Supplementary Data Protection Declaration for our website
The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection provisions is:
Company: TIO GmbH
Street: Mittenwalder Str. 19
Zip Code, City, Country: 10961 Berlin, Germany
Commercial number: HRB 213818
General manager: Benjamin Beck & Fabian Ghoshal
Phone number: +49 40 30939023
Internal data privacy officer:
Name: Benjamin Beck
Status: 31 May 2018
1. Basic information for working with personal data
This data protection declaration clarifies the way, range and purpose of the processing of personal information within our online offering and the related websites, features and content (following referred to as “online offer” or “website”).
The data protection declaration applies regardless of the domains, systems, platforms, and devices (such as desktop or mobile) on which the online offer is being run. With regard to the terminology used, e.g. we refer to the definitions in Article 4 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of personal data, or their “processing” and repealing Directive 95/46 / EC (GDPR).
In principle, we only collect, process and use personal data of the users only when it´s necessary for the adduction of a functional website or our content and services or for the adduction of our contractual services and / or if the user has given its agreement.
2. Purposes of data processing and legal bases
Adduction of contractual services
We process inventory data (e.g., names and addresses and contact details of users) and contract data (e.g., services used, names of contact persons, payment information) to fulfill our contractual obligations and services in accordance with Art. Art. 6 para. 1 lit. b DSGVO.
Users can optionally create a user account, in particular by being able to view their orders. As part of the registration, the required mandatory information will be communicated to the users. The user accounts are not public and can not be indexed by search engines. If users have terminated their user account, their data will be deleted with regard to the user account, unless their retention for commercial or tax reasons pursuant to Art. 6 para. 1 lit. c DSGVO is necessary. It is the responsibility of the users to secure their data upon termination before the end of the contract. We are entitled to irretrievably delete all user data stored during the term of the contract.
As part of the registration and renewed registrations and when using our online services, we save the IP address and the time of the respective user action. The storage takes place in order to safeguard our legitimate interests in accordance with Art. 6 para. 1 lit. f DSGVO. based on our legitimate interests, while protecting the user from misuse and other unauthorized use. A transfer of these data to third parties does not take place, unless it is necessary for the prosecution of our claims or there is a legal obligation in accordance with. Art. 6 para. 1 lit. c DSGVO.
We process usage data (e.g., the visited web pages of our online offer, interest in our products) and content data (e.g., submissions in contact form or user profile) for advertising purposes in a user profile, e.g. to display product instructions for the user on the basis of the services used so far.
When contacting us (via contact form or e-mail), the information provided by the user to process the contact request and its processing acc. Art. 6 para. 1 lit. b DSGVO processed.
The information provided by the users can be stored in our Customer Relationship Management System (“CRM System”) or a comparable system.
c) Comments and Dues
When users leave comments or other posts, their IP addresses are saved for seven days. This allows us to take legal action if necessary, provided a user leaves unlawful content in comments and posts (insults, prohibited political propaganda, etc.) for which we are held responsible. The legal basis for this data collection is Art. 6 para. 1 lit. f. DSGVO (legitimate interest).
d) Collection of access data and logfiles
During your visit to our website, certain data that automatically transmits the device you are using to the server of our website is collected and temporarily saved in a log file until it is automatically deleted. These include the name of the retrieved web page, file, date and time of retrieval, amount of data transferred, message about the successful retrieval, the Internet protocol address (IP address), the website via which the access was made (referrer URL), the Internet service provider as well as the (browser) software and version used and the user’s operating system. This information is not processed to identify you or to draw any other conclusions about you. Rather, we only process this information for administrative purposes, such as ensuring a smooth connection setup and comfortable use of our website, as well as monitoring, evaluating and continuously improving overall system security and stability. The legal basis for this data processing is Article 6 (1) (f) of the GDPR. Our legitimate interest follows from above listed purposes.
Logfile information is stored for security purposes (for example, to investigate abusive or fraudulent activities) for a maximum of seven days and then we´ll delete it. Data whose further retention is required for evidential purposes shall be exempted from the cancellation until final clarification of the incident.
e) Cookies & reach measurement
Specifically, we set a cookie (“pll_language”), which stores the last language setting you have made and thus enables the adoption of language settings. The storage period of this cookie is one year. In addition, through our web application, certain temporary cookies are set for the sole purpose of security analysis and defense against malicious attacks on our website. Their storage duration is 30 minutes (“wfvt_ […]”) or 24 hours (“wordfence_verifiedHuman”).
Most browsers are set by default to automatically accept cookies. However, you can configure your browser so that no or only certain cookies are accepted or a notice appears before a new cookie is created. You can also delete saved cookies manually or automatically at any time in the system settings of the browser. A cookie administration guide usually includes the help feature built into your browser. Please note that not all functions of our website may be available if you deactivate the acceptance of cookies.
The data of the users collected in this way are pseudonymized by technical precautions. Therefore, an assignment of the data to the calling user is no longer possible. The data will not be saved together with other personal data of the users.
The processing of data by means of cookies for the above purposes is based on the legal basis of Article 6 para. 1 lit. f DSGVO, as it is necessary for the protection of our legitimate interests.
f) Google Analytics, Google Re / Marketing Services
Google is certified under the Privacy Shield Agreement and committed to comply with European data protection law.
Google will use the information collected on our behalf to compile and evaluate the use of our online offering and the activities of users within this online offering and to provide related services to us. In this case, pseudonymous user profiles of the users can be created from the processed data.
We use Google Analytics to optimize our offerings to users and to display the ads placed by Google and its affiliates only to users who have also shown an interest in our online offer or who, as shown by their usage behavior, are interested in certain topics or products that we submit to Google (so-called “Remarketing” or “Google Analytics Audiences”). With Remarketing Audiences, we also want to make sure that our ads are in line with the potential interest of users and are not annoying.
If a user e.g. showing ads for products he was interested in on other websites is called remarketing. For these purposes, when Google and our other websites accessing Google Marketing Services are directly accessed by Google, a code will be executed by Google and so-called (re) marketing tags (invisible graphics or code, also called “Web Beacons “) incorporated into the website. With their help, the user is provided with an individual cookie, i. a small file is saved (instead of cookies, comparable technologies can also be used). The cookies can be set by different domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. In this file, it is noted which web pages the user visited, which content he is interested in and which offers he clicked, as well as technical information about the browser and operating system, referring web pages, visit time and other information on the use of the online offer.
The data of the users are pseudonym processed in the context of the Google marketing services. That Google stores and processes e.g. not the name or e-mail address of the users, but processes the relevant data cookie-related within pseudonymous user profiles. That from the perspective of Google, the ads are not managed and displayed to a specifically identified person, but to the cookie owner, regardless of who that cookie owner is. This does not apply if a user has explicitly allowed Google to process the data without this pseudonymization. The information collected about users through Google Marketing Services is transmitted to Google and stored on Google’s servers in the United States.
Among the Google marketing services we use is u.a. the online advertising program “Google AdWords”. In the case of Google AdWords, each advertiser receives a different “conversion cookie”. Cookies can not be tracked through AdWords advertisers websites. The information collected through the cookie is used to generate conversion statistics for AdWords advertisers who have opted for conversion tracking. Advertisers will see the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, they do not receive information that personally identifies users.
The processing of data for the above purposes is based on the legal basis of Article 6 para. 1 lit. f DSGVO, as it is necessary for the protection of our legitimate interests.
We only use Google Analytics with activated IP anonymization. This means that the IP address of the users is shortened and shortened by Google within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there.
The IP address submitted by the user’s browser will not be merged with other data provided by Google.
The above information may also be linked by Google with such information from other sources. If the user then visits other websites, they can be displayed according to his interests, the ads tailored to him.
Users can prevent the storage of cookies by setting their browser software accordingly; Users may also prevent the collection by Google of the data generated by the cookie and related to its use of the online offer and the processing of such data by Google by downloading and installing the browser plug-in available at the following link: http: // tools .google.com / dlpage / gaoptout? hl = en.
For more information about Google’s data usage, hiring and opt-out options, please visit Google’s websites: https://www.google.com/intl/en/policies/privacy/partners (“Google’s use of your data when you use websites or apps our partners “), http://www.google.com/policies/technologies/ads (” Use of data for promotional purposes “), http://www.google.com/settings/ads (” Managing information that Google uses, to show you advertising “).
Also we can use the service “Google Optimizer”. Google Optimizer allows us to understand how various changes to a website (such as changes to the input fields, the design, etc.) can take place in so-called “A/B testings”. Cookies are stored on users’ devices for these purposes. Only pseudonymous data of the users are processed.
In addition, we may use the “Google Tag Manager” to integrate and manage the Google Analytics and Marketing Services on our website.
If you wish to opt-out of interest-based advertising through Google Marketing Services, you can take advantage of Google’s recruitment and opt-out options: http://www.google.com/ads/preferences.
g) Facebook social plugins
In the interests of optimizing and safeguarding the economic operation of our online offer, we use social plugins (“plugins”) from the social network facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2 , Ireland is operated (“Facebook”).
The plugins may contain interaction elements or content (eg videos, graphics or text contributions) and can be recognized by one of the Facebook logos (white “f” on a blue tile, the terms “Like”, “Like” or a “thumbs up” – Characters) or are marked with the addition “Facebook Social Plugin”. The list and appearance of Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/.
Facebook is certified under the Privacy Shield Agreement and committed to comply with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
When a user calls a feature of our online offering that includes such a plugin, their device establishes a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to the device of the user and incorporated by him into the online offer. In the process, user profiles can be created from the processed data. We therefore have no influence on the amount of data that Facebook collects with the help of this plugin.
By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the online offer. If the user is logged in to Facebook, Facebook can assign the visit to his Facebook account. If users interact with the plugins, for example, press the Like button or leave a comment, the corresponding information is transmitted from his device directly to Facebook and stored there. If a user is not a member of Facebook, there is still the possibility that Facebook will find out and save their IP address. According to Facebook, only an anonymous IP address is stored in Germany.
If a user is a member of Facebook and does not want Facebook to collect data about him through this online offer and associate it with his member data stored on Facebook, he must log out of Facebook and delete his cookies before using our online offer.
Other settings and options to oppose the use of data for promotional purposes can be found within the Facebook profile settings at https://www.facebook.com/settings?tab=ads or via the US-American page http://www.aboutads.com .info / choices / or the EU page http://www.youronlinechoices.com/. The settings are platform independent, i. they are adopted for all devices, such as desktop computers or mobile devices.
On our website you can subscribe to a newsletter. The data from the input mask are transmitted to us when registering for the newsletter. The details include the user e-mail address, the IP address of the calling computer and the date and time of registration.
• Content of the newsletter: We send newsletters, emails and other electronic notifications with advertising information (“newsletter”) only with the consent of the recipient or a legal permission. Insofar as the contents of a newsletter are concretely described, they are authoritative for the consent of the users. Incidentally, our newsletters contain information about our products, offers, promotions and our company.
• Double-Opt-In and logging: Registration for our newsletter takes place in a so-called double opt-in procedure. That after registration, you will receive an e-mail asking you to confirm your registration. Furthermore, we obtain your consent to carry out statistical surveys and analyzes in the newsletter. We expressly point out to you during the registration process that not only technical information, such as information about the browser and your system as well as your IP address, registration and confirmation time and time of retrieval by a shipping service provider are collected during the retrieval, but that the statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked, and that, for technical reasons, this information can be assigned to the individual newsletter recipients.
Furthermore, the shipping service provider may, according to its own information, transmit these data in pseudonymous form, that means without assignment to a user, to optimize or improve their own services, e.g. for the technical optimization of the shipping and the presentation of the newsletter or for statistical purposes, for example to determine from which countries the recipients come. However, the shipping service provider does not use the data of our newsletter recipients to write them down or to pass them on to third parties.
• Credentials: To sign up for the newsletter, it is sufficient to provide your e-mail address. Optionally, we ask you to provide a name for personal address in the newsletter.
• Statistical Survey and Analysis: The newsletters contain a so-called “web-beacon”, i. a pixel-sized file that is retrieved from the shipping service provider’s server when the newsletter is opened. This call will initially collect technical information, such as browser and system information, as well as your IP address and time of retrieval. This information is used to improve the technical performance of services based on their specifications or audience and their reading habits, based on their locations (which can be determined using the IP address) or access times. Statistical surveys also include determining if the newsletters will be opened, when they will be opened and which links will be clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our endeavor nor that of the shipping service provider to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
• Termination / Revocation: You can terminate the receipt of our newsletter at any time, ie. Revoke your consent. At the same time, your consent for shipping by the shipping service provider and the statistical analyzes expire. A separate revocation of the shipment by the shipping service provider or the statistical evaluation is unfortunately not possible. A link to cancel the newsletter can be found at the end of each newsletter. After your termination your personal data will be deleted.
The use of the shipping service provider, the implementation of statistical surveys and analyzes and the logging of the registration process are based on our legitimate interests in accordance with. Art. 6 para. 1 lit. f DSGVO. We are interested in using a user-friendly and secure newsletter system that serves both our business interests and the expectations of our users.
Integration of services and content of third parties
In order to optimize and maintain the economic efficiency of our offer, we use content or service offers from third-party providers to integrate their content and services (collectively referred to as “content”).
This always presupposes that the third party providers of this content perceive the IP address of the users, since they could not send the content to their browser without the IP address. The IP address is therefore required for the presentation of this content.
Third parties may also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. The “pixel tags” may contain information such as to the traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may include, but is not limited to, technical information about the browser and operating system, referring web pages, visit time, and other information regarding the use of our online offer.
Most browsers are set by default to automatically accept cookies. However, you can configure your browser so that no or only certain cookies are accepted or a notice appears before a new cookie is created. You can also delete stored cookies manually or automatically at any time in the system settings of the browser. A cookie administration guide usually includes the Help feature built into your browser. Please note that not all functions of our website may be available if you deactivate the acceptance of cookies.
The following presentation provides an overview of third-party providers as well as their contents, as well as links to their privacy statements, which contain further information on the processing of data and the possibilities of objecting (so-called opt-out):
• If our customers use the payment services of third parties (such as PayPal), the terms and conditions and the privacy notices of the respective third party providers, which are retrievable within the respective websites or transaction applications, apply.
• Within our online offer, functions of the service Twitter can be integrated. These features are available through Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the “Re-Tweet” function, the websites you visit are linked to your Twitter account and shared with other users. This data is also transmitted to Twitter. We point out that we as the provider of the pages are not aware of the content of the transmitted data and their use by Twitter. Privacy Statement from Twitter at http://twitter.com/privacy. You can change your privacy settings on Twitter in the Account Settings at http://twitter.com/account/settins.
j) Affected rights
You have the right:
• to request information about your personal data processed by us in accordance with Article 15 GDPR. In particular, you may request information about the processing purposes; the categories of personal data; the recipients or categories of recipients to whom your information has been disclosed or yet to be disclosed; the planned storage duration; the existence of a right of rectification or erasure, or limitation of processing or of a right to object to such processing, the existence of a right of appeal; the source of personal information, if not collected from you, and the existence of automated decision-making, including profiling, and meaningful information about the logic involved, and its scope and intended impact;
• in accordance with Article 16 of the GDPR, to demand the correction of incorrect personal data or the completion of incomplete personal data stored with us;
• to demand the deletion of your personal data stored by us, in accordance with Article 17 of the GDPR, unless the processing for exercising the right to freedom of expression and information is required; to fulfill a legal obligation, for reasons of public interest in the field of public health; necessary for archival purposes of public interest, for scientific or historical research purposes or for statistical purposes, or for the purposes of asserting, exercising or defending legal claims;
• to demand the restriction of the processing of your personal data in accordance with Article 18 of the GDPR, if the accuracy of the data is disputed by you; the processing is illegal, but you reject its deletion;we no longer need the data, but you need it to assert, exercise or defend legal claims, or you have objected to processing in accordance with Article 21 of the GDPR;
• in accordance with Article 20 of the GDPR, to receive the personal data that you have provided us in a structured, standard and machine-readable format and to transmit this data without any obstruction to another person responsible for us;
• In accordance with Article 7 (3) GDPR, to revoke your consent given to us at any time. As a result, we no longer continue the data processing based on this consent for the future and
• pursuant to Article 77 of the GDPR, to a complaint to a supervisory authority, in particular in the Member State of its place of residence, place of work or place of alleged infringement.
k) Right of objection and revocation of consent
According to Art. 21 GDPR, you have the right to object at any time to the processing of personal data concerning you, as far as
• this processing on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. e or f DSGVO, but there are grounds for refraining from their particular situation, or
• for the purpose of direct marketing, but then for the implementation of your opposition on special grounds is not important.
In order to exercise your right of revocation or to revoke any consent given to us, you can send an e-mail to email@example.com.
l) Deletion of data
Your personal data collected by us in connection with the use of our website will be deleted or blocked as soon as the purpose of the storage is omitted. It may also be stored if provided for by the European or national legislator in EU regulations, laws or other regulations to which we are subject. Blocking or deletion of the data also takes place when a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for conclusion of a contract or fulfillment of the contract.
m) Preventive measures
We take organizational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of data protection laws are adhered to and in order to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.
The security measures include in particular the encrypted transmission of data between your browser and our server from the time of the registration or the start of the ordering process.
We use the widely used SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser. Whether a single page of our website is encrypted is shown by the closed representation of the key or lock icon in the lower status bar of your browser.
n) Disclosure of data to third parties and third party providers
For certain technical processes of data processing we use the support of external service providers (for example, for programming, maintenance and hosting of the website). Our service providers have been carefully selected and process data only on our behalf and according to our instructions.
Incidentally, a transfer of your personal data to third parties for purposes other than those listed below will not take place.
We only pass on your personal data to third parties insofar as
• You have your consent in accordance with Article 6 paragraph 1 lit. a DSGVO have given, or
• this according to Article 6 para. 1 lit. b DSGVO for the fulfillment of a contract with you or for the implementation of pre-contractual measures, which are required at your request, required and otherwise legally permissible, or
• in accordance with Article 6 para. 1 lit. c DSGVO is a legal obligation, or
• this is required by Article 6 (1) (f) GDPR to safeguard legitimate interests, such as ensuring the economic and effective operation of our business or the pursuit, exercise or defense of rights, and there is no reason to believe that you are a predominantly protected person Interested in not sharing your information.
If we use subcontractors to provide our services, we will take appropriate legal precautions and appropriate technical and organizational measures to protect personal data in accordance with applicable law.
o) Changes to the data protection declaration
This data protection declaration is up-to-date and applicable since 25 May 2018. Future changes to our website and offers or regulatory or regulatory requirements may require that this data protection declaration be amended as well. If users consent is required or elements of the data protection declaration contain provisions of the contractual relationship with the users, the changes will only be made with the consent of the users. Users are requested to inform themselves regularly about the content of the data protection declaration.
C. Conditions of participation for giveaways
Wasserneutral GmbH holds regularly giveaways in Germany, Austria and Switzerland under the brand TIO.
Participation: The participation takes place by the task listed and fulfilled in the giveaway description. This will be carried out in form of a social media contribution (e.g. Facebook or Instagram).
Right to participate: Eligible to participate are persons residing in Germany, Austria and Switzerland who have reached the age of 18 at the time of participation. Employees of TIO GmbH or Wasserneutral GmbH and their relatives as well as cooperation partners are excluded from participation.
Wasserneutral GmbH retains the right to exclude participants from the campaign due to false statements, manipulations or the use of unauthorized aids. The legal way is impossible.
The deadline for participation is always directly written in the post.
A corresponding message will be published on the respective platform after the end of the giveaway. Furthermore the winner will be informed by us in a personal message. In exceptions we request the winners to contact us.
Use of data: The data will only be used by the marketing and warehouse team of Wasserneutral GmbH for the purposes of the giveaway and the associated actions. The data will be deleted after the campaign has been carried out and the prize has been dispatched. The participation data will not be passed on to third parties.