1. What personal information do we collect from you?
Personal data is any information relating to an identified or identifiable natural person given to us by you or that arises or is collected by us. This can include:
Registration Data: When you order goods through our online shop, you can register and open a customer account. When you register, you must enter your name and contact information (e.g. your address, telephone number, e-mail address) and set a password.
Subscription Data: Subscription is required for some services on our website (e.g. e-mail Newsletter). For this purpose, some details are mandatory (e.g. e-mail address), other details can be added voluntarily (e.g. gender, first name, date of birth, interests).
Order Data: If you order goods through our online shop (using a customer account or as a guest), we process the data entered by you, the data about your person (in particular contact data, delivery addresses and payment data) as well as the information provided to you by us. We also collect information about the time, scope and, if necessary, the location of your order as well as information about the order process (delivery data, tracking numbers, cancellations, returns).
Content Data: If you use services on our website, e.g., fill out contact forms, participate in contests or post a comment on our blog, we process the content data you provide and the information we make available to you.
Server Log Data: When you use our websites, data (such as your IP address, browser type and version, device type and operating system, the date and time of your visit as well as the pages you accessed and the files you requested) are temporarily stored in a log file on our servers.
E-mail Usage Data: We process data about your usage of our e-mail Newsletter service and other customer mailings (e.g. Service Mails) such as when and how you receive such mailings and how you interact with them.
Applicant data: You can apply to work with us under the "Jobs" link. In this case, we process in particular your master data and contact data, CV, cover letter and references that you submit to us. As a rule, we do not request or process any special categories of personal data such as health data unless you provide this to us without being requested to do so or because you would like us to consider legal particularities (e.g. severe disability status).
2. What is the purpose and legal basis for processing your personal data and how long is it stored?
2.1 Your customer account
On our website, we give users the option to register by providing personal data. These data are entered in an input field, transmitted to us and saved by us. The data will not be transferred to third parties. At the time of registration, your current IP address as well as the date and time of registration will also be recorded. During the registration process, your consent is obtained for the processing of these data. Nevertheless, it is not mandatory to set up a customer account in order to place an order. It is also possible to place orders using the "Guest" function.
When you register for a personal customer account, we process the Registration Data to set up and manage your customer account and process future orders. As a registered customer, you have access to your personal customer account (using your e-mail address and password created by you), in which you can view your order history and save and change your personal settings (e.g. password settings, newsletter settings, invoice and delivery settings). You also have the option of rating products from our portfolio, asking questions about products publicly or commenting on them publicly. For these functions, the Terms and Conditions for our product reviews apply.
The legal basis for processing is our legitimate interest according to Art. 6 (1) (f) GDPR to provide you with the service of a "customer account" as described above respectively for the purpose of performance of the user contract with you (Art. 6 (1) (b) GDPR).
This data will be deleted if the registration on our website or the customer account is cancelled or changed. Even after concluding the contract and erasing the customer account, it may be necessary to save your personal data apart from this in order to fulfil our contractual or statutory obligations. In this case, the data are erased promptly after the statutory retention periods have elapsed.
You may object to the processing of your data on the basis of Art. 6 (1) (f) GDPR unless we can prove compelling reasons for the processing to continue. However, we will not do this for a customer account. In this case, the following applies: The customer account must then be deleted and is no longer available to you. Please note that we may store the data concerning the orders that are visible in your customer account for a longer period of time (see 2.2).
2.2 Your orders
We use your Order Data (such as your name, address, e-mail address, delivery preferences and other information pertaining to your order) to process the order and to deliver the goods you ordered. In addition, depending on the payment method you have selected, either we or payment service providers commissioned by us (see Section 3.2.1) process the payment information required by the respective payment method. For example, we store IBAN and BIC ourselves, while payment service providers store your credit card number, Paypal account details, etc.).
The legal basis for processing is the conclusion and performance of the sales contract for the purchased goods, Art. 6 (1) (b) GDPR.
This data will be deleted when it is no longer required for contract management (including customer service and warranty), unless we are legally obliged to store it, e.g. due to the legal obligation to retain data for commercial or tax-based reasons.
2.3 Comment Features
If you make comments in our blog "Base Camp” where we publish various contributions on topics such as travel, outdoor activities and equipment, we will process your name and e-mail address (which you must provide before using the comment function), the comment itself, any URL (e.g. to your own blog), date and time of the comment, data on the device you are using and your IP address. We do this in order to be able to defend ourselves against liability claims in the event of publication of illegal content and to contact you if a third party should object to your comment. You can also use our website www.alpinetrek.co.ukto rate and comment on products from our online shop. In order to use this feature, you are required to register as a customer and log in (we can use this to identify you as well). On our web pages we then present your given first name, date and time as well as, if applicable, the municipality from which you come, together with the post office.
The legal basis for processing is our legitimate interest as described above (Art. 6 (1) (f) GDPR).
You may object to the processing of your data on the basis of Art. 6 (1) (f) GDPR. If there are compelling reasons, we can allow the processing to continue; however, for your comments in the context of our blog, the following applies: Your comment will then be deleted.
In addition, this data will be deleted if it is no longer required for the aforementioned purpose.
2.4 Your enquiries
If you send us enquiries using a contact form, via e-mail, chat or by phone, we will process the information you provide, your email address and phone number in order to answer your query; we also process your IP address and the date/time of the enquiry to prevent misuse of the contact form.
If you submit multiple enquiries to us, we merge them together in our system for a simplified response process.
In some cases, these data are forwarded to third-party service providers in third countries without an adequate level of protection. In this context, we ensure that sufficient guarantees, particularly standard contract clauses, have been implemented for the protection of your personal data (see Clause 3.3).
The legal basis for processing is our legitimate interest (Art. 6 (1) (f) GDPR) to provide you with the “enquiries" service described above. If your enquiry concerns the initiation or performance (including customer service or warranty) of a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR.
You can object to the processing of your data on the basis of Art. 6 (1) (f) GDPR. We can then continue processing if there are compelling reasons for processing. This may be necessary in order to provide evidence for enquiries from you and past communication with you. If there are no such compelling reasons, we will stop communicating with you and delete the data that has been collected.
This data will be deleted when our communication with you has been terminated, i.e. when the relevant facts have been clarified and no further legitimate interests exist for storage or no further legal obligations exist for storage.
If you take part in one of our contests, we use your data (e.g. name, e-mail address) to carry out the contest, for information purposes and to send you a prize, if applicable.
The legal basis for the processing is the consent you have given when participating in the contest (Art. 6 (1) (a) GDPR). Your data will be deleted when the contest is over and the prizes have been distributed. Your data will be used for other purposes, e.g. advertising, only if you have explicitly given your consent.
2.6 Advertising and product development (newsletters, etc.), right to object
We would also like to use the data you have entered or accrued when using the websites to inform you about our products and services (advertising) or to improve our offerings and services (product development).
2.6.1 Customer database
We process in a customer database the following personal data which we collect anyway from various interactions with you or for which you have given us consent:
(a) Master Data includes certain Registration Data (e.g. email address as an identifier, gender, title, place of residence, country) as well as other Subscription Data that you may have provided to us, e.g. when subscribing for a newsletter (e.g. email address, selected interests, date of birth),
(b) Transaction Data includes your Order Data if you have ordered products from us (e.g. content, time, number and type of order, sales and discounts or coupons, cancellations, returns), as well as derived or calculated from such data, economic indicators and profitability calculations.
(c) Usage Data includes Server Log Data, Cookie Usage Data about your browsing behaviour on our website (if and to the extent that you have given us your consent to process your cookie usage data) and E-mail Usage Data about your use of our e-mail newsletter or customer mailings (such as click behaviour).
We process this data once in order to personalise our promotional information to your interests, i.e. to show you information that is as relevant as possible and that matches your interests, as well as to provide you with individual offers tailored to this.
We also use the data processed in this way to learn more about the demand for our offers and services and the way in which our website and newsletters are used and to improve our offers and services (product development). Until your objection your Server Log Data is being used for all users generally not personalised for this purpose and linked to the other data, but only pseudonymised; personalised use of the Server Log Data takes place if you have given us consent to do so as part of the consent to cookies.
If we use technical service providers to operate the database and the analysis, they do not have access to personalised data, but at most to pseudonymised data.
The legal basis for the processing is your consent in relation to the usage data (Art. 6 (1) lit. a GDPR) and our legitimate interests in relation to the Master Data and Order Data as well as the use of the data for product development (Art. 6 (1) lit. f GDPR). You can object to the processing for purposes of advertising and product development at any time (for the implementation of the objection, see section 2.6.6).
2.6.2 E-Mail Newsletter
On the basis of your explicit consent, you can subscribe to our free e-mail newsletter, consisting of our „Bergfreunde Newsletter“ (with product information and promotions such as raffles etc.) and the „Bergfreunde Deals“ (special offers for a product) on our website. We use our e-mail newsletter to inform you regularly about all areas of our offering. In order to adapt the email newsletter optimally to your interests, we offer the choice when subscribing to receive the email newsletter with product information primarily for men or for women. Furthermore, we also process (a) the data collected from you when registering (the data shown as mandatory fields are required for receipt, data marked as voluntary only serve to address you more personally), (b) interests selected by you on a voluntary basis, if applicable, (c) data on your usage behaviour after we have sent you e-mails (e.g. click behaviour), as well as (d) the information from our customer database (cf. section 2.6.1). You can manage your subscription via the newsletter settings linked in each e-mail newsletter.
Your subscription to the e-mail newsletter becomes effective upon your confirmation; to do this, you must click on a link that we send you in our confirmation e-mail. The confirmation link leads to the newsletter settings that are created for each subscriber. If you do nothing else after you confirm your subscription, you will receive the Bergfreunde Newsletters and Bergfreunde Deals in the future. You can also add voluntary information (for personalisation), select whether you only want Bergfreunde Newsletters or Bergfreunde Deals and mark interests for certain product categories. You can object to receiving our newsletter at any time (to implement the objection, see Section 2.6.6).
The legal basis for the processing is your consent (Art. 6 (1) lit. a GDPR) in conjunction with Section 7 (2) UWG [German Act against Unfair Competition].
2.6.3 Service Mails
Without having separate consent, we will contact you directly via e-mail outside of our e-mail Newsletter with Service Mails that may consist of customer satisfaction surveys as well as information, offers and promotions that are tailored to you and your interests such as but not limited to care instructions, manufacturer information or offers similar to your orders. Customer satisfaction surveys and ratings may be requested by us or by Trusted Shops GmbH on our behalf within the scope of our Trustbadge (see Section 3.2.2). We will do so only if and to the extent that (a) we have received your e-mail address from you in connection with a service or the sale of a product, (b) we use you for direct marketing of our similar products or services, and (c) you have not objected to receiving it (see below for how to object). We will inform you about this use and your right to object each time you enter your e-mail address.
In order to adapt the Service Mails to your interests as well as possible, we process for this purpose (a) the data collected from you when you purchase the goods or service, (b) data about your usage behaviour after we have sent you e-mails (e.g. click behaviour), and (c) the information from our Customer Database (cf. section 2.6.1). The service e-mails can be managed via the newsletter settings linked in each email newsletter.
You can object to receiving our Service Mails at any time (to implement the objection, see Section 2.6.6).
The legal basis for the processing is our legitimate interests (Art. 6 (1) lit. f GDPR) in conjunction with Section 7 (3) UWG [German Act against Unfair Competition].
2.6.4 Telephone advertising
We will contact you by telephone only with your express consent in order to provide you with information, special sales and offers for Bergfreunde services tailored to your personal interests or usage of our site.
In order to tailor our information as closely as possible to your interests, we process (a) the data collected from you when you gave your consent, (b) the information from our customer database (cf. section 2.6.1).
You can object to calls at any time (for implementation of the objection, see section 2.6.6).
The legal basis for the processing is your consent (Art. 6 (1) lit. a GDPR) in conjunction with Section 7 (2) UWG [German Act against Unfair Competition].
2.6.5 Postal advertising
We will contact you by post with advertisements in written form, even without your consent to the extent permitted by law for Bergfreunde services.
In order to tailor the post advertising as closely as possible to your interests, we process (a) the data collected from you when you purchased the goods or services, as well as (b) the information from our Customer Database (see section 2.6.1).
You can object to postal advertising at any time, which we will inform you of in every postal advertising (for implementation of the objection, see Section 2.6.6).
The legal basis for processing is our legitimate interests (Art. 6 (1) (f) GDPR).
2.6.6 Objection to advertising
As we inform you when collecting contact details and for any direct advertising, you can object in whole or in part at any time to the processing of your personal data for the purposes of advertising and product development, as well as to being contacted via a specific form for this purpose, or revoke any consent you may have given.
You have various options for your objection:
- As a registered customer (see section 2.1), you can select or unsubscribe from various forms and content of advertising in your account settings under the menu "Newsletter Settings".
- In the case of E-mail Newsletters and Service Mails, you can use the unsubscribe link provided for you in each case. From the web page then displayed to you, you can access your Newsletter Settings, where you can also change your settings and details.
- In the event of an advertising call, you can inform our staff of your objection.
- Alternatively, or if none of the above options are available, you can send a corresponding message (keyword: data protection) via the contact form on our website, by telephone via our customer centre or in writing or by e-mail to the contact details given under point 8.
This objection is free of charge, i.e. there are no costs other than the costs for the transmission of your objection according to the respective basic tariffs.
All objections received and confirmed by us will be accounted for starting at 6:00 a.m. on the next day/working day. Please keep in mind that we may still contact you during the time needed to process the request.
Your data will be deleted or stored only in aggregated, anonymous form after your objection or withdrawal of any consents you have given or after cessation of use by us at the very latest. If necessary, we will store the data of your objection in order to prevent further contact with you.
2.7 Your job application
For the purpose of collecting and reviewing your applications submitted under "Jobs", carrying out interviews, conducting additional research where required and permissible, and communicating our internal decisions about your application and its acceptance or rejection, we process the information you have submitted to us along with information collected from public sources such as the internet or from previous employers.
The legal basis for processing is Art. 88 GDPR in conjunction with Section 26 (1) and (3) BDSG (data processing for deciding whether to establish an employment relationship) as well as your consent to further storage and recording in our applicant pool for 12 months (Art. 6 (1)(a) GDPR).
We store your data for as log as it is required for the abovementioned purposes and erase the data for rejected applications within 6 months after notification of our decision. For accepted applications, the data will be included in your personnel files. In the case of a rejection, if you did not previously consent to storage within the context of our applicant pool, you can voluntary consent to further storage in case we have an open position for you at a later point in time.
For online applicant management, we rely in part on the service provider New Work SE ("Onlyfy") (see also Clause 3.1 and 3.2.4). When you apply to work for us under the link "Jobs", Onlyfy creates a candidate profile for you in which you can view and manage your other submitted applications. We do not have access to this candidate profile. Onlyfy is responsible for this candidate profile.
2.8 Providing the website and services
The processing of server log data is necessary for technical reasons in order to provide the websites and services and in order to ensure system security thereafter.
The legal basis for processing is our legitimate interest in providing the website and our services (Art. 6 (1) (f) GDPR). The processing is absolutely necessary for the use of our website, and there is no right to object.
This data will be deleted after 12 days at the very latest.
The server log data may then be analysed anonymously for statistical purposes and to improve the quality of our website. The server log data is not linked to your personal data, nor will it be merged with other personal data sources.
We may provide you with podcasts that you can listen to on various channels, such as web players, podcast services like Apple Podcasts or Spotify, or platforms such as YouTube. Insofar as we make the podcast accessible on servers ourselves (e.g. on web players or podcast services), we process the server log files in order to provide the podcast and to perform this service for technical reasons, and subsequently in order to guarantee system security.
The legal basis for this processing is the necessity of processing in order to make the podcast available to you (Art. 6 (1)(b) GDPR).
Your personal data are erased after 2 days at the latest, and also, if they are no longer required for the provision of podcasts, saved anonymously to obtain and analyse statistical data.
The legal basis for this processing is our legitimate interest pursuant to Art. 6 (1)(f) GDPR. You can object to the processing of your data on the basis of Art. 6 (1)(f) GDPR. In principle, we then have the opportunity to demonstrate mandatory grounds for processing in order to continue it.
If you use third-party platforms in this context, data processing may also be carried out by these third parties (see also Clause 5.2 and 5.4).
3. Data transfer
3.1 Data transfer to processors
In some cases, we employ service providers in compliance with legal requirements for order processing, i.e. on our behalf, in accordance with our instructions and under our control.
- technical service providers who we engage in order to provide this website and the podcasts, e.g. providers for software maintenance, data centre operation and hosting
- technical service providers we use to provide functionalities, e.g. essential cookies for technical purposes.
- service providers for the practical implementation of advertising and marketing, e.g. service providers for e-mail and analytics cookies as well as service providers for the operation of the Customer Database
In these cases, we remain responsible for data processing; the transfer and processing of personal data to or by our processors rests on the legal basis that allows us to process the data in each case. A separate legal basis is not required.
3.2 Data transfer to third parties
In some cases, we also transfer your data to third parties, i.e. to partners with whom we cooperate outside of commissioned processing. Such partners provide their services and are as such the responsible parties. For the processing of your data by partners, only their data protection policy applies.
3.2.1 Payment Service Providers
To process your orders, except for payment via advance payment/bank transfer, we send payment information to payment service providers who then process the payment transactions associated with the orders. You can identify which of the listed payment services is available to you on the shop page that you are using.
(2) Instant funds transfer with Klarna
(3) Invoice and instalment purchase with Payolution/Unzer
If you pay on account or by instalments, where offered, we transmit the necessary personal information (first name, last name, address, e-mail address, phone number, birth date, IP address, gender) along with the data required for carrying out the transaction (item, invoice amount, interest, instalment payments, due dates, total amount, invoice number, tax amount, currency, order data and time) to Payolution GmbH, Columbus Platz 7-8, 1100 Vienna, Austria and Bank Frick & Co AG Landstr. 14, 9496 Balzers, Liechtenstein., to which we assign our payment claim concerning your invoice. Payolution GmbH is part of the Unzer Group.
The legal basis for this transfer is the performance of the contract with you, Art. 6 (1)(b) GDPR.
The companies mentioned above then do a credit check as controllers in their own right in order to determine whether or not to purchase the receivable. The legal basis for the transmission of the data by us for this purpose is our legitimate interest in financial protection with these payment methods as well as the fulfilment of our obligations under civil law to disclose the required information to the buyer of the receivable (Art. 6 (1) (f) GDPR). Our interests are compelling when selecting this payment method because a credit check, and thus a purchase of receivables, would otherwise be impossible; therefore it is not possible to object against this data processing (Art. 21 (1) GDPR) while maintaining this payment method. However, you are free to select an alternative payment method.
The Payolution GmbH’s Privacy and Data Protection Policy on the processing of your personal data as the responsible party can be found here.
The Frick Bank & Co AG’s Privacy and Data Protection Policy on the processing of your personal data as the responsible party can be found here.
(4) Apple Pay
If you pay by Apple Pay, your payment information is transferred to Apple Inc., Park Way, Cupertino, California, U.S. In order to securely transfer your payment data when paying on the Internet, Apple receives your encrypted transaction and then further encrypts this with a developer-specific key before the transaction data are sent to your payment process, generally the bank that you have saved in Apple Pay. This key makes sure that only we as the seller and contracting partner are able to access your encrypted payment data. Just like when you pay in stores, Apple then sends your device account number to us along with the transaction-specific, dynamic security code. In this way, we are informed that the payment process was completed. Neither Apple nor the Apple device you use send the actual bank information to us.
The legal basis for this transfer is the performance of the contract with you, Art. 6 (1)(b) GDPR.
You can find more privacy information about Apple at: https://www.apple.com/legal/privacy/
When choosing the payment method iDEAL, the buyer is automatically forwarded during the order process to the online banking page of the participating bank, in which process the payment information is transmitted in encrypted form via iDEAL (iDEAL B.V., Gustav Mahlerplein 33-35 in Amsterdam, Noord-Holland 1082 MS, NL). Payment is made by transfer in real time after successful verification in the customer’s online banking service. The payment amount is therefore debited directly from the customer’s account when the transfer is carried out.
The legal basis for this transfer is the performance of the contract with you, Art. 6 (1)(b) GDPR.
You can find more privacy information about iDEAL at: https://www.ideal.nl/en/privacy-cookie-statement/
When paying by Bancontact, your payment information is transferred to Bancontact Payconiq Company NV/SA, Rue d'Arlon 82, 1040-Brussels, Belgium. In order to securely transfer your payment data when paying on the Internet, Bancontact receives your encrypted transaction and then further encrypts this with a developer-specific key before the transaction data are sent to your payment process, generally the bank that you have saved in Bancontact.
Payment is made by transfer after successful verification through online banking. The payment amount is therefore debited directly from the customer’s account when the transfer is carried out.
If these payment methods are chosen, we only obtain information as to whether or not payment was successful.
The legal basis for this transfer is the performance of the contract with you, Art. 6 (1)(b) GDPR.
You can find more privacy information about Bancontact at: https://www.bancontact.com/files/privacy.pdf
3.2.2 Buyer protection/Ratings
The Trusted Shops Trustbadge is displayed on this website in order to show our Trusted Shops seal of approval, any ratings accumulated from users as well as to offer Trusted Shops products to buyers following an order.
Each time the Trustbadge is used, the web server automatically saves a so-called server log file, which contains your IP address, date and time of the request, volume of data transferred and the requesting provider (access data) and documents the request. This access data is not analysed and is automatically overwritten no later than seven days after the end of your website visit.
After you place an order, your e-mail address is transmitted to Trusted Shops GmbH after being hashed using a one-way cryptographic function. The legal basis is Art. 6 (1) Sentence 1 (f) GDPR. The purpose of this is to check whether you are already registered for services with Trusted Shops GmbH; it is therefore necessary for the fulfilment of our overriding legitimate interest, and the overriding legitimate interest of Trusted Shops, in providing the buyer protection associated with the specific order and the transaction assessment services in accordance with Art. 6 (1) Sentence (1) (f) GDPR. If you are already registered, any additional processing will be carried out in accordance with the contractual agreement established between you and Trusted Shops. If you are not yet registered for their services, you will subsequently be given an opportunity to do so for the time. Any additional processing after completing registration will also be oriented on the contractual agreement with Trusted Shops GmbH. If you do not register, all transmitted data will automatically be erased by Trusted Shops GmbH and no personal identification will be possible.
Other personal data will only be transferred to Trusted Shops if you have granted consent, if we are allowed to contact you with service e-mails in accordance with Section 7 (3) of the German Act Against Unfair Competition (see Section 2.6.3), or if you decide to use or have already registered to use Trusted Shops products after placing an order. In such a case, the contract between you and Trusted Shops applies.
Within the scope of the joint responsibility established between us and Trusted Shops GmbH, please contact Trusted Shops GmbH using the contact options provided in the privacy information linked above if you have any questions concerning data protection or to assert your rights. Independently of this, you can also contact the controller of your choice at any time. If necessary, your enquiry will then be forwarded to additional controllers for the purpose of replying.
3.2.3 Logistics companies
In order to ship goods to you, we transfer your address and contact data, when necessary, to parcel delivery companies (such as DHL), in particular the name, company (if applicable) as well as the postal address/Packstations and any additional information regarding the address. In this context, we may provide you with links or tracking numbers to track shipments. For this purpose, we may also forward your e-mail address to the logistics company so that the logistics company can communicate directly with you, for instance in order to resolve queries concerning the address, agreements on delivery times, where to leave packages etc.; this can minimize errors or delays in delivery. If you are contacted by the logistics company directly, this is because you have subscribed to a corresponding service provided by the logistics and package transport company and agreed to this particular use in doing so. In other delivery countries, additional information may be required (e.g. e-mail address or telephone number) to enable the parcel service to find or reach you because of the type of delivery or the circumstances there; this will then be displayed when you enter the address. The legal basis for this transfer is the performance of the contract with you, Art. 6 (1) (b) GDPR, or our interest in providing convenient delivery as smoothly as possible and without delays, Art. 6 (1) (f) GDPR.
For returns from you to us, we offer a voluntary service (to simplify and save costs) of generating the postage and return label via our website. To generate the label, you will be forwarded from our website to DHL's returns portal (you can also go directly to a logistics company instead). In order to provide you with the best possible service, we transfer personal data from your order that is necessary for creating the return label (i.e. receipt number, zip code, name, address and e-mail address). This information is required for billing purposes, correctly filling in the label and sending it to you via e-mail so that you can print it. While this eliminates the need for you to enter this information yourself, it does require us to forward the information to DHL (using a secure form). We also point this out to you on our website before you use this service. The legal basis for the transmission is the provision of a service requested by you or the steps taken by you prior to entering a contract with the logistics company, Art. 6 (1) (b) GDPR.
In all cases, any data processing at the logistics companies is carried out by the logistics companies themselves as controllers.
3.2.4 Online applications
As already described under Clause 2.7, your applicant data are processed by the service provider Onlyfy to create a candidate profile.
After weighing the interests involved, this is to protect your legitimate interests and our overriding legitimate interests in optimal and effective management of your applications in accordance with Art. 6 (1)(f) GDPR. Using the candidate profile, you can view and manage not only your application with us but also other applications.
You can find more information about Onlyfy here.
3.3 Data transfers to third countries
In some cases, we transfer personal data to recipients that are not located within the direct scope of the GDPR ("third countries"). To the extent that the EU Commission has not decided that these countries provide adequate guarantees for the protection of your personal data, we must either ensure that we implement sufficient safeguards for your personal data or that one of the legal exceptions applies.
As guaranteed in accordance with Article 46 (2) c of the GDPR, we regularly use EU standard contractual clauses adopted by the EU Commission with recipients in third countries that are not recognised as safe under data protection law. Nevertheless, in some countries there is a risk that your data may be requested by national authorities for control and monitoring purposes, without the conditions being clearly regulated or corresponding legal remedies being available. Where such risks exist, which are considered unreasonable by the jurisprudence of the European courts (for example, as in some constellations in the case of the USA), we will take additional protective measures and agreements as far as possible. For more information about these third country transfers and a copy of the standard contractual clauses, please contact us using the contact details in section 8.
4. Cookies and web analysis
4.1 What are cookies?
In order to make our website as user-friendly as possible and improve the relevance of our advertising for visitors to our website, we and our partners use "cookies". Cookies are small text files that are stored on a visitor's device. They make it possible to retain information for a specified period of time and identify the visitor's device. In some cases, this occurs using tracking pixels that are not stored on a visitor's hard drive but that can be useful in the same way as a cookie in order to identify the device. In the following, the term "cookie" is used to refer both to cookies in the technical sense as well as tracking pixels and other technical methods.
When you visit our website for the first time, a banner will be displayed on our home page with the consent text concerning cookies. If you grant your consent there or in our cookie settings, this consent will be stored on your browser so that we will not have to show you this notice again on every page. If this information is lacking in your browser (for instance because you delete the browser history), this notice will be displayed again the next time you visit our website.
Your consent to cookies also includes your consent to the transfer of data to third countries and the risks that this may entail, particularly as it applies to access to your information by foreign authorities (cf. in detail Section 3.3).
4.2 What types of cookies do we use?
On this website, we use four (4) different categories of cookies: Required cookies without which the functionality of our website would be restricted, as well as optional functional cookies, analysis cookies and marketing cookies that generally come from third-party providers:
4.2.1 Required Cookies
These cookies do not collect any information about you that will be used for marketing purposes or where you have accessed the internet. These cookies are generally session-dependent and expire after your visit to the website (session), unless the functionality in question requires a longer period of storage (e.g. saving cookie settings.
Deactivating this category of cookies would restrict the functions of this website entirely or in part. Therefore it is not possible to deactivate them.
The legal basis for the use of technically required cookies and the processing of your data using these cookies is our legitimate interest in displaying our website functions to you and providing them for your use, Art. 6 (1)(f) GDPR.
4.2.2 Functional cookies
We use functional cookies in order to improve and simplify the use and performance of our website and to offer you other optional functions.
For instance, to enable the website to load faster, we use technology provided by RichRelevance Inc., 303 Second Street, Suite 350, San Francisco, CA 94107, USA.
The legal basis for the use of functional cookies and the processing of your data by the providers of these cookies is your prior consent (Art. 6 (1)(a) GDPR). You can withdraw your consent at any time in the cookie settings which you can access on the website using the link below.
4.2.3 Analysis cookies
Analysis cookies collect information about how visitors use a website overall, for example, which pages they visit most frequently and whether they receive error messages from websites.
These cookies do not collect any data either which could be used to identify visitors. The data collected with these cookies is not aggregated with other information about our visitors. All information collected using these cookies is exclusively used to understand and improve the functionality and service of the website.
The legal basis for the use of analysis cookies and the processing of your data by the providers of these cookies is your prior consent (Art. 6 (1)(a) GDPR). You can withdraw your consent at any time in the cookie settings which you can access on the website using the link below.
(1) Google Analytics
To analyse our website, we use services such as Google Analytics, a web analytics service provided by Google, Inc. The information generated by Google Analytics about your use of the website will be transmitted to and stored by Google on servers in the USA. Because IP anonymisation is activated on this website, your IP address will first be truncated by Google within a member state of the European Union or within another contracting state to the agreement on the European Economic Area. Only in exceptional cases will your full IP address be transferred to a Google server in the USA and truncated there.
In particular, Google will use this information to analyse the user’s use of our website, to compile reports about website activity and to perform other services associated with website use and internet use on our behalf. In this context, pseudonymous usage profiles may be created for users using the processed data. Google may also process information for its own purposes.
(2) Webtrekk Analytics
We also use Webtrekk Analytics, a product provided by Mapp Digital/Webtrekk GmbH, in order to collect statistical data about the use of this website and optimise our service accordingly. This is a statistics program that records use anonymously or pseudonymously. The use of Webtrekk enables us to perform a pseudonymous analysis of user behavior, which involves collecting and analysing information transmitted by your browser.
4.2.4 Marketing cookies
Marketing cookies are used in order to tailor ads more specifically to you and your interests. They can also be used to restrict how often you are shown the same advertisement, to measure the effectiveness of an ad campaign and to understand the behaviour of users after viewing an ad.
These cookies are typically placed by ad networks with the consent of the website operator (in this case, us) on the operator's website. They recognise that a user visited a website and pass this information on to other companies, for instance advertising companies, or use this information to adapt the ads accordingly. They are often connected with a website functionality that is provided by this company. Therefore, we use these cookies in order to establish a connection with social networks that are then able to use the information about your visit to show you targeted ads on other websites and to provide information about your visit to the advertising networks we use in order to show you specific advertising in the future that could actually be of interest based on your browsing behaviour. In these cases as well, we do not connect the data collected using these cookies with other information about our visitors.
The legal basis for the use of marketing cookies and the processing of your data by the providers of these cookies is your prior consent (Art. 6 (1)(a) GDPR). You can withdraw your consent at any time in the cookie settings which you can access on the website using the link below.
4.3 List of functional cookies, analysis cookies and marketing cookies
Here you can access a list of the cookies we use and the providers who obtain your personal data using the cookies, as well as the duration for which the cookies are stored. There you will receive more information about the individual providers and cookies.
If you would prefer to receive more information about these cookies from us instead, please contact us using the contact details provided in Section 8.
When you visit our website for the first time, a privacy notice will be displayed on our home page with the consent text concerning optional cookies. By clicking "SELECT ALL" on the home page or the individual categories (functional, analysis and marketing cookies) in the "COOKIE SETTINGS" menu, you grant your consent to the use of these cookies. You can adjust and modify these settings at any time in the cookie settings which you can access on the website using the link below.
You can also prevent the use of all cookies by changing your browser settings concerning cookies accordingly. However, we inform you that the functionality of our website will be restricted in this case if technically required cookies are also blocked. Finally, you can read more information about cookies and the individual providers on websites such as www.youronlinechoices.com, where you have the option of rejecting usage-based online marketing using specific tools or all available tools.
5. Social media networks
We use links to our other internet presences on third-party websites and services, e.g. on social media channels such as Facebook, Twitter, YouTube or Pinterest.
Our presence on social media networks and platforms serves to provide better, more active communication with our customers and interested parties. There we inform you about our products and special offers.
For detailed information on the data processing carried out by providers on their pages, as well as a contact option and your rights and setting options in this regard to protect your privacy, please refer to the links to the data protection notices from the providers under 5.1. below. If you still need assistance with this matter, you can also contact us.
5.1 Sharing content on social media networks
If you wish to share one of our websites on a social media network (e.g. Facebook or Twitter), you can click on one of our "Share" buttons. After clicking on the "Share" button, you will be redirected to the respective social network (e.g. Facebook or Twitter). To share one of our websites, you must be logged into the social network.
In addition, we provide you with links to our presences on the social media networks (Facebook, Instagram, Twitter, Pinterest). Clicking on the links will take you directly to the respective social media network.The data processing by the social media networks on their websites is the sole responsibility of these third parties and their data protection policies apply (Facebook:https://de-de.facebook.com/policy.php; Instagram:https://de-de.facebook.com/help/instagram/155833707900388; Twitter: https://twitter.com/de/privacy; Pinterest: https://policy.pinterest.com/de/privacy-policy).
5.2 Youtube Videos / PODCASTS
We use the platform YouTube.com to post our own videos and podcasts and make them publicly available. YouTube is a service provided by a third party that is not affiliated with us, namely YouTube LLC.
On some pages of our website, we also directly embed videos that are stored on YouTube. Where videos are embedded, content from the YouTube page is displayed in some parts of a browser window. However, the YouTube videos are only called up if they are clicked on separately. This technology is also known as "framing".
5.3 Facebook fan page
We operate a fan page on Facebook to provide information about our products and special offers. These can be found at: https://www.facebook.com/bergfreunde Visitor data is collected and processed for various purposes on our fan page.
By means of this data concerning the use of the fan page, Facebook creates anonymous analyses, which we then receive to improve our offerings. This analysis, called "Insights", is a joint responsibility of Facebook and us. The basis for this is an agreement between responsible parties in accordance with Art. 26 GDPR, which you can view here. Accordingly, Facebook Ireland Ltd. is primarily responsible for data processing and compliance with data subjects' rights, particularly providing information, deleting it or objecting to the processing of the data. You can find more information about Facebook Ireland's data processing for Insights and exercising data subjects' rights here.
Apart from Insights, Facebook is also responsible for further processing of personal data, e.g. for the provision of services or advertising. You can find more information about this here.
5.4 PODCAST PLATFORMS
We use the podcast platforms (currently Apple Podcast and Spotify) to post our own podcasts and make them publicly available. Podcast platforms are services offered by third parties who are not affiliated with us (Apple Podcast is a service of Apple Inc., Spotify is a service of Spotify AB).
For data processing by the platforms which occurs in addition to the technical provision of the podcasts by us (see Clause 2.9), these third parties are exclusively responsible and their Privacy Policies apply (see for example for Apple: https://www.apple.com/legal/privacy/; Spotify: https://www.spotify.com/uk/legal/privacy-policy/).
We and our service providers employ technical and organisational security measures to protect your personal data against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons. Our data processing and security measures are continually being improved with technological developments.
When your personal data is transmitted to us, it is encrypted with Secure Socket Layer (SSL). Personal data exchanged between you and us or other participating companies is generally transmitted via encrypted connections that correspond to the current state of the art.
Our employees and our service providers are, of course, bound to a confidentiality agreement.
7. Your rights to information, correction, blocking and deletion
Every natural person whose personal data we process has the following rights (i.e. depending on the respective conditions):
- If you have any questions regarding the processing of your personal data by us, we would be happy to provide you with information about your stored personal data at any time free of charge (Art. 15 GDPR).
- You have the right to correct inaccurate data and complete incomplete data (Art. 16 GDPR).
- You have a right to block/restrict the processing or delete your personal data that is no longer required or stored on the basis of legal obligations (Art. 17, 18 GDPR).
- You have the right to transfer the data in a structured, commonly used and machine-readable format, provided that you have provided us with the data on the basis of an agreement or a contract between us and you (Art. 20 GDPR).
- You have the right to object to the processing of your data for direct marketing purposes at any time (Art. 21 (2 and 3) GDPR).
- You have a right to object to processing of personal data on the basis of a legitimate interest, unless we can explain our compelling legitimate grounds (Art. 21 (1) GDPR). We have pointed out above in what cases such a right is available.
- If you have given your consent to data processing, you can withdraw this with effect for the future at any time, i.e. the legality of the data processing carried out up to the time of the revocation remains unaffected by your withdrawal of consent. After withdrawing your consent, you may no longer use our services.
Please contact us with your request in writing (keyword: data protection) or via e-mail using the contact information under section 8. We reserve the right to check your identity to ensure that your personal data is not disclosed to unauthorised persons.
You also have the right to file a complaint with a data protection authority.
8. Data Protection Officer
Our data protection officer is:
Christian Volkmer, Project 29 GmbH & Co. KG
Contact: Ostgasse 14, 93047 Regensburg Germany
From time to time, it is necessary to change the content of this Privacy and Data Protection Policy. We therefore reserve the right to change it at any time. We will publish the amended version of the Privacy and Data Protection Policy here as well. If you visit us again, we kindly ask you to read the Privacy and Data Protection Policy again.
Version: February 2023