Select country and language for country-specific content.
United States United States
United States United States
Select country
english
deutsch
english
русский
中文
|
中文
deutsch
english
русский
中文

computeruniverse Privacy policy

Below we inform you according to the legal requirements – in particular the EU General Data Protection Regulation (GDRP, which can be downloaded here) – regarding the processing of personal data through our company.

Table of Contents:

  1. General information
    1. Important terms
    2. Scope
    3. Responsible party
    4. Data protection officer
  2. Data processing in detail
    1. General information regarding data processing
    2. Accessing our services
    3. Creating a user account
    4. Bonus points program
    5. Newsletter subscription
    6. Sweepstakes and promotions
    7. Online shopping and e-commerce
    8. Product insurance
    9. Customer feedback or getting in touch with the customer service
    10. Product assessments and comments
    11. Data processing on our Facebook fan page
    12. Incorporation of the Trusted Shops trust badge
    13. Administration of B2B customer data
    14. Data processing by the service reCaptcha
    15. Tracking
      a. Tracking technologies used
  3. Rights of the persons affected
    1. Right of objection
    2. Right of access
    3. Right of rectification
    4. Right of deletion (“Right to be forgotten”)
    5. Right to restriction of processing
    6. Right to data portablility
    7. Right to revoke a consent
    8. Right to appeal

I. General information

In this section of the privacy policy you will find information on the scope, the person responsible for the data processing, the data protection officer and data security. We also explain in advance the meaning of important terms used in the privacy policy.

1. Important terms

Browser: Computer program for displaying web pages (e.g. Chrome, Firefox, Safari)

Cookies: Text files that the called web server places on the user's computer by means of the browser used. The stored cookie information may contain both an identifier (cookie ID) that serves to recognize, as well as content such as registration status or information about visited websites. The browser sends the cookie information back to the web server with each new request on later, new visits to this page. Mostbrowser accept cookies automatically. You can manage cookies with the help of browser functions (mostly under “Options” or “Settings”). This may disable the storage of cookies, be made dependent on your approval in individual cases or otherwise restricted. You can also delete cookies at any time.

Third countries: Countries outside the European Union (EU)

GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016 on the protection of individuals with regard to the processingof personal data, on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), available here.

Personal data: Any information relating to an identified or identifiable natural person. A natural person is considered as identifiable, who can be identified directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special features, the expression of the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.

Profiling: Any type of automated processing of personal data, which consists in using that personal data to evaluate certain personal aspects relating to a natural person, in particular aspects relating to work performance, economic situation, health, personal preferences, interests to analyze or predict the reliability, behavior, location or change of location of this natural person.

Services: Our offers to which this privacy policy applies (see Scope).

Tracking: The collection of data and their evaluation regarding the behavior of visitors relating to our services.

Tracking technologies:Tracking can be done either via the activity logs (log files) stored on our web servers or by collecting data from your device via pixel, cookies and similar tracking technologies.

Processing: Any process or series of operations related to personal information, such as collection, recording, organization, ordering, storage, adaptation or modification, reading, querying, use, disclosure, performed with or without the aid of automated procedures through transmission, dissemination or any other form of provision, settlement or linking, restriction, erasure or destruction.

Pixel:Pixel also called counting pixels, tracking pixels, web beacons or web bugs. These are small, invisible graphics in HTML emails or on web pages. When a document is opened, this small image is downloaded from a server on the Internet, where the download is registered there. This allows the operator of the server to see if and when an email has been opened or a website has been visited. This function is usually realized by calling a small program (JavaScript). This will allow certain types of information to be detected and shared on your computer system, such as the content of cookies, the time and date of the page view, and a description of the page on which the pixel is located.

2. Scope

This Privacy Policy applies to the following offers:

  • our online offer "computeruniverse" (online shop), available in particular under www.computeruniverse.net,
  • Whenever one of our offers (such as websites, subdomains, mobile applications, web services, or third-party affiliations) refers to this Privacy Policy, regardless of the way you access or use it.

All these offers are collectively referred to as "services".

3. Responsible party

The responsible party for the processing of data - that is, the one who decides on the purpose and means of processing personal data - in connection with the services is:

computeruniverse GmbH
Grüner Weg 14
61169 Friedberg
Phone: +49 6031 7910 0
Email: computeruniverse@dataschutzanfrage.de

4. Data protection officer

You can contact our data protection officer via the contact data, mentioned under 3., to the attention of Data Privacy Department, or via computeruniverse@dataschutzanfrage.de.

II. Data processing in detail

In this section of the privacy policy, we will inform you in detail about the processing of personal data as part of our services. For better clarity, we divide this information according to certain functionalities of our services. During the normal use of the services, different functionalities and thus also different processing operations can be used successively or simultaneously.

1. General information regarding data processing

The following applies to all processing operations described below, unless otherwise stated:

a) No obligation to provide & follow non-provisioning

The provision of personal information is not required by law or contract and you are under no obligation to provide any data. We will inform you as part of the submission process when the provision of personal information for the relevant service is required (for example, by the designation as "mandatory field"). In the case of required data, non-provisioning means that the service in question cannot be provided. Otherwise, the non-provision may result in our being unable to provide our services in the same form and quality.

b) Consent

In some cases, you may also give us your consent to further processing in connection with the processing described below (possibly for some of the data). In this case, we will inform you separately in connection with the submission of the respective declaration of consent of all modalities and the scope of the consent and the purpose, which we pursue with these processing operations. The processing based on your consent is, therefore, not listed here again (Art. 13 (4) GDPR).

c) Transfer of personal data to third countries

When we send data to third countries, i.e. countries outside the European Union, then the transfer takes place only in compliance with the statutory eligibility requirements.

If the transmission of the data to a third country does not serve the purpose of fulfilling our contract with you, we do not have your consent, the transmission is not required to assert, exercise or defend legal claims and otherwise no exceptions under Art. 49 GDPR apply, we only transfer your data to a third country, if there is an adequacy decision pursuant to Art. 45 GDPR or suitable guarantees pursuant to Art. 46 GDPR are given.

One of these adequacy decisions is Commission Implementing Decision (EU) 2016/1250 of 12th July 2016 on the so-called "US-US Privacy Shield" for the USA. For transfers to companies certified under the EU-US Privacy Shield, the level of data protection is generally considered appropriate in the meaning of Art. 45 GDPR.

Alternatively or additionally, by concluding the EU standard data protection clauses issued by the European Commission with the receiving agency, appropriate guarantees pursuant to Art. 46 (2) c) GDPR and an adequate level of data protection are created. Copies of EU standard privacy clauses are available on the European Commission's website, available here.

d) Hosting with external service providers

Our data processing takes place to a large extent with the involvement of so-called hosting service providers, who provide us with storage space and processing capacities in their data centers and, according to our instructions, also process personal data on our behalf. For all the functionalities listed below, personal data may be transmitted to hosting service providers. These service providers process data either exclusively in the EU or we have guaranteed an appropriate level of data protection using the EU standard data protection clauses (see c.).

e) Transmission to state authorities

We provide personal information to governmental agencies (including law enforcement agencies) when required to fulfill a legal obligation to which we are subject (legal basis: Art. 6 (1) c) GDPR) or it is required to assert, exercise or defend legal claims (legal basis Art. 6 (1) f) GDPR).

f) Storage period

In the section "Storage period" it is indicated in each case, how long we use the data for the respective processing purpose. At the end of this period, the data will no longer be processed by us but will be deleted at regular intervals, unless continuing processing and storage is required by law (in particular because it is necessary to fulfill a legal obligation or to assert, exercise or defend legal claims ) or you give us an additional consent.

g) Data category labels

The following sections use the following summary category labels for specific types of data:

  • Account data: Login/user ID and password
  • People master data: Title, salutation/gender, first name, last name, date of birth
  • Address data: Street, house number, if necessary, addresses, zip code, city, country
  • Contact data: Telephone number(s), fax number(s), email address(es)
  • Registration data: Information about the service you have signed up for; dates and technical information on registration, confirmation and deregistration; at the registration of you specified data
  • Order data: Ordered products, prices, payment and delivery information
  • Payment data: Account information, credit card details, other payment services like PayPal
  • Usage data distribution list: Accreditation topic, accreditation date, approval of usage restriction/consent, downloads of press materials.
  • User profile data newsletter: Opening the newsletter (date and time), contents, selected links, as well as the following information of the accessing computer system: used Internet Protocol address (IP address), browser type and version, device type, operating system and similar technical information.
  • Access data: Date and time of visit of our service; the page from which the accessing system came to our site; pages accessed during use; session identification data; and the following information about accessing the computer system: Internet Protocol address (IP address) used, browser type and version, device type, operating system and similar technical information.

2. Accessing our services

Here's how we describe how your personal information is processed when you access our services (such as loading and viewing the website, opening and navigating within the mobile app). In particular, we point out that the transmission of access data to external content providers (see under b.) is inevitable due to the technical functioning of information transmission on the Internet. The third-party providers are responsible for the privacy-compliant operation of the IT systems they use. The decision on the storage period of the data is up to the service providers.

a) Intended purpose of the data processing and legal basis as well as possibly justified interests, storage period

Data category:
Access data
Intended purpose:
Connection setup; representation of the contents of the service; discovery of attacks on our site based on unusual activity; fault diagnosis
Legal basis:
Art. 6 (1) letter f) GDPR
Legitimate interest:
Proper function of the services; security of data and business processes; prevention of abuse; prevention of damage through interference with information systems
Storage period:
4 days

b) Recipient of personal data

Category or recipient:
External content providers who provide content (such as images, videos, embedded social networking postings, banner ads, fonts, update information, shortened links) required to view the service
Affected data:
Access data
Legal basis:
Art. 6 (1) letter f) GDPR
Legitimate interest:
Proper function of the services; (accelerated) presentation of the contents
Category of recipient:
IT security service
Affected data:
Access data
Legal basis:
Art. 6 (1) letter f) GDPR
Legitimate interest:
Preventing attacks by exploiting security breaches/vulnerabilities

3. Creating a user account

Below we describe how we process your personal data when you create an account on our website (https://computeruniverse.net).

Intended purpose of the data processing and legal basis as well as possibly justified interests, storage period

Data categrory:
People master data; account data; address data; contact data
Intended purpose:
Creating a user account
Legal basis:
Art. 6 (1) letter b) GDPR
Storage period:
Duration of the registration

4. Bonus-points program

Below we describe how your personal data is processed in connection with the bonus point program

Intended purpose of the data processing and legal basis as well as possibly justified interests, storage period

Data categrory:
People master data; account data; contact data
Intended purpose:
Carrying out a bonus-points program
Storage period:
Art. 6 (1) letter b) GDPR
Storage period:
Duration of the registration

5. Newsletter subscription

Below we describe how your personal information is processed when you subscribe to a newsletter:

a) Intended purpose of the data processing and legal basis as well as possibly justified interests, storage period

Data category:
Email address
Intended purpose:
Verification of registration (double opt-in procedure); newsletter subscription
Legal basis:
Art. 6 (1) letter b) GDPR
Storage period:
Duration of the newsletter subscription + 4 years
Data category:
People master data
Intended purpose:
Personalisierung des Newsletters
Legal basis:
Art. 6 (1) letter b) GDPR
Storage period:
Duration of the newsletter subscription
Data category:
Registration data
Intended purpose:
Traceability of completed newsletter registration/confirmation/deregistration
Legal basis:
Art. 6 (1) letter b) and f) GDPR
Legitimate interest:
Proof of successful newsletter registration/confirmation/deregistration
Storage period:
Duration of the newsletter subscription + 4 years
Data category:
user profile data newsletter
Intended purpose:
Interest-based design of the newsletter
Legal basis:
Art. 6 (1) letter f GDPR
Legitimate interest:
Improving our service; advertising purposes
Storage period:
Duration of the newsletter subscription

b) Recipient of personal data

Category of recipient:
Service provider for newsletter distribution
Affected data:
All the data mentioned under a) of this section
Legal basis:
Order processing (Art. 28 GDPR)

6. Sweepstakes and promotions

Below we describe how your personal information is processed when you access our sweepstakes or promotions (e.g., events, voting, contests).

a) Intended purpose of the data processing and legal basis as well as possibly justified interests, storage period

Data category:
People master data
Intended purpose:
Identification; age verification
Legal basis:
Art. 6 (1) letter b) GDPR
Storage period:
Duration of the sweepstakes/promotion
Data category:
Address data
Intended purpose:
Contact
Legal basis:
Art. 6 (1) letter b) GDPR
Storage period:
Duration of the sweepstakes/promotion
Data category:
Kontaktdaten
Intended purpose:
Contact
Legal basis:
Art. 6 (1) letter b) GDPR
Storage period:
Duration of the sweepstakes/promotion
Data category:
Responding to competition questions; giving application information; voting information

If applicable (in accordance with the respective conditions of participation)

Intended purpose:
Execution of the respective sweepstakes/the respective promotion; winner/participant selection
Legal basis:
Art. 6 (1) letter b) GDPR
Storage period:
Duration of the sweepstakes/promotion

b) Recipient of personal data

Category of recipient:
Service provider for sweepstakes or promotion implementation
Affected data:
All the data mentioned under a) of this section
Legal basis:
Order processing (Art. 28 GDPR)
Category of recipient:
Shipping service
Affected data:
Address data; name
Legal basis:
Art. 6 (1) letter b) GDPR

7. Online shopping and e-commerce

Below we describe how your personal data is processed in connection with an existing relationship between you and us in our online shop.

a) Intended purpose der Datenverarbeitung und Legal basis sowie ggf. berechtigte Interessen, Storage period

Data category:
People master data; address data; contact data
Intended purpose:
Identification; contact; registration as a customer; age verification; provision of information appropriate to the interests; transmission of advertising for own and third party offers
Legal basis:
Art. 6 (1) letters b) and f) GDPR
Berechtigtes Interesse:
Advertising purposes; care of the customer relationship; marketing ourservices
Storage period:
10 years after completion of the last order
Data category:
Order data
Intended purpose:
Order processing; interest-based offers
Legal basis:
Art. 6 (1) letters b) and f) GDPR
Berechtigtes Interesse:
Advertising purposes; care of the customer relationship; marketing our services
Storage period:
10 years after completion of the last order
Data category:
Payment data
Intended purpose:
Handling payments for the service
Legal basis:
Art. 6 (1) letter b) GDPR
Storage period:
Duration of contract relationship

b) Recipient of personal data

Category of recipient:
Payment service
Affected data:
People master data; address data; payment data
Legal basis:
Art. 6 (1) letter b) GDPR
Category of recipient:
Shipping service
Affected data:
Address data; name
Legal basis:
Art. 6 (1) letter b) GDPR
Category of recipient:
Postal service
Affected data:
People master data; address data
Legal basis:
Art. 6 (1) letters b) and f) GDPR
Legitimate interest:
Verification of your address (check of deliverability)
Category of recipient:
Marketing service
Affected data:
People master data; address data; contact data
Legal basis:
Art. 6 Abs. 1 Buchst. f) DSGVO
Legitimate interest:
Care of the customer relationship; advertising and marketing purposes
Category of recipient:
Collection service
Affected data:
People master data; address data; payment data
Legal basis:
Art. 6 Abs. (1) letter b) GDPR

8. Product insurance

Below we describe how your personal data will be processed in connection with an additional product insurance you have taken out:

Intended purpose of the data processing and legal basis as well as possibly justified, Storage period

Data category:
Address data; contact data
Intended purpose:
Identifizierung; Contact
Legal basis:
Art. 6 (1) letters b) and f) GDPR
Storage period:
10 years after completion of the last order
Data category:
Order data
Intended purpose:
Order processing
Legal basis:
Art. 6 (1) letters b) and f) GDPR
Storage period:

10 years after completion of the last order

9. Customer feedback or getting in touch with the customer service

Below, we describe how your personal data are processed when you get in touch with us with inquiries.

a) Intended purpose of the data processing and legal basis as well as possibly justified interests, storage period

Data category:
People master data; contact data; contents of the inquiries/complaints
Intended purpose:
Processing customer requests and user complaints
Legal basis:
Art. 6 (1) letters b) and f) GDPR
Legitimate interest:
Improvement of our service; customer retention
Storage period:
Processing the request

b) Recipient of personal data

Category of recipient:
Feedback service provider
Affected data:
Contact data; content of the request
Legal basis:
Order processing (Art. 28 GDPR)

10. Product assessments and comments

Below, we describe how your personal data are processed when you enter product assessments and comments on our services which are then published on computeruniverse.net.

Purpose of the data processing and legal basis and, if applicable, legitimate interests, duration of storage

Data category:
Access data; if applicable, e-mail address; nickname/alias or plain name
Purpose:
Identification; making comments or assessments; if applicable, getting in touch
Legal basis:
Art. 6 subparagraph 1 lit. b) and f) GDPR

Legitimate interest pursued by us:

Ensuring compliance with the conditions of use; prevention of falsified product assessments

Duration of storage:
Duration of availability of the assessment
Data category:
Contents of comments; product assessment
Purpose:
Publication on our Services
Legal basis:
Art. 6 subparagraph 1 lit. b) GDPR
Duration of storage:

Duration of availability of the assessment

11. Data processing on our Facebook fan page

We run this fan page on the platform of Facebook Inc., 1601 S. California Avenue, Palo Alto, CA, 94304, USA (Facebook privacy statement). Each visit and each interaction on our fan page leads to a data processing, independent of whether you possess a Facebook account or not. In the event of a logged-in account, Facebook Inc. puts the information about the visit to the fan page together with your account information and uses it under certain circumstances to form profiles. If you do not want such a profile formation, log out before you visit our fan page
 
By means of "Facebook Insights", we process statistical data of our fan page such as the total number of visits, "Like" statements, page activities, contribution interactions, video views, contribution ranges, comments, shared contents, replies, the share of female and male visitors to our website, the origin relative to country and town, language, visits and clicks in the shop, clicks on route planners and clicks on telephone numbers. This is done on the basis of our legitimate interest (Article 6 subparagraph 1 f GDPR) of making contributions on the site more attractive or finding the correct point in time for the publication.
 
You have the right to information, erasure and rectification of your data, to restriction of the processing, objection to the processing, data portability and complaint to the supervisory authority. You can claim these rights both from Facebook Inc. [contact form] and also us computeruniverse@datenschutzanfrage.de, in which context we forward your inquiries to Facebook in accordance with our agreement with them.
 
As we are jointly responsible for the processing of your data, we have a Page Controller Addendum with Facebook.

12. Incorporation of the Trusted Shops trust badge

To display our Trusted Shops seal of quality and the assessments which may have been collected and to offer the Trusted Shops products for buyers after an order, the Trusted Shops trust badge of Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, has been incorporated on this website. Below, we describe how your personal data are processed when you visit the trust badge. Further personal data are merely transmitted to Trusted Shops to the extent that you decide to use Trusted Shops products after conclusion of an order or have already registered for use. In this case, the contractual agreement made between you and Trusted Shops applies.

a) Purpose of data processing and legal basis and, if applicable, legitimate interests, duration of storage

Data category:
Access data
Purpose:
Connection set-up; discovery of attacks on our site on the basis of unusual activities; error diagnosis; portrayal of the contents of the trust badge
Legal basis:
Art. 6 subparagraph 1 lit. f) GDPR
Legitimate interest pursued by us:
Portrayal of the contents for optimum marketing of our services
Duration of storage:
7 days after the end of the visit to the site

b) Recipient of personal data

Category of recipient:
Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne
Data affected:
Access data
Rechtsgrundlage:
Art. 6 subparagraph 1 lit. f) GDPR
Legitimate interest pursued by us:
Portrayal of the contents for optimum marketing of our services

13. Administration of B2B customer data

Below, we describe how your personal data are processed in connection with a (potential) customer relationship existing between you and us::

a) Purpose of the data processing and legal basis and, if applicable, legitimate interests, duration of storage

Data category:
Personal data records; address data; contact data
Purpose:
Identification; getting in touch; registration as customer; providing information matching interests; transmission of advertising for own and outside offers; handling of inquiries; transmission to manufacturers or distributors for the preparation of quotations
Legal basis::
Art. 6 subparagraph 1 lit. b) and f) GDPR
Legitimate interest pursued by us
Care of the customer relationship; marketing of our services; own and outside advertising purposeske
Duration of storage:

unlimited

Data category:
Order data
Purpose:
Order handling; offers matching interests
Legal basis:
Art. 6 subparagraph 1 lit. b) and f) GDPR
Legitimate interest pursued by us:
Advertising purposes; care of the customer relationship; marketing of our services
Duration of storage:

unlimited

Data category:
Payment data
Purpose:
Handling of payments for the service
Legal basis:
Art. 6 subparagraph 1 lit. b) GDPR
Duration of storage:

unlimited

b) Recipient of personal data

Category of recipient:
Payment service provider
Data affected:
Personal data records; address data; contact data
Legal basis:
Art. 6 subparagraph 1 lit. b) GDPR
Category of recipient:
Service provider for creditworthiness examination
Data affected:
Personal data records; address data
Legal basis:
Art. 6 subparagraph 1 lit. b) and f) GDPR
Legitimate interest pursued by us:
Verification of your address (examination of possibility of delivery); avoidance of loss of payments
Category of recipient:
Collection service providers
Data affected:
Personal data records; address data; payment data
Legal basis:
Art. 6 subparagraph 1 lit. b) GDPR

14. Data processing by the service reCaptcha

Below we describe how your personal data is processed by the service:

We use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on our website. ReCAPTCHA is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. With the help of Google reCAPTCHA, it is checked whether an entry has been made by a human being or whether an entry has been improperly made by automated, mechanical processing.

The data collected during the analysis is forwarded to Google. In the event that personal data is transferred to Google LLC. based in the USA, Google LLC. has certified itself for the US European data protection agreement "Privacy Shield", which guarantees compliance with the data protection level applicable in the EU.

For more details, please visit the Google Privacy Centre: http://www.google.de/intl/de/privacy

a) the purpose of the data processing and the legal basis and, where applicable, legitimate interests, duration of storage

Data category:
Technical data: IP address (truncated), URL, date and duration of the visit, browser type, terminal operating system; Google account if you are logged in to Google
Purpose:
Differentiation as to whether an input is made by a natural person for the purpose of automated access recognition (e.g. by robots)
Legal basis:
Art. 6 para. 1 letters b) and f) GDPR
Legitimate interest pursued by us:
Avoidance of misuse
Storage duration:
Data stored between 9-18 months and then either anonymised or deleted

b) Recipient of the personal data

Recipient category:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Affected data:
Technical data (described above)
Legal basis:
Art. 6 para. 1 letter b) GDPR

15. Tracking

Below we describe in which cases and how your personal data is processed using tracking technologies when using our services.

What data is processed by tracking?

The tracking procedures presented here process personal data only in pseudonymous form. No association is made with a concrete, identified natural person, i.e. there is no aggregation of the data with information about the bearer of the pseudonym.

Directly transmitted pseudonymous information such as the cookie ID or (possibly shortened) IP address is assigned additional information during tracking. Typically, this is technical information about the terminal used, information about usage behaviour on the Internet, interests and, if applicable, location data.

How can you disagree to have the tracking?

The description of the tracking procedures also includes information on how to prevent data processing. Please note that this "opt-out", i.e. the refusal of processing, is partly stored via cookies. If you use our services via a new terminal device or in another browser or if you have deleted the cookies set by your browser, you may have to explain the refusal of processing again.

By clicking on the following link, you can revoke your consent for comfort cookies at any time:

Link

You can withdraw your consent to benefit cookies at any time by clicking on the following link:

Link

 

On what legal basis is the tracking carried out?

The use of tracking technologies can be based on various legal bases, which we describe below. We describe in the list below for which concrete purpose and on which legal basis we perform tracking by using a specific service.

 

    1. Legal basis Agreement, Art. 6(1)(b) GDPR

      In order to provide services which are provided in connection with a contract, tracking and the associated analysis of user behaviour is carried out on the basis of the legal basis of Art. 6 Para. 1 b) GDPR.

      The information obtained through this tracking is necessary to provide optimised services according to the contractual purpose and to ensure the greatest possible benefit.

    2. Legal basis Legitimate interest, Art. 6(1)(f) GDPR

      In order to provide attractive services as efficiently as possible, we pursue the legitimate interest of analysing information about user behaviour on our services obtained through tracking.

      Tracking on the basis of the legal basis Art. 6 para. 1 f) GDPR helps us:

      • to review the effectiveness of our services, to optimise and adapt them to the needs of users and to correct errors,
      • To statistically determine key data on the use of our services (reach, intensity of use, surfing behaviour of users) on the basis of uniform standard procedures, thus obtaining values that are comparable throughout the market,
      • to measure the success of advertising campaigns, optimise our ads for the future and enable marketers and advertisers to optimise their ads accordingly
      • and to enable correct commission accounting for transactions.

      However, we do not pursue any purposes on this basis for which the behaviour of data subjects on the Internet must be made comprehensible or for which user profiles must be created.

    3. Legal basis Consent, Article 6(1)(a) GDPR

      In order to be able to display advertising and content that is optimised and tailored as closely as possible to your interests, we carry out tracking on the basis of your consent (Art. 6 para. 1 a) GDPR).

      Using certain advanced methods for analysing user behaviour, we aim to optimise our services and adapt them to the needs of users. For this purpose, in many cases - albeit in pseudonymised form, i.e. without identifying a specific person - the behaviour of affected persons on the Internet must be made comprehensible or user profiles must be created.

      Consent is voluntary. It is granted, for example, by clicking on the "OK" button on our services after a corresponding message is displayed. You can revoke this consent at any time, for example by using the opt-out options offered in the list below for the individual services.

a) Tracking technologies used

Name of service:
Google Analytics
Provider:
Google Analytics is a service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Purpose of tracking:
With Google Analytics, we collect user behavior information to improve the usability of the website.
Processing of personal data:

The IP address is processed.

We use Google Analytics including the features of Universal Analytics. Universal Analytics allows us to analyze activity on our services across devices (for example, when accessing via laptop and later via a tablet). This is made possible by the pseudonymous assignment of a user ID.

Storage period:
The transferred data will be deleted after 26 months. The deletion of data, whose retention period has been reached, is carried out automatically once a month.
Legal basis:
If consent has been given, the processing is based on this consent. Otherwise, the processing is based on a legitimate interest
Possibility to stop the processing (Opt-out):

Link

Data transfer to a third country?
Yes, USA.
Adequacy decision (Art. 45 GDPR):
Commission Implementing Decision (EU) 2016/1250 of 12th July 2016 on the so-called "EU-US data protection shield" ("Privacy Shield")
Name of service:
Google Tag Manager
Provider:
Google Tag Manager is a service provided by Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043
Purpose of tracking:
The Google Tag Manager allows easier integration of various scripts for web analysis and remarketing into the own website. It is not a tracking service in the true sense.
Processing of personal data:

The Google Tag Manager just passes on data and does not process it itself.

Storage period:
No personal data is stored.
Legal basis:
Legitimate interest
Name of service:
Google Ads
Provider:
Google AdWords is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. 
Purpose of tracking:
This service collects information on user behaviour for the measurement of success and handling of advertising campaigns and the handling of personalised ads.
Processing of personal data:

We process cookie IDs and IP addresses.

Storage period or duration of the cookies:
Up to 540 days.
Legal basis:
Legitimate interest  (Art. 6 Sec. 1 f) of GDPR)
Option to stop processing (Opt-out):

Link

Data transfer to third countries?
Yes, USA.
Adequacy decision (Art. 45 GDPR):
Commission Implementation Decision (EU) 2016/1250 of 12/07/2016 on the so-called “EU-US Data Protection Shield” (“Privacy Shield”)
Name of service:
WebTrekk
Provider:
Webtrekk is a service of Webtrekk GmbH, Hannoversche Straße 19, 10115 Berlin
Purpose of tracking:
Webtrekk collects user behavior information to improve the user experience of the website.
Processing of personal data:
No personal data is processed, IP addresses are not stored.
Storage period:
No personal data is stored.
Legal basis:
Legitimate interest
Possibility to stop the processing (Opt-out):

Link

Name of service:
Visual Website Optimizer
Provider:
VWO is a service of Wingify Pvt Ltd., 142 W. 36th St, New York, NY 10018
Purpose of tracking:
The service collects information about the use of the website to improve the user-friendliness of the website.
Processing of personal data:
The UUID is processed (browser specific unique identification code) and shortened IP addresses.
Storage period:
No personal data is stored.
Legal basis:
Legitimate interest
Possibility to stop the processing (Opt-out):

Link

Data transfer to a third country?
Yes, USA and other countries.
Suitable guarantees (Art. 46 GDPR):
If data is transferred, then only using standard contract clauses.
Name of service:
Feed Dynamix
Provider:
Feed Dynamix is a service of econda GmbH, Zimmerstr. 6, 76137 Karlsruhe
Purpose of tracking:
Feed Dynamix collects user behavior information to improve the user experience of the website.
Processing of personal data:
Cookie IDs are processed, IP addresses are truncated.
Storage period:
Cookie-IDs are stored for 30 days.
Legal basis:
Legitimate interest
Possibility to stop the processing (Opt-out):

Link

Name of service:
Content Square
Provider:
ContentSquare is a service of ContentSquare UG, Rupprechtstraße 5, 50937 Cologne
Purpose of tracking:
Marketing purposes, optimizing the user-friendliness of the website
Processing of personal data:
Anonymized IP address
Storage period:
Cookies are stored for 13 months but are not personal.
Legal basis:
Legitimate interest
Possibility to stop the processing (Opt-out):

Link

Designation of the service:
billiger.de - Sales-Tracking
Provider:
billiger.de - Sales-Tracking is a service of solute gmbh, Zeppelinstr. 15, 76185 Karlsruhe
Purpose of tracking:
Via links, the service produces mediation to partner offers, on the basis of which commissions are determined.
Processing of personal data:
  • Browser type and version
  • Operating system
  • Referrer-URL
  • Cookie ID
Duration of storage:
1 year
Legal basis:
legitimate interest
Name of service:
Criteo Dynamic Retargeting
Provider:
Criteo Dynamic Retargeting is a service of Criteo SA, 32 Rue Blanche, 75009 Paris, France
Purpose of tracking:
Criteo gathers information about user behavior for measuring the success and control of advertising campaigns as well as the control of personalized advertising
Processing of personal data:
User ID, Cookie ID and hashed email addresses are processed. Criteo shares data with other partners, which you can see here [https://www.criteo.com/privacy/criteo-works-with-the-following-platforms/].
Storage period:
Criteo retains the data for up to 13 months from the date of collection. These expire 13 months after the last update. The data will be deleted automatically.
Legal basis:
If consent has been given, the processing is based on this consent. Otherwise, the processing is based on a legitimate interest.
Possibility to stop the processing (opt-out):

Link

Data transfer to a third country?
The data collected by Criteo in the EU is stored in the EU. If data are transmitted to countries outside the EU, this is done in compliance with the conditions set out in Article 5 of the GDPR.
Name of service:
Zanox/AWIN
Provider:
AWIN is a service of AWIN AG, Eichhornstraße 3, 10785 Berlin
Purpose of tracking:
Through the service the success of an ad and the corresponding settlement in the context of the affiliate network is allocated
Processing of personal data:
Personal data is not processed
Storage period:
Cookies is deleted after a maximum of 90 days.
Legal basis:
If consent has been given, the processing is based on this consent. Otherwise, the processing is based on a legitimate interest.
Possibility to stop the processing (opt-out):

Link

Name of service:
OWAPro
Provider:
OWAPro is a service of Hurra Communications GmbH, Wollgrasweg 27, 70599 Stuttgart
Purpose of tracking:
OWAPro collects information about user behavior for measuring success and controlling advertising campaigns.
Verarbeitung personenbezogener Daten:
Online IDs, IP addresses and cookie IDs are processed
Storage period:
The processed data is stored for up to 18 months
Legal basis:
If consent has been given, the processing is based on this consent. Otherwise, the processing is based on a legitimate interest
Possibility to stop the processing (opt-out):

Link

Name of service:
Facebook Custom Audiences
Provider:
Facebook Custom Audience is a service of Facebook Inc., 1601 S. California Avenue, Palo Alto, CA, 94304 and affiliated companies
Purpose of tracking:

Viewing behavior analysis, use of personalized advertising, measurement of advertising success, billing of advertising.

Note: We use only the pixel method, a comparison using customer lists does not take place with us.

Processing of personal data:
IP address, as well as localization information, cookie device ID
Storage period:
Facebook accesses the data collected by pixel for 180 days. After that we cannot access them anymore
Legal basis:
If consent has been given, the processing is based on this consent. Otherwise, the processing is based on a legitimate interest
Possibility to stop the processing (opt-out):
You may object to the processing of your personal data through Facebook Custom Audiences by clicking on this link.
Data transfer to third country?
Yes, to the U.S.
Adequacy decision (Art. 45 GDPR):
Commission Implementing Decision (EU) 2016/1250 of 12th July 2016 on the so-called "EU-US data protection shield" ("Privacy Shield")
Name of service:
AWIN
Provider:
Awin is a service provided by AWIN AG, Eichhornstraße 3, 10785 Berlin
Purpose of tracking:
Awin uses consumer data to track a consumer’s journey through particular websites after the consumer has viewed or clicked on an ad in order to allocate a publisher’s sales and marketing costs to a particular transaction and to pay for it on a performance-related basis. For this purpose, Awin maintains the platforms Awin, zanox and affilinet.
.
Processing of personal data:

The data collected by Awin through tracking is pseudonymised and largely technical. A tracking domain cookie collects data including: cookie date, cookie expiry date, truncated IP address, IP hash, GeoIP, advertiser ID, publisher ID, ad ID, group ID, product ID, click/network reference, referrer, overwritten publisher ID, membership, platform, checksum. A journey tag (confirmation pages) collects data including transaction date, advertiser ID, publisher ID, order reference, total amount, currency, voucher code, cookies, IP address, referrer, URL, checksum, IPUA hash, country, channel. A journey tag (shopping cart and checkout pages) collects data including product name, category, price, commission group, quantity, SKU.

Storage period:
Unless otherwise required by law, personal user data is deleted after 36 months.
Legal basis:
Legitimate interests (Article 6 paragraph 1. f) GDPR)
Processing opt-out):
Link
Transfer of data to third countries?
Some of the companies involved in processing are based outside the EU in the USA (third country) (country of registration specified when the company is mentioned). If data is transferred to these companies, they are either registered under the Privacy Shield framework, standard EU contractual clauses have been concluded or binding corporate rules apply that legitimise the transfer to a third country.
Name of service:
Commerce Connector
Provider:
Commerce Connector is a service by Commerce Connector GmbH, Deckerstraße 41, 70372 Stuttgart
Purpose of tracking:
The service enables allocation to products sold after being forwarded by Commerce Connector.
Processing personal data:
The IP address (hashed or abbreviated) and the Cookie ID are processed.
Storage period:
The runtime of the cookies cookie is 7 days.
Legal basis:
Legitimate interest (Art. 6 Sec. 1 f) of GDPR)
Possibility to stop the processing (opt-out)

Link

Transfer of data to third countries?
Some of the companies involved in processing are based outside the EU in the USA (third country) (country of registration specified when the company is mentioned). If data is transferred to these companies, they are either registered under the Privacy Shield framework, standard EU contractual clauses have been concluded or binding corporate rules apply that legitimise the transfer to a third country.
Designation of the service:
Dynamic Yield
Provider:
Dynamic Yield is a service of Dynamic Yield GmbH, Kurt-Blum-Platz 8, 63450 Hanau
Purpose of tracking:
Tracking makes it possible to analyze a website visitor's affinity for products and to provide custom recommendations, such as the most viewed or most frequently sold products. Tracking is carried out anonymously until the website visitor logs in to the page. Then tracking for this session is carried out pseudonymously. Pseudonymized data are linked to a single visitor, but cannot be directly linked to any contact in the Dynamic Yield database or used to determine the identity of a natural person.
Processing of personal data:
  • IP addresses are processed, but not saved
  • E-mail address
  • GeographischeGeographic data
  • Target audience segments
  • Online identifiers
  • Device ID
  • Usage data
Storage term:
24 months, unless the account is deleted before this time.
Legal basis:
If you are logged in to our website as a user, we carry out tracking to provide our service (customization of the website); the fulfillment of the contract is the legal basis for this tracking (Art. 6 para. 1 b GDPR). If you are not logged in, we carry out anonymous tracking based on our legitimate interest (Art. 6 para. 1 f) GDPR).
Mechanism for preventing processing (opt-out):
If you are not logged into our website, then Dynamic Yield carries out anonymous tracking. If you are logged into our website, then tracking is carried out as part of providing our services.

Link

III. Rights of the persons affected

1. Right of objection

If we process your personal data in order to operate direct mail, you have the right at any time, with future effect, to object to the processing of personal data relating to the Purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct mail.

For reasons arising out of your particular situation, you also have the right to object at any time, with future effect, to the personal data relating to processing, which occurs in accordance with Art. 6 (1) letters e) or f) GDPR; based on these provisions, this also applies to profiling.

The right to object can be exercised free of charge. To work on your request faster, please use our form preferably under the following link:
For a data-privacy request

Alternatively, you can reach us inter alia via the contact data mentioned under I.3 or use the following approaches:
By email to: computeruniverse@dataschutzanfrage.de
By phone: +49 6031 7910 0
By fax: +49 6031 7910 200

2. Right of access

You have the right to request confirmation from us as to whether personal data relating to you are being processed and, if applicable, for information about this personal data and the other information listed in Art. 15 GDPR.

3. Right of rectification

You have the right to demand immediate correction of incorrect personal data concerning you (Art. 16 GDPR). Taking into account the purpose of processing you have the right to demand the completion of incomplete personal data, including by means of a supplementary statement.

4. Right of deletion ("Right to be forgotten")

You have the right to demand that personal data relating to you be deleted without delay if one of the reasons stated in Art. 17 (1) GDPR applies and the processing is not required for one of the purposes set out in Art. 17 (3) GDPR.

5. Right to restriction of processing

You are entitled to request a restriction on the processing of your personal data, if one of the requirements set forth in Art. 18 (1) letters a) - d) GDPR.

6. Right to data portability

You have the right, under the conditions specified in Art. 20 (1) GDPR to obtain the personal data that you have provided us in a structured, common and machine-readable format, and the right to transfer that data to another person without Obstruction by us. In exercising the right to data transferability, you have the right to obtain that your personal data is transmitted directly by us to another responsible party, as far as technically feasible.

7. Right to revoke a consent

Insofar as processing is based on your consent, you have the right to revoke your consent at any time. The legality of the processing carried out on the basis of the consent until the revocation is not affected.

8. Right of appeal

You have the right of appeal to the supervisory authority responsible for our company. The supervisory authority responsible for our company is:
Der Hessische Dataschutzbeauftragte [The Hessian Data Protection Officer], P.O. Box 3163, 65021 Wiesbaden,
https://dataschutz.hessen.de


As of: 9th April 2019