Data Protection Statement for the Online Shop of Ergobaby Europe GmbH
We appreciate your interest in our website and our company. The Ergobaby online shop is provided by Ergobaby Europe GmbH, Mönckebergstrasse 11, 20095 Hamburg, Germany (hereinafter “Ergobaby”, “we” or “us”). Because the protection of your privacy is important to us, we would like to inform you about the personal data we collect from you when you visit our website and use the online shop, and how we handle this data.
We are subject in particular to the provisions of the European General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and the German Telecommunications Act (TMG). According to these we are entitled, inter alia, to collect and use personal data where this is necessary to enable you to use our online shop at ergobaby.eu (“Website”), including all services and functions contained therein.
Within this Data Protection Statement (hereinafter “Data Protection Statement”) you will find information about the personal data we collect when you visit our Website and avail yourself of the services and functions contained therein, and how and for what purposes we use this data.
In terms of data protection legislation, the controller for the data processing in relation to this Website is Ergobaby Europe GmbH, Mönckebergstrasse 11, 20095 Hamburg, Germany, represented by the Management Board.
Processing purposes and legal bases
The object of the data protection is personal data. According to Article 4(1) GDPR, personal data is any information that relates to an identified or identifiable natural person. This includes, for example, your name, your address, your telephone number, other data required to create your customer account and usage data.
We process your personal data for the processing of your order as well as for other services offered by us, for instance to optimise your customer satisfaction and for technical administration. We will transfer your personal data to third parties subject to the following deviating regulations only if this is necessary to execute the order and billing, or you have previously given your consent to this. Such third parties may be, for example, the service companies we commission accordingly for business processing, such as transportation companies, suppliers, or the bank or other payment service provider commissioned with processing payments.
For your orders we require your first name and surname, your address, your e-mail address, your telephone number and your payment details. This processing is performed on the basis of legal provisions that permit us to process personal data where this is necessary for the fulfilment of the contract (e.g. Article 6(1)b GDPR), and/or because we have an overriding legitimate interest in making the processing of the order as simple and efficient as possible (Article 6(1)f GDPR).
Access to our Website
As soon as you visit our Website, we automatically collect and store certain user data. This includes the IP address assigned to your computer, which we need to transmit the content of our Website you have requested onto your computer (e.g. text, images and product information, as well as files ready for download, etc.). In addition, we collect and store information on the use of the Website, the version of the operating system, the model of the hardware used, hardware settings, the browser type used, the website from which the request is made, as well as the date and time of the Website use.
We hold this information relating to the IP address for a maximum of seven days for the purposes of identification and tracking of misuse. We use anonymous usage information, where necessary, to design our Website to meet the needs of customers. Further usage analysis of such data is performed only if and to the extent that this is described under the heading “Usage Analysis” or the data is anonymised.
This processing is performed on the basis of legal provisions that permit us to process personal data where this is necessary for the fulfilment of the contract (e.g. § 15(1) TMG; Article 6(1)b GDPR), and/or because we have an overriding legitimate interest in making the processing of the order as simple and efficient as possible and guaranteeing it functionality and security (Article 6(1)f GDPR).
We delete and/or anonymise the usage data, including your IP address, as soon as it is no longer required for the aforementioned purposes. We use anonymous usage information, where necessary, to design our Website to meet the needs of customers. Further usage analysis of such data is performed only if and to the extent that this is described under the heading “Usage Analysis”.
Registration and setting up a customer account
As a customer you have the option of registering with us. We then set up a customer account for you which enables you direct access to your inventory data stored with us. We collect and use the data entered by you during the registration process (username and password) if this is necessary for the purpose of verifying the access authorisation. Within your customer account you can view data concerning your past, outstanding and recently dispatched orders and manage your address data, bank details and the newsletter.
This processing of data is performed on the basis of legal provisions that permit us to process personal data where this is necessary for the use of a service and/or the fulfilment of a contract (e.g. § 15(1) TMG; Article 6(1)b GDPR), and/or because we have an overriding legitimate interest in making the use of the Website as simple and efficient as possible (Article 6(1)f GDPR).
The ordering of goods from Ergobaby via our Website does not require registration. You also have the option of placing an order as a guest without registering.
Uploading your own user contributions
On our Website we offer you the option to create content yourself (text contributions, comments, etc.) or to transmit this to us for publication on our Website. Even as an unregistered user you have the option to submit a personal customer review on an Ergobaby product. This processing of data is performed on the basis of legal provisions that permit us to process personal data where this is necessary for the use of a service and/or the fulfilment of a contract (e.g. § 15(1) TMG; Article 6(1)b GDPR), and/or because we have an overriding legitimate interest in making the use of the Website as simple and efficient as possible (Article 6(1)f GDPR).
You are not obliged to state your real name. To further protect your privacy here, you are only required to state a nickname of your choice to submit a customer review.
Subscription to newsletters
On our Website you can subscribe to our newsletter by e-mail. For this we collect your name and your e-mail address, and use this data to send you the newsletter and/or the communication you have subscribed to by e-mail. The processing of this data is performed on the basis of legal provisions that permit us to process personal data where this is necessary for the execution of the subscription (e.g. Article 6(1)b GDPR), and/or because you have consented to this with your subscription (Article 6(1)a GDPR).
We verify your consent to receiving our newsletter or the other communications by e-mail by using the so-called “double opt-in” procedure. This means that before we start the mailing you will receive an e-mail to the e-mail address provided during the subscription process asking you to actively confirm your consent to receiving the newsletter and/or the other communication. We use the information in the confirmation to document and, if applicable, verify your consent.
You can revoke your consent to receiving the newsletter and to the use of your personal data relating to this at any time with effect for the future.
Consent to receive advertising
Within the context of the use of various services of our Website you have the option to consent to receiving advertising from us. If you granted such consent we use the information provided by you to send you advertising by post or by any other communication method of your choice (e-mail, SMS, telephone). The processing of this data is performed on the basis of legal provisions that permit us to process personal data because you have consented to this (Article 6(1)a GDPR). You can revoke your consent at any time with future effect.
Interaction with social networks
On our Website you can interact with social networks operated by third parties. Ergobaby currently uses social plug-ins from Facebook, Google+, Pinterest, Instagram, Twitter and YouTube. Social plug-ins generally enable the automatic transmission of data to the respective provider. We have no influence on the nature of the data collected or the data processing operations, and are not responsible for this data processing. The controller in this case is the respective social network.
Sharing content (“Share” buttons)
Our Website uses so-called “Share” buttons, which are plug-ins from various social networks, namely Facebook, Pinterest and Twitter. No information regarding your visit to our Website is passed on to the respective operator of the social network via these Share buttons. Only when you click on the respective Share button will you be directed to the Website of the network operator. The data collection and use associated with this are the responsibility of the respective social network.
For details on this, please consult the data privacy policies of the respective network provider.
Recommending content (“Like” buttons)
If you activate the recommendation buttons (so-called “Like” buttons) of social networks, namely Facebook, Pinterest and Twitter, on our Website by clicking on these, information (incl. IP address and cookie ID) will be transferred to the provider of the respective service (e.g. Facebook) in the USA and will in certain circumstances also be stored and used there. We do not know exactly how the respective provider of the network handles the data. We are not responsible for this storage and use, which can also include the setting of cookies by the provider of the respective social network. You can obtain further information on the specific data processing operations, storage periods and processing purposes directly from the provider of the respective social network. The data transfer is performed on the basis of the consent you granted through the activation (Article 6(1)a GDPR). You can revoke your consent to the data transfer at any time by deactivating the buttons belonging to the respective social network with effect for the future.
Possibility of transfer of further data through the use of social plug-ins
When you activate a plug-in, the respective provider of social media services, such as Facebook, Twitter and Pinterest, may receive the information that you have accessed on the corresponding sub-page of our Website. In respect to your visit to the page, it will obtain your IP address, data and time of the visit, the website from which the request was made, the language and version of your browser, the operating system and its interface, whereby according to information from, for example, Facebook in Germany, only an anonymised IP address is collected. The transfer of the data is performed irrespective of whether you actually have an account with the provider or are logged in to this. If you are logged in with the provider your data will be directly assigned to your account. It is possible that the providers also set cookies on your computer in order to track you.
According to our knowledge, the providers store this data in usage profiles which it uses for the purposes of advertising, market research and/or the design of its Website to meet customer needs. Such an evaluation is performed in particular (even for users who are not logged in) to present appropriate advertising and to inform other users of the social network about your activities on our Website. You have a right to object to the creation of this user profile. To exercise this right of objection you need to contact the respective provider.
If you add a particular hashtag given by us, such as “LoveCarriesOn”, to images, posts or even tweets, we may publish your contributions shared on a social network such as Facebook, Instagram or Twitter on our Website www.ergobaby.eu. The processing of this data is performed on the basis of legal provisions that permit us to process personal data where this is necessary for the execution of your instruction given through the use of the hashtag (e.g. Article 6(1)b GDPR), and/or because we have an overriding legitimate interest in further disseminating your thus identified public contributions (Article 6(1)f GDPR).
Cookies for the service provision
You can deactivate the cookie function in your Internet browser (and in doing so revoke any consent granted). The enabling of cookies is not absolutely essential for the navigation and functionality of the Website. You can find guidance on the acceptance, rejection, viewing and deletion of cookies within the Help function of your Internet browser.
Usage analysis by Google Analytics and Google Tag Manager
You may prevent the storage of cookies by selecting the appropriate settings on your browser software; however, please note that if you do so, you may not be able to use all the functions of this Website to their full extent. You can also prevent Google from collecting the data (including your IP address) generated by the cookies and relating to your use of the Website and from processing this data (and in doing so revoke any consent granted) by downloading and installing the browser plug-in available at the following link [http://tools.google.com/dlpage/gaoptout?hl=en]. We also use Google Analytics to evaluate data from AdWords and from the DoubleClick cookie for statistical purposes. It is possible to deactivate the ad settings manager (at http://www.google.com/settings/ads/onweb/?hl=en).
Transmission of data to other companies of the Ergobaby Group
We transfer information that we collect and process relating to your use of this Website to other companies of the Ergobaby Group, however only if this is necessary for the purposes specified in this Data Protection Statement, including the management of joint databases for internal administration purposes, or the other company is acting as a service provider/processor bound by instructions. In this framework, a processing is sometimes also performed in countries outside the scope of application of the GDPR (third countries) including the USA, for example, because certain offerings are kept on servers located there.
Every transmission of data to a third country is performed in compliance with the applicable data protection legislation. If the European Commission has not determined that a third country offers an adequate level of protection, Ergobaby shall provide appropriate safeguards to guarantee the adequate protection of your data. In the case of data transmissions to companies of the Ergobaby Group in a third country, these are performed through the conclusion of data processing contracts that contain EU standard clauses and in the opinion of the European Commission offer suitable safeguards (available at: http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm).
Other data processing and duration of data storage
Further processing of your personal data is performed generally only if a legal regulation permits this or you have consented to the data processing or use. Unless explicitly described in the previous sections we do not pass on your data to third parties. We reserve the right to pass on data to data processing service providers bound to our instructions; in this respect we use, in particular, mailing service providers, providers of storage services and customer service tools.
We generally delete or anonymise your personal data as soon as it is no longer necessary for the purposes for which we collected or used it, as described in the previous sections. If you have registered with us we store your personal data for the duration of your registration and delete it as soon as you delete your account. In the event that you have granted us consent to the processing of your data (e.g. for advertising purposes), we store your data until you revoke your consent. If we have to store data for statutory reasons, we restrict the further processing of the data in question for the duration of the retention period, rather than delete it.
The specific information on the retention and deletion of personal data in the previous sections remains unaffected.
Your personal data is encrypted with SSL before we transmit it via the Internet. We have implemented technical and organisational security measures to protect the data you have provided to us from accidental or wilful manipulation, loss, destruction or unauthorised access.
Your rights as a data subject
As a data subject you have a right of access to the processed data, a right to rectification and to erasure of your personal data, a right to restrict the processing of your personal data, and, where applicable, a right to the portability of your personal data. You also have the right to lodge a complaint with a supervisory authority.
In cases where the data processing is based on Article 6(1)f GDPR, or for the purposes of direct advertising you have the right to object to the processing.
If you granted us your consent you can revoke this at any time with effect for the future.
On our Website we provide a form via which you can contact us to, for example, ask us questions about a product advertised on the Website. We use the data that you enter (e.g. name, e-mail address, etc.) in order to be able to process and answer our query.
If you have any questions about our data protection policy, you can also contact us by post (Ergobaby Europe GmbH, Mönckebergstrasse 11, 20095 Hamburg, Germany) or by e-mail (email@example.com). Our data protection officer can be contacted at: firstname.lastname@example.org.
Amendments to this Data Protection Statement
The further development of the Internet and our Website may affect the handling of personal data. We therefore reserve the right to amend this Data Protection Statement in future within the framework of the applicable data protection laws and, where applicable, adapt it to changed data processing realities. We therefore recommend that you visit our Website from time to time to take note of any updates to our Data Protection Statement.
As of 20 May 2018