Data Protection Declaration
1. Name and contact details of the Controller and of the data protection officer:
Iris von Arnim GmbH
P +49. 40. 41 40 10 0
F +49. 40. 41 05 31 0
The company data protection officer can be reached at the above-mentioned address, Att. data protection officer, or by e-mail: firstname.lastname@example.org.
2. Collection, Storage and Erasure of Personal Data as well as Type and Purpose and their use:
a) When visiting the website:
When you visit our Website www.irisvonarnim.com, the browser you are using on your terminal device automatically sends information to the server of our website. This information will be temporarily stored in a so-called log file. The following information will be recorded without your intervention and stored until automated deletion.
- IP address of the requesting computer,
- date and time of access,
- name and URL of the file accessed,
- website from which access has been made (Referrer-URL),
- the browser used and, if applicable, your computer’s operating system, and your access provider’s name.
We will be processing the above-mentioned data for the following purposes:
- ensuring a smooth connection of the website,
- ensuring comfortable use of our website,
- evaluation of system security and stability,
- for other administrative purposes.
The legal basis for data processing is GDPR sec. 6 para 1 lit. f. Our legitimate interest follows from the purposes listed above for data collection. In no case we will be using the collected data for the purpose of drawing conclusions about you
c) When subscribing to newsletter:
If you explicitly have consented pursuant GDPR sec. 6 para. 1 sentence 1 lit. a we will use your email address to regularly send you our newsletter. For receiving our newsletter, an e-mail address is sufficient.
If at all, your data will only be passed on to third parties for the technical handling of the newsletter dispatch via a service provider working in compliance with data protection regulations.
You can unsubscribe at any time, for example via a link at the end of each newsletter. Alternatively, you can unsubscribe at any time using email@example.com.
d) When using our online store:
For the order in our online store we necessarily need your personal data, for the conclusion of the contract and the completion of your order. Required information for the execution of the contracts are marked separately, further information is voluntary. We process the data provided by you to complete your order. For this purpose, we can disclose your payment data to our house bank. The legal basis for this is GDPR sec. 6 para. 1 sentence 1 lit. b.
We offer you the opportunity to create a customer account through which we can store your data for future purchases. When you create an account under "I AM NEW CUSTOMER / GUEST", the data you have provided will be stored revocably. All other data, including your user account, can be erased in the customer log-in area at any time.
Payment data is collected in encrypted form and used solely to process the corresponding transaction. Except in the case of payment by account, we do not receive any knowledge or access to the bank and credit card data. The processing is carried out exclusively by the corresponding service provider.
e) Erasure of data:
Your data stored by us will only be stored for as long as it is required.
- The data of the customer account will remain stored until you cancel the account.
- Without a customer account the order data remain stored until completion of the order.
However, due to commercial and tax regulations, we are obliged to store your address, payment and order data for a period of ten years. After three years at the end of the year, we will limit processing, i.e. your data will only be used to comply with legal obligations.
3. Disclosure of Data to Third Parties:
Your personal data will not be transmitted to third parties for purposes other than those listed below. We only pass on your personal data to third parties:
- if you explicitly have consented pursuant GDPR sec. 6 para. 1 sentence 1 lit. a,
- if passing on your personal data pursuant GDPR sec. 6 para. 1 sentence 1 lit. f is necessary for assertion, exercise or defence of legal claims, and there is no reason to believe that you have an overriding interest worthy of protection in non-disclosure of your data,
- in the event of a legal obligation existing for their transfer pursuant to GDPR sec. 6 para. 1 sentence 1 lit. c, and
- this is permitted by law and it is necessary for carrying out our contractual relationships with you pursuant to GDPR sec. 6 para. 1 sentence 1 lit. b.
In the cookie information is stored, each resulting in connection with the specific terminal used. However, this does not mean that we are immediately aware of your identity.
The data processed by cookies is required for the aforementioned purposes in order to protect our legitimate interests and those of third parties pursuant to GDPR sec. 6 para 1 lit. f.
Most browsers automatically accept cookies. However, you can configure your browser in a way that no cookies will be stored on your computer or a message always will appear prior to a new cookie being created. However, complete deactivation of cookies might lead to you not being able to use all our website’s functions.
5. Analysis Tools
We use the tracking measures listed below on the legal basis of GDPR sec. 6 para 1 lit. f. With the tracking measures used, we want to ensure that our website will be meeting requirements and will be held continually optimized. Furthermore, we use tracking devices to statistically record the use of our website and to evaluate it for the purpose of optimizing our service for you. These interests are to be regarded as legitimate within the meaning of the aforementioned provision.
- Google Analytics:
We use Google Analytics, a web analysis service by Google Inc. (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter „Google“) for the purpose of demand-oriented design and continuous optimization of our sites. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
In this context, pseudonymised user profiles will be created and cookies will be used, see point 4. The information on your use of our website created by the cookie such as
- browser type / version,
- used operating system,
- Referrer URL (the previously visited page),
- the accessing computer’s host name of (IP address),
- time of server request,
will be submitted to a server of Google in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on the website activities and to provide further services associated with the use of the website and of the internet for the purposes of market research and demand-oriented design of these web pages. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of the company. Under no circumstances will your IP address be merged with other data from Google. The IP addresses will be anonymized so that an assignment is not possible (IP masking).
Furthermore, you can prevent recording of data generated by the cookie relating to your use of the website (including your IP address) and its processing by Google when downloading and installing a browser-add-on https://tools.google.com/dlpage/gaoptout?hl=de
As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from recording data by clicking on this link. This will set an opt-out cookie to prevent future recording of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.
Further information on data protection in connection with Google Analytics can be found at https://www.google.com/analytics/terms/de.html.
b) Doubleclick Ad Exchange:
The advertising service "Doubleclick Ad Exchange" used on our website is a product of Google Inc., USA ("Google", see above), which we use for optimized advertising. Within the framework of the use of Doubleclick Ad Exchange, cookies and web beacons are used, point 4. This records and stores information such as visitor traffic on our website. The information generated by the cookie and/or web beacon about your use of the website is transferred to a server in the USA and stored there.
Google uses the information obtained in this way to evaluate your usage behavior with regard to Doubleclick Ad Exchange ads. Google may also disclose this information to third parties if this is required by law or if third parties process this data on behalf of Google. If IP addresses are transferred and stored in this context, this is only to combat and filter spam/fraud (ad impression spam and click spam).
6. Retargeting tools
Our goal is to present only those advertisements that are relevant to the user. To improve our advertising in this respect, we use the advertising tools described below. The legal basis for the use of these tools is GDPR sec. 6 para 1 lit. f.
- Facebook Retargeting:
Our website uses the services Facebook Pixel and Facebook Custom Audience. These are services of Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland). These services document transactions on our website, such as the time spent on pages, the placement of products in the shopping basket or purchases. The data used for this purpose is stored on your computer using cookies, point 4.
First of all the stored data is used to analyze the search behavior of visitors to this website (tracking). The information collected is used to improve the website and the offer. Based on this information, the stored cookies are also used to recognize visitors to our website when they visit websites that belong to Facebook's advertising network. The use of these services then enables us to present interest-related advertisements to the user on those "partner websites" and thus make them more interesting for the user (retargeting).
You can deactivate the collection of data for the purposes mentioned above. A persistent cookie is then set in your browser that prevents the collection of data as long as you do not specifically delete this cookie. You can repeat the objection at any time.
If you do not want your purchasing behavior to be analyzed, you can deactivate this function here.
If you do not agree with the processing of your data as part of Facebook Retargeting, click here.
- Google Remarketing:
We use the Google Remarketing application, another Google product. With this process we would like to contact you again. This application allows us to serve our advertisements to you after you have visited our website. This is done using cookies stored in your browser, through which your usage behavior when visiting various websites is recorded and evaluated by Google. This is how Google determines your previous visit to our website. A combination of the data collected during the remarketing with your personal data, which may be stored by Google, does not occur according to Google. In particular, according to Google, pseudonymization is used in remarketing.
7. Social Media:
On our website you have the opportunity to share articles in the social networks Facebook and Twitter. We use this to promote our website. The underlying advertising purpose is to be regarded as a legitimate interest within the meaning of the GDPR. These plug-ins are integrated by us by means of external links to the pages of the operators of the social network in order to protect visitors to our website in the best possible way. Responsibility for the data protection-compliant operation is to be guaranteed by their respective providers.
8. Rights of Data Subjects
You have the right:
- to obtain access to your personal data processed by us in accordance with GDPR sec. 15. In particular, you may obtain access to the purposes of the processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the envisaged storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the source of your data, if these have not been collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information on their details;
- to immediately request the rectification of inaccurate or completion of incomplete personal data stored by us in accordance with GDPR sec. 16;
- to request the erasure of your personal data stored by us pursuant to GDPR sec. 17, unless the processing for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for assertion, exercise or defense of legal rights is required;
- to demand the restriction of the processing of your personal data pursuant to GDPR sec. 18, as far as the accuracy of the data is contested by you, the processing is unlawful, but you reject its erasure and we no longer need the data, but you require this, for the exercise or defense of legal claims or you objected to processing pursuant to GDPR sec. 21;
- to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format in accordance with GDPR sec. 20. or to demand transmission to another controller;
- to object to your consent given pursuant to GDPR sec. 7 para 3 at any time. As a result, we are no longer allowed to continue processing data based on this consent in the future and
- to lodge a complaint with a supervisory authority pursuant to GDPR sec. 77. As a rule, you can contact the supervisory authority of your habitual residence or place of work or place of business.
9. Right to object:
If your personal data are processed based on legitimate interests pursuant to GDPR sec. 6 para. 1 sentence 1 lit. f, you have the right to object to the processing of your personal data pursuant to GDPR sec. 21, provided that there are reasons on grounds relating to your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which we will implement without specifying a particular situation. If you would like to make use of your right of revocation or objection, simply send an e-mail to firstname.lastname@example.org
10. Data security
We use the most common SSL (Secure Socket Layer) method in connection with the highest level of encryption supported by your browser. Usually this is a 256 bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. Whether a single page of our website is transmitted in encrypted form can be seen from the closed display of the key or lock symbol in the status bar of your browser. We make use of the rest of the adequate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
This data protection declaration is currently valid and has the status as of May 2018.
Due to further development of our website and offers or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access and print out the current data protection declaration at any time on the website at www.irisvonarnim.com/en/privacy.
Data Protection for HR Services