1. Name and contact data of the data controller and also the company data protection officer
This Data Protection Policy covers data processing by:
Data controller: Reich Online Services GmbH (hereinafter Reich Online) Högeringer Str. 27, D-83071 Stephanskirchen, DeutschlandEmail: email@example.com
The data protection officer of Reich Online can be reached under the aforemen-tioned address, attn. Data Protection Department (Abteilung Datenschutz), or un-der firstname.lastname@example.org.
2. Collection and storage of personal data and also nature and purpose and their use
a) When visiting the website
When you access our website www.calida.com , the browser on your end device automatically sends information to our website server. This information is temporarily saved in a log file. The following infor-mation is collected without any action on your part and saved until automated deletion:
We process these data for the following purposes:
The legal foundation for the data processing is Art. 6 Subs. 1 Sentence 1 lit. f General Data Protection Regulation (GDPR). Our justified interest follows from the above purposes for the data collection. Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person.
b) When ordering as a guest
If you would like to order products as a guest via our website, we collect the following information:
These data are collected
The data are processed upon your query and under Art. 6 Subs. 1 Sentence 1 lit. b GDPR are required for the stated purposes of fulfilling the contract and precontractual measures.
To ensure smooth and simple processing of your order and for faster clarification of queries, you can also provide other data:
Provision of these data is voluntarily.
Your personal data which we collect for the order are saved until the end of the statutory warranty period and then automatically deleted, unless we are obliged to longer storage under Article 6 Subs. 1 Sentence 1 lit. c GDPR due to tax- and commercial-law retention and documentation duties or you have consented to a prolonged period under Art. 6 Subs. 1 Sentence 1 lit. a GDPR.
c) When setting up a user account
You can set up a password-protected user account with us in which we save your personal data. The purpose of this is to provide you with the greatest possible comfort through easier, faster and more personal purchasing in the processing of your orders.
If you would like to set up a password-protected user account with us, we need the following information from you:
In addition, to open a user account you have to enter a password of your choice. Together with your email address this provides access to your user account. In your user account you can view and change the data saved about you at any time.
For faster clarification of queries, you can also provide your telephone number. This is voluntarily and not required for opening the user account.
In addition, you can state your date of birth so that we can surprise you with a present (e.g. a discount or a special offer) if you subscribe for the newsletter.
We only save your personal data in a user account, if you have voluntarily given your consent to us under Art. 6 Subs. 1 Sentence 1 lit. a GDPR.
Creating a user account is not required for using our website or for orders you would like to place with us. We also offer you the possibility of placing your order as a guest (see section 2. b)). In that case however, you have to enter all your data again for every order.
After your user account is deleted, your personal data are automatically deleted, unless we are obliged to longer storage under Article 6 Subs. 1 Sentence 1 lit. c GDPR due to tax- and commercial-law retention and documentation duties or you have consented to a prolonged period under Art. 6 Subs. 1 Sentence 1 lit. a GDPR.
d) When registering for our newsletter
In so far as you have expressly consented under Art. 6 Subs. 1 Sentence 1 lit. a GDPR, we will use your email address to regularly send you our personalised newsletter. Providing an email address is sufficient for receiving the newsletter.
Cancellation is possible at any time, e.g. via a link at the end of every newsletter. Alternatively, you can cancel at any time by sending an email to email@example.com.
e) When registering with "CALIDA friends+forever"
The information on data protection when registering for the "CALIDA friends+forever" loyalty program can be found here www.calida.com/Our-World/Friends-Forever/Data-Privacy/.
f) When using our contact form
If you have questions of any nature, you can get in touch with us via a form available in the website contact information. This requires the stating of a valid email address and also your given name and surname so that we know who sent the query and how we can answer it. The telephone number can be provided voluntarily.
The data for the purpose of contacting us are processed under Art. 6 Subs. 1 Sentence 1 lit. a GDPR on the basis of your voluntarily given consent.
The personal data we collected for using the contact form will be automatically de-leted after your query has been dealt with.
3. Transfer of data to third parties
Your personal data will not be transferred to third parties for purposes other than those given below.
a) Transfer to CALIDA AG
Your personal data will also be transferred to CALIDA AG, Industrie Münigen, Bahnhofstrasse CH-6208 Oberkirch, Schweiz.
The data will be transferred under the joint responsibility for data protection for internal administrative purposes and for ensuring central customer management.
The data will be transferred on the basis of Art. 6 Subs. 1 Sentence 1 lit. f GDPR, whereby the stated purposes are to be considered as justified interests within the meaning of this regulation.
b) For contract processing
In so far as this is legally permissible and under Art. 6 Subs. 1 Sentence 1 lit. b GDPR required for the processing of contractual relationships with you, your personal data will be transferred to third parties. This includes in particular transfer to shipping companies for the purpose of delivering the goods you ordered and the transfer of payment data to payment service providers and/or banks to carry out a payment transaction. The transferred data may be used by the third parties solely for the stated purposes.
c) For identity and creditworthiness checks
If we make advance outlays for your purchase, for example for a purchase on account, we may obtain a credit check on the basis of mathematical-statistical methods pursuant to Art. 6 Subs. 1 Sentence 1 lit. a and b GDPR on the basis of your express consent and if it is required for concluding or fulfilling the contract.
To that end, we transfer your personal data required for the creditworthiness checks (given name and surname, street, number, postal code, town, date of birth, telephone number and in the case of purchase per direct debit the given bank de-tails) to an external service provider. For identity and creditworthiness checks we work together with creditpass GmbH.
On the basis of your personal data, creditpass GmbH gives us information about the statistical probability of payment default. We use this information for a balanced decision on creating, performing or ending the contractual relationship.
The credit check can contain probabilities (score values), which are calculated on the basis of scientifically recognised mathematical-statistical methods and which include inter alia address data in their computation.
Further information on this can be found in the creditpass GmbH data protection policy https://creditpass.eu/service/privacy-statement/.
d) Transmission to CaperWhite GmbH
In the context of our mobile cash point solution (tablets) in our retail stores, we offer you the option to purchase our products using the tablets and to view your customer data.
In the context of the mobile cash point solution ("Omni-Channel"), we transmit your customer master data and data on the order history (see Section 2. b)) to CaperWhite GmbH, Ludwigstr. 73A, 70176 Stuttgart.
This service provider was carefully selected and commissioned by CALIDA AG as part of our group of companies, is bound to their instructions and is controlled on a regular basis in particular with respect to the adequate technical and organisational measures for ensuring data security. For this, CaperWhite GmbH uses servers located in Europe, and no data will be transmitted to the U.S.
Data are transmitted on the basis of our legitimate interests and the legitimate interests of CALIDA AG as defined in Art. 6 (1) Sentence 1 (f) GDPR. Our legitimate interest is to optimise and improve customer management and our portfolio of services offered.
The cookie stores information which arises in conjunction with the specifically used end device. This does not mean, however, that this gives us direct knowledge of your identity.
Cookies are used on the one hand so that we can make the use of our offerings more pleasant for you. Therefore, we use session cookies to recognise that you have already visited individual pages our website, you have already logged on in your user account or for displaying the shopping cart. These are automatically deleted after you leave our website.
In addition, we use temporary cookies saved on your end device for a certain defined period to optimise user friendliness. If you visit our website again to use our services, it is automatically recognised that you were already here before and which entries and settings you made so that you do not have to repeat them.
The data processed by cookies are required for the stated purposes to protect our justified interests and also of third parties under Art. 6 Subs. 1 Sentence 1 lit. f GDPR.
Most browsers accept cookies automatically. You can configure your browser, however, so that no cookies are saved on your computer or a message always ap-pears before a new cookie is created. Complete deactivation of cookies can, however, lead to you not being able to use all the functions of our website.
5. Analytical tools
The following tracking and targeting measures which we use are carried out on the basis of Art. 6 Subs. 1 Sentence 1 lit. f GDPR.
With the deployed tracking measures we want to ensure an appropriate design and continuous optimisation of our website. On the other hand, we use tracking measures to compile statistics on the use of our website and to evaluate the optimisation of our offerings for you.
Via the deployed targeting measures we want to ensure that you only see advertising tailored to your actual or presumed interests on your end devices.
These interests are to be considered as justified within the meaning of the aforementioned regulation.
The pertinent data processing purposes and data categories can be found in the corresponding tracking and targeting tools.
This website uses technologies from Criteo GmbH to collect and save information on the surfing behaviour of website visitors in anonymised form for marketing purposes. This is done by means of cookies (see section 4). Criteo uses an algorithm to analyse surfing behaviour and can then display targeted personalised advertising banners adverts on other websites (publisher). Under no circumstances can the collected data be used to personally identify visitors of this website. The collected data will be used solely to improve our offerings. There will be no other use or transfer to third parties.
You can object to the anonymised analysis of your surfing behaviour on this web-site by clicking on this link: https://www.criteo.com/privacy/.
If you have opted out (opt-out cookie) and you would like to see personalised Criteo banners again, please click here: https://www.criteo.com/privacy/. Further information about the Criteo technology can be found in the Criteo data protection policy: https://www.criteo.com/privacy/.
b) Econda Web Analytics
To optimise the website and data bases in the background, we use web-analysis solutions offered by econda GmbH, Eisenlohrstr. 43, 76135 Karlsruhe.
Pseudonymous user profiles are created during this process. Cookies are also used for this purpose. econda GmbH is authorised to use the seal “tested data protection” for the area “web shop controlling”.
The data collected by econda technology will not be used to personally identify you as a visitor to this website and will not be linked to direct personal data associated with the pseudonymous individual without your express permission.
You may object to data processing by econda at any time in future by clicking here. Clicking the “send” button will activate an opt-out cookie from econda. This cookie will prevent your browser’s visitor data from being collected and stored by econda in future. The opt-out cookie will work only on this browser and only for our website. It will be placed on your device. If you delete cookies from this browser, you will have to install the opt-out cookie once again.
For more information, please visit https://www.econda.de/en/data-storage-opt-out/.
This website uses the technology of intelliAd Media GmbH (hereinafter “intelliAd”) to collect and store anonymised data. This data is then used to create pseudonymous user profiles. The profiles are used to analyse visitor behaviour as well as to improve and make demand-driven changes to the design of our product range. Cookies can be used for this purpose (see No. 4). The pseudonymous user profiles will not be linked to direct personal data associated with the pseudonymous individual without your express permission. In particular, IP addresses will be rendered unrecognisable directly after entry to the site. As a result, it is impossible to connect user profiles to IP addresses. You may object to data processing and storage at any time in future by clicking here.
Objection to intelliAd https://login.intelliad.com/optout.php
Once you have submitted your objection, an opt-out cookie will be placed on your end device. If you delete your cookies, you will have to click on the link once again.
You will find more information on data protection related to intelliAd here:
Privacy policies of intelliAd http://www.intelliad.com/data-protection-provisions/
d) New Relic
We use the "New Relic" web analysis service from New Relic Inc., 188 Spear Street, Suite 1200, San Francisco, CA 94105, USA, for reachability and performance monitoring of our server. Cookies may be used for this (see section 4). Pseudonymised use profiles are used to measure and analyse the technical performance data (for example response and loading times) which help to improve server performance.
Further information about data protection in conjunction with New Relic can be found here https://newrelic.com/privacy.
We transfer your IP address to the service provider MaxMind, Inc. (14 Spring Street, 3rd Floor Waltham, MA 02451, hereinafter "MaxMind"), to determine your approximate location (e.g. country, town, district) and offer you individual store locator services based on your current location (e.g. the location of the nearest store). The IP address will be sent to and saved on a MaxMind server in the USA. MaxMind is subject to the EU-US Privacy Shield, so that an adequate data level is guaranteed. We use your location data processed in that manner solely for this function. The data are deleted once you finish using it.
Further information about data protection in conjunction with MaxMind can be found here https://www.maxmind.com/en/privacy_policy?pkit_lang=en.
When opening the store finder you will also be asked by your browser whether you want to send your exact location to us. In so far as you give your consent to the browser operator pursuant to Art. 6 Subs. 1 Sentence 1 lit. a GDPR, your browser will send your exact location to us, so that as part of the store locator function we can offer you individual services (e.g. the location of the nearest store) based on your exact location (address). We use your location data processed in that manner solely for this function. The data are deleted once you finish using it.
In your browser you can make a corresponding setting to the browser software to block geo-localisation; we must point out that in this case you may not be able to use all the functions (e.g. Storefinder) on this website.
These technologies enable us to provide you with targeted advertising reflecting your personal interests. The cookies used collect information, for example, about which of our products you are interested in. From this information we can also show you offers on third-party websites that are geared especially to your inter-ests as reflected in your past user behaviour. Your user behaviour is captured and analysed solely pseudonymised and it does not enable us to identify you. In par-ticular, the information is not merged with your personal data.
The cookie is automatically deleted after 30 days.
You can also make settings for displaying interest-based advertising via the Google advertising settings manager.
g) Google Adwords Conversion Tracking
We also use Google Conversion Tracking to statistically capture and analyse the use of our website in order to optimize our offerings for you. To this end, Google Adwords saves a cookie (point 4.) on your computer in so far as you access our website via a Google advertisement.
These cookies expire after 30 days and do not permit personal identification. If the user visits certain pages of the Adwords customer’s website and the cookie has not yet expired, Google and the customer can recognize that the user clicked the advertisement and was redirected to that page.
Every Adwords customer receives a different cookie. Thus, cookies cannot be tracked via the webpages of Adwords customer. The information generated via the conversion cookie is used to produce conversion statistics for Adwords customers who have opted to use conversion tracking. The Adwords customers find out the total number of users who clicked their advertisement and were redirected to a page containing a conversion tracking tag. They do not receive any information, however, which can be used to identify users personally.
If you do not want to take part in the tracking procedure, you can refuse the required cookie – for example via browser settings which generally deactivate the automatic saving of cookies. You can also deactivate cookies for conversion tracking by setting your browser so that it blocks cookies from the "www.googleadservices.com" domain.
You can find Google's privacy notice on conversion tracking here: https://services.google.com/sitestats/en.html
h) Google Adwords Remarketing
We use Google Remarketing Tags from Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter "Google")) on our website.
These technologies enable us to provide you with advertising customized to you. The cookies used (point 4.) capture, for example, information about the products in which you have shown an interest. We use this information to show you offers on third-party sites that reflect your interests as established by your previous use behaviour. Your use behaviour is captured and analysed entirely pseudonymously and does not enable us to identify you. In particular, the information is not combined with your personal data.
Google complies with the data protection provisions in the "US Safe Harbor" Convention and is registered in the US Department of Commerce "Safe Harbor" programme. Google uses this information to analyse your use of the website, to compile reports about the website activities for the website operator and to render other services related to the use of the website and the Internet.
Google may also transmit this information to third parties, in so far as this is required by law or if third parties process these data on behalf of Google. Third-party providers, including Google, display advertisements on websites on the Internet and use stored cookies to place advertisements on the basis of a user’s previous visits to the website. Permission to collect and store data can be withdrawn at any time with effect for the future.
If you do not want to take part in the tracking procedure, you can refuse the required cookie – for example via browser settings which generally deactivate the automatic saving of cookies.
Further information about the Google data protection policy can be found here: https://policies.google.com/privacy?hl=en
i) Facebook Custom Audiences (EN)
In addition, we also use Facebook website custom audiences of Facebook Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland). This is a marketing service at Facebook. It enables us to have individually co-ordinated and interest-based advertising on Facebook shown to certain groups of pseudonymised visitors to our website who also use Facebook.
A Facebook custom audience pixel is integrated in our website. This is a Java Script code via which personal data concerning the use of the website is stored. This includes your IP address, the browser used as well as the originating and destination page. This information is transmitted to Facebook servers in the USA. Facebook is subject to the EU-US privacy shield, so that an appropriate data level is guaranteed.
There, an automated comparison will be made to ascertain whether you have stored a Facebook cookie. Via the Facebook cookie, it will automatically be established whether you belong to the target group relevant for us. If you belong to the target group, you will be shown corresponding adverts by us on Facebook. During this process, you will not be personally identified, either by us or by Facebook, through the comparison of the data.
You can also prevent the use of Facebook custom audiences by clicking on this link. Through this opt-out, any future recording of your personal data when visiting this website is prevented.
6. Social media plug-ins
We use social plug-ins on our website on the basis of Art. 6 Subs. 1 Sentence 1 lit. f GDPR in order to make our company more well known. The underlying promo-tional purpose is to be considered as a justified interest within the meaning of the GDPR. The responsibility for the data protection compliant operation is to be ensured by the pertinent provider. We integrate these plug-ins using the two-click method so as to give visitors to our website the best possible protection.
Our website uses plug-ins from the Facebook social network which is offered by Facebook Inc.. The Facebook plug-ins are marked by a Facebook logo or the label "Like" or "Share". An overview of the Facebook plug-ins and their appearance can be found under https://developers.facebook.com/docs/plugins.
If you open a page of our website that contains such a plug-in, your browser opens a direct connection to Facebook’s servers. Facebook will send the content of the plug-ins directly to your browser and integrate it in the website.
This integration will give Facebook the information that your browser has opened the corresponding page of our website, even if you do not have a Facebook profile or not currently logged in with Facebook. This information (including your IP ad-dress) will be sent by your browser directly to a Facebook server in the USA and saved there.
If you are logged in with Facebook, Facebook can directly associate the visit to our website with your Facebook profile. If you interact with the plug-ins, for example click the "Like" button, this information will also be directly sent to a Facebook server and saved there. The information is also published on your Facebook profile and displayed to your Facebook friends.
The purpose and scale of the data collection and the further processing and use of the data by Facebook and also your pertinent rights and settings possibilities to protect your private sphere can be found in the Facebook data protection information: http://www.facebook.com/policy.php.
If you do not want Facebook to associate the information collected about your visit to our website directly to your Facebook profile, you have to log out from Facebook before visiting our website. You can also completely block the loading of the Facebook plug-ins with add-ons for your browser, e.g. with the "Facebook Blocker" http://webgraph.com/resources/facebookblocker/.
Plug-ins from the social network Twitter Inc. are also integrated in our website. You can recognise the Twitter plug-ins ("Twitter" button) by the Twitter logo (a white bird on a blue background) and the label "Twitter". If you open a page of our website that contains such a plug-in a direct connection between your browser and the Twitter server will be opened. This will give Twitter the information that you have visited our website with your IP address. If you click on the Twitter button while you are logged in with your Twitter account, you can link the contents of our pages to your Twitter profile. This enables Twitter to associate the visit to our pages to your user account.
We must point out that as provider of the pages we receive no knowledge about the content of the transferred data or their use by Twitter. Further information about this can be found here https://twitter.com/privacy.
If you do not want Twitter to be able to associate the visit to our pages, please log out from your Twitter user account.
Our website uses plug-ins from the Google Plus social network offered by Google LLC. The plug-ins can be recognised, for example, by buttons or the label "+1" on a white or coloured background. An overview of the Google plug-ins and their appearance can be found here: https://developers.google.com/+/plugins.
If you open a page of our website that contains such a plug-in, your browser opens a direct connection to Google’s servers. Google will send the content of the plug-ins directly to your browser and integrate it in the website. This integration will give Google the information that your browser has opened the corresponding page of our website, even if you do not have a Google Plus profile or not currently logged in with Google Plus. This information (including your IP address) will be sent by your browser directly to a Google server in the USA and saved there. If you are logged in with Google Plus, Google can directly associate the visit to our website with your Google Plus profile.
If you interact with the plug-ins, for example click the "+1ike" button, this infor-mation will also be directly sent to a Google server and saved there. The information is also published on Google Plus and displayed there to your contacts.
The purpose and scale of the data collection and the further processing and use of the data by Google and also your pertinent rights and settings possibilities to protect your private sphere can be found in the Google data protection information https://developers.google.com/+/web/buttons-policy.
If you do not want Google to associate the information collected about your visit to our website directly to your Google Plus profile, you have to log out from Google Plus before visiting our website. You can also completely block the loading of the Google plug-ins with add-ons for your browser, e.g. with the "NoScript" script blocker http://noscript.net/.
7. SOVENDUS vouchers
After a purchase at www.calida.com we offer you the possibility to obtain vouchers for online portals via the Sovendus GmbH network.
As part of a process to provide you with an interesting voucher offer, we will send the hash value of your e-mail address and IP address in pseudonymised and encrypted form to Sovendus GmbH, Moltkestr. 11, 76133 Karlsruhe (Sovendus) (Section 6 (1 f) of the General Data Protection Regulation). The pseudonymised hash value of the e-mail address will be used to determine whether any objection to receiving advertising from Sovendus has been filed (Section 21 (3) and Section 6 (1 c) of the General Data Protection Regulation). The IP address will be used by Sovendus solely for the purpose of data protection and, as a rule, will be anonymised after seven days (Section 6 (1 f) of the General Data Protection Regulation). For invoicing purposes, we will provide a pseudonymised order number, order amount in the currency used for the transaction, session ID, coupon code and time stamp to Sovendus (Section 6 (1 f) of the General Data Protection Regulation). If you are interested in receiving a voucher offer from Sovendus, no objection to advertising has been linked to your e-mail address and you click on the voucher banner displayed only for this sale, we will send your encrypted form of address, name and e-mail address to Sovendus for the purpose of preparing a voucher (Section 6 (1 b) of the General Data Protection Regulation).
To learn more about the way that Sovendus processes your data, please see the online privacy statement at https://www.sovendus.de/en/privacy_policy/.
8. Data subject rights
You have the right:
9. Right to object
In so far as your personal data are processed on the basis of justified interests pursuant to Art. 6 Subs. 1 Sentence 1 lit. f GDPR, you have the right, pursuant to Art. 21 GDPR, to object to the processing of your personal data, in so far as there are grounds arising from your particular situation or it relates to objection to direct advertising. In the latter case, you have a general right to object which we shall heed without the stating of a particular situation.
If you want to exercise your right to object, simply send an email to firstname.lastname@example.org.
10. Data Security
All the data you personally transfer will be sent encrypted with the customary and secure TLS standard (Transport Layer Security). TLS is a secure and proven standard, which is also used for online banking, for example. You can recognise a secure TLS connection inter alia by the "s" appended to the http (i.e. https://..) in the address bar of your browser or by the lock symbol at the bottom of your browser.
We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continually monitored and improved to reflect technological developments.
11. Actuality of and changes to this Data Protection Policy
This Data Protection Policy is the latest version and was last amended as of 16.05.2018.
The further development of our website and offers on it or changes in statutory or public-authority requirements many render it necessary to amend this Data Protection Policy. The latest version of Data Protection Policy can be downloaded and printed out at any time from the website under www.calida.com/Privacypolicy/.