Privacy Notice
Introduction
Being the operator of this website, ECOaction GmbH (hereinafter “we”) are the data controller in charge of processing personal data of any users of such website. You can find our contact details in the imprint of the website, while the contacts for questions concerning the processing of your personal data are provided directly in this Privacy Statement.
We are strongly committed to protecting your privacy and your private and personal data. We collect, save, and use your personal data strictly in accordance with the provisions of this Privacy Statement and the applicable data protection provisions, including without limitation the European General Data Protection Regulation (GDPR) and national data protection provisions.
With this Privacy Statement, we wish to inform you to what extent and for what purpose your personal data is processed in connection with the use of our website.
Personal data
Personal data is all information about an identified or identifiable individual. This includes information about your identity such as your name, your e-mail address, or your postal address. Any information that cannot be directly linked to your identity (e.g. statistical details such as the number of users of the website) is, however, not considered to be personal data.
You can essentially use our website without disclosing your identity and without providing any personal data. In that case, we will merely collect general information about your visit to our website. However, some of the services offered require you to provide certain personal data. As a rule, we will process such data only for purposes connected with the use of this website, including without limitation for the provision of the desired information. Whenever personal data is collected, you are only required to provide the data that is absolutely essential. Also, you may be asked to provide additional details, which is optional information provided voluntarily. We let you know in each case whether the input fields are for mandatory or optional details. More specific details are provided in the relevant section of this Privacy Statement.
There is no automated decision-making on the basis of your personal data in connection with the use of our website.
Processing personal data
We store the information provided by you on protected dedicated servers located within the European Union. Technical and organisational measures are taken to protect such servers against loss, destruction, access, modification, or dissemination of your data by unauthorized persons. Access to your data will be permitted only to a limited number of persons in charge of the technical, commercial, or editorial support of the servers. Notwithstanding regular controls, full protection against all risks cannot be provided.
Your personal data is transmitted over the Internet in encrypted form. We use SSL (Secure Socket Layer) encryption for transmission of data.
Disclosure of personal data to third parties
We use your personal information exclusively for providing the services that you have requested from us. Insofar as we use external service providers in performing the service requested, such external service providers will also access the data exclusively for the purpose of performing the service. By taking the necessary technical and organisational measures we ensure compliance with data protection policies and we demand the same of our external partners.
Moreover, we will not disclose the data to any third parties, including without limitation for advertising purposes, without your express consent. We will disclose your personal data only if you have given your consent to disclosure of the data or insofar as we are entitled or obligated to do so under legal provisions and/or administrative or judicial orders. This may include, without being limited to, giving information for purposes of criminal prosecution, in order to avert danger, or in order to enforce intellectual property rights.
Insofar as we transfer your personal data ourselves or through service providers to countries outside the European Union, we comply with the special requirements of Article 44 of the GDPR for this purpose and also oblige our service providers to comply with these regulations. We will therefore only transfer your data to countries outside the European Union subject to the level of protection guaranteed by the GDPR. This level of protection is guaranteed in particular by an adequacy decision of the EU Commission or by suitable guarantees in accordance with Article 46 GDPR.
Legal basis of data processing
Insofar as we obtain your consent to processing your personal data, Article 6(1)(a) of the GDPR constitutes the legal basis for such data processing.
Insofar as we process your personal data because processing is necessary for the performance of a contract or is necessary under a quasi-contractual relationship with you, the lawfulness of data processing is based on Article 6(1)(b) of the GDPR.
Insofar as we process your personal data because processing is necessary for compliance with a legal obligation, the lawfulness of data processing is based on Article 6(1)(c) of the GDPR.
Furthermore, Article 6(1)(f) of the GDPR may constitute the legal basis for data processing, if processing of your personal data is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by your interests or your fundamental rights and freedoms which require protection of personal data.
Throughout this Privacy Statement, we refer to the legal basis on which we process your personal data.
Deletion of data and duration of storage
We invariably delete or block any personal data provided by you as soon as the purpose of storage of such data has ceased to apply. However, we may continue to store your personal data beyond that, if such storage is governed by legal provisions to which we are subject, including without limitation the legal obligation to retain business records and documentation. In such a case, we will delete or block the personal data after the prescribed period of time has expired.
Order processing
If you place an order, we will use your personal information only within our company and our affiliated companies and the enterprise appointed to process purchase orders.
Storage and disclosure of data upon placement of an order
For order processing, we work together with a number of enterprises which are in charge of payment processing and logistics. We make sure that our partners also comply with data protection provisions. For instance, we disclose your address data (name and address) to the relevant carrier who delivers the ordered products to you. In this case, Article 6 (1)(b) of the GDPR constitutes the legal basis for data processing. Processing of your personal data is necessary for performance of the contract made with you.
We store the data for the period required to perform the contract. In addition, we store such data for the legally prescribed period in order to meet any post-contract obligations and insofar as retention periods under commercial and tax law have to be complied with. This retention period normally is ten (10) years until the end of the relevant calendar year.
Processing of payment for purchase orders via Stripe and PayPal
Depending on the payment option selected, payments for purchase orders will be processed with the help of a service provider.
For payments with instant bank transfer (via Klarna), credit card, SEPA direct debit, Apple Pay or Google Pay, we use the payment service provider Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland, to whom we pass on the information you provided during the ordering process along with information about your order (name, address, account number, bank code, credit card number, if applicable, invoice amount, currency and transaction number). Your data will only be passed on for the purpose of payment processing with the payment service provider Stripe Payments Europe Ltd. You can find more information about Stripe's data protection at the URL https://stripe.com/de/terms.If you wish to pay using PayPal, a link will redirect you to the PayPal website. Personal data of yours are processed in that case. Those are your name, your address, your e-mail address, possibly our telephone number as well as bank account or credit card details. Please take note of the general terms and conditions, terms of use, and privacy principles of PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, which can be found at www.paypal.com.
Payment processing is based on Article 6(1)(b) of the GDPR. Processing of your personal data is necessary for performance of the contract made with you; however, you can freely select a type of payment.
We store the data for the period required to perform the contract. In addition, we store such data for the legally prescribed period in order to meet any post-contract obligations and insofar as retention periods under commercial and tax law have to be complied with. This retention period normally is ten (10) years until the end of the relevant calendar year.
Use of our website
Information relating to your computer
Every time you access our website, we will collect the following information relating to your computer, regardless of whether or not you have registered: the IP address of your computer, the inquiry of your web browser, and the time stamp of that inquiry. In addition, the status and the amount of data transmitted in the course of the inquiry are collected. We also collect product and version information about the web browser used and the operating system of the computer. Furthermore, we record the website from which our own website has been accessed. The IP address of your computer is stored only for the duration of your use of our website; afterwards, it is deleted or anonymised by truncation. The remaining data is stored for a limited period of time.
We use this data to operate the website, more specifically for troubleshooting, or in order to assess the degree of utilisation of the website, or to carry out adjustments or improvements thereof. Such purposes also constitute our legitimate interest in data processing in accordance with Article 6(1)(f) of the GDPR.
Use of cookies
Like many other websites, our website uses cookies. Cookies are small text files that are stored on your computer and store certain settings and data of your web browser for the exchange with our website. As a rule, a cookie contains the name of the domain from which the cookie file has been sent as well as information about the age of the cookie and an alphanumeric identifier.
The cookies we use are - as far as possible - so-called session cookies, which are automatically deleted after the browser session ends. Occasionally, cookies with a longer storage period may also be used so that your preferences and settings can be taken into account the next time you visit our website.
Most browsers are set to accept cookies automatically. However, you can deactivate the storage of cookies or set your browser to inform you as soon as cookies are sent. It is also possible to manually delete already stored cookies via the browser settings. Please note that if you reject the storage of cookies or delete necessary cookies, you may not be able to use our online services at all or only to a limited extent.
As far as cookies are not required for our online offer, we ask you to agree to the use of cookies when you first access our online offer. With regard to the non-essential cookies of third party providers, you will find a more detailed description of the services of these third party providers that we use below. The legal basis for the associated data processing, including any transfer of data, is your consent within the meaning of Article 6 (1)(a) of the GDPR. Once consent has been granted, it can be revoked at any time with effect for the future, in particular by changing the selected settings.
The legal basis for the use of necessary cookies is our legitimate interest in the proper provision of our online offer within the meaning of Article 6 (1)(f) of the GDPR as well as - insofar as contracts are concluded or fulfilled via our online offer - the fulfilment of the contract within the meaning of Article 6 (1)(b) of the GDPR.
Integration of third-party services
For some functions in our online offer, we use the services of third parties. The corresponding services are mostly optional functions that must be explicitly selected or used by you. We have concluded contractual agreements with the respective providers for the provision or integration of their services and, as far as possible, we make every effort to ensure that the third-party providers also provide transparent information about the extent to which personal data is processed and comply with data protection regulations.
Google Tag Manager
For our online offer we use the Google Tag Manager of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter referred to as "Google"). The Google Tag Manager is a tag management system (TMS), with which tags, i.e. tracking codes and associated code fragments, can be managed on our website. Google services can be integrated into a website via the Google Tag Manager.
When using the Google Tag Manager, a connection to the Google servers is established. This means that the IP address of the browser of the Google device used by the visitor to this website is stored. It cannot be ruled out that in this context data may be transferred to Google in the USA and that US security authorities may be able to access the data. However, cookies are not set in connection with the use of the Google Tag Manager.
You can find more information about the Google Tag Manager and data processing by Google here:
https://support.google.com/tagmanager/answer/6102821?hl=de
https://www.google.com/policies/privacy/
Our legal basis for the use of the Google Tag Manager is your consent in accordance with Article 6 (1)(a) of the GDPR. If necessary cookies are set, this is done in our legitimate interest in accordance with Article 6 (1)(f) of the GDPR. Our legitimate interest is the administration of the tracking codes in our online offer, which enable us to analyse the use of our online offer and to improve and personalize our services.
Google Analytics
We use Google Analytics for statistical evaluation. Google Analytics is a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).
Google Analytics uses so-called “cookies”, which are text files placed on your computer, to help the website analyse how you use the site. The information generated by the cookie about your use of this website will as a rule be transmitted to and stored by Google on servers in the United States. It cannot be ruled out that data may be transferred to the USA and that government agencies may gain access to this data. If IP anonymisation is activated on this website, Google will first truncate your IP address for Member States of the European Union or other parties to the Agreement on the European Economic Area. Only under exceptional circumstances is the complete IP address transmitted to a server of Google in the United States and truncated there. On behalf of the owner of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity, and providing other services relating to website activity and Internet usage for the website owner. Google will not associate the IP address transmitted by your browser in connection with Google Analytics with any other data held by Google.
You may refuse the use of cookies by selecting the appropriate settings on your browser software; however, please note that if you do this you may not be able to use the full functionality of this website. In addition, you can prevent the data generated by the cookie and based on your usage of this website (including your IP address) being sent to and processed by Google by downloading and installing the browser plug-in available at: http://tools.google.com/dlpage/gaoptout?hl=de.
For further details please visit http://tools.google.com/dlpage/gaoptout?hl=de or http://www.google.com/intl/de/analytics/privacyoverview.html (general information on Google Analytics and data protection). Please be advised that on our web pages, Google Analytics has been extended by the code “anonymizeIp();” in order to anonymise IP addresses by deleting the last octet.
Retargeting and remarketing
Retargeting and remarketing are technologies which allow displaying customised advertising to visitors of a certain website even after they have left that website. For this purpose, a service provider needs to recognise Internet users beyond the scope of its own website, using cookies created by the service provider. In addition, the user’s previous usage behaviour is taken into consideration. For example, if a user looks at certain products, these or similar products may later be displayed as advertisements on other websites. This is personalised advertising which is customised to the requirements of the relevant user. Personalised advertising does not require identification of the user beyond such recognition. Therefore, we do not combine data used for retargeting and/or remarketing with other data.
We use such technologies to place advertisements on the Internet. We use the services of third party service providers for placement of advertisements. Among other things, we use Google services which allow the automatic display of products that may be interesting for Internet users. This function is implemented by cookies. It cannot be ruled out that data may be transferred to the USA and that government agencies may gain access to this data.
Insofar as cookies are set for the integration of the service, your consent is the legal basis for data processing in accordance with Article 6 (1)(a) of the GDPR. Once consent has been given, it can be revoked at any time with effect for the future. If no cookies are set, our legitimate interest in the proper provision of our online service in accordance with Article 6 (1)(f) of the GDPR is the legal basis for the integration.
Communication with us
There are various ways of contacting us, including the contact form on our website.
Contact form
If you wish to use the contact form of our website, we will collect the personal data that you provide in the contact form, including but not limited to your name and e-mail address. In addition, we record the IP address and the date and time of the enquiry. We process any data transmitted through the contact form exclusively for the purpose of answering your enquiry or reacting to your concern.
It is up to you to decide what information you provide in the contact form. In accordance with Article 6(1)(a) of the GDPR, your consent constitutes the legal basis for processing your data.
After the matter has been dealt with, the data is stored for some time in case you have any further questions. Without prejudice to the relevant legal retention periods, you may request deletion of the data at any time, otherwise the data will be deleted once the matter has been conclusively dealt with.
Newsletter
When you register for our newsletter, your e-mail address will be used for our own advertising purposes until you unsubscribe. For this purpose, you will receive regular information by e-mail on current topics as well as e-mails for special occasions, such as special promotions. The e-mails can be personalized and individualized based on our information about you.
To register for our newsletter, we use the so-called double opt-in procedure, unless you have given us your consent in writing, i.e. we will only send you a newsletter by e-mail if you have previously expressly confirmed that you want us to activate the newsletter dispatch. We will then send you a notification e-mail and ask you to confirm that you would like to receive our newsletter by clicking on a link contained in this e-mail.
The legal basis for the processing of your data is your consent pursuant to Art. 6 (1) a) DSGVO, if you have expressly registered for the newsletter. Within the scope of the legal requirements, it may also be possible that you receive our newsletter from us without express consent because you have ordered goods or services from us, we have received your e-mail address in this context and you have not objected to receiving information by e-mail. In this case, the legal basis is our legitimate interest to send direct advertising according to Art. 6 para. 1 lit. f) DSGVO.
If you no longer wish to receive newsletters from us, you can revoke your consent at any time with effect for the future or object to further receipt of the newsletter without incurring any costs other than the transmission costs according to the prime rates. Simply use the unsubscribe link contained in each newsletter or send a message to us or our data protection officer.
Your rights; contact
We are strongly committed to explaining how we process personal data and to inform you about your rights as transparently as possible. If you want more detailed information or wish to exercise your rights, you can contact us at any time so that we can take care of your concerns.
Rights of persons concerned
You have extensive rights with respect to the processing of your personal data. First of all, you have an extensive right to information and under certain circumstances may demand correction and/or deletion or blocking of your personal data. You can also demand restriction of processing and you have a right of objection. You also have a right to data portability with a view to personal data that you have transmitted to us.
If you wish to assert any of your rights and/or want more detailed information concerning your rights, please contact our customer service. Alternatively, you may contact our data protection officer.
Revocation of consent and objection
You may at any time revoke your consent with future effect. Revocation of the consent does not affect the legality of any processing performed on the basis of such consent given up until the revocation thereof. In such cases as well, please contact our customer service and/or our data protection officer.
Insofar as the processing of your personal data is not based on consent given by you but on another legal basis, you can object to the data processing. Your objection will lead to a review and, if necessary, to termination of the data processing. You will be informed of the outcome of the review and – if the data processing is to be continued nonetheless – you will receive further information from us on why the data processing is admissible.
Data protection officer; contact
If you have any questions regarding our handling of personal data, please do not hesitate to contact us at info@ecoaction.de If you have any detailed legal questions or complaints, please contact our legal advisors at:
BRANDI Rechtsanwälte
RA Dr. Sebastian Meyer
Adenauerplatz 1
33602 Bielefeld
www.brandi.net
datenschutz@brandi.net
Complaints
If you are of the opinion that the processing of your personal data does not comply with this Privacy Statement or the applicable data protection provisions, you have the right to file a complaint with a supervisory authority. You can file a complaint with our data protection officer. Our data protection officer will review the matter and inform you of the outcome of the review.
Further information; amendments
Links to other websites
Our online service may contain links to other websites. Generally, these links are identified as such. We cannot control to what extent linked websites comply with the applicable data protection provisions. We therefore recommend that for other providers’ data protection statements, you refer to the information given on their respective websites.
Amendments of this Privacy Statement
Any revision of this Privacy Statement is identified by the date specified (see below). We reserve the right to amend this Privacy Statement at any time with effect for the future. Amendments will be made, among other things, in case of technical adjustments of the website or changes of the data protection laws. The Privacy Statement as amended from time to time is always made available directly through our website. We recommend obtaining information on any changes of this Privacy Statement on a regular basis.
This Privacy Statement was last revised in: March 2021