Privacy Notice
1. information on the collection of personal data and contact details of the person responsible
2. data collection when visiting our website
3. making contact
4. cookies
5. data processing for order processing
6. data processing when opening a customer account and for contract processing
7. use of your data for direct advertising
8. online marketing
9. rights of the data subject
10. duration of storage of personal data
1. information on the collection of personal data and contact details of the controller
1.1 Thank you for visiting our website. In the following, we would like to inform you about how we handle your personal data when you use our website. Personal data is basically all data with which you can be personally identified.
1.2 The controller responsible for the processing of data on our website within the meaning of the General Data Protection Regulation (GDPR) is:
Eyecheck Europe GmbH/ Dr med Torsten Kühn
Bärenschanzstraße 131
90429 Nuremberg
Germany
E-mail: hello@eyecheck.shop
1.3 In order to protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL or TSL) via HTTPS.
2. data collection when visiting our website
Each time you visit our website, our system automatically collects data and information that your browser transmits to our server (so-called ‘server log files’). The following data, which is technically necessary for us, is collected:
- The website we visited
- Date and time at the time of access
- Amount of data sent in bytes
- Source/reference from which you reached the page
- Operating system used
- Browser used
- IP address used (if applicable: in anonymised form)
The legal basis for the processing is Art. 6 para. 1 lit. f GDPR due to our legitimate interest in improving the stability and maintaining the functionality of our website. The data will not be passed on or used in any other way. The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.
We reserve the right to subsequently check the server log files if there are concrete indications of unlawful use. The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymised so that it is no longer possible to identify the accessing client. The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user has no option to object.
3. contacting us
If you contact us using the contact form, the data entered in the input mask will be transmitted to us and stored. The data collected can be found in the respective input mask. If you contact us by e-mail, only the data you enter there will be transmitted to us.
The data is used exclusively for processing the conversation and your request. The legal basis for the processing of the data is Art. 6 para. 1 lit. a) GDPR if the user has given consent. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f) GDPR. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b) GDPR.
The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected and provided there are no statutory retention obligations to the contrary. For the personal data from the input screen of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.
4. cookies
Our website uses cookies.
Cookies are text files that are stored on the user's end device. When a user accesses a website, a cookie may be stored on the user's operating system. Some functions of our website cannot be offered without the use of cookies. This requires the browser to be recognised even after a page change. The user data collected by technically necessary cookies is not used to create user profiles.
Our legitimate interest in the processing of personal data pursuant to Art. 6 para. 1 lit. f) GDPR also lies in the above-mentioned purposes.
In addition, our website may use cookies that enable an analysis of the surfing behaviour of users (so-called third party cookies). Further information on the scope, purpose, legal basis and objection options can be found in the relevant sections of the respective chapter of this privacy policy.
As a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate, restrict or delete the transmission of cookies. If you deactivate cookies for our website, you may no longer be able to use all the functions of the website to their full extent. You can prevent the transmission of Flash cookies by changing the Flash Player settings.
You can find help on the settings in the respective help menu of your browser or under the following links:
Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
- Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
- Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647
- Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
- Opera: https://help.opera.com/en/latest/web-preferences/#cookies
Some of the cookies used here are deleted again after you close your browser (so-called session cookies). Other cookies remain on your end device and enable us or our partner companies (third-party cookies) to recognise your browser on your next visit (persistent cookies). If cookies are set, they collect and process certain user information such as browser and location data and IP address values to an individual extent. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie.
The checkout solution from Klarna (Klarna Bank AB (publ.), Sveavägen 46, 111 34 Stockholm, Sweden) used here uses cookies to ensure a smooth process when using the Klarna checkout.
More information on the individual cookies and an explanation of their respective purpose can be found for Germany at:http://cdn.klarna.com/1.0/shared/content/policy/cookie/de_de/checkout.pdf
and here for Austria: https://cdn.klarna.com/1.0/shared/content/policy/cookie/de_at/checkout.pdf
5 Data processing for order processing
5.1 If you wish to place an order in our webshop, it is necessary for the conclusion of the contract that you provide your personal data, which we need to process your order. We process the data you provide to fulfil your order.
In some cases, we work together with external service providers to process your order. For this purpose, we must pass on the necessary personal data.
If we commission transport companies to deliver your goods, we will pass on your data required for the delivery of the goods to the respective transport company. For the processing of payments, we pass on your data to the commissioned credit institution as required. If we use payment service providers, you will also be informed of this below. The legal basis for the transfer of your data is Art. 6 para. 1 lit. b GDPR.
5.2 Use of payment service providers
5.3. bancontact
When paying via ‘bancontact’ via Paypal Checkout, the payment is processed via the payment service provider PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter: ‘Paypal’).
You can find more information on the PayPal checkout in the corresponding section below.
5.4. blik
When paying via ‘blik’ via the Paypal Checkout, the payment is processed via the payment service provider PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter: ‘Paypal’).
You can find more information about the PayPal checkout in the corresponding section below.
- Klarna
When paying via the following payment methods (if offered): - ‘Klarna invoice purchase’ - ‘Klarna instalment purchase’ - ‘Klarna direct debit’ (a Klarna instant payment method) - ‘Klarna credit card payment’ (a Klarna instant payment method), payment is processed via Klarna AB (publ) [https://www.klarna.com/de], Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter referred to as ‘Klarna’). We pass on your personal data (first and last name, street, house number, postcode, city, gender, e-mail address, telephone number and IP address) as well as data related to the order (e.g. invoice amount, article, delivery method) to Klarna for the purpose of identity and credit checks if you have expressly consented to the transfer in accordance with Art. 6 para. 1 lit. a GDPR. Klarna may forward your data to one of the following credit
agencies: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies
The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, these are based on a scientifically recognised mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data.
The calculation of the score values includes, but is not limited to, address data. You can revoke your consent at any time by sending a message to the controller responsible for processing your data or to Klarna.
However, Klarna may continue to process your personal data if this is necessary for contractual payment processing. The following data protection provisions of Klarna apply to data subjects based
in Germany: https//cdn.klarna.com/1.0/shared/content/policy/data/de_de/data_protection.pdf For The following data protection provisions of Klarna apply to data subjects based
in Austria: https://cdn.klarna.com/1.0/shared/content/policy/data/de_at/data_protection.pdf
5.5. mybank
When paying via ‘mybank’ via the Paypal Checkout, the payment is processed via the payment service provider PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter: ‘Paypal’).
You can find more information on the PayPal checkout in the corresponding section below.
- PayPal
If you select the payment method PayPal, credit card via PayPal, direct debit via PayPal or - if offered - ‘purchase on account’ or ‘payment by instalments’ via PayPal, payment will be processed via PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as ‘PayPal’).
We pass on your personal data to PayPal in accordance with Art. 6 para. 1 lit. b GDPR to the extent necessary. PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - ‘purchase on account’ or ‘payment by instalments’ via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 para. 1 lit. f GDPR due to PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit check with regard to the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method.
The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognised mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. Which other data is collected by PayPal can be found in PayPal's privacy policy. This can be found at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
5.6 PayPal Checkout
We use PayPal Checkout (PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as ‘PayPal’) on this website.
PayPal Checkout is an online payment solution from PayPal that serves both PayPal payment methods and local payment methods from third-party providers. If you select the payment methods PayPal, credit card via PayPal, direct debit via PayPal or ‘Pay later’ via PayPal (if offered in each case), we will pass on your necessary payment data to PayPal for the purpose of payment processing. The transfer is permitted in accordance with Art. 6 para. 1 lit. b GDPR.
For the payment methods credit card via PayPal, direct debit via PayPal or ‘Pay later’ via PayPal, PayPal reserves the right to carry out a credit check. For this purpose, PayPal may pass on your necessary payment data to credit agencies. The processing takes place on the legal basis of Art. 6 para. 1 lit. f GDPR. PayPal has a legitimate interest in determining your solvency.
You can object to this processing of your data at any time by sending a message to PayPal, whereby further processing of your personal data by PayPal may continue to be authorised if this is necessary for contractual payment processing.
If you select the payment method PayPal invoice purchase, we will initially transmit your payment data to PayPal in accordance with Art. 6 para. 1 lit. b GDPR. PayPal then forwards your data to Ratepay GmbH,
Ritterstr. 12-14, 10969 Berlin, Germany, to process the payment. RatePay then carries out an identity and credit check in its own name. The legal basis for this is Art. 6 para. 1 lit. f GDPR, the legitimate interest in determining solvency. For this purpose, RatePay passes on your payment data to credit agencies in accordance with Art. 6 para. 1 lit. f GDPR.
Ratepay can access the following credit agencies: https: //www.ratepay.com/legal-payment-creditagencies/
If you choose the payment method of a local third-party provider, we will first pass on your payment data to PayPal in accordance with Art. 6 para. 1 lit. b GDPR. PayPal will then forward your payment data to the provider you have selected in order to process the payment (Art. 6 para. 1 lit. b GDPR):
- iDeal (Currence Holding BV, Beethovenstraat 300 Amsterdam, Netherlands)
- Giropay (Paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main, Germany)
- Sofort (SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany)
- bancontact (Bancontact Payconiq Company, Rue d'Arlon 82, 1040 Brussels, Belgium)
- bancontact (Bancontact Payconiq Company, Rue d'Arlon 82, 1040 Brussels, Belgium)
- blik (Polski Standard Płatności sp. z o.o., ul. Czerniakowska 87A, 00-718 Warsaw, Poland)
- Przelewy24 (PayPro SA, Kanclerska 15A, 60-326 Poznań, Poland)
- MyBank (PRETA S.A.S, 40 Rue de Courcelles, F-75008 Paris, France)
Further information can be found in PayPal's privacy policy
https://www.paypal.com/de/webapps/mpp/ua/privacy-full
6. data processing when opening a customer account and for contract processing
If you open a customer account with us, personal data will be collected and processed in accordance with Art. 6 para. 1 lit. b GDPR. The scope of the data can be seen from the input form. The data you enter will be stored and used by us to process the contract.
You can delete your customer account at any time. This can be done by sending a message to the address of the person responsible or, if offered, directly in the customer account. In this case, we will also block your data with regard to retention periods under tax and commercial law and delete it after these periods have expired. This can only be opposed by your consent to permanent storage or a legally permitted further use of data on our part.
7 Use of your data for direct advertising
Advertising by letter post If you have provided us with your first and last name, your postal address and any other personal data on the basis of an order, we reserve the right to store this data and send you our offers by post in order to protect our legitimate interest in personalised direct advertising in accordance with Art. 6 para. 1 lit. f GDPR.
You can object to the storage and use of your data for this purpose at any time by sending a corresponding message to the controller.
8. online marketing
Use of Google Ads conversion tracking
This website uses the online advertising programme ‘Google Ads’ and, as part of Google Ads, the conversion tracking of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (‘Google’).
Here, advertising material (so-called Google Adwords) is used to advertise our offers on external websites. Our legitimate interest lies in displaying adverts that are of interest to you and in achieving a fair calculation of advertising costs. The legal basis is Art. 6 para. 1 lit.a GDPR, namely your express consent.
Google Ads uses cookies for conversion tracking, which are set when you click on an AdWords advert placed by Google.
These cookies generally lose their validity after 30 days and are not used for personal identification. Each Google Ads customer receives a different cookie, which is why cookies cannot be tracked via the websites of Ads customers.
In this case, certain functions of this website may not be available or may only be used to a limited extent.
Further information on Google's data protection can be found here: https://business.safety.google/privacy/
9 Rights of the data subject
9.1 The applicable data protection law grants you comprehensive data subject rights (rights of access and intervention) vis-à-vis the controller with regard to the processing of your personal data, about which we
inform you below:
- Right to information in accordance with Art. 15 GDPR:
You can request confirmation from the controller as to whether personal data concerning you is being processed by the controller. In addition, you have a right to information about the purpose, the categories of personal data, the recipients, the planned duration of storage and the existence of further rights such as the right to rectification of the data or the existence of a right of appeal to a supervisory authority, the origin of your data if it was not collected by us, the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved. meaningful information about the logic involved and the significance and envisaged consequences of such processing for you, as well as your right to be informed of the safeguards pursuant to Art. 46 GDPR relating to the transfer of your data to third countries;
- Right to rectification pursuant to Art. 16 GDPR:
You have a right to immediate correction of incorrect data concerning you and/or completion of your incomplete data stored by us; the correction or completion must take place immediately.
- Right to restriction of processing pursuant to Art. 18 GDPR:
You have the right to request the restriction of the processing of your personal data for as long as the accuracy of your data, which you dispute, is being verified, if you refuse to have your data erased due to unauthorised data processing and instead request the restriction of the processing of your data, if you require your data for the establishment, exercise or defence of legal claims after we no longer require this data after the purpose has been achieved or if you have lodged an objection for reasons relating to your particular situation, as long as it is not yet clear whether our legitimate reasons prevail;
If the processing of personal data concerning you has been restricted, this data - apart from its storage - may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.If the restriction of processing has been restricted, you will be informed by the controller before the restriction is lifted.
- Right to erasure pursuant to Art. 17 GDPR:
You have the right to obtain the erasure of your personal data without undue delay if the requirements of Art. 17 (1) GDPR are met. However, this right to erasure does not exist in particular - not conclusively - if the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims
- Right to information in accordance with Art. 19 GDPR:
If you have exercised your right to rectification, erasure or restriction of processing, the controller is obliged to notify all recipients to whom your personal data have been disclosed of this rectification or erasure of the data or restriction of processing, unless this is impossible or involves a disproportionate effort. You also have the right to be informed about these recipients.
- Right to data portability in accordance with Art. 20 GDPR:
You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller, insofar as this is technically feasible;
You also have the right to revoke your declaration of consent under data protection law at any time with effect for the future. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
- Right to lodge a complaint pursuant to Art. 77 GDPR:
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
9.2 Right to object
You have the right to object to the processing of your data at any time with effect for the future if we process your data on the basis of our overriding legitimate interest after weighing up your interests.
If you make use of this right of objection, we will stop processing your data unless there are demonstrably overriding compelling legitimate grounds for termination or if further processing serves the exercise or defence of legal claims.
10. duration of the storage of personal data
The duration of the storage of personal data depends on the statutory retention periods. After these periods have expired, we routinely delete the data if it is no longer required for the fulfilment or initiation of the contract and/or if we no longer have a legitimate interest in continuing to store it.