Privacy Policy

 

With this privacy policy we inform you about our processing of your personal data. We know that the protection of this data is important to you and appreciate the trust placed in us. We process personal data in accordance with the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).

 

1.Who is controlling data processing and whom can I contact?

 

Anteprima Brands International Ltd. operates the website mymiabag.com (“Website”).

Contact details:

Anteprima Brands International Ltd.
St.Lukes Street, Guardamangia,
PTA1020, Pieta
Malta
Phone: +35620206811
Email: support@mymiabag.com

2. For what purpose do we process your data and on which legal basis?

 

We process personal data in accordance with the provisions of the GDPR and the Federal Data Protection Act (BDSG) for the following purposes:

2.1 For the performance of contractual and pre-contractual obligations (Article 6 (1) sentence 1 (b) GDPR)
The processing of personal data (Article 4 No. 2 GDPR) occurs to provide this Website and to market the products, in particular to respond to inquiries related to our business relationship and for all activities necessary for the operation and administration of the company.

Anteprima Brands International Ltd. processes the personal information that you provide as a user when registering, for purchase purposes. In particular, the following data are processed: name, e-mail address, address (invoice and, if applicable, different shipping address), order information, and telephone number.

2.2 Based on legitimate interests (Article 6 (1) sentence 1 (f) GDPR)
In addition, we process your data beyond the provision of the website and the actual performance of the contract for pursuing legitimate interests of third parties, or us, in particular in the following cases:

  • Answering your inquiries which are related or unrelated to a purchase;
  • advertising or market and opinion research, as long as you have not objected to the use of your data;
  • asserting legal claims and defense in legal disputes;
  • ensuring IT security and IT operations;
  • preventing and investigating criminal offenses;
  • business management and product development.

Our legitimate interest is to market our products optimally, further develop these products and our company, or to protect our company against adverse effects and threats and to enforce its claims.

2.3 On the basis of your consent (Article 6 (1) sentence 1 (a) GDPR)
Insofar as you have given us consent to the processing of personal data for specific purposes (e.g. evaluation or use of data for marketing purposes), the legality of this processing is based on your consent. A given consent can be withdrawn at any time. This also applies to the withdrawal of consents, which you have given us prior to the validity of the GDPR (before 25 May 2018). Please note that the withdrawal takes effect only for the future. Processing that occurred before the withdrawal is not affected by a revocation.

2.4 For compliance with a legal obligation (Article 6 (1) sentence 1 (c) GDPR)
In addition, we are subject to various legal obligations (e.g. Money Laundering Act, tax laws), which require the processing of data.

 

3. Who gets my data?

Within the respective controlling company, the departments which need your personal data to perform our contractual and legal obligations, obtain access to your data.
Also, we pass on your data to the recipients expressly named in this privacy policy.

Furthermore, we pass them on to the following categories of recipients if this is necessary to fulfill a contractual relationship with you or to carry out pre-contractual measures (Article 6 (1) sentence 1 GDPR), or to pursue legitimate interests (Art 6 (1) sentence 1 lit. f GDPR):

  • IT service providers, especially software as a service, hosting, storage and cloud computing providers,
  • logistics service providers,
  • email marketing service providers and customer service providers,
  • marketing service providers, especially Google Ads and WhatsApp consulting service providers,
  • payment service providers for the collection of fees

To the extent that processing is required to pursue legitimate interests, such as the use of IT services, our legitimate interest is to outsource functions.
In addition, your personal data is forwarded or transmitted if required by law (Article 6 (1) sentence 1 (c) GDPR), or if you have consented (Article 6 (1)

 

4. How long will my data be stored?

To the extent necessary, we process and store your personal data for the duration of our contractual relationship. Note that our contractual relationship is usually a continuing obligation.

When there is a contractual relationship, or another civil law claim, the storage period is also governed by the statutory limitation periods.

The storage period of cookies depends on the individual case and is usually between 12 and 24 months.

 

5. Are data transmitted to a third country or to an international organization?

Anteprima Brands International Ltd. itself does not transmit data to third countries (countries outside the European Economic Area – EEA). However, some of the above mentioned recipients will transfer personal data to third countries, but this will only be done on the basis of an adequacy decision by the EU Commission or, as indicated below, on the basis of standard data protection clauses of the EU Commission (available at https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:EN:PDF) or binding corporate rules.

 

6. Website – log files

When visiting our Website, the browser used on your device automatically sends information to the server hosting our Website. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automated deletion: IP address of the requesting computer, date and time of access, name and URL of the retrieved file, web page from which the access follows (“Referrer-URL “), If applicable, the search engine you are using, the browser used and, if applicable, the operating system of your computer and the name of your access provider.

The legal basis for this type of data processing is Article 6 (1) sentence 1 lit. f GDPR. The legitimate interests pursued by us are in particular:

  • Ensuring a smooth connection of the website,
  • ensuring comfortable use of our website,
  • billing,
  • statistical evaluation using a pseudonym to optimize our website and offer quality and range,
  • evaluation of system security and stability as well
  • for further administrative purposes.
  •  

7. Marketing

7.1 Newsletter

To the extent that you have expressly consented in accordance with Art. 6 para. 1 sentence 1 (a) GDPR we use your e-mail address to inform you with our newsletter by e-mail about us, our offers and special promotions. Your consent will be logged.

For the receipt of the newsletter the indication of an e-mail address is sufficient.

The withdrawal of the consent is possible at any time, for example via the link at the end of each e-mail. Alternatively, you can also send your withdrawal notice at any time by e-mail at support@mymiabag.com. In this case, your e-mail address will be deleted from our e-mail distribution list and added to our black list. The withdrawal of your consent takes effect only for the future. Processing that occurred before is not affected.

Newsletter tracking
Note that we evaluate the behavior of the recipients of our emails using pseudonymous usage statistics. For this purpose, the emails contain so-called web beacons or tracking pixels and links, which are each linked with an individual ID. Thus, we record the time of opening and forwarding the e-mail as well as the clicking of the links contained therein, the IP address (to determine the country of retrieval) and the email program used. This data is not linked to your email address or other personal data, so that a direct personal relationship is excluded for us. The evaluation is based on aggregated usage statistics (delivery rate, opening rate, click rate, number of redirects, number of clicks on the links contained in the email, email programs used, openings and clicks by time of day and date, country of retrieval). Only in the event of cancellations or failed deliveries will we additionally receive information about the name and email address. This is (also) in your interest, so that we can immediately delete you from our email distribution list or correct the delivery problem. The pseudonymous evaluation of usage behavior serves to check the success of our email marketing and to constantly improve it. For these purposes, we have a legitimate interest in data processing. The legal basis is Art. 6 (1) sentence 1 (f) GDPR.

7.2 Existing customer advertising
To the extent that you have already ordered our products for a fee, we will inform you from time to time by e-mail about similar goods and services from us, if you have not objected.

The legal basis for data processing is Art. 6 (1) sentence 1 (f) GDPR. We have a legitimate interest in direct marketing (Recital 47 GDPR).

You may object to the use of your e-mail address for promotional purposes at any time at no additional charge, for example via the link at the end of each e-mail or by e-mail to support@mymiabag.com.

 

8.Cookies and similar technologies

We use cookies on our website that collect your data using pseudonyms. Cookies are small text files that a website generates and which your Internet browser saves when you visit the Website on your hard drive. Depending on the cookie, different data are collected.

On our Website we use technically necessary cookies, functional cookies, web analytics cookies and tracking cookies for advertising purposes.

If you want to prevent the use of cookies, you can generally do the following:

Please note that that you may not be able to use all features of our website when blocking cookies.

 

8.1 Technically necessary cookies
Many of the cookies we use are technically necessary to enable you to use our Website and the services offered on them (“session cookies”). These cookies allow e.g. the insertion of goods in a shopping cart or the login in the protected area. The legal basis for the processing is Art. 6 (1) sentence 1 (b) GDPR. The data will not be combined with other personal information and will not be used for promotional purposes. Session cookies are deleted after the end of the respective browser session, at the latest after seven days.

8.2 Functional cookies
We use temporary cookies to improve usability. These cookies are stored on your device for a certain time period, allowing that they will be recognized when you re-enter our site and your preferences and preferences are automatically set. The legal basis for the processing is Art. 6 (1) sentence 1 (f) GDPR.

8.3 Web Analytics Cookies
We use cookies to create pseudonymous user profiles for the purpose of web analysis (“web analytics cookies”). These cookies enable us to recognize recurring users (device owners), analyze their behavior on our website, optimize our website and measure their reach. The legal basis for the data processing is Art. 6 para. 1 sentence 1 lit. a GDPR, i.e. your consent. We do not combine the data with other personal information and we do not use it for the targeted approach of individual users for advertising purposes.

8.3.1 Google Analytics with anonymization function
For this web analysis we use the service Google Analytics, which is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

Google Analytics uses cookies which are stored on your computer and which enable an analysis of your use of the website. The information generated by the cookie about your use of the website (browser type/version, operating system used, referrer URL, host name of the accessing computer (IP address), date and time of the server request) are generally transferred to a Google server in the USA and stored there. On our website, we have extended Google Analytics with the code “anonymizeIp()” to guarantee an anonymous collection of IP addresses (so-called IP masking). Google will therefore reduce your IP address by the last octet within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The transfer of your information to a third country outside the EU is covered by an adequacy decision of the Commission (C/2016/4176 of 12 July 2016 – http://data.europa.eu/eli/dec_impl/2016/1250/oj within the meaning of Article 45 GDPR, because Google has undertaken to comply with the principles of the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework).

On our behalf, Google uses this information as a processor within the meaning of Art. 28 GDPR to evaluate your use of the website, to compile reports on website activities and to provide the website operator with further services associated with website use and Internet use. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.

For more information on Google Analytics’ Terms of Use and Privacy Policy, please visit https://www.google.com/analytics/terms/gb.html und https://support.google.com/analytics/answer/6004245?hl=en.

8.3.2 Other cookies
We continually adapt our web analytics to market needs. Therefore, the use of cookies changes continuously. Through the cookie banner of our website, we provide information about other cookies used and the purpose of use.

8.4 Tracking cookies for promotional purposes
We also use tracking cookies for the purpose of targeted and interest-based online advertising (“advertising cookies”). These cookies collect and store information about your use of our website in a pseudonymous form. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. a GDPR, i.e. your consent. You can withdraw your consent at any time. The legal basis for the processing carried out on the basis of your consent until the withdrawal remains unaffected.

We use the information to place advertisements that are in line with your interests on our Website and on the websites of third parties (if they are part of our advertising network). You benefit from this because you will be shown less advertising that is not tailored to your interests. We also use the information to measure and optimize the success of our advertising campaigns.

Specifically, we use the following tracking cookies (and tracking pixels) for promotional purposes:

8.4.1 Google Ads with conversion tracking
This Website uses the online advertising service Google Ads with conversion operated by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”).
We use the service to place ads on the results page of a Google search or a Google advertising network website using Google (so-called Google Ads). Our purpose is to draw your attention to our offers. Conversion tracking enables us to measure how successful our individual advertising measures are by means of certain parameters (e.g. insertion of advertisements or clicks by the user).

When you click on an ad placed by Google, Google stores a conversion tracking cookie on your computer. These cookies usually expire after 30 days and are not intended to identify you personally. For this cookie, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (mark that the user no longer wishes to be addressed) are usually stored as analysis values.

These cookies help Google recognize your browser. If you visit certain websites on a Google Ads customer’s website and the cookie has not yet expired, Google and the customer may recognize that you clicked on the ad and were redirected to the website. A different cookie is assigned to each Google Ads customer. Cookies therefore cannot be traced through the websites of Google Ads customers. We do not collect and process any personal data when using Google Ads. We only receive statistical evaluations from Google with the total number of users who clicked on an ad and were redirected to a website with a conversion tracking tag. On the basis of these evaluations we can recognize which of the used advertising measures are particularly effective. We do not receive any further data from the use of advertising material; in particular, we cannot identify users on the basis of this information.

Due to the technologies used, your browser automatically establishes a direct connection to a Google server in the USA. The transfer of your information to a third country outside the EU is covered by an adequacy decision of the Commission within the meaning of Art. 45 GDPR, as Google has self-certified its adherence to the principles of the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework). By integrating Google Ads with conversion tracking, Google receives the information that you have called up the corresponding website of our web presence or clicked on an advertisement from us. If you are registered with a Google service, Google may associate the data with your account. Even if you are not registered or logged in to Google, it is possible that Google may obtain and store your IP address.

Further information on data processing in the context of Google Ads can be found at http://www.google.com/intl/de/policies/privacy.

8.4.2 Other cookies
We continuously adapt our online advertising to market requirements. Therefore, the use of cookies for this purpose changes continuously. Through the cookie banner of our website, we provided information about other cookies used and the purpose of use.

8.5 HotJar
On our website, through technologies provided by HotJar (HotJar Ltd., St Julian’s Business Center, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta) with the analysis service “HotJar” visitor interaction data is collected and stored to optimize the user experience and improve customer satisfaction. For this, mouse clicks, mouse movements, and scrolling movements as well as keyboard input can be saved.

HotJar will not record this data on websites that do not use the HotJar system. The collection and storage of data can be objected to at any time, and you can opt out here: https://www.hotjar.com/opt-out. In certain cases, deactivation may result in a restriction of the functionality of our website.

8.6 LinkedIn
We integrated components from LinkedIn Corporation on our website. LinkedIn is an Internet-based social network that allows users to connect to existing business contacts and make new business contacts.

LinkedIn’s operating company is LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. Privacy Policy outside the United States is handled by LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Each time you visit our website, which has a LinkedIn component (LinkedIn plug-in), this component causes the browser used by the subject to download a corresponding representation of the LinkedIn component. More information about the LinkedIn plug-ins can be found at https://developer.linkedin.com/plugins. As part of this technical process, LinkedIn learns about the specific bottom site of our website visited by the affected person.

If the data subject is logged in to LinkedIn at the same time, LinkedIn recognizes with each visit to our website by the data subject and during the entire duration of the respective stay on our website which specific bottom site of our website the data subject visits. This information is collected through the LinkedIn component and linked by LinkedIn to the affected person’s LinkedIn account. If the affected person activates a LinkedIn button integrated on our website, LinkedIn assigns this information to the personal LinkedIn user account of the person concerned and saves this personal data.

LinkedIn always receives information via the LinkedIn component that the person concerned has visited our website if the person concerned is simultaneously logged into LinkedIn at the time of accessing our website; this happens regardless of whether the person clicks on the LinkedIn component or not. If the affected person does not want to transmit this information to LinkedIn, the latter can prevent it from logging out of their LinkedIn account before visiting our website.

At https://www.linkedin.com/psettings/guest-controls, LinkedIn offers the ability to opt out of email messages, text messages, and targeted ads, as well as manage ad settings. LinkedIn also uses partners like Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua and Lotame, who can set cookies. Such cookies can be refused at https://www.linkedin.com/legal/cookie-policy. LinkedIn’s privacy policy is available at https://www.linkedin.com/legal/privacy-policy.

8.7 Facebook
The controller has integrated components of the company Facebook on this website. Facebook is a social network.

A social network is an Internet-based social meeting place, an online community that typically allows users to communicate with each other and interact in virtual space. A social network can serve as a platform to exchange views and experiences, or allows the Internet community to provide personal or business information. Facebook allows social network users to create private profiles, upload photos and socialize via friend requests.

The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. Persons responsible for the processing of personal data, if an affected person lives outside the US or Canada, are Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland.

Each visit to one of the individual pages of this website, which is operated by the controller and on which a Facebook component (Facebook plug-in) has been integrated, the Internet browser on the information technology system of the person concerned automatically by the respective Facebook Component causes a representation of the corresponding Facebook component of Facebook to download. An overview of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/?locale=en_US. As part of this technical process, Facebook receives information about which specific underside of our website is visited by the person concerned.

If the data subject is simultaneously logged into Facebook, Facebook recognizes with each visit to our website by the data subject and during the entire duration of the respective stay on our website, which specific underside of our website the data subject visits. This information is collected through the Facebook component and assigned by Facebook to the respective Facebook account of the data subject. If the person concerned activates one of the Facebook buttons integrated on our website, for example the “Like” button, or if the person concerned makes a comment, Facebook assigns this information to the personal Facebook user account of the person concerned and saves this personal data.

Facebook always receives information via the Facebook component that the data subject has visited our website if the data subject is logged in to Facebook at the same time as accessing our website; this happens regardless of whether the person clicks on the Facebook component or not. If such a transfer of this information to Facebook is not wanted by the data subject, it can prevent the transfer by logging out of their Facebook account before calling our website.

The data policy published by Facebook, which is available at https://www.facebook.com/about/privacy/update?ref=old_policy provides information on the collection, processing and use of personal data by Facebook. It also explains which options Facebook offers to protect the privacy of the data subject.

As a Facebook member, you can also edit your account settings at https://www.facebook.com/ads/website_custom_audiences/ and opt out of cross-device data collection via Custom Audiences. For more information on Facebook’s privacy policy, please visit: https://www.facebook.com/about/privacy/update?ref=old_policy.

The use of our Facebook page is usually possible without providing personal information. Insofar as personal data (e.g. name, address, or e-mail addresses) are collected on our website, for example by contacting us directly via Facebook message, this is always done on a voluntary basis. These data will not be disclosed to third parties without your explicit consent.

We operate this site to draw attention to our services, events and other promotions and to contact you as a visitor and user of this Facebook page and our website. As the operator of the Facebook page, we have no interest in the collection and further processing of your individual personal data for analysis or marketing purposes. Additional information on our handling of personal data can be found in our privacy policy on our website. The operation of this Facebook page, including the processing of personal data of users is based on our legitimate interest in a timely and supportive information and interaction opportunity for and with our users and visitors. Art. 6 para. 1 lit. f DSGVO. Information that you give us voluntarily, we also process on the basis of your consent in accordance with. Art. 6 para. 1 lit. a DSGVO.

Processing of personal data by Facebook
In its judgment of 05.06.2018, the European Court of Justice (ECJ) ruled that the operator of a Facebook page, together with Facebook, is responsible for the processing of personal data.
Facebook processes users’ data for the following purposes:

  • Advertising, analysis, creation of personalized advertising
  • Creation of user profiles
  • Market research

When this page is accessed, Facebook automatically saves information in a log file that your browser sends to Facebook. We expressly point out that we have no knowledge of the scope and content of the data collected by Facebook and their processing and use or, if necessary, transmission to third parties through Facebook.

For information on Facebook privacy, please refer to the Facebook Privacy Policy at https://www.facebook.com/policy.php.

Facebook uses cookies for the storage and further processing of this information, i.e., small text files that are stored on the various user terminals. If the user has a Facebook profile and is logged in to it, the storage and analysis is also cross-device. The Facebook privacy policy contains more information about data processing on Facebook: https://www.facebook.com/about/privacy/

Facebook Inc., the US parent company of Facebook Ireland Ltd. is under the EU-US. Privacy Shield certifies that it is committed to adhering to European privacy policies.

For more information about the Privacy Shield status of Facebook, please visit https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active .

The transmission and further processing of personal data of users to third countries, such as the USA, as well as the associated possible risks for the users cannot be excluded by us as operator of the site.

Statistical data
Statistical data about the different categories of Facebook page visitors is available to us in Facebook “Insights.” These statistics are generated and provided by Facebook. On the generation and representation we have no influence as the operator of the site.

We cannot disable this feature or prevent the generation and processing of the data. For a selectable period of time, and for each of the Fans, Subscribers, and Interacting Persons groups, we receive the following data from Facebook on our Facebook page: total pageviews, likes, page activity, postings, reach, video views, contribution range, comments, shared content, answers, share of men and women, country and city origin, language, views and clicks in the shop, clicks on route planner, clicks on phone numbers. It also provides data on Facebook groups linked to our Facebook page. Due to the constant development of Facebook, the availability and the preparation of the data is changing, so we are looking for further details on the already mentioned referencing the privacy policy of Facebook. We use this aggregated data to make our posts and activities on our Facebook page more attractive to users. For example, we use the distribution by age and gender for a customized approach and the preferred visit times of users for a time-optimized planning of our contributions.

Information about the type of devices used by visitors helps us to adapt the articles visually. In accordance with the Facebook Terms of Use, which each user has consented to when creating a Facebook profile, we can identify the subscribers and fans of the page and view their profiles and other shared information.

You can find the option to opt-out here: https://www.facebook.com/policies/cookies/ and here: http://www.youronlinechoices.com/de/praferenzmanagement/.

8.8 Bing Ads Conversion Tracking
Our online services also use Microsoft Conversion Tracking (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). Microsoft Bing Ads places a cookie on your computer if you have accessed our website via a Microsoft Bing ad. Microsoft Bing and we can thus recognize that someone clicked on an ad, was redirected to our website and reached a previously determined landing page (conversion page). We only record the total number of users who clicked on a Bing ad and were then redirected to the conversion page. No personal information about the identity of the user is given. If you do not want to participate in the tracking process, you can also refuse the required setting of a cookie – for example, via a browser setting that generally disables the automatic setting of cookies. For more information about privacy and cookies used with Microsoft Bing, visit the Microsoft Web site.

8.9 Instagram
We have integrated components of the Instagram service on our website. Instagram is a service that qualifies as an audiovisual platform, allowing users to share photos and videos, as well as to redistribute such data across social networks.

The operating company of Instagram’s services is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.

Each time you visit one of the individual pages of this website which is operated by us and on which an Instagram component (Insta-Button) has been integrated, the internet browser on the information technology system of the person concerned is automatically prompted by the respective Instagram component, a representation of the corresponding component of Instagram. As part of this technical process, Instagram is aware of which specific page of our website is visited by the person concerned.

If the person concerned is simultaneously logged in to Instagram, Instagram recognizes each visit to our website by the data subject and which specific subpage the person concerned visits during the entire duration of the respective stay on our website. This information is collected through the Instagram component and assigned through Instagram to the affected person’s Instagram account. If the person concerned activates one of the Instagram buttons integrated on our website, the data and information transmitted with it are assigned to the personal Instagram user account of the person concerned and saved and processed by Instagram.

Instagram always receives information via the Instagram component that the person concerned has visited our website if the person concerned is simultaneously logged in to Instagram at the time of accessing our website; this happens regardless of whether the person clicks on the Instagram component or not. If such information is not intended to be transmitted to Instagram by the person concerned, the subject can prevent the transmission by logging out of their Instagram account before accessing our website.

Further information and Instagram’s privacy policy can be found at https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.

8.10 YouTube
We have incorporated YouTube components on this site. YouTube is an internet video portal that allows video publishers to freely watch video clips and other users for free viewing, rating and commenting. YouTube allows the publication of all types of videos, so that both complete film and television broadcasts, but also music videos, trailers or user-made videos via the Internet portal are available.

YouTube’s operating company is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.

Each time you visit any of the pages on this site operated by us and which has a YouTube component (YouTube video) incorporated into it, the internet browser on the subject’s information technology system is automatically prompted by the particular YouTube component, a representation of the corresponding YouTube component from YouTube. More information about YouTube can be found at https://www.youtube.com/yt/about/en/. As part of this technical process, YouTube and Google will be aware of which specific page of our site the person is visiting.

If the person is logged in to YouTube at the same time, YouTube recognizes by calling a sub-page containing a YouTube video, which specific page of our website the person concerned visited. This information will be collected by YouTube and Google and associated with the affected person’s YouTube account.

YouTube and Google always receive information through the YouTube component that the data subject has visited our website if the data subject is simultaneously logged in to YouTube at the time of access to our website; this happens regardless of whether the person clicks on a YouTube video or not. If such information is not intended to be passed on to YouTube and Google by the person concerned, the subject may prevent the transmission by logging out of their YouTube account before accessing our website.

YouTube’s privacy policy, available at https://www.google.de/intl/en/policies/privacy/, identifies the collection, processing, and use of personally identifiable information by YouTube and Google.

 

  1. Payment service provider

9.1 PayPal as payment method

We have integrated PayPal components on this website. PayPal is an online payment service provider. Payments are made through so-called PayPal accounts, which are virtual private or business accounts. In addition, PayPal has the ability to process virtual payments through credit cards if a user does not have a PayPal account. A PayPal account is managed via an email address, which is why there is no classic account number. PayPal makes it possible to initiate online payments to third parties or to receive payments. PayPal also takes on trustee functions and offers buyer protection services.

The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.

If the data subject selects “PayPal” as a payment option during the order process in our online shop, data of the data subject will be automatically transmitted to PayPal. By selecting this payment option, the data subject consents to the transfer of personal data required for payment processing.

The personal data sent to PayPal are usually first name, last name, address, email address, IP address, telephone number, mobile phone number or other data required for payment processing. For the execution of the purchase contract, also such personal data are necessary, which are in connection with the respective order.

The purpose of the transmission of the data is payment processing and fraud prevention. The controller will provide PayPal with personally identifiable information, in particular if there is a legitimate interest in the transfer. The personal data exchanged between PayPal and the controller may be transferred by PayPal to credit reporting agencies. This transmission is for the purposes of the identity and credit check.

PayPal may disclose personal information to affiliates and service providers or subcontractors, to the extent necessary to fulfill its contractual obligations or to process the data on behalf of the controller.

The data subject has the option to revoke the consent to the handling of personal data against PayPal at any time. A revocation has no effect on personal data which must be processed, used or transmitted for (contractual) payment processing.

PayPal’s applicable privacy policy is available at https://www.paypal.com/it/webapps/mpp/ua/privacy-full.

9.2 Visa and Mastercard as payment method
We use external payment service providers, through whose platforms the users and we can make payment transactions, e.g Visa (https://www.visaitalia.com/termini-di-utilizzo/centro-della-privacy-visa.html) and Mastercard (https://www.mastercard.it/it-it/mastercard/cosa-facciamo/privacy.html).

Payment transactions via the offered means of payment take place exclusively via an encoded SSL or TLS connection. You can recognize an encrypted connection by changing the address line of the browser from “http: //” to “https: //” and the lock symbol in your browser line. In the case of encrypted communication, your payment details that you submit to us cannot be read by third parties.

Amongst the data processed by the payment service providers are inventory data, e.g. the name and the address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, summary and recipient-related information. The information is required to complete the transactions. However, the data entered will only be processed and stored by the payment service providers. We do not receive any account or credit card information, but only information with confirmation or negative disclosure of the payment. The data may be transmitted by the payment service providers to credit reporting agencies. This transmission is for the purpose of the identity and credit check. For this we refer to the terms and privacy policy of payment service providers.

For the payment transactions, the terms and conditions and the privacy notices of the respective payment service providers, which are available within the respective websites, or transaction applications apply. We also refer to these for further information and assertion of rights of withdrawal, information and other data subjects.

 

10.Which data protection rights do I have?

You have against us the right of access (Art. 15 GDPR), the right to rectification (Art. 16 GDPR), the right to erasure (Art. 17 GDPR), the right to restriction of processing (Art. 18 GDPR) and the right to data portability (Article 20 GDPR). With regard to the right of access and the right to erasure, the restrictions stipulated in §§ 34 and 35 BDSG apply. You also have the right to object to data processing by us (Article 21 GDPR). Insofar as our processing of your personal data is based on consent (Art. 6 (1), sentence 1 (a) GDPR), you can withdraw it at any time; the lawfulness of the data processing carried out on the basis of the consent until the withdrawal remains unaffected.

To assert all these rights and for further questions on personal data related issues, you can always contact our data protection officer or our postal address (see paragraph 1).

In addition, you have the right to lodge a complaint with a supervisory authority – in particular in the EU Member State where your place of residence or your place of work or the place of alleged infringement is – if you believe that the processing of your personal data is contrary to the GDPR, or other applicable data protection laws (Art. 77 GDPR, § 19 BDSG).