Privacy Policy - Multimedia-Pool Shop

Contents

1. Purpose and accountability

1.1. This Privacy Policy describes how we process personal data collected on our websites and online platforms and through our associated webpages, mobile applications, functions and content (hereinafter jointly referred to as „Services“, or more specifically as „Website“ or „App“) and describes the scope and purpose of these activities. This Privacy Policy applies to all situations, regardless of which domain, system, platform or device (e.g. desktop or mobile) the Websites are accessed on.

1.2. The provider of the Websites, and the party responsible for data protection and privacy issues in regard to the Services, is AROX Webservices & Multimedia-Pool Shop, Georg-Bärsch-Straße 7, 65428 Rüsselsheim, Deutschland, Inhaber: Markus Wernecke, E-Mailadresse: info@multimedia-pool.com (hereinafter referred to as „we“, „us“ and „our“). For further information about us and contact details please refer to our legal information: https://shop.multimedia-pool.com/legal-notice.

2. General information on data processing and legal basis

2.1. The personal data of the Users processed in the context of our Service include inventory data (e. g., names and addresses of customers), contract data (e. g., services used, names of staff, payment information), usage data (e. g., the websites visited, interest in our products), Meta/communication data (device IDs, IP addresses, location data) and content data (e. g., entries in the contact form, data processed within the scope of our contract fulfilment).

2.2. The term „User“ covers all categories of data subjects concerned. They include our business partners, customers, prospective customers and other visitors to our website. The term „User“ covers all categories of data subjects concerned. They include our business partners, customers, prospective customers and other visitors to our website. The terminology used within this Privacy Policy, such as „Users“, is gender-neutral.

2.3. All the personal User data we collect is processed in accordance with the relevant data protection regulations. That means we only process User data where this is permitted by law. This applies, in particular, if data processing is required or prescribed by law in order to furnish our contractual services (e.g. to process orders) and provide online services, or if the User has provided their consent, or if it is for the purposes of our legitimate interests (i.e. our interest in analyzing, optimizing and running our Websites in a secure and commercially viable manner within the meaning of Art. 6 (1) f. of the General Data Protection Regulation (GDPR).

2.4. In regard to the processing of personal data on the basis of the General Data Protection Regulation (GDPR), please note that the legal basis for the data subject giving consent is Art. 6 (1) a. and Art. 7 GDPR, the legal basis for processing data in order to perform our contractual services and discharge our contractual obligations is Art. 6 (1) b. GDPR, the legal basis for processing data in order to comply with our legal obligations is Art. 6 (1) c. GDPR, and the legal basis for processing data for the purposes of our legitimate interests is Art. 6 (1) f. GDPR.

3. Security safeguards

3.1. We apply state-of-the-art organizational, contractual and technical security measures to ensure compliance with the provisions of data protection legislation and thereby to protect the data we process against accidental or intentional manipulation, loss, destruction or access by unauthorized persons.

3.2. These security measures include, in particular, the encrypted transmission of data between your browser and our server.

4. Forwarding of data to third parties and third-party providers

4.1. Data is only forwarded to third parties to the extent permitted by law. We only forward User data to third parties if, for example, this is necessary in order to fulfil our contractual obligations towards the Users or if we make use of third party services within the scope of our legitimate interests. Furthermore, data is transferred within the companies of our group of companies, in particular for the purpose of fulfilling administrative tasks, legal obligations or for reasons of business interests.

4.2. Insofar as we make use of third-party services to furnish our own services, we ensure appropriate legal safeguards are in place and take appropriate technical and organizational steps to ensure that personal data is protected in compliance with applicable statutory requirements.

4.3. Insofar as content, tools or any other resources from other providers (hereinafter referred to as “third-party providers”) are employed within the scope of this Privacy Policy and said third-party providers have their registered headquarters in a third country, it should be assumed that data will be transferred to the country of domicile of the third-party provider. The term third country refers to countries in which the GDPR does not constitute directly applicable legislation, i.e. essentially countries outside the EU or the European Economic Area. Data shall be transferred to third countries if an adequate level of data protection is in place, if the User has provided their consent, or if this transfer is permitted by law in any other way.

5. Processing of data within the course of customer relations

5.1. We process inventory data (e. g., names and addresses as well as contact data of Users) and contract data (e. g., services used, names of contact persons, payment information) of our customers and interested parties for the purpose of fulfilling our contractual obligations and services in accordance with Art. 6 (1)b. GDPR.

5.2. The following mandatory information is collected within the User registration process:

Email address
Password (saved in encrypted form)

5.3. In addition to the above data, each User decides for himself on further information, e.g. information on the individual websites. Users can request the suspension of their accounts in their User profiles, e.g. if they cancel their account. The suspension allows Users to re-use their User profile with settings and content at a later date. Furthermore, Users have the right to delete their content within the meaning of Art. 17 DSGVO or to restrict processing within the meaning of Art. 18 DSGVO, which can be requested at the above contact address. Even in the case of deletion of other content, we store the User’s e-mail address for the purpose of comparison in the case of a new registration in order to prevent renewed registrations under the e-mail address or the misuse of e-mail addresses. The processing of the e-mail address is restricted to matching purposes only. The e-mail addresses are irreversibly encrypted. It is up to the Users to save their data before the end of the contract if they have given notice of termination.

5.4. Furthermore, we process the data of our customers (e. g., the visited websites of our online offer as well as concerning the use of our services) on the basis of our legitimate interests in advertising and market research purposes in accordance with Art. 6 (1) f. GDPR, in order to offer customers services based on their previous contractual interests and to analyse the development of our business operations. Furthermore, we process the data insofar as we are legally required to do so, e. g. due to commercial and tax obligations, in accordance with Art. 6 (1) c. GDPR, are obligated.

5.5. If a User gets in touch with us via the contact form or by email, we process the User’s details in order to respond to and deal with the query or request. The User’s details may be stored in our customer relationship management (CRM) system or a comparable enquiry system.

6. Sales and Paid Services

Please note: In the case of sales and paid services, we will, if necessary for the purchase, transfer certain personal data to the shipping service provider or the tax office on the basis of 6 (1) b. of the GDPR. Such data will be stored and managed by these organizations.

7. Collection of access data (logfiles)

7.1. For the purposes of our legitimate interests within the meaning of Art. 6 (1) f. DSGVO, we collect data every time the server on which the service is located is accessed. This data is collected in the form of server log files. These access logs include the name of the webpage and/or file accessed by the User, the date and time of access, the amount of data transferred, notification of successful retrieval, details of the web browser used (including the version), the User’s operating system, the referrer URL (of the previous page linking to our website), the IP address and the requesting provider.

Log file information is stored for 14 days for security reasons. The IP addresses are then deleted or anonymized (by changing the last two digits of the IP e-mail address) or the IP addresses are stored encrypted without the possibility of re-encryption (this only allows comparison with other, equally encrypted IP addresses). The measures are taken to detect any unauthorized access, behavior patterns of bots or insecure sources of access while simultaneously securing User rights. Data that is required for the purpose of providing evidence shall not be deleted or made anonymous until the incident in question has been finally clarified; this data is stored solely for the aforementioned purpose.

8. Cookies & reach measurement

8.1. Cookies are data packets that are transferred from our web server or third parties’ web servers to the User’s web browser and stored there for later retrieval. Cookies may comprise small files or any other kinds of information storage. When the User browses the same website in the future, the data stored in the cookie can be retrieved by the website to notify the website of the User’s previous activity. We use so-called „session cookies“, which information are only stored for the duration of the current visit to our Website (e. g. to enable your login status). A session cookie stores a randomly generated unique identification number, a so-called session-ID. A cookie also contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted when Users have finished using my online offer and, for example, log out or close the browser.

8.2. This Privacy Policy also explains to Users how I use cookies in a pseudonymized manner to measure reach.

8.3. If the User does not wish cookies to be stored on their computer, we hereby request that they disable the relevant option in their browser settings. Stored cookies can be deleted in the browser settings at any time. Disabling cookies may prevent the User from enjoying the full functionality of these Websites.

8.4. Users can block cookies that are used for tracking and online advertising by visiting the opt-out page of the network advertising initiative (http://optout.networkadvertising.org/) and also by managing their preferences on the U.S. websitehttp://www.aboutads.info/choices or the European website http://www.youronlinechoices.com/uk/your-ad-choices/.

9. Google Analytics

9.1. For the purposes of our legitimate interests (i.e. our interest in analyzing, optimizing and running our Websites in a commercially viable manner within the meaning of Art. 6 (1) f. of the GDPR, we use Google Analytics, a web analytics service provided by Google Inc. („Google“). Google uses cookies. The information generated by cookies concerning the use of the Websites by the User will generally be transmitted to and stored by Google on servers in the USA.

9.2. Google is certified under the Privacy Shield framework which offers a guarantee of compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

9.3. Google will use this information on our behalf for the purpose of evaluating use of our Websites by the User, compiling reports on activity on the Websites, and providing us with other services relating to the use of the Websites and use of the Internet. This process may involve creating pseudonymized usage profiles of Users from the processed data.

9.4. We use Google Analytics to display the ads placed by Google and its partners within advertising services, only to those Users who have shown an interest in our online offers or who have particular characteristics (e. g. interests in certain topics or products determined by the websites visited) that we transmit to Google (so-called Remarketing or Google Analytics audiences). With the help of remarketing audiences, we would also like to ensure that our advertisements are in line with the potential interest of the Users and do not have a nuisance effect.

9.5. We only use Google Analytics with IP anonymization enabled. That means Google truncates the User’s IP address within Member States of the European Union and in other countries that are party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there.

9.6. The IP address transmitted by the User’s browser is not associated with any other data held by Google. Users can prevent cookies from being installed on their computer by adjusting their browser settings accordingly. Users can also prevent Google from collecting data generated by cookies concerning their use of the Websites and can prevent Google from processing this data by downloading and installing a browser plug-in from the following link: http://tools.google.com/dlpage/gaoptout?hl=en.

9.7. For more information on how Google uses data and how to opt out, please refer to Google’s websites: https://www.google.com/intl/en/policies/privacy/partners („How Google uses data when you use our partners‘ sites or apps“), http://www.google.com/policies/technologies/ads („How Google uses data in advertising“), http://www.google.com/settings/ads („Control the information Google uses to show you ads“).

9.8. Google Tag Manager
This website uses Google Tag Manager, a cookie-free domain that does not collect personally identifiable information.
Through this tool, „site tags“ (i.e., keywords that are incorporated into HTML elements) can be implemented and managed through a user interface. By using the Google Tag Manager, we can automatically understand which button, link or which personalized image you have actively clicked on and can then record which content of our website is particularly interesting for you.
The tool also triggers other tags, which may collect data. Google Tag Manager does not access this data. If you’ve opted out at the domain or cookie level, it will remain in effect for all tracking tags implemented with Google Tag Manager.

10. Google AdSense

10.1. For the purposes of our legitimate interests (i.e. our interest in analyzing, optimizing and running our Websites in a commercially viable manner within the meaning of Art. 6 (1) f. of the GDPR our Services use Google AdSense, a web analytics service provided by Google Inc., USA („Google“). Google AdSense uses so called „Cookies“, which are stored on your computer, which allows to analyse the use of the Services. Google AdSense also uses „Web Beacons“ (small invisible images) to collect information. Through the use of „Web Beacons“ simple actions such as the visitor traffic to the Services can be recorded and collected.

10.2. Google is certified under the Privacy Shield Agreement and thereby offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

10.3. The cookie and / or Web Beacon information generated through your use of this Services will be send to and stored on a server of Google in the U.S. Google will use this information, to evaluate your use of the site in view of the ads, compiling reports on Services activity for website operators and compile and provide other services and websites activity and internet related services. Google may use the data in order to create User profiles.

10.4. In addition, Google may also transfer this information to third parties, unless required by law or if third parties process this data on Google’s behalf. Google will not associate your IP address with any other data held by Google. Storing cookies on your hard drive and the display of Web Beacons you can prevent, by pointing your browser settings to „Do not accept cookies“. However, we point out, that in this case perhaps not all the features of this Services can be used to their full extent.

10.5. For more information on how Google uses data and how to opt out, please refer to Google’s websites: https://www.google.com/intl/en/policies/privacy/partners („How Google uses data when you use our partners‘ sites or apps“), http://www.google.com/policies/technologies/ads („How Google uses data in advertising“), http://www.google.com/settings/ads („Control the information Google uses to show you ads“).

11. Facebook Social Plugins

11.1. On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 (1) f. of the GDPR) Social Plugins („Plugins“) of the social network facebook.com, which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland („Facebook“). The plugins can display interaction elements or content (e.g. videos, graphics or text contributions) and are identified by one of the Facebook logos (white „f“ on blue tile, the terms „like“, „like“ or a „thumbs up“ sign) or are marked with the addition „Facebook Social Plugin“. The list and appearance of Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/.

11.2. Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

11.3. If a User calls up a function of our Services that contain such a plugin, his device establishes a direct connection to the Facebook servers. In doing so, User data concerning the visit and interests in our Services as well as the software and hardware used and the time of the visit and the IP address of the Users are transmitted to Facebook. User profiles can be created from the processed data and cookies with User profile data can be stored on their device. The User data processed by Facebook may be used for marketing purposes.

11.4. The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as the relevant rights and setting options for the protection of Users‘ privacy, can be found in Facebook’s data protection information: https://www.facebook.com/about/privacy/.

11.5. You may also object to the use of cookies for measuring range and advertising purposes via the Network Advertising Initiative’s deactivation page (http://optout.networkadvertising.org/) and additionally via the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

12. Sofortüberweisung

Our website accepts payments via Sofortüberweisung. The provider of this service is Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany.

Sofortüberweisung provides us with real-time payment confirmations, allowing us to begin fulfilling our end of our contract right away.

If you opt to pay using Sofortüberweisung, you will be submitting a PIN and a valid TAN to Sofort GmbH so that it can access your online banking account. Sofort GmbH will automatically check your account balance and perform the transfer to our account using the TAN you supply. It then sends an immediate transaction confirmation. After logging in, your income, the overdraft protection, and the availability of other accounts and their balances will be checked.

In addition to the PIN and TAN, the payment details you provide as well as personal information will be sent to Sofort GmbH. This personal information includes your name, address, telephone numbers, email address, IP address, and any other data required to process your payment. This data must be transferred to identify you securely and to prevent fraud.

Data is transmitted to Sofort GmbH based on Art. 6 (1) (a) (Consent) and Art. 6 (1) (b) GDPR (Processing for contract purposes). You have the option to revoke your consent at any time with future effect. It does not affect the processing of data previously collected.

Please refer to the payment with Sofortüberweisung links below: https://www.sofort.de/datenschutz.html and https://www.klarna.com/sofort/.

13. Paypal Plus / Express

Our website accepts payments via PayPal. The provider of this service is PayPal (Europe) S.à.r.l & Cie, S.C.A. (22-24 Boulevard Royal, L-2449 Luxembourg.

If you select payment via PayPal, the payment data you provide will be supplied to PayPal based on Art. 6 (1) (a) (Consent) and Art. 6 (1) (b) GDPR (Processing for contract purposes). You have the option to revoke your consent at any time with future effect. It does not affect the processing of data previously collected.

14. Stripe / Apple

On our website we offer Payment via Stripe. The provider of this payment service is Stripe Payments Europe, Ltd., a private limited company organized under the laws of Ireland with company number 513174 and offices at The One Building, 1 Grand Canal Street Lower, Dublin 2, Ireland („Stripe“). ,

If you choose to pay via Stripe, the payment details you enter will be sent to Stripe.

The transmission of your data to Stripe is based on Art. 6 para. 1 lit. a DSGVO (consent) and Art. 6 para. 1 lit. b DSGVO (processing to fulfill a contract). You have the option to revoke your consent to data processing at any time. Revocation does not affect the effectiveness of historical data processing operations.

15. Newsletter and commercial communication

15.1. With the following declarations we would like to inform our Users about the contents of our newsletters as well as other types of business e-mails and electronic mail (short „newsletter“) as well as the registration, dispatch and statistical evaluation procedures and your rights of objection. By subscribing to our newsletter, you declare your agreement with the reception and the described procedures. The legal basis of your consent is Art. 6 (1) a, Art. 7 GDPR.

15.2. Contents of the newsletter: We send out newsletters, e-mails and other electronic notifications with advertising information (hereinafter referred to as „newsletters“) only with the consent of the recipients or a legal permission. Insofar as the contents of a newsletter registration are specifically described in detail, they are decisive for the User’s consent. In general, our newsletters contain information on trends in communication, marketing, our services and our business.

15.3. Newsletter service provider: The newsletters are sent by „MailChimp“, a service provided by Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA (hereinafter referred to as „newsletter service provider“) on the basis of a data processing agreement within the meaning of Art. 28 (3) Sent. 1 DSGVO. The privacy policy of the newsletter service provider company can be viewed here: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with the European data protection level (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active).

15.4. Opt-in and logging: The registration for our newsletter is done in a so-called double opt-in procedure. This means that Users will receive an e-mail after the registration, in which Users will be asked to confirm your registration. This confirmation is necessary so that no one can register with other e-mail addresses. The subscriptions to the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes saving the logon and confirmation time as well as the IP address. The changes to your data stored by the shipping company are also logged.

15.5. Furthermore, the newsletter service provider can, according to his own information, use this data in a pseudonymized form, i. e. without being directly associated with a User, for the optimization or improvement of his own services, e. g. for the technical optimization of the sending and presentation of the newsletter or for statistical purposes to determine from which countries the recipients come. However, the newsletter service provider does not use the data of our newsletter recipients to contact them himself or to pass the data on to third parties.

15.6. Registration data: To subscribe to the newsletter, please fill in the e-mail-address and complete the optional information. We use this information for the individual addressing of our newsletter subscribers.

15.7. Statistical survey and analysis – The newsletters contain a so-called „web-beacon“, i.e. a pixel-sized file, which is retrieved from the newsletter service provider’s server when the newsletter is opened. In the course of this retrieval, technical information such as information about the browser and your system, as well as your IP address and time of retrieval are first collected. This information is used for the technical improvement of the services based on the technical data or target groups and their reading behavior based on the retrieval locations (which can be determined by means of the IP address) or access times. Statistical surveys also include determining whether the newsletters are opened, when they are opened, and which links are clicked and when. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is not our intention to monitor individual Users. The evaluations serve us much more to recognize the reading habits of our Users and to adapt our contents to them or to send different contents according to the interests of our Users.

15.8. The newsletter is sent on the basis of the consent of the recipients in accordance with Art. 6 (1) lit. a, Art. 7 GDPR. The statistical surveys and analyses are conducted on the basis of our legitimate interests in accordance with Art. 6 (1) lit. f of the GDPR. We are interested in using a User-friendly and secure newsletter system that serves our business interests and meets the expectations of our Users. The registration procedure is recorded in accordance with Art. 6 (1)(c). GDPR on the basis of a legal obligation to prove the consent of the newsletter recipients (e.g. in accordance with Art. 7 (1) GDPR).

15.9. Cancellation/Revocation – Newsletter recipients can cancel the receipt of our newsletter at any time, i.e. revoke their consent. Newsletter recipients will find a link to unsubscribe from the newsletter at the end of each newsletter. By unsubscribing from the newsletter, the personal data will be deleted, if they only apply to the newsletter subscription unless their storage is legally required or necessary for contractual reasons, and their processing in this case is limited to these exceptional purposes only.

16. Integration of third-party services and content

16.1. For the purposes of our legitimate interests (i.e. our interest in analyzing, optimizing and running our Websites in a commercially viable manner within the meaning of Art. 6 (1) f. of the GDPR), we use third-party content and service delivery services on our Websites in order to incorporate content and services such as videos and fonts, for example (hereinafter jointly referred to as „content“). The third-party provider of this content always requires the User’s IP address in order to send the content to the browser of the respective User. In other words, the IP address is required to display this content. We endeavor only to use such content where the respective provider uses the IP address exclusively to deliver said content. Third-party providers may additionally use „pixel tags“ (invisible image files, also known as web beacons) for statistical or marketing purposes. Pixel tags can be used to analyze information such as the number of visitors accessing the pages of this website. The pseudonymized information may additionally be stored on User devices in the form of cookies. This information includes technical information on the browser and operating system, referring websites, time spent on the website, and further details on how Users make use of our Websites, plus it can also be combined with comparable information from other sources.

16.2. The list below provides an overview of third-party providers and their content as well as links to their privacy policies, which contain further information on data processing and opt-out mechanisms, some of which have already been discussed here:

The links/buttons to social networks and platforms („social media“) used within our online offer do not establish direct contact between social networks and Users. Their function corresponds to that of a regular online link.
Videos on the „YouTube“ platform provided by the third-party company Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/; opt-out: https://www.google.com/settings/ads/.Notes on Google, Inc.: Google is certified under the Privacy Shield framework which offers a guarantee of compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Maps from the „Google Maps“ service provided by the third-party company Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/; opt-out: https://www.google.com/settings/ads/.
External fonts provided by the third-party provider Google, Inc., https://www.google.com/fonts („Google Fonts“). The integration of the Google fonts is performed by a request on Google’s server (usually in the USA). Privacy policy: https://www.google.com/policies/privacy/, opt-out: https://www.google.com/settings/ads/.
Notes on Google, Inc.: Google is certified under the Privacy Shield framework which offers a guarantee of compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

17. Deletion of data

The data stored by us is deleted once it is no longer required for the designated purpose and provided that we have no statutory obligation to retain said data. In the event User data is not deleted because it is required for other purposes permitted by law, then its processing shall be restricted accordingly, i.e. the data shall be blocked and no longer processed for other purposes. This applies, for example to User data that must be retained due to commercial or tax requirements.

18. User rights

18.1. Users have the right to obtain information free of charge on the personal data we have collected about them. In addition, Users have the right to correct any inaccurate data, restrict the processing of their personal data or delete it, and, where applicable, assert their right to data portability. Users also have the right to submit a complaint to the relevant supervisory authorities if they suspect that data has been processed unlawfully.

18.2. Users can also withdraw any consent they may have given. Such a revocation of consent shall have future effect only.

19. Right to object

Users can choose to opt out of the future processing of their personal data at any time in accordance with statutory provisions. This right to objectapplies in particular to the processing of data for the purposes of direct advertising.

20. Amendments to this Privacy Policy

20.1. We reserve the right to amend this Privacy Policy at any time to reflect changes in the legal situation or changes relating to the service or data processing. This only applies to declarations concerning data processing, however. If Users’ consent is required or if the Privacy Policy contains provisions for the contractual relationship with the Users, the changes shall only be made with the consent of the Users.

20.2. Users are requested to check the Privacy Policy on a regular basis to keep up-to-date with its content.

Updated: 10. Juni 2018