The following text is an automatically-generated translation, provided for your convenience. The German version of our Privacy Policy is legally-binding and can be found here: Privacy Policy
Last updated April 2024
Contents
I. Name and address of the data controller
II. Contact details of the data protection officer
III. General information on data processing
IV. Rights of the data subject
V. Provision of the website and creation of log files
VI. Use of cookies
VII. Registration
VIII. Payment options
IX. Shipping service providers
X. Returns processing
XI. Logistics company
XII. Newsletter
XII. Email contact
XIV. Contact form
XV. Sending of SMS messages
XVI. Data protection notice on the use of WhatsApp
XVII. Application by email and application form
XVIII. Corporate presence
XIX. Use of corporate profiles on career-oriented networks
XX. Webshop and Hosting
XXI. Geotargeting
XXII. Content Delivery Networks
XXIII. Plugins used
XXIV. Duty to inform customers and prospects
I. Name and address of the data controller
The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is the:
More than oceans apart GmbH
Glücksteinallee 43
68163 Mannheim
+49 30 255 585757
info@oceansapart.com
www.oceansapart.com/de
II. Contact details of the data protection officer
The data protection officer of the controller is
DataCo GmbH
Dachauer Straße 65
80335 Munich
Germany
www.dataguard.de
III. General information on data processing
1. Scope of the processing of personal data
We only process the personal data of our users insofar as this is necessary to provide a functional website and our content and services. The processing of our users' personal data only takes place regularly with the user's consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is required by law.
2. The legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 sentence 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis.
When processing personal data that is necessary for the fulfilment of a contract to which the data subject is a party, Art. 6 para. 1 sentence 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 sentence 1 lit. c GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 sentence 1 lit. d GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 sentence 1 lit. f GDPR serves as the legal basis for the processing.
3. Data erasure and storage duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.
4. Data processing for advertising purposes
We may - even without your express consent - send you advertising content by e-mail that contains goods/services similar to those that you have already purchased from us in the past. We hereby inform you about the possibility of using your e-mail address for this purpose and about your existing rights in this regard within the framework of this data protection declaration: OCEANSAPART also uses your e-mail address for product recommendations that are similar to your previous purchases from OCEANSAPART. You can object to this procedure at any time by sending an e-mail to support@oceansapart.com without incurring any costs other than the transmission costs according to the basic tariffs.
Furthermore, at the end of each e-mail you will be given the opportunity to object to the future use of your e-mail address by us for the aforementioned purpose (advertising of comparable goods and services).
The legal basis for the data processing described above is Section 7(3) UWG and Article 6(1)(f) GDPR.
IV. Rights of the data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
1. Right to information
You can request confirmation from the controller as to whether personal data concerning you is being processed by the controller.
If such processing is taking place, you can request the following information from the controller:
- the purposes for which the personal data are processed; the categories of personal data which are processed;
- the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
- the envisaged period for which the personal data concerning you will be stored, or, if specific information on this is not possible, the criteria used to determine that period;
- the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
- the existence of a right of appeal to a supervisory authority;
- all available information on the origin of the data if the personal data are not collected from the data subject;
- the existence of automated decision-making including profiling in accordance with Art. 22 para. 1 and 4 GDPR and, at least in these cases, meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.
This right of access may be restricted to the extent that it is likely to render impossible or seriously impair the realisation of the research or statistical purposes and the restriction is necessary for the fulfilment of the research or statistical purposes.
2. Right to rectification
You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you is incorrect or incomplete. The controller must make the correction without delay.
Your right to rectification may be restricted to the extent that it is likely to render impossible or seriously impair the realisation of the research or statistical purposes and the restriction is necessary for the fulfilment of the research or statistical purposes.
3. Right to restriction of processing
You may request the restriction of the processing of your personal data under the following conditions:
- if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
- the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims, or
- if you have objected to processing pursuant to Art. 21 para. 1 GDPR and it is not yet certain whether the legitimate reasons of the controller outweigh your reasons.
If the processing of personal data concerning you has been restricted, this data - apart from its storage - may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
Your right to restriction of processing may be limited to the extent that it is likely to render impossible or seriously impair the realisation of the research or statistical purposes and the restriction is necessary for the fulfilment of the research or statistical purposes.
4. Right to cancellation
a) Cancellation obligation
You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
- The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 sentence 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing.
- You object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 para. 2 GDPR.
- The personal data concerning you has been processed unlawfully.
- The deletion of personal data concerning you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.
- The personal data concerning you have been collected in relation to the offer of information society services referred to in Article 8 para. 1 GDPR.
b) Information to third parties
If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Art. 17 para. 1 GDPR, it shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that you as the data subject have requested the erasure of all links to this personal data or of copies or replications of this personal data.
c) Exceptions
The right to erasure does not exist if the processing is necessary
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the area of public health pursuant to Art.
for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
- for the establishment, exercise or defense of legal claims.
5. Right to information
If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed about these recipients by the controller.
6. Right to data portability
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where
- the processing is based on consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR and
- the processing is carried out using automated procedures.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons must not be affected by this.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right of objection
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.
The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
Notwithstanding Directive 2002/58/EC, you have the option of exercising your right to object in connection with the use of information society services by means of automated procedures that use technical specifications.
You also have the right to object, on grounds relating to your particular situation, to processing of personal data concerning you which is carried out for scientific or historical research purposes or statistical purposes pursuant to Art. 89 (1) GDPR.
Your right to object may be restricted to the extent that it is likely to render impossible or seriously impair the realisation of the research or statistical purposes and the restriction is necessary for the fulfilment of the research or statistical purposes.
8. Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
9. Automated decision-making in individual cases including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
1. is necessary for the conclusion or performance of a contract between you and the controller,
2. is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or
3. is based on your explicit consent.
However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or b GDPR applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.
In the cases referred to in 1. and 3. above, the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
V. Provision of the website and creation of log files
1. Description and scope of the data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.
The following data is collected:
- Information about the browser type and version used
- The user's operating system
- The user's Internet service provider
- The user's IP address
- Date and time of access
- Websites from which the user's system accesses our website
- Websites that are accessed by the user's system via our website
This data is stored in the log files of our system. This data is not stored together with other personal data of the user.
2. Purpose of data processing
Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.
Data is stored in log files to ensure the functionality of the website. We also use the data to optimise the website and to ensure the security of our information technology systems. The data is not analysed for marketing purposes in this context.
These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.
3. The legal basis for the processing of data
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 sentence 1 lit. f GDPR.
4. Duration of storage
The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
If the data is stored in log files, this is the case after 90 days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymised so that it is no longer possible to identify the accessing client.
5. Option of objection and data removal
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user has no option to object.
VI. Use of cookies
1. Description and scope of the data processing
Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.
We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page change.
The following data is stored and transmitted in the cookies:
- Language settings
- Log-in information
We also use cookies on our website that enable us to analyse the surfing behaviour of users.
The following data can be transmitted in this way:
- Search terms entered
- Frequency of page views
- Utilisation of website functions
The user data collected in this way is pseudonymised by technical precautions. It is therefore no longer possible to assign the data to the accessing user. The data is not stored together with other personal user data.
2. Purpose of data processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary for the browser to be recognized even after a page change.
We need cookies for the following applications:
- Adoption of language settings
- Remembering search terms
The user data collected by technically necessary cookies is not used to create user profiles.
The purpose of using analytics cookies is to improve the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimise our offer.
3. The legal basis for the processing of data
The legal basis for the processing of personal data using cookies that are not necessary for the operation of the website is Art. 6 para. 1 sentence 1 lit. a GDPR.
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 sentence 1 lit. f GDPR.
4. Duration of storage, Option to objection and data removal
Cookies are stored on the user's computer and transmitted by it to our website. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.
If you use a Safari browser version 12.1 or higher, cookies are automatically deleted after seven days. This also applies to opt-out cookies, which are set to prevent tracking measures.
VII. Registration
1. Description and scope of data processing
On our website, we offer users the opportunity to register by providing personal data. The data is entered into an input mask and transmitted to us and stored. The data is not passed on to third parties. The following data is collected as part of the registration process:
- Email address
- Surname
- First name
- User name
- Address
- Telephone / mobile phone number
- IP address of the accessing computer
- Date and time of registration
2. Purpose of data processing
User registration is required for the provision of certain content and services on our website. Registration is voluntary, it is not required.
3. The legal basis for the processing of data
The legal basis for the processing of the data is Art. 6 para. 1 sentence 1 lit. a GDPR if the user has given consent.
4. Duration of storage
The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected.
This is the case for the data collected during the registration process if the registration on our website is cancelled or amended.
5. Option of objection and data removal
As a user, you have the option of cancelling your registration at any time. To do so, send an informal email to support@oceansapart.com. You can have the data stored about you amended at any time.
VIII. Payment options
1. Description and scope of data processing
We offer our customers various payment options for processing their orders. Depending on the payment option, we forward customers to the platform of the relevant payment service provider. Once the payment process has been completed, we receive the customer's payment details from the payment service provider or our bank and process them in our systems for invoicing and accounting purposes.
Payment via Amazon Pay
1. Scope of the processing of personal data
It is possible to process the payment transaction with the payment service provider AmazonPay. AmazonPay makes it possible to make online payments to third parties by using the payment and shipping information stored in your Amazon account.
The European operating company of AmazonPay is Amazon Payments Europe s.c.a., 38 avenue J.F. Kennedy, L-1855 Luxembourg. If you already have an Amazon.de customer account, you can pay immediately using the payment method stored there - either by direct debit or credit card. To do this, you need to log in to your Amazon account.
AmazonPay does not pass on the payment details stored in your Amazon.de customer account to us and you do not have to enter them when placing an order. You will not incur any additional costs when paying via Amazon. Data may be transferred to Amazon servers in the USA. Amazon has submitted to the Privacy Shield agreement concluded between the European Union and the USA and is certified. Amazon thereby undertakes to comply with the standards and regulations of European data protection law. You can find more information in the following linked entry:
https://www.privacyshield.gov/participant?id=a2zt0000000TOWQAA4&status=Active
2. Purpose of data processing
We use AmazonPay for payment processing and invoicing.
3. Legal basis for the processing of personal data
The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. b GDPR, as the processing of the data is necessary for the execution of the concluded purchase contract.
4. Duration of storage
All payment data and data on any chargebacks will only be stored for as long as they are required for payment processing and possible processing of chargebacks and debt collection as well as to combat misuse.
Furthermore, payment data may be stored beyond this if and as long as this is necessary to comply with statutory retention periods or to prosecute a specific case of misuse.
Your personal data will be deleted upon expiry of the statutory retention obligations, i.e. after 10 years at the latest.
5. Option of objection and data removal
You can object to the processing of your payment data at any time by notifying the controller or the payment service provider used. However, the payment service provider used may continue to be authorised to process your payment data if and for as long as this is necessary to process payments in accordance with the contract.
Payment by Klarna
1. Scope of the processing of personal data
It is possible to process the payment transaction with the payment service provider Klarna.
Klarna is a payment service provider that enables purchase on account or payment by instalments.
Klarna's European operating company is Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden.
If you select "purchase on account" or "instalment purchase" as a payment option as part of the transaction via Klarna, your personal data will be automatically transmitted to Klarna. The personal data transmitted to Klarna includes in particular:
- first name
- surname
- address
- date of birth
- gender
- Email address
- IP address
- Telephone/mobile phone number
- Bank details
- Credit card number incl. expiry date and CVC code
- Number of items
- Item number
- Data on goods and/or services
- Transaction amount and tax charges
The transmission of the data is intended in particular for identity verification, payment administration and fraud prevention. The personal data exchanged between Klarna and us may be transmitted by Klarna to credit agencies.
The purpose of this transfer is to check identity and creditworthiness. Klarna may also pass on personal data to affiliated companies (Klarna Group) and service providers or subcontractors if this is necessary to fulfil contractual obligations or if the data is to be processed on behalf of Klarna.
Further information on the processing of your data by Klarna can be found in Klarna's privacy policy at: https://cdn.klarna.com/1.0/shared/content/policy/data/de_de/data_protection.pdf.
2. Purpose of data processing
We use Klarna for payment processing and invoicing.
3. Legal basis for the processing of personal data
The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. b GDPR, as the processing of the data is necessary for the execution of the concluded purchase contract.
4. Duration of storage
All payment data and data on any chargebacks will only be stored for as long as they are required for payment processing and possible processing of chargebacks and debt collection as well as to combat misuse.
Furthermore, payment data may be stored beyond this if and as long as this is necessary to comply with statutory retention periods or to prosecute a specific case of misuse.
Your personal data will be deleted upon expiry of the statutory retention obligations, i.e. after 10 years at the latest.
5. Option of objection and data removal
You can object to the processing of your payment data at any time by notifying the controller or the payment service provider used. However, the payment service provider used may continue to be authorised to process your payment data if and for as long as this is necessary to process payments in accordance with the contract.
Payment via PayPal
1. Scope of the processing of personal data
It is possible to complete the payment process with the payment service provider PayPal. In addition to a direct payment method, PayPal also offers purchase on account, direct debit, credit card and payment by instalments.
The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg.
If you choose PayPal as your payment method, your data required for the payment process will be automatically transmitted to PayPal.
In particular, this involved the following data:
- Name
- Address
- Email address
- Telephone / mobile phone number
- IP address
- Bank details
- Card number
- Validity date and CVC code
- Number of items
- Item number
- Data on goods and services
- Transaction amount and tax charges
- Information on previous purchasing behaviour
The data transmitted to PayPal may be transmitted by PayPal to credit agencies. The purpose of this transmission is to check identity and creditworthiness.
PayPal may also pass on your data to third parties if this is necessary to fulfil contractual obligations or if the data is to be processed on our behalf. When transferring your personal data within companies affiliated with PayPal, the Binding Corporate Rules approved by the competent supervisory authorities apply. You can find them here: https://www.paypal.com/de/webapps/mpp/ua/bcr. Other data transfers may be based on contractual safeguards. For more information, please contact PayPal.
All PayPal transactions are subject to PayPal's privacy policy. You can find this at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full/.
2. Purpose of data processing
We use PayPal for payment processing and invoicing.
3. Legal basis for the processing of personal data
The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. b GDPR, as the processing of the data is necessary for the execution of the concluded purchase contract.
4. Duration of storage
All payment data and data on any chargebacks will only be stored for as long as they are required for payment processing and possible processing of chargebacks and debt collection as well as to combat misuse.
Furthermore, payment data may be stored beyond this if and as long as this is necessary to comply with statutory retention periods or to prosecute a specific case of misuse.
Your personal data will be deleted upon expiry of the statutory retention obligations, i.e. after 10 years at the latest.
5. Option of objection and data removal
You can object to the processing of your payment data at any time by notifying the controller or the payment service provider used. However, the payment service provider used may continue to be authorised to process your payment data if and for as long as this is necessary to process payments in accordance with the contract.
Payment methods provided by Shopify Payments
We use the payment service provider "Shopify Payments", 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you choose a payment method provided by the payment service provider Shopify Payments, the payment will be processed by the technical service provider Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we pass on your information provided during the ordering process together with the information about your order (name, address, account number, bank code, credit card number if applicable, invoice amount, currency and transaction number) in accordance with Art. 6 para. 1 lit. b GDPR. Your data will only be passed on for the purpose of payment processing with Stripe Payments Europe Ltd. and only to the extent that it is necessary for this purpose. You can find more information about Shopify Payments' data protection at the following Internet address: https://www.shopify.com/legal/privacy. Data protection information on Stripe Payments Europe Ltd. can be found here: https://stripe.com/de/privacy.
The following payment methods are provided by Shopify Payments:
- Payment by credit card
- Payment by Shop Pay
- Payment by Apple Pay
- Payment by Google Pay
IX. Shipping service provider
1. Description and scope of data processing
If you order products or services on our website for which a shipping service provider is used for delivery, you will receive your order and shipping confirmation via your e-mail address and, depending on the respective shipping service provider, notification that your shipment has arrived and/or notification of the parcel announcement and possible delivery options.
The data is transmitted to the following service providers:
- DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany
- DHL Express Germany GmbH, Heinrich-Brüning-Str. 5, 53113 Bonn, Germany
- UPS Europa SA, Ave Ariane 5, Brussels, B-1200, Belgium
- ParcelOne GmbH, Am Pfahlgraben 4-10, 35415 Pohlheim-Garbenteich, Germany
- Colissimo Entreprise, 9 rue du Colonel Pierre Avia, 75015 Paris
- BRT S.P.A., Via Tiziano 32, 20145 Milano, Italy
Depending on the country of destination, the parcel is forwarded by different last mile carriers, to whom the data is also forwarded. These are the following service providers:
- Celeritas, Avenida de Valdelaparra, 29 28108, Alcobendas Madrid
- bPost, Anspachlaan/Boulevard Anspach 1, box 1 – 1000 Brussels
- Magyar Posta, H- 1560 Budapest, Hungary
- Hrvatska pošta, Poštanska ulica 9, HR-10410 Velika Gorica
- Express GR, 44 Alimou Ave. & 17 Roma St., Alimos, Athens, 174 55, Greece
- CTT Expresso, 2688-001, PRIOR VELHO Portugal
- Parcel Portugal, Av. Álvaro Cunhal 6, 2660-341 Santo António dos Cavaleiros, Portugal
- Pošta Slovenije, Slomskov trg 10, 2000 Maribor, Slovenia
- Itella, Pirklių g. 5, LT-02300 Vilnius
- Rapido, Industrial Street 11, Sofia, 1050, Bulgaria
- Bulgarian Posts, 1 Akad. Stefan Mladenov str./blvd. Studentski Grad Distr., Bl. No 31 Sofia, 1700 Bulgaria
- Cargus, Str. 11 lunie, nr. 14, sector 4, Bucharest, Romania; Postal code: 040172
- P&T Luxemburg, 38, place de la Gare, L-1616 Luxembourg
- PostNord Sverige AB, Terminalvägen 24, 171 73 Solna, Sverige
- Posti Ltd., P.O. Box 1, FI-00011 POSTI, Finland and Postintaival 7 A, FI-00230 Helsinki, Finland
- Anpost, O’connell Street Lower, Dublin 1, Co. Dublin, D01 F5P2
- Czech Post, Česká pošta, s.p., Politických vězňů 909/4, 225 99 Praha 1
- Slovak Parcel Service, Senecká cesta 1, 900 28 Ivanka pri Dunaji
- Cyprus Post, 100, Prodromou Street, 2063 Strovolos, Cyprus
- Malta Post p.l.c., 305, Triq Hal-Qormi, Marsa MTP 1001
- Post CH Netz AG, Contact Center Post, Wankdorfallee 4, 3030 Bern
- RoyalMail, 185 Farringdon Road, London, United Kingdom, EC1A 1AA
The transmitted data is regularly:
- Name
- Address
- Email address
- Telephone number
2. Purpose of data processing
The purpose of processing personal data is to enable shipping service providers to inform recipients about the progress of their consignment by email and thus increase the likelihood of successful delivery.
3. The legal basis for the processing of data
The legal basis for the transmission of the name and address is Art. 6 para. 1 lit. b GDPR.
The legal basis for the transmission of the email address and telephone number to the respective shipping service provider and their use is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.
4. Duration of storage
The transmitted data will be deleted by the respective shipping service provider once the parcel has been delivered.
5. Option of objection and data removal
The notification service provided by the dispatch service provider can be cancelled by the user concerned at any time. For this purpose, there is a corresponding opt-out link in every email.
X. Returns processing
1. Description and scope of data processing
To process returns, we use Trusted Returns, a service provided by Trusted Returns GmbH, Peter-Joseph-Lenné-Str. 5, D-51377 Leverkusen (hereinafter referred to as "Trusted Returns"). By integrating the service, you have the option of initiating a returns process directly on our website. For this purpose, customer data (first name, surname, address, e-mail address), data on the order and return as well as on dispatch and delivery are processed via the form provided and personal data are transmitted to Trusted Returns on the basis of our legitimate interest in the efficient processing of returns. On the basis of the software provided by Trusted Returns, we check the authorisation to return goods and work out the optimum returns solution for you.
2. The legal basis for the processing of data
The legal basis for this required data transfer is Article 6(1)(b) GDPR and in accordance with Article 6 para. 1 lit. f GDPR on the basis of our legitimate interest in effective and appropriate returns management.
3. Duration of storage
Once the returns process has been completed, the data provided will be deleted by Trusted Returns. We have concluded an order processing contract with Trusted Returns, in which we oblige Trusted Returns to protect your data in accordance with legal requirements. Details of Trusted Returns' privacy policy can be found here: https://trustedreturns.com/de.
4. Option of objection and data removal
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6 para. 1 GDPR.
XI. Logistics company
1. Description and scope of data processing
Logistics companies are commissioned for the purpose of transporting, storing, providing, procuring and distributing the products.
The data is transmitted to the following logistics companies:
- everstox GmbH, Ganghoferstr. 68b, 80339 Munich, Germany
- DeltiLog GmbH, Hägenstraße 3, 30559 Hanover, Germany
- Delticom AG, Brühlstr. 11, 30169 Hanover, Germany
- texdata software GmbH, Im Mittelfeld 1, 76135 Karlsruhe, Germany
- PARCEL.ONE GmbH, Am Pfahlgraben 4-10, 35415 Pohlheim-Garbenteich, Germany
The transmitted data is regularly:
- Browser type, browser version and browser language used
- Operating system of the user
- Internet service provider of the user
- IP address of the user
- Date and time of access
- Websites from which the user's system has reached your website
- Websites that are accessed by the user's system via your website
- Website from which the enquiry originates
- Name of the retrieved file
- Date and time of retrieval
- Amount of data transferred
- Notification of successful retrieval
- Website from which the forwarding took place
- Internet service provider
- Visited pages and requested domain
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the enquiry (specific page)
- Access status/HTTP status code
2. Purpose of data processing
The primary purpose of processing the data is to pursue our own business purposes. In principle, this data is processed to the extent necessary to provide a functional website, as well as the unrestricted provision of our content and fulfilment of our services. The data is also used to optimise the website and to ensure the security of the information technology systems.
Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.
Our legitimate interest in data processing pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR therefore also lies in the aforementioned purposes.
3. The legal basis for the processing of data
Insofar as consent is required for the processing of personal data, Art. 6 para. 1 sentence 1 lit. a GDPR serves as the legal basis.
Art. 6 para. 1 lit. b GDPR serves as the legal basis for the processing of personal data required for the fulfilment of a contract to which the data subject is a party.
If the data processing is necessary to safeguard a legitimate interest of our company or a third party and if the fundamental rights and freedoms of the data subject do not outweigh the interest of the former, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the data processing.
4. Duration of storage
The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymised so that it is no longer possible to identify the accessing client.
5. Option of objection and data removal
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. The user can object to this.
XII. Newsletter
1. Description and scope of data processing
You can subscribe to a free newsletter on our website. When you register for the newsletter, the data from the input mask is transmitted to us.
- Email address
- Surname
- First name
- IP address of the accessing computer
- Date and time of registration
- Date of birth
Data is transmitted to the provider Klaviyo to send the newsletter. Further information on this can be found under XXI. plugins used (use of Klaviyo) of this privacy policy.
2. Purpose of data processing
The purpose of collecting the user's email address is to send the newsletter.
The collection of other personal data as part of the registration process serves to prevent misuse of the services or the email address used.
3. The legal basis for the processing of data
The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 para. 1 sentence 1 lit. a GDPR if the user has given consent.
4. Duration of storage
The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. The user's email address is therefore stored for as long as the subscription to the newsletter is active.
5. Option of objection and data removal
The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose, there is a corresponding link in every newsletter.
This also makes it possible to withdraw consent to the storage of personal data collected during the registration process.
XIII. Email contact
1. Description and scope of data processing
It is possible to contact us via the email address provided on our website. In this case, the user's personal data transmitted with the email will be stored.
The data is used exclusively for processing the conversation.
2. Purpose of data processing
In the case of contact by email, this also constitutes the necessary legitimate interest in the processing of the data.
3. The legal basis for the processing of data
The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 lit. f GDPR. If the email contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
4. Duration of storage
The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. For personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
5. Option of objection and data removal
The user has the option to object to the processing of personal data at any time. In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us will be deleted in this case.
XIV. Contact form
1. Description and scope of data processing
There is a contact form on our website that can be used to contact us electronically. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored.
The following data is stored at the time the message is sent:
- Email address
- Surname
- First name
- Address
- Order number
- IP address of the accessing computer
- Date and time of contact
- Reason for contact
- Other data that you send us voluntarily.
Your consent is obtained for the processing of the data as part of the sending process and reference is made to this privacy policy.
Alternatively, it is possible to contact us via the email address provided. In this case, the user's personal data transmitted with the email will be stored.
The data is used exclusively for processing the conversation.
2. Purpose of data processing
The processing of the personal data from the input mask serves us solely to process the contact. In the case of contact by email, this also constitutes the necessary legitimate interest in the processing of the data.
The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.
3. The legal basis for the processing of data
The legal basis for the processing of the data is Art. 6 para. 1 sentence 1 lit. a GDPR if the user has given consent.
The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 sentence 1 lit. f GDPR. If the email contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR.
4. Duration of storage
The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. For the personal data from the input screen of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
5. Option of objection and data removal
The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us will be deleted in this case.
XV. Sending of SMS messages
1. Description and scope of data processing
In exceptional cases, we send registered users information on advertising and discount campaigns via SMS. For this purpose, we use the telephone/mobile phone number that users provide to us when registering via our online shop.
We use software from the SMS dispatch service provider Spryng B.V., Bakkersstraat 23, 1017 CW Amsterdam, Netherlands. Spryng B.V. contains the telephone/mobile phone numbers from our database and carries out the operational SMS dispatch. Spryng B.V. does not process any other personal data.
Further information on the processing of personal data by Spryng B.V. can be found in their privacy policy: https://www.spryng.nl/en/privacy-policy/
2. Purpose of data processing
Our legitimate interest lies in sending appealing advertising information to our registered users.
3. The legal basis for the processing of data
The legal basis for the processing of the data processed in the course of sending SMS is Art. 6 para. 1 lit. f GDPR.
4. Duration of storage
The data will be deleted from the database for sending text messages as soon as it is no longer required to fulfil the purpose for which it was collected. The further, other processing of the data, including the telephone/mobile phone number, which users provide to us during registration (see "VII. Registration"), remains unaffected by this.
5. Option of objection and data removal
The user has the option to object to the processing of personal data at any time. To do so, send an informal e-mail to support@oceansapart.com. In this case, we will remove your mobile phone number from our database and will not send you any further text messages of this type.
Further information on objection and removal options by Spryng B.V. directly can be found in their privacy policy: https://www.spryng.nl/en/privacy-policy/
XVI. Data protection notice on the use of WhatsApp
You can use WhatsApp to contact us and start a conversation. We are the controller within the meaning of Art. 4 No. 7 GDPR for subsequent data processing in connection with WhatsApp. To offer and use WhatsApp, we use the software solution of Charles GmbH, Gartensstr. 86-87, 10115 Berlin, Germany, under a data processing agreement. Charles stores all personal data in the EU. As an official WhatsApp partner, Charles uses the WhatsApp Business API, which means that no other third parties or WhatsApp have access to your communication content within our area of responsibility.
The use of WhatsApp is solely subject to the agreements you have made with WhatsApp. In accordance with WhatsApp's terms of use, we have your telephone number and username when you contact us. We use this and other information provided by you to recognise you and your preferences and to reply to your WhatsApp messages. The legal basis here is your consent to be contacted in accordance with Art. 6 (1) (a) GDPR. We will also send you newsletters via WhatsApp if you have given us your consent to do so.
You can revoke any consent you have already given at any time with effect for the future. According to the GDPR, you also have the right to access, rectification, portability and erasure of your personal data as well as the right to restrict or object to certain processing operations. You also have the right to lodge a complaint with the supervisory authority responsible for you.
For further information, please refer to our processors:
Charles GmbH: https://www.hello-charles.com/c-com-blog/whatsapp-newsletters
WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland: https://www.whatsapp.com/legal/privacy-policy-eea
XVII. Application by email and application form
1. Description and scope of data processing
There is an application form on our website that can be used for electronic applications. If an applicant makes use of this option, the data entered in the input mask will be transmitted to us and stored. These data are
- Title
- First name
- Surname
- Address
- Telephone / mobile phone number
- Email address
- CV
- Certificates
- Answers to questions about skills, circumstances and interests
- Work permit to work in the EU, if applicable
- Other voluntarily uploaded data
Alternatively, you can also send us your application by email. In this case, we will record your email address and the data you provide in the email.
After sending your application, you will receive confirmation of receipt of your application documents by email from us.
Your data will not be passed on to third parties. The data will be used exclusively for processing your application.
2. Purpose of data processing
The processing of personal data from the application form is solely for the purpose of processing your application. If you contact us by email, this also constitutes the necessary legitimate interest in processing the data.
The other personal data processed during the sending process is used to prevent misuse of the application form and to ensure the security of our information technology systems.
3. The legal basis for the processing of data
The legal basis for the processing of your data is the initiation of a contract at the request of the data subject, Art. 6 para. 1 sentence 1 lit. b Alt. 1 GDPR and § 26 para. 1 sentence 1 BDSG.
4. Duration of storage
After completion of the application process, the data will be stored for up to six months. Your data will be deleted after six months at the latest. In the event of a legal obligation, the data will be stored in accordance with the applicable provisions.
5. Option of objection and data removal
The applicant has the option to object to the processing of personal data at any time. To do so, please send an informal email to hr@oceansapart.com. In such a case, the application can no longer be considered. All personal data stored in the course of electronic applications will be deleted in this case.
XVIII. Corporate presence
Use of corporate profiles in social networks
Instagram:
Instagram, Part of Facebook Ireland Ltd, 4 Grand Canal Square Grand Canal Harbour, Dublin 2 Ireland
We provide information on our company page and offer Instagram users the opportunity to communicate. If you perform an action on our Instagram company page (e.g. comments, posts, likes, etc.), you may make personal data (e.g. real name or photo of your user profile) public. However, since we generally or to a large extent have no influence on the processing of your personal data by Instagram, the company jointly responsible for the More than oceans apart GmbH corporate presence, we cannot provide any binding information on the purpose and scope of the processing of your data.
Our company presence in social networks is used for communication and information exchange with (potential) customers. In particular, we use the company presence for
The publications on the company's website may contain the following content:
- information about products
- competitions
- advertising
Every user is free to publish personal data through activities.
The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. a GDPR.
We store your activities and personal data published via our Instagram corporate presence until you withdraw your consent. In addition, we comply with the statutory retention periods.
Instagram has submitted to the Privacy Shield agreement concluded between the European Union and the USA and is certified. As a result, Instagram undertakes to comply with the standards and regulations of European data protection law. You can find more information in the following linked entry: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
You can object to the processing of your personal data, which we collect in the context of your use of our Instagram corporate presence, at any time and assert your rights as a data subject mentioned under IV. of this privacy policy. To do so, send us an informal email to info@oceansapart.com. You can find more information on the processing of your personal data by Instagram and the corresponding objection options here:
Instagram: https://help.instagram.com/519522125107875
TikTok:
TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland
We provide information on our company page and offer TikTok users the opportunity to communicate. If you carry out an action on our TikTok company website (e.g. comments, posts, likes, etc.), you may make personal data (e.g. your real name or photo of your user profile) public. However, since we generally or to a large extent have no influence on the processing of your personal data by TikTok, the company jointly responsible for the More than oceans apart GmbH corporate website, we cannot provide any binding information on the purpose and scope of the processing of your data.
Our company presence in social networks is used for communication and information exchange with (potential) customers. In particular, we use the company presence for
The publications on the company's website may contain the following content:
- information about products
- competitions
- advertising
Every user is free to publish personal data through activities.
The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. a GDPR.
We store your activities and personal data published via our TikTok corporate presence until you withdraw your consent. In addition, we comply with the statutory retention periods.
When using TikTok, the Irish company may send personal data to the US parent company. In order to ensure suitable guarantees for the protection of the transfer and processing of personal data outside the EU, TikTok states that data is transferred to and processed by TikTok on the basis of suitable guarantees in accordance with Art. 46 ff GDPR, in particular by concluding so-called standard data protection clauses in accordance with Art. 46 para. 2 lit. c GDPR.
You can object to the processing of your personal data, which we collect in the context of your use of our TikTok corporate presence, at any time and assert your data subject rights mentioned under IV. of this privacy policy. To do so, send us an informal email to info@oceansapart.com. Further information on the processing of your personal data by TikTok and the corresponding objection options can be found here:
TikTok: https://www.tiktok.com/legal/privacy-policy?lang=de-DE
XIX. Use of corporate profiles on career-oriented networks
1. Description and scope of data processing
We utilise the possibility of company appearances on professionally oriented networks. We maintain a company presence on the following professional networks:
LinkedIn:
LinkedIn, Unlimited Company Wilton Place, Dublin 2, Irleand
We provide information on our website and offer users the opportunity to communicate.
The company website is used for applications, information/PR and active sourcing.
We have no information on the processing of your personal data by the companies jointly responsible for the company's website. Further information can be found in the privacy policy of:
LinkedIn: https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv
If you carry out an action on our company website (e.g. comments, posts, likes, etc.), you may make personal data (e.g. real name or photo of your user profile) public.
2. Purpose of data processing
The purpose of our company website is to inform users about our services. Every user is free to publish personal data through activities.
3. The legal basis for the processing of data
The legal basis for the processing of your data in connection with the use of our company website is Art. 6 para. 1 sentence 1 lit. f GDPR.
4. Duration of storage
We store your activities and personal data published via our company website until you withdraw your consent or object to processing. In addition, we comply with the statutory retention periods.
5. Option of objection and data removal
You can object to the processing of your personal data, which we collect in the context of your use of our company website, at any time and assert your data subject rights mentioned under IV. of this privacy policy. To do so, please send us an informal email to the email address stated in this privacy policy.
It cannot be ruled out that data is transferred between LinkedIn Ireland and the American parent company. LinkedIn has submitted to the Privacy Shield Agreement concluded between the European Union and the USA and is certified. LinkedIn thereby undertakes to comply with the standards and regulations of European data protection law. You can find more information in the following linked entry: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active
Further information on objection and removal options can be found here:
LinkedIn: https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv
XX. Webshop and hosting
We offer a webshop on our website for which we use the webshop software Shopify, described in more detail in the following. We use the shop system and hosting services of the service provider Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (hereinafter referred to as "Shopify"), for the purpose of hosting and displaying the online shop on the basis of processing on our behalf. Shopify (platform and apps) is also used for marketing activities (e.g. personalised messages) and for customer management and support (e.g. back in stock emails, reactivation emails, web push notifications). All data collected on our website is processed on Shopify's servers. As part of the aforementioned Shopify services, data may also be transferred to Shopify Inc, 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc, Shopify Payments (USA) Inc or Shopify (USA) Inc as part of further processing on behalf of Shopify. In the event that data is transferred to Shopify Inc. in Canada, the appropriate level of data protection is guaranteed by an adequacy decision of the European Commission. Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc. and Shopify (USA) Inc. in the USA are certified for the US-European data protection agreement "Privacy Shield", which guarantees compliance with the level of data protection applicable in the EU. Further information on Shopify's data protection can be found on the following website: https://www.shopify.de/legal/datenschutz. Further processing on servers other than the aforementioned Shopify servers only takes place within the framework specified below.
The Shopify system is extended by various apps integrated into Shopify.
Use of Hotjar
1. Scope of the processing of personal data
In connection with Shopify, we use Hotjar functionalities from Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (hereinafter referred to as "Hotjar"). Hotjar is a tool for the statistical analysis of visitor data. The service analyses the behaviour and feedback of you as a user on our website using a combination of analysis and feedback tools. In addition, technologies are used that enable the recognition of the user for the purpose of analysing user behaviour.
The following data is collected and processed:
- IP address
- Screen size
- Browser and device information
- Location (country)
- Preferred language setting
- Visited websites (subpages)
- Date, time and duration of access to our websites
- Mouse and scroll movements and clicks
2. Purpose of data processing
We use Hotjar to analyse your user behaviour and thus improve our website.
3. The legal basis for the processing of data
Insofar as consent has been obtained, Hotjar is used exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 TTDSG. Consent can be revoked at any time. If no consent has been obtained, this service is used on the basis of Art. 6 para. 1 lit. f GDPR. Our legitimate interest in the analysis of user behaviour lies in the optimisation of the website and advertising.
4. Duration of storage
Recorded data in Hotjar is stored for 365 days from the date of collection or creation. Responses collected from feedback tools are stored indefinitely until the account holder decides to delete them.
5. Option of objection and data removal
You have the right to prevent the collection of your data at any time. To do so, click on the following link and follow the instructions there: https://www.hotjar.com/policies/do-not-track/ or contact us at support@oceansapart.com.
You can find detailed information on the privacy policy and which data is collected and processed by Hotjar and in what way at https://www.hotjar.com/legal/policies/privacy/?tid=331612870493.
Use of Rewind
1. Scope and purpose of data processing
In connection with Shopify, we use the functionalities of Rewind from Rewind Software Inc, 333 Preston Street, Suite 200, Ottawa, Ontario, K1S 5N4 (hereinafter referred to as "Rewind") to back up the data stored in Shopify so that it can be restored in the event of data loss. Personal data is only collected to the extent necessary for business operations and the provision of products and services.
You can find detailed information on the privacy policy and which data is collected and processed by Rewind and in what way at https://rewind.com/legal/privacy-notice/.
2. Legal basis
Insofar as consent has been obtained, Rewind is used exclusively on the basis of Art. 6 para. 1 lit. a GDPR. In addition, the legal basis for the collection and, if applicable, processing of data is Art. 6 para. 1 sentence 1 lit. c GDPR.
3. Duration of storage
The data is deleted, anonymised or aggregated as soon as it is no longer required to fulfil the purpose for which it was collected. This data may be aggregated with other non-personal data to provide insights that are commercially valuable to Rewind. Personal data may also be stored in order to fulfil legal requirements.
4. Option of objection and data removal
You have the right to prevent the collection of your data at any time. To do so, please contact Rewind at the e-mail address https://rewind.com/legal/privacy-notice/ or contact us at support@oceansapart.com.
You can find detailed information on the privacy policy and which data is collected and processed by Rewind and in what way at https://rewind.com/legal/privacy-notice/.
Use of Matrixify
1. Scope and purpose of the processing of personal data
In connection with Shopify, we use the functionalities of Matrixify from ITissible, SIA, Kaivas iela 35B, Riga, LV-1021, Latvia (hereinafter referred to as "ITissible") to manage data more efficiently. Matrixify enables fast import, export and processing of articles, orders, customers, discounts, payments and other administrative matters. When using the services of ITissible, data may be transferred from ITissible to third countries. ITissible uses the service AWS from Amazon Web Services, Inc., 410 Terry Avenue North, Seattle. ITissible ensures an appropriate level of data protection through standard contractual clauses. These are available at: https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf
The following data is collected and, if necessary, processed:
- Analytics tracking
- Contact information and store information
- Imported and exported data files
- App user e-mails, settings, import/export job history
- E-mail correspondence
- App user settings, import/export job history
- Technical data as IP addresses
2. Legal basis for the processing of personal data
The legal basis for the processing of users' personal data is generally the consent of the user in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. In addition, the legal basis for the collection and, if applicable, processing of the data is Art. 6 para. 1 sentence 1 lit. f GDPR. The legitimate interest lies in managing the data as efficiently as possible.
3. Duration of storage
The personal data will be retained only for as long as necessary for the purposes set out in this Privacy Policy unless there is a requirement to continue processing of personal data for a longer period of time in accordance with applicable laws, for example for accounting purposes. Personal data shall also be retained for the period of applicable statute of limitation for the protection of legal interests against potential claims. App User's Data related to the received services may be retained for up to 10 years from the end of the year in which the service has been received for accounting purposes or longer if required for the protection against potential claims. All imported and exported data history files processed by the App as requested by App Users are deleted automatically within the one month from the moment the App is uninstalled or from the moment the App User requests the deletion of respective data. The respective data is stored for one month in order for the ITissible to be able to exercise a defense against possible legal claims on the functionality of the App. Where the claim is raised, the necessary data will be stored and processed until the claim is resolved. Where you have provided your consent for personal data processing or have requested the fulfillment of your rights, such request and related information (incl. the provided answers) may be retained for up to 5 years.
4. Option of objection and data removal
You have the right to prevent the collection of your data at any time and to have your data deleted in accordance with the legal requirements. To do this, please contact support at the following link: https://matrixify.app/contact-us/.
You can find detailed information on the privacy policy and which data is collected and processed by ITissible and in what way at https://matrixify.app/privacy-notice/.
Use of Zendesk
1. Scope and purpose of the processing of personal data
We use the CRM system Zendesk from Zendesk, Inc., 1019 Market Street in San Francisco, CA 94103 USA (hereinafter referred to as "Zendesk") to process user enquiries. We use Zendesk to process your enquiries quickly and efficiently. The chat functions on our website are also provided by Zendesk. Zendesk has submitted to the EU-US Privacy Shield, which guarantees compliance with the level of data protection applicable in the EU. Zendesk also has Binding Corporate Rules (BCR) that have been approved by the Irish Data Protection Authority. These are binding corporate rules that legitimise the internal transfer of data to third countries outside the EU and the EEA. Details can be found here: https://www.zendesk.de/blog/update-privacy-shield-invalidation-european-court-justice/.
The regularly collected and processed data includes
- Message history
- Name
- IP address
- Country of origin
- Websites visited
- Duration of the visit to the websites
- Other personal information, depending on the information provided (e.g. e-mail address, telephone number)
2. Legal basis for the processing of personal data
The legal basis for the processing of the data is Art. 6 para. 1 sentence 1 lit. f GDPR. The legitimate interest lies in processing your enquiries as quickly and efficiently as possible.
3. Duration of storage
The data is deleted, anonymised or aggregated as soon as it is no longer required to fulfil the purpose for which it was collected. If this is not possible (e.g. due to storage in backup archives), it will be stored and isolated from any further processing until deletion is possible.
4. Option of objection and data removal
You have the right to prevent the collection of your data at any time and to have your data deleted in accordance with the legal requirements. To do this, please contact Zendesk: https://www.zendesk.de/company/agreements-and-terms/privacy-notice/#contact-information or contact us at support@oceansapart.com.
You can find detailed information on the privacy policy and what data is collected and processed by Zendesk and in what way at https://www.zendesk.de/company/agreements-and-terms/privacy-notice/.
Use of Census
In connection with Shopify, we use functionalities from Census of Vervaunt, 145 City Road London EC1V 1AZ (hereinafter referred to as "Vervaunt") as a post-purchase customer satisfaction tool.
You can find detailed information on the privacy policy and which data is collected and processed by Vervaunt and in what way at https://www.zendesk.de/company/agreements-and-terms/privacy-notice/.
Use of Consentmo
1. Scope and purpose of the processing of personal data
In connection with Shopify, we use Consentmo GDPR compliance from iSenseLabs, iSense LLC, 885 Maude Avemountain View, CA, 94043-4021, USA (hereinafter referred to as "iSenseLabs") to obtain your consent to the storage of certain cookies on your device or to the use of certain technologies or to document these in a data protection-compliant manner. When you enter our website, a connection is established to the servers of the provider iSenseLabs. In this way, the provider iSenseLabs receives personal data, such as the browser used, the IP address and a time stamp. A cookie is then stored in your browser in order to be able to allocate the consents you have given or revoke them.
2. Legal basis for the processing of personal data
Consentmo GDPR compliance is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.
3. Duration of storage
The data collected will be stored until you ask us to delete it, delete the cookie yourself or the purpose for storing the data no longer applies. Mandatory statutory retention obligations remain unaffected.
4. Option of objection and data removal
You have the right to prevent the collection of your data at any time and to have your data deleted in accordance with the legal requirements. To do so, please contact us at: support@oceansapart.com.
You can find detailed information on the privacy policy and which data is collected and processed by iSenseLabs and in what way at https://www.consentmo.com/privacy-policy-terms-of-service/en.
Use of Fly.io
In connection with Shopify, we use functionalities of Fly.io of Fly.io, Inc, 2045 W Grand Ave Chicago, IL 60612 United States (hereinafter "Fly.io"), as a hosting platform for the discount attribution app.
You can find detailed information on the privacy policy and which data is collected and processed by Fly.io and in what way at https://fly.io/legal/privacy-policy/.
Use of Atlas Pickup Points
In connection with Shopify, we use functionalities of Atlas Pick Up Points of Tale Commerce, ul. Tczewska 2a, 01-674 Warzaw (hereinafter referred to as "Tale Commerce") for the simple and efficient selection of pickup points at checkout.
You can find detailed information on the privacy policy and which data is collected and processed by Tale Commerce and in what way at https://atlaspickuppoints.com/docs/support/tos-and-privacy.
Use of fraud filters
In connection with Shopify, we use the functionalities of Fraud Filter from Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland, (hereinafter referred to as "Shopify") to filter and block potentially fraudulent orders.
You can find detailed information on the privacy policy and which data is collected and processed by Shopify and in what way at https://www.shopify.com/legal/privacy.
Use of Fox Sell Bundles Plus
In connection with Shopify, we use functionalities of FoxSell Bundles from Smoothiotech Softwares Private Limited, Apartment 32 Marston 122 St. Margarets Avenue, Birmingham, West Midlands, United Kingdom, B8 2BS, (hereinafter referred to as "Smoothiotech") to properly manage our bundles.
You can find detailed information on the privacy policy and which data is collected and processed by Smoothiotech and in what way at https://www.foxsell.app/privacy-policy.
XXI. Geotargeting
We use the IP address and other information provided by the user (in particular postcode as part of the registration or order) for regional targeting (so-called "geotargeting").
Regional targeting is used, for example, to automatically show you regional offers or adverts that are often more relevant to users. The legal basis for the use of the IP address and any other information provided by the user (in particular postcode) is Art. 6 para. 1 lit. f GDPR, based on our interest in ensuring a more precise target group approach and thus providing offers and advertising with greater relevance for users.
Part of the IP address and the additional information provided by the user (in particular the postcode) is only read out and not stored separately.
You can prevent geotargeting by using a VPN or proxy server, for example, which prevent precise localisation. In addition, depending on the browser you are using, you can also deactivate location localisation in the corresponding browser settings (if supported by the respective browser).
We use geotargeting on our website for the following purposes:
- Customer approach
- Advertising purposes
XXII. Content Delivery Networks
1. Description and scope of data processing
On our website, we use functions of the Amazon CloudFront content delivery network of Amazon Web Service Inc, 410 Terry Avenue North, Seattle WA 98109, USA (hereinafter referred to as Amazon CloudFront).
A content delivery network (CDN) is a network of regionally distributed servers connected via the Internet that is used to deliver content, especially large media files such as videos. Amazon CloudFront offers web optimisation and security services that we use to improve the loading times of our app and to protect it from misuse.
When you access our app, a connection to the Amazon CloudFront servers is established, e.g. to retrieve content. As a result, personal data may be stored and analysed in server log files, in particular the user's activity (in particular which pages have been visited) and device and browser information (in particular the IP address and operating system). Data may be transferred to AWS Cloudfront servers in the USA. Amazon has submitted to the Privacy Shield agreement concluded between the European Union and the USA and is certified. Amazon thereby undertakes to comply with the standards and regulations of European data protection law.
Further information can be found in the following linked entry: https://www.privacyshield.gov/participant?id=a2zt0000000TOWQAA4&status=Active
Further information on the collection and storage of data by Amazon CloudFront can be found here: https://aws.amazon.com/de/privacy/
2. Purpose of data processing
The functions of Amazon CloudFront are used to deliver and accelerate online applications and content.
3. The legal purpose of the processing of data
This data is collected on the basis of Art. 6 para. 1 lit. f GDPR. The app operator has a legitimate interest in the technically error-free presentation and optimisation of its app - the server log files must be recorded for this purpose.
4. Duration of storage
Your personal information will be stored for as long as necessary to fulfil the purposes described in this privacy policy or as required by law.
5. Option of objection and data removal
Information on objection and removal options vis-à-vis Amazon CloudFront can be found at: https://aws.amazon.com/de/privacy/
XXIII. Plugins used
We use plugins for various purposes. The plugins used are listed below:
Use of Google Analytics
1. Scope of the processing of personal data
We use Google Analytics, a web analysis service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and the representative in the Union Google Ireland Ltd, Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter referred to as: Google).
Google Analytics analyses, among other things, the origin of visitors, the time they spend on individual pages and the use of search engines, thus enabling better monitoring of the success of advertising campaigns. Google places a cookie on your computer.
This allows personal data to be stored and analysed, in particular the user's activity (in particular which pages have been visited and which elements have been clicked on), device and browser information (in particular the IP address and operating system), data about the advertisements displayed (in particular which advertisements have been displayed and whether the user has clicked on them) and also data from advertising partners (in particular pseudonymised user IDs).
The information generated by the cookie about your use of this online presence is transmitted to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, your IP address will be shortened by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.
Google has submitted to the Privacy Shield agreement concluded between the European Union and the USA and is certified. This means that Google undertakes to comply with the standards and regulations of European data protection law. You can find more information in the following linked entry:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Part of the terms of use of Google Analytics as a Google advertising product are so-called EU standard contractual clauses (Art. 46 para. 2 sentence 1 lit. c GDPR). These are to be classified as a suitable guarantee for the protection of the transfer and processing of personal data outside the EU.
IP anonymisation is active on this online presence. On behalf of the operator of this online presence, Google will use this information to analyse your use of the online presence, to compile reports on the activities of the online presence and to provide the operator of the online presence with further services associated with the use of the online presence and the use of the Internet. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of our website.
Further information on the processing of data by Google can be found here:
https://policies.google.com/privacy?gl=DE&hl=de
2. Purpose of data processing
The purpose of processing personal data is to specifically address a target group that has already expressed an initial interest by visiting the website.
3. Legal basis for the processing of personal data
The legal basis for the processing of users' personal data is generally the consent of the user in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
4. Duration of storage
Your personal information will be stored for as long as necessary to fulfil the purposes described in this privacy policy or as required by law. Advertising data in server logs is anonymised by Google deleting parts of the IP address and cookie information after 9 and 18 months respectively.
5. Option of objection and data removal
You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
You can prevent the collection and processing of your personal data by Google by preventing the storage of third-party cookies on your computer, using the "Do Not Track" function of a supporting browser, deactivating the execution of script code in your browser or installing a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.
You can also prevent Google from collecting the data generated by the cookie and relating to your use of the online presence (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link:
https://tools.google.com/dlpage/gaoptout?hl=de
You can deactivate the use of your personal data by Google using the following link:
https://adssettings.google.de
Further information on objection and removal options vis-à-vis Google can be found at:
https://policies.google.com/privacy?gl=DE&hl=de
Use of Google Tag Manager
1. Scope of the processing of personal data
We use the Google Tag Manager (https://www.google.com/intl/de/tagmanager/) of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and the representative in the Union Google Ireland Ltd, Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter referred to as: Google).
With Google Tag Manager, tags from Google services and third-party providers can be managed and embedded in a bundle on an online presence. Tags are small code elements on an online presence that are used, among other things, to measure visitor numbers and behaviour, record the impact of online advertising and social channels, use remarketing and targeting and test and optimise online presences. When a user visits the online presence, the current tag configuration is sent to the user's browser. It contains instructions on which tags should be triggered. Google Tag Manager triggers other tags, which in turn may collect data. Information on this can be found in the sections on the use of the corresponding services in this privacy policy. Google Tag Manager does not access this data.
Data may be transmitted to Google servers in the USA. Google has submitted to the Privacy Shield Agreement concluded between the European Union and the USA and has been certified. Google thereby undertakes to comply with the standards and regulations of European data protection law. You can find more information in the following linked entry:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Part of the terms of use of Google Analytics as a Google advertising product are so-called EU standard contractual clauses (Art. 46 para. 2 sentence 1 lit. c GDPR). These are to be classified as a suitable guarantee for the protection of the transfer and processing of personal data outside the EU.
Further information on Google Tag Manager can be found at https://www.google.com/intl/de/tagmanager/faq.html and in Google's privacy policy: https://policies.google.com/privacy?hl=de
2. Purpose of data processing
The purpose of processing personal data is to collect and clearly manage and efficiently integrate the services of third-party providers.
3. Legal basis for the processing of personal data
The legal basis for the processing of users' personal data is generally the consent of the user in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
4. Duration of storage
Your personal information will be stored for as long as necessary to fulfil the purposes described in this privacy policy or as required by law. Advertising data in server logs is anonymised by Google deleting parts of the IP address and cookie information after 9 and 18 months respectively.
5. Option of objection and data removal
You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
You can prevent the collection and processing of your personal data by Google by preventing the storage of third-party cookies on your computer, using the "Do Not Track" function of a supporting browser, deactivating the execution of script code in your browser or installing a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.
You can also prevent Google from collecting the data generated by the cookie and relating to your use of the online presence (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link:
https://tools.google.com/dlpage/gaoptout?hl=de
You can use the following link to deactivate the use of your personal data by Google:
https://adssettings.google.de
Further information on objection and removal options vis-à-vis Google can be found at:
https://policies.google.com/privacy?gl=DE&hl=de
Use of Google AdWords
1. Scope of the processing of personal data
We use Google AdWords from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and the representative in the Union Google Ireland Ltd, Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter referred to as: Google).
We use this service to place adverts. Google places a cookie on your computer. This allows personal data to be stored and analysed, in particular the user's activity (in particular which pages have been visited and which elements have been clicked on), device and browser information (in particular the IP address and operating system), data about the advertisements displayed (in particular which advertisements have been displayed and whether the user has clicked on them) and also data from advertising partners (in particular pseudonymised user IDs).
Data may be transferred to Google servers in the USA. Google has submitted to the Privacy Shield agreement concluded between the European Union and the USA and is certified. This means that Google undertakes to comply with the standards and regulations of European data protection law. You can find more information in the following linked entry:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Further information on the processing of data by Google can be found here:
https://policies.google.com/privacy?gl=DE&hl=de
2. Purpose of data processing
We only receive information about the total number of users who have responded to our advert. No information is passed on with which we could identify you. The use is not for tracking purposes.
3. Legal basis for the processing of personal data
The legal basis for the processing of users' personal data is generally the consent of the user in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
4. Duration of storage
Your personal information will be stored for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by law, e.g. for tax and accounting purposes.
5. Option of objection and data removal
You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
You can prevent the collection and processing of your personal data by Google by preventing the storage of third-party cookies on your computer, using the "Do Not Track" function of a supporting browser, deactivating the execution of script code in your browser or installing a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.
You can use the following link to deactivate the use of your personal data by Google:
https://adssettings.google.de
Further information on objection and removal options vis-à-vis Google can be found at:
https://policies.google.com/privacy?gl=DE&hl=de
Use of Google Ads Remarketing
1. Scope of the processing of personal data
We use Google Ads Remarketing from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and the representative in the Union Google Ireland Ltd, Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter referred to as: Google).
Google Remarketing is used to retarget visitors to the online presence for advertising purposes via Google Ads adverts. Google Ads Remarketing can be used to create target groups ("similar target groups") that have, for example, accessed certain pages. This makes it possible to identify the user on other online presences and display targeted advertising. Google places a cookie on the user's computer. This allows personal data to be stored and analysed, in particular the user's activity (in particular which pages have been visited and which elements have been clicked on), device and browser information (in particular the IP address and operating system), data about the advertisements displayed (in particular which advertisements have been displayed and whether the user has clicked on them) and also data from advertising partners (in particular pseudonymised user IDs).
Data may be transferred to Google servers in the USA. Google has submitted to the Privacy Shield agreement concluded between the European Union and the USA and has been certified. Google thereby undertakes to comply with the standards and regulations of European data protection law. You can find more information in the following linked entry:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Further information on the processing of data by Google can be found here:
https://policies.google.com/privacy?gl=DE&hl=de
2. Purpose of data processing
The purpose of processing personal data is to specifically address a target group. The cookies stored on the user's end device recognise them when they visit an online presence and can therefore show them interest-based advertising.
3. Legal basis for the processing of personal data
The legal basis for the processing of users' personal data is generally the consent of the user in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
4. Duration of storage
Your personal information will be stored for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by law, e.g. for tax and accounting purposes.
5. Option of objection and data removal
You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
You can prevent the collection and processing of your personal data by Google by preventing the storage of third-party cookies on your computer, using the "Do Not Track" function of a supporting browser, deactivating the execution of script code in your browser or installing a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.
You can also prevent Google from collecting the data generated by the cookie and relating to your use of the online presence (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link:
https://tools.google.com/dlpage/gaoptout?hl=de
You can use the following link to deactivate the use of your personal data by Google:
https://adssettings.google.de
Further information on objection and removal options vis-à-vis Google can be found at:
https://policies.google.com/privacy?gl=DE&hl=de
Use of Google reCAPTCHA
1. Scope of the processing of personal data
We use Google reCAPTCHA from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and the representative in the Union Google Ireland Ltd, Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter referred to as: Google).
To ensure data security when submitting forms, we use the reCAPTCHA service from Google. The service authenticates the user's identity and serves to distinguish whether the input is made by a natural person or abusively by automated, machine processing. reCAPTCHA collects information about the user's hardware and software in this context. This also includes the user's IP address and other device and application data, as well as general user behaviour. The data is passed on to Google for analysis and is therefore subject to Google's privacy policy and terms of use.
Data may be transferred to Google servers in the USA. Google has submitted to the Privacy Shield agreement concluded between the European Union and the USA and is certified. Google thereby undertakes to comply with the standards and regulations of European data protection law. You can find more information in the following linked entry:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Further information on the processing of data by Google can be found here:
https://policies.google.com/privacy?gl=DE&hl=de
2. Purpose of data processing
The purpose of processing the data is to ensure data security and to protect against abusive activities on our website.
3. Legal basis for the processing of personal data
The legal basis for the processing of users' personal data is generally the consent of the user in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR and the protection of our legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.
4. Duration of storage
Your personal information will be stored for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by law, e.g. for tax and accounting purposes.
5. Option of objection and data removal
You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
You can prevent the collection and processing of your personal data by Google by preventing the storage of third-party cookies on your computer, using the "Do Not Track" function of a supporting browser, deactivating the execution of script code in your browser or installing a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.
You can deactivate the use of your personal data by Google using the following link:
https://adssettings.google.de
Further information on objection and removal options vis-à-vis Google can be found at:
https://policies.google.com/privacy?gl=DE&hl=de
Use of Sendgrid
1. Scope of the processing of personal data
We use the service provider Sendgrid of SendGrid, Inc., 1801 California Street, Suite 500, Denver, Colorado 80202, USA and its representative in the Union Sendgrid Albert House 256-260 Old Street, London EC1V 9DD, UK (hereinafter referred to as: Sendgrid) to send emails and notifications.
Sendgrid is a SendGrid is a cloud-based SMTP provider that acts as an email delivery system and makes it possible to send emails without your own email server. SendGrid manages the technical details of email delivery, such as infrastructure scaling, reputation monitoring and real-time analyses. Cookies and web beacons (tracking pixels) are used in the emails sent by SendGrid. These make it possible to track whether the email sent via the SendGrid platform has been delivered, opened, clicked on, blocked or treated as spam. The following data is usually processed:
- IP address
- Browser types
- Log files
- Information about the operating system
- Information about the connection
- Which pages are displayed
- Which parts of the services are used -
- Information about the performance of the services
- Metrics on the deliverability of emails and other electronic communication
This data is transferred to Sendgrid's servers in the USA. Sendgrid has submitted to the Privacy Shield agreement concluded between the European Union and the USA and is certified. Sendgrid thereby undertakes to comply with the standards and regulations of European data protection law. You can find more information in the following linked entry:
https://www.privacyshield.gov/participant?id=a2zt0000000TRktAAG&status=Active
Further information on the processing of data by Sendgrid can be found here:
https://sendgrid.com/policies/privacy/services-privacy-policy/
2. Purpose of data processing
The use of Sendgrid enables us to send emails and notifications, measure the performance of email campaigns and provide analytical information to improve the effectiveness of our services.
3. Legal basis for the processing of personal data
The legal basis for the processing of users' personal data is generally the consent of the user in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
4. Duration of storage
Your personal information will be stored for as long as necessary to fulfil the purposes described in this privacy policy or as required by law.
5. Option of objection and data removal
You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
You can revoke your consent to the storage of data and its use for sending emails by Sendgrid at any time. You can revoke your consent at any time by sending an email to us or to datasubjectrequests@sendgrid.com or by clicking on the link provided in every email.
Further information on objection and removal options vis-à-vis Sendgrid can be found at:
https://sendgrid.com/policies/privacy/services-privacy-policy/
Use of Zenloop
1. Scope of the processing of personal data
We use functionalities of the NPS determination service provider Zenloop of zenloop GmbH Pappelallee 78-79 10437 Berlin, Germany (hereinafter referred to as: Zenloop).
Zenloop uses small customer surveys on our website to determine customer satisfaction through direct feedback.
The following personal data will be processed by Zenloop:
- E-mail address
- Other personal data, if voluntarily provided in surveys
Further information on the processing of data by Zenloop can be found here:
https://www.zenloop.com/de/legal/privacy
2. Purpose of data processing
We use Zenloop to record and analyse customer satisfaction by means of surveys.
3. Legal basis for the processing of personal data
The legal basis for the processing of users' personal data is generally the consent of the user in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
4. Duration of storage
Your personal information will be stored for as long as necessary to fulfil the purposes described in this privacy policy or as required by law, e.g. for tax and accounting purposes.
5. Option of objection and data removal
You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Use of Klaviyo
1. Scope of the processing of personal data
We use functionalities of the email marketing service Klaviyo of Klaviyo Inc, 225 Franklin St, 02110, Boston, Massachusetts, United States (hereinafter referred to as: Klaviyo).
Klaviyo supports companies in marketing their products, primarily through personalised newsletters with product suggestions and analysis functions. Cookies from Klaviyo are stored on your end device.
The following personal data is processed by Klaviyo:
- IP address
- Browser and device information
- Usage behaviour (pages visited, date and time of visit)
- Details of emails sent by Klaviyo
- Search terms and URLS that led to the website
Data transfer to the USA is secured with standard data protection clauses via the terms of use. These are to be classified as a suitable guarantee for data transfer to third countries in accordance with Art. 46 para. 2 lit. c GDPR.
Further information on the processing of data by Klaviyo can be found here:
www.klaviyo.com/privacy/policy
www.klaviyo.com/privacy/dpa
2. Purpose of data processing
We use Klaviyo to analyse the purchasing behaviour of customers and to create personalised newsletter and advertising emails.
3. Legal basis for the processing of personal data
The legal basis for the processing of users' personal data is generally the consent of the user in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
4. Duration of storage
Your personal information will be stored for as long as necessary to fulfill the purposes described in this privacy policy or as required by law, e.g. for tax and accounting purposes.
5. Option of objection and data removal
You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
You can prevent the collection and processing of your personal data by Klaviyo by preventing the storage of third-party cookies on your computer, using the "Do Not Track" function of a supporting browser, deactivating the execution of script code in your browser or installing a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.
Further information on your rights vis-à-vis Klaviyo can be found at:
www.klaviyo.com/privacy/policy
Use of Criteo
1. Scope and purpose of the processing of personal data
On our website we use the retargeting technology of Criteo, the Criteo SA. 32 Rue Blanche, 75009 Paris, France (hereinafter referred to as: Criteo). By using this technology, it is possible to show you advertisements on third-party sites (so-called publisher sites) for products that you have viewed on this website. Criteo collects information about your usage behavior on this website through the use of tracking cookies and similar technologies that are placed in your browser and through the use of advertising IDs in environments that do not support cookies - for example, apps. These technologies allow Criteo to analyze trends and identify the interests of individual users with respect to websites and apps. Through these technologies, Criteo tags visitors on its partners' websites and apps. Users tagged by Criteo receive a technical ID. At no time does Criteo collect personal data that makes identification possible, such as names or addresses. Criteo only analyzes the products viewed or the search behavior and the pages visited on the website of the partner for which Criteo delivers advertising. In order to deliver personalized advertising to you and provide you with a seamless online experience, Criteo may synchronize the IDs of the different browsers you use. ("ID Synchronization") Thanks to its ID synchronization technology, Criteo is always able to provide you with the most relevant ads - regardless of the browser or device you are using - without Criteo having to collect and process personal data such as names or addresses. For this purpose, Criteo uses exact linking methods based on the technical data collected by means of the Criteo technologies used - such as the IDs of our advertising partners or encrypted email addresses that the partners pass on to Criteo. You can view more information about data protection at Criteo at https://www.criteo.com/de/privacy/.
2. Legal basis for the processing of personal data
The legal basis for this data processing is Art. 6 para. 1 lit. a GDPR.
3. Duration of storage
Your personal information will be stored for as long as necessary to fulfil the purposes described in Criteo’s Privacy Policy or as required by law, e.g. for tax and accounting purposes.
4. Option of objection and data removal
You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. You can object to the processing of your data by using the following link to unsubscribe https://www.criteo.com/de/privacy/ or contact us at support@oceansapart.com.
Use of Awin
1. Scope and purpose of the processing of personal data
We have integrated AWIN on our website. AWIN is an affiliate marketing software from AWIN AG, Eichhornstraße 3, 10785 Berlin, Germany (hereinafter referred to as “AWIN”). We use AWIN to measure success and bill our affiliate partners. AWIN uses cookies to be able to assign visitors via affiliate links of our partners and to trace the origin of orders. In this context, the following data is generally collected and stored: Identification number of the affiliate partner, identification number of the user, information on the advertising material clicked on, order and product ID if applicable. Your IP address and other identification features such as your user agent are also transmitted to the provider. Your data may be transferred to third countries such as the USA. There is no adequacy decision by the EU Commission for the USA. Data is transferred on the basis of standard contractual clauses as suitable guarantees for the protection of personal data, which can be viewed at https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en.
2. Legal basis for the processing of personal data
The use of the service is based on our legitimate interests, i.e. interest in the optimization of our advertising campaigns, for marketing purposes and for the settlement of commission payments to affiliate partners in accordance with Art. 6 para. 1 lit. f. GDPR. The use of cookies or comparable technologies is based on your consent in accordance with § 25 para. 1 sentence 1 TTDSG in conjunction with Art. 6 para. 1 lit. a GDPR. The processing of your personal data is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR
3. Duration of storage
Your personal information will be stored for as long as necessary to fulfill the purposes described in Awin’s Privacy Policy or as required by law, e.g. for tax and accounting purposes.
4. Option of objection and data removal
You have the right to prevent the collection of your data at any time and to have your data deleted in accordance with the legal requirements. To do this, please contact us under support@oceansapart.com.
You can find detailed information on the privacy policy and which data is collected and processed by AWIN and in what way at https://www.awin.com/de/datenschutzerklarung.
Use of Seven Senders
1. Scope of the processing of personal data
We use functionalities of Seven Senders of Seven Senders GmbH, Schwedter Straße 36 A, 10435 Berlin (hereinafter referred to as: Sven Senders).
Seven Senders provides a logistics platform through which we can send parcels and provide parcel tracking links.
The following personal data is transmitted to Seven Senders via a plugin developed in-house:
- Tracking code
- first name
- surname
- email
- address
- telephone/mobile phone number
- company name
We have also integrated a widget on our website, which we use to integrate part of the Seven Senders website on our website. This is used to provide tracking information for parcels.
Further information on the processing of data by Seven Senders can be found here:
sevensenders.com/en/privacy-statement/
2. Purpose of data processing
We use Seven Senders to send parcels and to provide a tracking link.
3. Legal basis for the processing of personal data
The legal basis for the transmission of the email address and telephone number to the respective shipping service provider and their use is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.
4. Duration of storage
Your personal information will be stored for as long as necessary to fulfil the purposes described in this Privacy Policy or as required by law, e.g. for tax and accounting purposes.
5. Option of objection and data removal
You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
This privacy policy was created with the support of DataGuard.
XXIV. Duty to inform customers and prospects
Here you will find the information obligations when collecting data from customers and interested parties in accordance with Art. 13 GDPR.
The German version of this privacy policy holds legal precedence for all matters.
