6. Social media plug-ins
We use social plug-ins on our website on the basis of Art. 6 Subs. 1 Sentence 1 lit. f GDPR in order to make our company more well known. The underlying promotional purpose is to be considered as a justified interest within the meaning of the GDPR. The responsibility for the data protection compliant operation is to be ensured by the pertinent provider. We integrate these plug-ins using the two-click method so as to give visitors to our website the best possible protection.
a) Facebook
Our website uses plug-ins from the Facebook social network which is offered by Facebook Inc.. The Facebook plug-ins are marked by a Facebook logo or the label "Like" or "Share". An overview of the Facebook plug-ins and their appearance can be found under https://developers.facebook.com/docs/plugins.
If you open a page of our website that contains such a plug-in, your browser opens a direct connection to Facebook’s servers. Facebook will send the content of the plug-ins directly to your browser and integrate it in the website.
This integration will give Facebook the information that your browser has opened the corresponding page of our website, even if you do not have a Facebook profile or not currently logged in with Facebook. This information (including your IP ad-dress) will be sent by your browser directly to a Facebook server in the USA and saved there.
If you are logged in with Facebook, Facebook can directly associate the visit to our website with your Facebook profile. If you interact with the plug-ins, for example click the "Like" button, this information will also be directly sent to a Facebook server and saved there. The information is also published on your Facebook profile and displayed to your Facebook friends.
The purpose and scale of the data collection and the further processing and use of the data by Facebook and also your pertinent rights and settings possibilities to protect your private sphere can be found in the Facebook data protection information: http://www.facebook.com/policy.php.
If you do not want Facebook to associate the information collected about your visit to our website directly to your Facebook profile, you have to log out from Facebook before visiting our website. You can also completely block the loading of the Facebook plug-ins with add-ons for your browser, e.g. with the "Facebook Block-er" http://webgraph.com/resources/facebookblocker/.
b) Twitter
Plug-ins from the social network Twitter Inc. are also integrated in our website. You can recognise the Twitter plug-ins ("Twitter" button) by the Twitter logo (a white bird on a blue background) and the label "Twitter". If you open a page of our website that contains such a plug-in a direct connection between your browser and the Twitter server will be opened. This will give Twitter the information that you have visited our website with your IP address. If you click on the Twitter button while you are logged in with your Twitter account, you can link the contents of our pages to your Twitter profile. This enables Twitter to associate the visit to our pages to your user account.
We must point out that as provider of the pages we receive no knowledge about the content of the transferred data or their use by Twitter. Further information about this can be found here https://twitter.com/privacy.
If you do not want Twitter to be able to associate the visit to our pages, please log out from your Twitter user account.
c) Google+
Our website uses plug-ins from the Google Plus social network offered by Google. The plug-ins can be recognised, for example, by buttons or the label "+1" on a white or coloured background. An overview of the Google plug-ins and their appearance can be found here: https://developers.google.com/+/plugins.
If you open a page of our website that contains such a plug-in, your browser opens a direct connection to Google’s servers. Google will send the content of the plug-ins directly to your browser and integrate it in the website. This integration will give Google the information that your browser has opened the corresponding page of our website, even if you do not have a Google Plus profile or not currently logged in with Google Plus. This information (including your IP address) will be sent by your browser directly to a Google server in the USA and saved there. If you are logged in with Google Plus, Google can directly associate the visit to our website with your Google Plus profile.
If you interact with the plug-ins, for example click the "+1ike" button, this infor-mation will also be directly sent to a Google server and saved there. The information is also published on Google Plus and displayed there to your contacts.
The purpose and scale of the data collection and the further processing and use of the data by Google and also your pertinent rights and settings possibilities to protect your private sphere can be found in the Google data protection information https://developers.google.com/+/web/buttons-policy.
If you do not want Google to associate the information collected about your visit to our website directly to your Google Plus profile, you have to log out from Google Plus before visiting our website. You can also completely block the loading of the Google plug-ins with add-ons for your browser, e.g. with the "NoScript" script blocker http://noscript.net/.
7. Trusted Shops seal
For the purpose of displaying our Trusted Shops seal, the comments that may be shown there and the presentation of Trusted Shops products to the consumer after order placement, the Trusted Shops Trustbadge is integrated into the website.
This serves to protect our broadly warranted interest in the optimal marketing of our product range within the context of consideration of interests pursuant to Section 6 (1) p. 1 letter f of the General Data Protection Regulation. The Trustbadge and the services advertised with it are an offer of Trusted Shops GmbH, Subbelrather St. 15C, 50823 Cologne, Germany.
When Trustbadge is accessed online, the web server will automatically store a server logfile, which contains such information as your IP address, date and time that the site was accessed, the amount of transferred data and the requesting provider (access data) and will document the retrieval. The access data will not be analysed and will be automatically overwritten no later than seven days after you completed your visit to the site.
Other personal data will transmitted to Trusted Shops only if you have authorised such transmissions, decided to use Trusted Shops’ products after completing an order or have already registered for usage. In this case, the contractual arrangement between you and Trusted Shops will apply.
8. SOVENDUS vouchers
After a purchase at www.calida.com we offer you the possibility to obtain vouchers for online portals via the Sovendus GmbH network.
As part of a process to provide you with an interesting voucher offer, we will send the hash value of your e-mail address and IP address in pseudonymised and encrypted form to Sovendus GmbH, Moltkestr. 11, 76133 Karlsruhe (Sovendus) (Section 6 (1 f) of the General Data Protection Regulation). The pseudonymised hash value of the e-mail address will be used to determine whether any objection to receiving advertising from Sovendus has been filed (Section 21 (3) and Section 6 (1 c) of the General Data Protection Regulation). The IP address will be used by Sovendus solely for the purpose of data protection and, as a rule, will be anonymised after seven days (Section 6 (1 f) of the General Data Protection Regulation). For invoicing purposes, we will provide a pseudonymised order number, order amount in the currency used for the transaction, session ID, coupon code and time stamp to Sovendus (Section 6 (1 f) of the General Data Protection Regulation). If you are interested in receiving a voucher offer from Sovendus, no objection to advertising has been linked to your e-mail address and you click on the voucher banner displayed only for this sale, we will send your encrypted form of address, name and e-mail address to Sovendus for the purpose of preparing a voucher (Section 6 (1 b) of the General Data Protection Regulation).
To learn more about the way that Sovendus processes your data, please see the online privacy statement at https://www.sovendus.de/en/privacy_policy/.
9. Data subject rights
You have the right:
- pursuant to Art. 15 GDPR to demand information about your personal data we process. In particular, you can demand information about the purposes of the processing, the category of the personal data, the categories of recipients to whom your data were or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction or revocation of processing, the existence a right to lodge a complaint, the origin of your data, in so far as not collected by us, and also about the existence of automated decision-making including profiling and where appropriate meaningful information about to details thereof;
- pursuant to Art. 16 GDPR to demand immediate rectification of inaccurate or completion of your personal data saved with us;
- pursuant to Art. 17 GDPR to demand deletion of your personal data saved with us, in so far as the processing is not required for exercising the right of freedom of expression and information, to comply with a legal obligation, for reasons of public interest or to establish, exercise or defend legal claims;
- pursuant to Art. 18 GDPR to demand restriction of processing of your personal data, in so far as you contest the accuracy of the data, the processing is unlawful but you oppose deletion and we no longer need the data but you do to establish, exercise or defend legal claims or you have objected to processing pursuant to Art. 21 GDPR;
- pursuant to Art. 20 GDPR to receive your personal data you have provided us in a structured, commonly used and machine-readable format or to demand transmission to another controller;
- pursuant to Art. 7 Subs. 3 GDPR to withdraw your consent to us at any time. This means that we may no longer continue processing the data based on that consent for the future and
- pursuant to Art. 77 GDPR to lodge a complaint to a supervisory authority. As a rule, you can contact the supervisory authority for your habitual residence or place of work or our registered offices.
10. Right to object
In so far as your personal data are processed on the basis of justified interests pursuant to Art. 6 Subs. 1 Sentence 1 lit. f GDPR, you have the right, pursuant to Art. 21 GDPR, to object to the processing of your personal data, in so far as there are grounds arising from your particular situation or it relates to objection to direct advertising. In the latter case, you have a general right to object which we shall heed without the stating of a particular situation.
If you want to exercise your right to object, simply send an email to [email protected].
11. Data Security
All the data you personally transfer will be sent encrypted with the customary and secure TLS standard (Transport Layer Security). TLS is a secure and proven standard, which is also used for online banking, for example. You can recognise a secure TLS connection inter alia by the "s" appended to the http (i.e. https://..) in the address bar of your browser or by the lock symbol at the bottom of your browser.
We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continually monitored and improved to reflect technological developments.
12. Actuality of and changes to this Data Protection Policy
This Data Protection Policy is the latest version and was last amended as of 06.04.2020.
The further development of our website and offers on it or changes in statutory or public-authority requirements many render it necessary to amend this Data Protection Policy. The latest version of Data Protection Policy can be downloaded and printed out at any time from the website under www.calida.com/Privacypolicy/.