1 Information about the collection of personal data
(1) The following text informs you about the collection of personal data during usage of our website. Personal data refers to all data that can be related to you personally, such as your name, address, e-mail addresses and user behaviour.
(2) The controller as per Art. 4 (7) of the EU General Data Protection Regulation (EU GDPR) is
The contact information of our operational data protection officer is:
- DER DATENSCHUTZBEAUFTRAGTE -
Am Limes 69
73527 Schwäbisch Gmünd
(3) When you contact us by e-mail or using a contact form, we save the data you provide (your e-mail address and your name and telephone number, if relevant) so we can answer your questions. We delete any data collected in this context once it is no longer necessary to save them, or we restrict their processing if there are legal retention requirements.
(4) If we resort to contracted service providers for individual functions of our website or if we want to use your data for advertising purposes, we will inform you below of the procedures in question in detail. We will also specify the criteria defined for the length of storage.
- 2 Your rights
(1) Where we are concerned, you have the following rights regarding data relating to your person:
– Right to information
– Right to correction or deletion
– Right to restriction of processing
– Right to objection to processing
– Right to data portability
(2) You also have the right to file a complaint about us processing your personal data with a data protection authority.
- 3 Collection of personal data during visits to our website
(1) If you use the website for purely informational purposes, which is to say if you do not register or provide us with any other information, we collect only the personal data that your browser transmits to our server. If you want to view our website, we collect the following data, which are technically required so we can display our website to you and guarantee its stability and security (legal basis is Art. 6 (1) s. 1 lit. f EU GDPR):
– IP address
– Date and time of the request
– Time zone difference to Greenwich Mean Time (GMT)
– Content of request (specific page)
– Access status/HTTP status code
– Volume of data transmitted in each case
– Website from which the request originates
– Operating system and its interface
– Language and version of the browser software
(2) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive and assigned to the browser you are using and by which the provider that sets the cookie (in this case, us) receives certain information. Cookies cannot run programs or transmit viruses to your computer. They serve to make the website more user-friendly and effective.
- a) This website uses the following types of cookies, the scope and operation of which are explained below:
– Transient cookies (see b)
– Persistent cookies (see c)
- b) Transient cookies are automatically deleted when you close your browser, and they include session cookies in particular. They store a so-called session ID, with which various requests from your browser can be assigned to the common session. This allows your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close your browser.
- c) Persistent cookies are automatically deleted after a specific period that can vary depending on the cookie. You can delete cookies at any time in your browser’s security settings.
- d) You can configure your browser settings to suit your needs and reject the acceptance of third-party cookies or all cookies, for example. We would like to point out that you may not be able to use all the functions of this website in that case.
- 4 Additional functions and offers from our website
(1) In addition to the purely informational use of our website, we offer various services that you may use if you like. To do so, you generally need to provide additional personal data, which we use to perform the service in question and for which the previously mentioned data processing principles apply.
(2) In some cases, we use external service providers to process your data. We have selected and contracted them carefully. They are bound to follow our instructions, and we review them on a regular basis.
(3) Furthermore, we may transfer your personal data to third parties if we offer participation in special offers, prize draws, signing contracts or similar services together with partners. You will receive additional information on this when you provide your personal data or below in the description of the offer.
(4) If the registered office of our service providers or partners is located outside of the European Economic Area (EEA), we will inform you about the consequences of this situation in the description of the offer.
(5) On our website, we give users the option to register if they provide their personal data. Users enter these data on an input screen, whereupon they are transferred to us and stored. The data will not be disclosed to third parties. The information gathered by the registration form is queried during the registration process, and we save it. The legal basis for the processing of these data is Art. 6 (1) lit. a EU GDPR if the user has granted consent. Wenn die Registrierung der Erfüllung eines Vertrages, dessen Vertragspartei die betroffene Person ist, oder der Durchführung vorvertraglicher Maßnahmen dient. If the purpose of the registration is to fulfil a contract whose contracting party is the user or to perform pre-contractual measures, the additional legal basis for processing the data is Art. 6 (1) lit. b EU GDPR.
Registration is not required to conclude a contract with the user. Registration of the user may, however, be necessary for certain functions with added-value character, such as providing an order history.
We have concluded an order data processing contract with Zendesk and completely implement the strict regulations of the German data protection authorities when using Zendesk. The legal basis for processing with Zendesk is Art. 6 (1) s. 1 lit. a, provided you have granted your consent, and lit. b to in so far as the processing of your enquiry serves to prepare or execute a contractual relationship. Lit. f shall also apply if no contractual relationship exists, whereby our legitimate interest in this case consists in replying to your request.
(7) Statistical Data Analysis with Grow
We use services of the provider Grow (Grow, LLC, 5314 River Run Dr., Suite 150, Provo, UT 84604, United States). These services are used to generate statistical evaluations of the performance, sales and customer structure of our shop and services. Personal data, for example interactions with our customer service, can be processed in the course of this evaluation. The evaluations themselves do not contain any personal data. Grow, LLC, processes personal data in the United States and provides sufficient guarantees of an adequate level of data protection through certification under the Privacy Shield Agreement. Grow, LLC processes personal information on our behalf only as directed by us and not for any other purpose. The legal basis for the processing is Art. 6 Para. 1 lit. f) DSGVO, whereby our legitimate interest lies in the optimisation and demand-oriented orientation and design of our services as well as the improvement of our services and offers.
- 5 Objection to or revocation of the processing of your data
(1) If you have granted your consent to the processing of your data, you may revoke it at any time. Such a revocation impacts the permissibility of the processing of your personal data after you have issued it to us.
(2) In so far as we base the processing of your personal data on the weighing of interests, you may file an objection to the processing. This is the case if the processing in particular is not necessary to fulfil a contract with you, which we will address in the following description of functions. When you exercise such an objection, please illustrate the reasons why we should not continue processing your personal data as previously. If your objection is justified, we will examine the matter and either cease or alter data processing, or we will present you with our compelling and legitimate grounds for continuing the processing.
(3) Of course, you may object to the processing of your personal data for advertising and data analysis purposes at any time. You can use the contact information above to inform us of your objection to advertising.
- 6 Newsletter
(1) You can consent to subscribe to our newsletter, which we use to inform you about our latest interesting offers. The goods and services we advertise are mentioned in the declaration of consent.
(2) We use what is known as the double-opt-in procedure for newsletter registrations. That means that we send an e-mail to the e-mail address you have provided after your registration and ask you to confirm that you want to receive the newsletter. If you do not confirm your registration within 96 hours, your information will be blocked and automatically deleted after one month. In addition, we save the IP addresses you use, as well as the times of your registration and confirmation. We use this procedure so we can prove your registration and, if necessary, clear up any possible misuse of your personal data.
(3) The only information required for sending the newsletters is your e-mail address and your date of birth so we can verify your age and provide age-appropriate content. The provision of additional, specially marked data is voluntary and is used to address you personally. After your confirmation, we will save your e-mail address so we can send the newsletter. The legal basis is Art. 6 (1) s. 1 lit. a EU GDPR.
(4) You may revoke your consent to our sending the newsletter at any time and unsubscribe it. You can declare your revocation by clicking on the link provided in all newsletter e-mails or by sending a message to the contact information listed in the imprint.
- 7 Web analytics
Use of Webtrekk
(1) We have integrated components from Webtrekk into some of our websites. Webtrekk combines marketing and analysis solution in a single system. Webtrekk allows the site operator to collect data about the use of their websites and individualise their marketing activities.
The company operating Webtrekk is Webtrekk GmbH, Robert-Koch-Platz 4, 10115 Berlin, Germany.
Each time certain pages of websites operated by Schleich are accessed, Webtrekk collects and saves data for marketing and optimisation purposes. Pseudonymised user profiles are created using the data collected. These pseudonymised user profiles are used to analyse user behaviour and make it possible to improve our website. The data collected using Webtrekk components are not used to identify the data subject without this person’s consent having been obtained separately and expressly. These data are not merged with personal data or other data containing the same pseudonym.
(2) Webtrekk sets a cookie on your device. We explained the concept of cookies above. On behalf of Schleich GmbH, Webtrekk shall use the data and information collected via our websites to evaluate the user behaviour of the data subject who visited our website. Furthermore, Webtrekk shall use the data to create reports on user activity on our behalf, as well as to provide additional services for us which are related to the use of our website. Webtrekk does not merge your IP address with other personal data.
(3) You may prevent our websites from setting cookies as described above at any time by configuring your Internet browser accordingly and thus permanently object to cookies being set. Configuring your Internet browser in such a way would also prevent Webtrekk from setting a cookie on your device. Additionally, you can delete cookies Webtrekk has already set at any time using an Internet browser or another software program.
(4) Additionally, you can object to the data generated by the Webtrekk cookie being recorded and related to use of this website, as well as the processing of this data by Webtrekk and prevent such processing. To do so, you need to click on this link ,http://optout.webtrekk.net/optout.php?r=https://https://www.schleich-s.com/zh/CN/legal/privacy-policy/privacy-statement-objection which sets an opt-out cookie. The opt-out cookie set when you object is stored on the device you use. If the cookies in your system are deleted following an objection, you must access the link again and set a new opt-out cookie.
However, if you set this opt-out cookie, it may no longer be possible for you to use Schleich’s webpages to their full extent.
(5) If you want to exercise your right to information, we need the Webtrekk EID to identify your personal data with Webtrekk. You can view this number here.
You can access Webtrekk’s valid data protection regulations at https://www.webtrekk.com/en/why-webtrekk/data-protection/.
(6) The legal basis for using the services provided by Webtrekk and the related processing of your personal data is Art. 6 (1) s. 1 lit. f EU GDPR. The purpose of processing is to analyse the use of our website and the resulting optimisation and needs-based structuring of our contents and advertising measures. This also constitutes our legitimate interest as per the aforementioned legal basis.
Use of Nosto
This website uses retargeting technology from Nosto Solutions Ltd., Schützenstr. 6, 10117 Berlin, Germany (“Nosto”). This enables us to selectively use personalised, interest-based ads to reach out to our website visitors who have already shown an interest in our shop and our products. Advertising material is displayed based on a cookie-based analysis of previous usage behaviour. However, no personal data is stored. In cases involving retargeting technology, a cookie is stored on your computer or mobile device in order to record pseudonymised data about your interests and to adapt the advertising individually to the information stored. These cookies are small text files that are stored on your computer or mobile device. As a result, you receive advertising which are very likely to correspond to your product and informational interests. If the information collected indicates a link to a specific individual, processing shall take place as per Art. 6 (1) s. 1 lit. f EU GDPR based on our legitimate interest in displaying personalised advertising and market research. You can permanently object to cookies being set for advertising preferences by configuring your Internet browser so that, in future, no more cookies can be stored on your computer, and cookies that are already stored are deleted. Deactivating all cookies can, however, mean that some functions on our websites can no longer be executed.
In addition, we use Nosto based on your consent and thus on the legal basis of Art. 6 (1) s. 1 lit. a, so we can provide you with information and advertising by e-mail for products that may be particularly interesting for you based on content you have visited.
You can view more detailed information and data protection regulations regarding advertising and Nosto here: http://www.nosto.com/terms/
- 8 Use of social media plug-ins and media services
(1) We currently use the following social media plug-ins: Facebook, Pinterest, Twitter, Instagram, Linkedin and Xing. In this context, we use the so-called two-click solution. In other words, when you visit our site, no personal data is initially passed on to the providers of the plug-ins. You can recognise the plug-in provider by the marking on the box above their initial letter or logo. We enable you to communicate directly with the provider of the plug-in via the button. Only if you click on the highlighted field and thereby activate it does the plug-in provider receive the information that you have called up the corresponding website of our online service. Furthermore, the data mentioned under § 3 of this policy are transmitted. In the case of Facebook and Xing, the IP address is anonymised immediately after collection based on the specifications of the relevant providers in Germany. Activating the plug-in thus transfers your personal data to the relevant plug-in provider, where it is then stored (in the case of American providers, in the USA). Since the plug-in provider collects data using cookies in particular, we recommend configuring the security settings of your browser to delete all cookies before clicking on the greyed-out box.
(2) We have no control over the collected data and data processing, nor are we aware of the full scope of data collection, the purposes of the processing and the retention periods. We also have no information as to deletion of the data collected by the plug-in providers.
(3) The plug-in provider stores the data collected about you as usage profiles and uses it for advertising, market research and/or customising its website. Such an evaluation is performed especially (even for users who are not logged in) in order to display needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must address the plug-in provider in question to exercise this right. Using the plug-ins, we enable you to interact with social networks and other users so that we can improve our website and make it more interesting for you as a user. The legal basis for using the plug-ins is Art. 6 (1) s. 1 lit. f EU GDPR.
(4) The data is transmitted regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, the data we collected from you will be directly assigned to your account with the plug-in provider. If you click on the activated button and, for example, link the page, the plug-in provider will also store this information in your user account and share it publicly with your contacts. We recommend regularly logging out after you use a social network, but especially before activating the button because by doing so, you can avoid information being assigned to your profile with the plug-in provider.
(5) For more information on the purpose and scope of the data collection and its processing by the plug-in provider, please refer to the privacy statements of these providers, which are provided below. There you will also find further information about your rights and configuration options for protecting your privacy.
(6) Addresses of the plug-in providers and URLs with their privacy policies:
- a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; additional information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has agreed to uphold the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
- b) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter has agreed to uphold the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
- c) Pinterest Inc., 808 Brannan Street San Francisco, CA 94103-490, USA: https://about.pinterest.com/de/privacy-policy Pinterest has agreed to uphold the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Embedded YouTube videos
(1) We have embedded YouTube videos in our website. They are stored at http://www.YouTube.com and can be played directly from our website. They are all embedded in the enhanced data protection mode, which means that no data about you as a user are transferred to YouTube if you do not play the videos. The data mentioned in paragraph 2 are transferred only if you play the videos. We have no influence on this data transfer.
(2) When you visit our website, YouTube receives the information that you have called up the relevant subpage of our website. Furthermore, the data mentioned under § 3 of this policy are transmitted. This takes place regardless of whether YouTube provides a user account which you use to log in and whether you even have a user account. If you are logged into Google, your data are assigned directly to your account. If you do not want this assignment to your YouTube profile to take place, you must log out before activating this button. YouTube stores your data as usage profiles and uses them for advertising, market research and/or customising its website. Such an evaluation is performed especially (even for users who are not logged in) in order to display needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must address YouTube to exercise this right.
- 9 Facebook Custom Audiences
(1) This website continues to use the “Custom Audiences” remarketing function provided by Facebook Inc. (“Facebook”). This function makes it possible to display interest-related advertising to website users during their visits to the social network Facebook or other websites that also use the procedure (“Facebook Ads”). By doing so, we pursue the interest of showing advertising that is of interest to you in order to make our site more appealing for you.
(2) Owing to the marketing tools used, your browser automatically creates a direct connection with Facebook’s server. We have no influence on the scope and further usage of the data that are collected through Facebook’s use of this tool and are therefore informing you according to our state of knowledge: As a result of the embedding of Facebook Custom Audiences, Facebook is informed that you have accessed the corresponding page of our website, or you have clicked on one of our ads. If you are registered for one of Facebook’s services, Facebook can assign the visit to your account. Even if you are not registered with Facebook or are not logged in, the provider may ascertain and store your IP address and other identifying characteristics.
(3) It is possible to disable the function “Facebook Custom Audiences” [here] and at this link for logged-in users: https://www.facebook.com/settings/?tab=ads#.
(4) The legal basis for processing your data is Art. 6 (1) s. 1 lit. f EU GDPR. You can find more information on Facebook’s data processing at https://www.facebook.com/about/privacy.