal data in accordance with the GDPR. The data protection officer can be contacted for further questions at the following e-mail address: email@example.com
With respect to personal data of unregistered users who have received newsletters and marketing communications, DANNY DELUXE is the sole responsible person.
P E R S O N A L D A T A - P R O C E S S I N G P U R P O S E S
"Personal Information" is any information that relates to and personally identifies users, either alone or in conjunction with other information.
Personal data is collected automatically from the website or obtained from various sources: forms, chat, email, apps, devices, social media and other media.
The website processes personal data in various forms for the following purposes:
B R O W S I N G - D A T A
The website automatically collects non-sensitive browser data in order to facilitate and improve the user's navigation (eg IP address, date / time of visit and its duration, any referring URL, the pages accessed on the website, the device used and other information).
The processing of this information allows users to access the site and take full advantage of its features and services. In addition, browser data can be used to verify the proper functioning of the website.
Occasionally, browser data is processed anonymously for statistical purposes.
It is unlikely that the data subject can be identified by the browser data. By their very nature, browser data in combination with other information is generally useful for identifying users.
The browser data described above will only be temporarily stored in accordance with applicable laws.
O R D E R S
At the checkout the website asks users to provide personal data for the essential purpose of processing their orders and fulfillment of contractual obligations (e.g., first and last name, e-mail address, delivery address, etc.).
Such personal information is also essential for customer service to assist customers with inquiries and any related matters before or after purchase (for example, order delivery status or product shipments).
Personal data relating to orders will be stored for as long as necessary to fulfill the contractual obligations and the financial and tax reporting requirements.
In addition, to prevent fraudulent activity or in accordance with applicable anti-money laundering laws, the Website may review the payment instruments used by customers to purchase on the Website (such as credit or debit cards, etc.). Because the payment verification process fully relies on external payment processors, those responsible do not process or store customer financial information.
If you do not provide the personal information required at check-out, you will not be able to complete an order on the website.
Because of their legitimate interest in improving their relationship with customers, the site will send the latter e-mail messages with product suggestions, discounts, feedback requests, or other updates. The customer is at any time free to cancel the receipt of such e-mails (for example by clicking on the "unsubscribe link" at the end of each e-mail).
R E G I S T R A T I O N O N T H E W E B S I T E
When a user chooses to register for a personal website account, they are asked to provide personal information (eg date of birth, gender, etc.). The website clearly indicates which personal information is required (or not) to set up a website account.
Users must provide truthful and accurate information when registering and are requested to keep their personal information up-to-date (in case of changes) by logging into their personal account and making any relevant changes.
Users who choose to activate their website account through a social media account or log in to their website account via such an account should be aware that if the website connects to their website Website account and a social media account collects certain personal information that the user has already submitted to this social media (eg, the email address and public profile on Facebook).
Responsible persons do not control or monitor such social media services or user profiles on these services and do not specify privacy settings or rules for the use of personal information on those services. Users are strongly encouraged to read all policies and information about their social media services to learn more about how they process personal information.
N E W S L E T T E R S A N D M A R K E T I N G C O M M U N I C A T I O N S
Users can decide on the website if they want to receive newsletters and commercial communications or not.
The Website always seeks the express, free, and unambiguous consent of users before sending any newsletters and marketing communications to these users, or generally before conducting any electronic marketing initiatives that are appropriate to those users.
In such cases, users may be required to enter additional personal information (e.g., gender, country of residence, etc.) in addition to their email address in order to tailor newsletters and marketing communications to the user profile.
Users may revoke their consent to the sending of newsletters and commercial communications at any time in the following ways:
• via your account settings;
• By clicking on the link "unsuscribe / unsubscribe" in the respective e-mail;
• By contacting Customer Service.
With respect to personal data of unregistered users who have chosen to receive newsletters and marketing communications, DANNY DELUXE is the sole person responsible.
P R O F I L I N G
With the express consent of the user, newsletters and marketing communications may be tailored to the "user profile" based on the personal information that the website collects or receives about each user.
With respect to the customers of the website, there is a legitimate interest in the website to process personal data in order to offer other interesting products in order to improve the website and to personalize the products offered on the website.
The main purpose of profiling is to propose products, services and initiatives that are better adapted to the tastes, shopping habits and interests of users and customers.
Personal data may also be used for remarketing, retargeting or profiling, including through third parties (e.g., social networks, etc.).
Neither the website nor the people in charge will ever be profiling children.
C O O K I E S
Information on the cookies used on the website is available at the following link:
T R A N S F E R O F P E R S O N A L D A T A
Those responsible may disclose personal data from customers to external, first-class suppliers who act as 'processors' (the 'processors') in the performance of their business to fulfill their contractual obligations.
Those responsible will do their utmost to ensure that all processors use their customary personal data protection practices and that they do not use personal data for purposes other than those agreed with those responsible.
For example, those responsible may disclose personal information to the following categories of processors:
• couriers and postal companies;
• fulfillment centers and warehouses;
• advertising, digital, marketing and social media agencies;
• IT service providers;
• customer care service providers;
• Payment service provider.
In such cases, the transfer of personal data to the processor is necessary to enable those responsible to fulfill their contractual obligations and to improve the website's products and services.
Users may request an updated list of processors involved in the processing of personal data relevant to the website's activities by sending an e-mail to: firstname.lastname@example.org
Responsible persons must always reserve the right to disclose personal information about users, if required by law (eg in response to law enforcement requests), and if necessary to protect the rights of those responsible or with them affiliated companies or third parties.
In addition, Personal Information may be disclosed to other companies within the same group of companies of the relevant controller or to third parties in the event of a company restructuring, but always in full compliance with applicable law.
In all other cases, the transfer of personal data is subject to the prior and explicit consent of the user, unless processing is permitted on a different legal basis.
Persons responsible will not transfer personal data to countries outside the European Economic Area (EEA) unless the user has expressly consented to such transfer or the transfer of personal data to countries outside the EEA is permitted under the GDPR or on any other legal basis.
P R O C E S S I N G M E T H O D S A N D S A F E T Y M E A S U R E S
The personal data of users are processed by those responsible using IT, automated and electronic tools and in limited cases using documentary means. In accordance with the GDPR, specific security measures have been implemented to prevent data loss, unlawful or misuse and unauthorized access.
Only authorized employees of the controllers and authorized third-party employees who act as processors on behalf of the persons responsible receive access to personal data in connection with the activities of the website. There are data processing contracts with the processors to ensure that they always comply with the level of security required by the GDPR when processing personal data in connection with the website's activities.
Although the site takes strict security measures to prevent the loss, destruction or distribution of personal information, it can not exclude the security risks inherent in the online transmission of data. The user accepts the risks associated with the provision of personal information over the Internet and undertakes not to hold the site responsible for any breach of security, unless this breach is due to the negligence or intent of the site.
S T O R A G E O F P E R S O N A L D A T A
Persons responsible retain personal data for as long as is necessary to provide users and customers with the necessary services or to meet legal or tax obligations or for the minimum period of storage required by law.
To determine the appropriate retention period for personal information stored by the site with the consent of the user, those responsible will consider various factors to ensure that personal information is no longer stored as necessary or appropriate. These criteria include:
• The purpose for which the Website stores personal information;
• legal, tax and regulatory obligations relating to such personal information;
• the nature of the ongoing relationship with the user or customer concerned (how often the user logs in to his or her website account, whether he or she continues to receive marketing communications, how regularly he or she browses the website or shop on the website, etc.);
• Specific customer requests for the deletion of personal data;
• legitimate business interests.
The website immediately deletes or anonymizes personal data that is no longer needed or no longer needs to be stored by law.
C O N N E C T I O N T O E X T E R N A L W E B S I T E S O R
P L A T F O R M S
The website may contain banners, advertising messages and other links to websites or third-party platforms. The persons responsible can not control the behavior of such websites or third party platforms under data protection aspects and therefore they can not be held liable in this regard. Users are encouraged to read the privacy statements of these websites or third parties in order to understand how personally identifiable information is collected and processed.
T H E R I G H T S O F T H E U S E R S
Users have the right to receive a confirmation as to whether the persons responsible have stored personal data about themselves.
If this is the case, the users also have the right under DSGVO:
• to be informed about the collection and use of their personal data;
• access their personal data free of charge;
• request the correction or addition (if not complete) of non-applicable personal data;
• to ask for the deletion of personal data ("the right to be forgotten");
• to request the restriction or suppression of their personal data in certain circumstances;
• to obtain their personal data and reuse it for their own purposes in different services, if the processing is based on a contract or consent and the processing is automatic ("the right to data portability");
• in certain circumstances object to the processing of their personal data;
• object at any time to the use of personal data for the purposes of "profiling" or "automated decision-making";
• lodge a complaint with the competent supervisory authority regarding the collection and the person responsible for personal data;
• revoke their consent to the processing of personal data at any time.
Users may contact the Site for any request and exercise of their privacy rights at the following e-mail address: email@example.com
M O D I F I C A T I O N O F T H I S P R I V A C Y P O L I C Y
Last update: May 2018