Last updated: May 2018
- the website www.neubau-eyewear.com (“website”)
- the contracts with our customers with regard to the purchasing of products offered via the website.
1. Data processing during use of the website
Whenever you visit our website, we collect the following data: IP address.
You can visit our website without having to disclose information about yourself. Whenever you access the website, only certain access data (your IP address and other metadata, such as the date and time of access and the requesting provider) are processed with the support of automated processes, par-ticularly for the purposes of security or improvement of the website’s quality. This information does not enable us to identify you personally. The IP anonymization used on this website means that your IP address will be held in trun¬cat¬ed and anonymised form. You can visit our website for purely infor-mational purposes, to find out about our products, services and activities, without it becoming possi-ble for us to link such data to you personally.
2. Data processing when you become one of our customers and wish to purchase products
If you decide to use our services, you must disclose certain information so that our contract with you can be executed. For this, you can create a customer account. However, you can also place an order without a customer account. When you purchase a product, you must provide the following personal data in any case:
a) First name, surname
b) Telephone number
c) E-mail address
d) Delivery address, billing address
We require this information to be able to fulfil our contract with you (art. 6.1.1.b of the GDPR). The data is also saved by us, though we only store the data for as long as we deem reasonably necessary for the purposes of fulfilling the contract and to the extent permissible by law. In any case, we save your personal data for as long as legal storage requirements apply or periods of limitation for potential legal claims have not yet expired. If the storage of the data is no longer necessary for the purposes for which the data was originally collected (or within the scope of a legally permissible change of pur-pose), and there are no further legal requirements to continue storing it, then we arrange for the data to be deleted.
For the purpose of fulfilling our contract with you, we must also select an e-commerce partner during the ordering process. This partner provides us with specific services in connection with the online purchase. Such partners are considered “processors” within the terminology of data protection law. For this purpose, we will transfer your full name and information about the selected product exclusively to the selected service partner. If you wish to make use of specific services with regard to a contract you have concluded with Silhouette and these services are handled by a service partner, your postal address may be disclosed to the service partner, if necessary, or you may voluntarily share it with them. Such disclosure of your data is also a necessary precondition for fulfilling our contract with you.
In case you return a product (particularly when exercising your right of withdrawal), a further processor will become involved, namely: PVS ZMD GmbH, Schleißheimer Straße 93a, 85748 Garching bei München, Germany. Should you return products that you have purchased via our online shop, your full name and postal address will be disclosed to PVS ZMD GmbH.
Our processors are bound by our data protection practices and always treat your personal data as strictly confidential. Unless they have your explicit consent to do so, they will never disclose your data to third parties or use your data for any purposes other than those necessary for the fulfilment of their duties towards Silhouette or based on our explicit instructions.
If you select the payment method Sofort bank transfer, then, after placing your order, you will be transferred to the website of the online provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany. After you have proven your identity, your personal data and personal account data are transferred to SOFORT GmbH, enabling them, for example, to verify your account balance. Please note the additional data protection information from SOFORT GmbH to which you will be referred specifically whenever you use this service.
4. Data subject’s rights
One of the main objectives of data protection legislation is to grant you certain options for controlling your personal data after data processing has already begun. For this purpose, data subjects have various rights which we must observe immediately upon your request (or, in any case, within one (1) month of your request). To exercise your rights, contact us at the following e-mail address: firstname.lastname@example.org. Specifically, you have the following rights:
a) Should you exercise your right to information, and no legal restrictions apply, we will pro-vide you with comprehensive information about our processing of your data. To do so, we will provide you with (i) copies of the data (e-mails, database excerpts, etc.), as well as in-formation related to (ii) specifically processed data, (iii) processing purposes, (iv) categories of data being processed, (v) data recipients, (vi) storage limits and/or criteria for determining these, (vii) the origin of the data, and (viii) other information, as necessary, depending on your specific case. Please note, however, that we cannot issue any documents which could infringe upon the rights of other persons.
b) With your right to correction, you can request that we correct information that we have recorded incorrectly, that is no longer correct or that is incomplete (for the specific pro-cessing purposes in question). Your request will be evaluated, during which time you can request for the data processing in question to be restricted until the evaluation is complete.
c) The right to (data) deletion can be exercised (i) in the event that there is no necessity with regard to the processing purpose, (ii) in case you withdraw your consent, (iii) in case of a special objection, if the data processing in question is based on Silhouette’s legitimate in-terests, (iv) in case of improper data processing, (v) in the event that there is a legal require-ment to delete the data, and (vi) in case of processing of personal data referring to minors under the age of 16.
d) In specific cases, the data subject has a right to restriction of processing. After this right is exercised, the data in question can only be stored. In addition to the option of restriction during the evaluation period for data corrections, this extends to (i) unlawful data processing (insofar as no deletion is requested) and (ii) the duration of the evaluation of a special objection.
e) Furthermore, you have a fundamental right to object to data processing at any time. This only applies whenever the processing is based on Silhouette’s legitimate interests. Please note, however, that legitimate interests can only be invoked as a legal basis for processing activities in specific cases.
f) You can also exercise your right to complain to supervisory authorities (see point 11).
Please also note that in some cases we will be unable to comply with your request due to mandatory, protected reasons for processing (weighing of interests) and/or processing based on the exertion, ex-ercise or defence of legal claims (on our side). The same applies in the case of excessive requests, in which case (as in the case of compliance with manifestly unfounded requests), a fee may be imposed.
5. Data security
Silhouette takes all the suitable technical and organisational measures to ensure that, by default, per-sonal data is only processed to the extent strictly necessary for the business purpose in question. The measures taken by Silhouette relate to the quantity of the collected data, the scope of the processing as well as the storage limits and accessibility of the data. Through these measures, Silhouette ensures that personal data is made available by default only to a strictly limited and necessary number of persons. No other persons are granted access to personal data without the explicit consent of the data subject. Furthermore, Silhouette uses various safety mechanisms (back-ups, encryption) to secure its website and other systems. These are intended to provide your (personal) data with the greatest possible level of protection against loss, theft, destruction, unauthorised access, modification or distribution.
All Silhouette employees are adequately informed of all applicable regulations under data protection law as well as internal data protection rules and data security precautions. They are bound to confidentiality with respect to any information made known and/or accessible to them within the scope of their work. The provisions of the GDPR are strictly observed and personal data is only provided to individual employees to the extent necessary with regard to the purpose of the data collection and our obligations arising from it. If Silhouette engages processors, they are bound to us by specific framework agreements to act in accordance with our data protection practice.
6. Links to Third-Party Websites
We use links to the third party webpages on our website, which consist on the one hand of links to our long-term partners, and on the other, of links to social networks (e.g. Facebook, Twitter, Insta-gram, Pinterest). If you click on any of these links, you will be redirected directly to the relevant webpage. The only data that the website operators will receive is that you have come via our website. We therefore refer you to the privacy policies of these websites. Please note, however, that if you do not want a particular social network to assign data collected via our website to your profile in that social network, you must log out before clicking on the link and accessing it.
We use small pieces of text data called “cookies” that are stored on your computer when you use our website. These help us to optimise our service to make it more user-friendly and secure, and to make design improvements. In many cases, the cookies installed will be “session cookies”, which will be au-tomatically deleted when you finish your browser session without needing further action on your part. Other cookies (e.g. those that store your language preferences) are stored over a longer period of time, and must be deleted manually. Cookies contain absolutely no personal data.
Most browsers automatically accept cookies. However, you can change your browser settings so that cookies are either totally blocked or only certain types are permitted (e.g. you can choose to only block third-party cookies). Please note that you may not be able to enjoy the full functionality of the website if you change your cookie settings. You can find out how to change your settings on the most common browsers using the following links: Internet Explorer™: https://support.microsoft.com/…
8. Google Analytics
Our website uses Google Analytics, a website analysis tool by Google Inc., 1600 Amphitheatre Park-way, Mountain View, CA 94043, USA (“Google”). Cookies allow Google Analytics to evaluate your usage of a particular website. We will process your data in accordance with our legitimate interest to collect website visitor statistics in a cost-efficient and convenient way (Art. 6 Para. 1 Letter F of the GDPR regulations).
The information gathered by the cookies about your use of the website will be transmitted to Google’s servers in the USA and stored there. We do not store any data that is generated through Google Analytics. The IP anonymization used on this website means that your IP address will be held in truncated form by Google for member states of the European Union as well as other states party to the agreement on the European Economic Area. In exceptional cases, your full IP address will be sent to the USA and shortened there. Google uses this information to evaluate your website usage for us and to compile reports about your website activity in order to offer us additional services relating to website behaviour and Internet usage. Your IP address will not be associated with any other data held by Google, and will not therefore allow your identity to be discerned. Google is a participant of the EU-US Privacy Shield, which requires Google to uphold the agreement and comply with European data protection standards. The certification for the Privacy Shield can be found at https://www.privacyshield.gov/list.
Using the process described in point 7, you can set up your browser preferences to stop it from storing cookies (or restrict third-party cookies only) on your computer. Moreover, you can prevent Google from collecting and processing data gathered from cookies tracking your website usage (incl. your IP address) by downloading and installing the appropriate browser plugin (http://tools.google.com/dlpage/gaoptout?hl=en). However, we would also point out that you may not be able to enjoy the website’s full functionality if you do so.
You can find more detailed information about your data privacy with regard to Google Analytics and how you can manage it at https://policies.google.com/privacy?hl=en.
On our website you have the option of signing up to the neubau newsletter. To do so, you are required to submit your name and your e-mail address. You can also voluntarily submit your your coun-try of residence to receive more personalised information. We need the data to send you the newslet-ter and address you correctly. The neubau newsletter will also keep you up-to-date about the latest neubau products and trends, and will only be sent to those who have voluntarily provided their e-mail address. Of course, should you wish to stop receiving the newsletter at any time, you can click on the “unsubscribe from the newsletter” button. Providing there is no further legal requirement or legal ba-sis for processing it, the data stored for sending the newsletter will be deleted after you unsubscribe. We also use the newsletter to make statistical analyses regarding your personal data, and we measure the performance of the newsletter by monitoring if the newsletter is opened, what content is clicked on and technical information regarding sending the newsletter. Processing is carried out in line with our legitimate interest to produce readilyaccessible newsletter statistics that help our marketing ef-forts in a costeffective way.
We use the “Eyepin” newsletter service operated by eyepin GmbH. To utilise the service, the personal data you voluntarily provided will be stored on Eyepin’s servers in Austria and Germany. Your data will only be used in order to send you the newsletter that you ordered.
10. Facebook Pixel
b) You can prevent Facebook-Pixel from collecting and processing your data for the purposes of displaying Facebook ads. If you want to control what kind of adverts are displayed to you on Facebook, you can go to the page Facebook has set up for this purpose and follow the instructions on configuring user-targeted adverts: https://www.facebook.com/settings?tab=ads. The settings chosen will be applied across all platforms, meaning that they will apply to all devices from your desktop to mobile.
c) To stop Facebook-Pixels from collecting data on our website, please click on the following link: Facebook-Opt-Out. Please note: If you click on the link, an opt-out cookie will be stored on your device. If you subsequently delete the cookies from the browser, you will have to click on the link again. Moreover, the opt-out only works on the browser you used to download it and only for the web domain where you clicked on the link.
d) You can further prevent the deployment of cookies that measure visitor numbers and enable adverts on the deactivation webpage of the Network Advertising Initiative (http://optout.networkadvertising.org/), and also on the US-based website (http://www.aboutads.info/choices) or European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
11. Contact Form on the Website
On our website you have the option of filling out a contact form to ask us specific questions or get in touch with us. The information that you submit will only be used to respond to your question, and will not be stored.
12. Right of Complaint
If you decide that we have infringed against incumbent data privacy laws, you have the right to file a complaint with the relevant national data protection authority. The requirements involved in lodging a complaint will depend on the specific national regulations governing the implementation of GDPR. However, we would request that you get in touch with us beforehand so that we can clear up any questions or problems.
13. Contact Details for Data Protection Questions, Messages and Requests
Please send questions, notifications or requests regarding data protection law to the following contact address:
Silhouette International Schmied AG