In the following, we will inform you in accordance with the legal requirements of data protection law (especially in accordance with BDSG n.F. and the European General Data Protection Regulation “DS-GVO”) about the nature, scope and purpose of the processing of personal data by our company.
Name and contact details of the responsible person (s)
Our Persons Responsible (hereinafter “Responsible”) i.S.d. Art. 4 Zif. 7 DS-GMOs are:
IndieNuts UG (haftungsbeschränkt)
82487 Oberammergau, Deutschland
Executive Director: Matthias Olof Eich
Types of data, purposes of processing and categories of data subjects
Below we inform you about the nature, scope and purpose of the collection, processing and use of personal data.
- Types of data we process
Usage data (access times, websites visited, etc.), contact data (telephone number, e-mail, fax, etc.), communication data (IP address etc.),
- Purposes of processing according to Art. 13 para. 1 c) DS-GVO
Technically and economically optimize your site, get in touch with third-party legal complaints, optimize and statistically evaluate our services, improve your user experience, make your website user-friendly, create statistics, prevent SPAM and abuse, provide sites with features and content,
- Categories of data subjects according to Art. 13, para. 1 e) DS-GVO
Visitors / users of the website are collectively referred to as “users”.
Legal basis for the processing of personal data
Below we inform you about the legal bases of the processing of personal data:
- If we have obtained your consent for the processing of personal data, Art. 6 para. 1 sentence 1 lit. a) DS-GMO Legal basis.
- If the processing is necessary to fulfill a contract or to carry out pre-contractual measures, which are made at your request, then Art. 6 para. 1 sentence 1 lit. b) DS-GMO Legal basis.
- If the processing is necessary to fulfill a legal obligation that we are subject to (eg statutory retention requirements), Art. 6 para. 1 sentence 1 lit. c) DS-GMO Legal basis.
- If processing is necessary to protect the vital interests of the data subject or of another natural person, Art. 6 (1) sentence 1 lit. d) DS-GMO Legal basis.
- If the processing is necessary for the protection of our or the legitimate interests of a third party and does not outweigh your interests or fundamental rights and freedoms in this regard, then Art. 6 para. 1 sentence 1 lit. f) DS-GVO Legal basis.
Disclosure of personal data to third parties and processors
Without your consent, we generally do not pass on data to third parties. If this is the case, then the transfer takes place on the basis of the aforementioned legal basis, e.g. when passing on data to online payment providers for performance of a contract or by court order or for a legal obligation to disclose the data for the purpose of prosecution, security or enforcement of intellectual property rights.
We also use processors (external service providers, for example, to host our websites and databases) to process your data. If data are passed on to the processor by order processing, this is always done in accordance with Art. 28 of the GDPR. We select our processors carefully, monitor them regularly and have given us the right to give instructions regarding the data. In addition, the processors must have taken appropriate technical and organizational measures and the data protection rules in accordance with Art. BDSG n.F. and DS-GMOs
Data transmission to third countries
With the adoption of the basic European data protection regulation (DS-GVO), a uniform basis for data protection in Europe was created. Your data will therefore be processed primarily by companies to which DS-GVO applies. If processing by third-party services takes place outside the European Union or the European Economic Area, these must meet the special requirements of Art. 44 et seq. DS-GMO. This means that processing takes place on the basis of specific guarantees, such as the official recognition of an EU level of data protection by the EU Commission or compliance with officially recognized special contractual obligations, the so-called “standard contract” clauses Company complies with the submission to the so-called Privacy Shield, the EU-US data protection agreement, these requirements.
Deletion of data and storage duration
Existence of automated decision-making
We do not use automatic decision making or profiling.
Provision of our website and creation of log files
- If you only use our website for informational purposes (ie no registration and no other transmission of information), we only collect the personal data that your browser transmits to our server. If you want to view our website, we collect the following data:
- IP address
- Internet service provider of the user
- Date and time of retrieval
- browser type
- Language and browser version
- Content of the call
- Time Zone
- Access Status / HTTP status code
- amount of data
- Websites that get the request
- Operating System. Your data will not be stored together with other personal information about you.
- This data is for the purpose of the user-friendly, functional and secure delivery of our website to you with functions and content as well as their optimization and statistical evaluation.
- The legal basis for this is our justifiable interest in the processing of data according to Art. 6 para. 1 p. 1 lit. f) DS-GMO.
- For security reasons, we store this data in server log files for the retention period of 63 days. After this period, they will be automatically deleted, unless we need their storage for evidence in attacks on the server infrastructure or other violations.
- Session cookies: We use so-called “cookies” to recognize multiple uses of an offer by the same user (for example, if you have logged in to determine your login status). When you visit our site again, these cookies provide information to automatically recognize you. The information obtained in this way serves to optimize our offers and to give you easier access to our site. If you close the browser or log out, the session cookies will be deleted
- Persistent cookies: These are automatically deleted after a specified period, which may vary depending on the cookie. In the security settings of your browser, you can delete the cookies at any time
- Third party cookies (third party cookies): You can configure your browser setting according to your wishes. B. Reject the acceptance of third-party cookies or all cookies. However, we would like to point out that you may not be able to use all features of this website. Read more about these cookies in the respective third-party privacy policies.
- The legal basis for this processing is Art. 6 para. 1 p. Lit. b) DS-GVO, if the cookies are used to initiate a contract, e.g. otherwise we have a legitimate interest in the effective functionality of the website, so that in the case of Art. 6 para. 1 sentence 1 lit. f) DS-GVO is the legal basis.
- Opposition and opt-out: You can generally prevent the storage of cookies on your hard disk by selecting “Do not accept cookies” in your browser settings. However, this can result in a functional restriction of our offers. You may opt-out of third-party cookies for advertising purposes through this American website (https://optout.aboutads.info) or this European website http://www.youronlinechoices.com) contradict.
Contact by contact form / E-Mail / Fax / Post
- When contacting us via contact form, fax, mail or e-mail your details will be processed for the purpose of processing the contact request.
- Legal basis for the processing of the data is in the presence of a consent of you Art. 6 para. 1 S. 1 lit. a) DS-GMO. The legal basis for the processing of data transmitted in the course of a contact request or e-mail, letter or fax is Article 6 (1) sentence 1 lit. f) DS-GMO. The person in charge has a legitimate interest in the processing and storage of the data in order to be able to answer inquiries from users, to secure evidence for liability reasons and, if necessary, to fulfill his statutory retention requirements for business letters. If the contact is aimed at concluding a contract, then additional legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b) DS-GMO.
- We can store your details and contact requests in our Customer Relationship Management System (“CRM System”) or a comparable system.
- The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. For the personal data from the input form of the contact form and those sent by e-mail, this is the case when the conversation with you has ended. The conversation ends when it can be inferred from the circumstances that the matter in question has been finally clarified. Requests from users who have an account or contract with us, we save until the expiration of two years after the contract termination. In the case of legal archiving obligations, the deletion takes place after its expiry: end of commercial law (6 years) and tax law (10 years) retention obligation.
- At any time, you have the option of obtaining consent in accordance with Art. 6 para. 1 sentence 1 lit. a) to revoke the GDPR for the processing of personal data. If you contact us by e-mail, you can object to the storage of personal data at any time.
- We have the “Google Analytics” web site analytics tool (Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA, EU office: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland) integrated into our website.
- When visiting our website Google places a cookie on your computer in order to be able to analyze the use of our website by you. The data obtained is transferred to the USA and stored there. If personal information should be transferred to the US, Google’s certification under the Privacy Shield Agreement (https://www.privacyshield.gov/EU-US Framework) is a guarantee of compliance with European data protection law.
- We have activated the IP anonymization “anonymizeIP”, which means that the IP addresses are only processed in shortened form. Google’s IP address on this website is therefore shortened beforehand within member states of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the controller. In addition, we have activated the cross-device analysis of website visitors, which is carried out via a so-called user ID. The IP address provided by Google Analytics within the framework of Google Analytics will not be merged with other data provided by Google. The use of Google Analytics is for the purpose of analyzing, optimizing and improving our website.
- The legal basis for this is our justifiable interest in the processing of data according to Art. 6 para. 1 p. 1 lit. f) DS-GMO.
- The data sent by us and linked to cookies, user IDs (eg user IDs) or advertising IDs will be automatically deleted after 14 months. The deletion of data whose retention period has been reached is done automatically once a month.
- Opposition and opt-out: You can generally prevent the storage of cookies on your hard disk by selecting “Do not accept cookies” in your browser settings. However, this can result in a functional restriction of our offers. You may also prevent the collection of data generated by the cookie and related to your use of the website to Google and the processing of such data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de
- As an alternative to the above browser plug-in, you can prevent Google Analytics tracking by clicking Click here to opt out. [/ google_analytics_optout]. The click will set an “opt-out” cookie that will prevent the collection of your data when visiting this website in the future. This cookie is only valid for our website and your current browser and is only valid until you delete your cookies. In that case you would have to set the cookie again.
- You can turn off cross-device user analytics in your Google Account under My Data> Personal Information.
- We have integrated YouTube videos from youtube.com on our website using the embedded function, so that they can be accessed directly on our website. YouTube is part of Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA, EU office: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. We have integrated the videos into the so-called “extended privacy mode” without cookies being used to personalize the video playback. Instead, the video recommendations are based on the currently playing video. Videos played in enhanced privacy mode in an embedded player will not affect which videos are recommended to you on YouTube. At the start of a video (click on the video), YouTube will receive the information that you have accessed the corresponding subpage of our website , The data obtained is transferred to the USA and stored there. This is also done without a user account at Google. If you are logged in to your Google Account, Google may associate the above information with your account. If you do not want this, you will need to log out of your Google Account. Google creates user profiles from such data and uses this data for the purpose of advertising, market research or optimization of its websites.
- The legal basis for this is our justifiable interest in the processing of data according to Art. 6 para. 1 p. 1 lit. f) DS-GMO.
- Google is certified under the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US framework) and therefore required to comply with European data protection law.
Presence in social media
- We process your information that you send to us through these networks to communicate with you and to respond to your messages there.
- The legal basis for the processing of personal data is our legitimate interest in communicating with users and our external presentation for the purpose of advertising pursuant to Art. 6 (1) sentence 1 lit. f) DS-GMO. Insofar as you have given consent to the person responsible for the social network in the processing of your personal data, the legal basis is Art. 6 (1) sentence 1 lit. a) and Art. 7 DS-BER.
opt-out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com,
Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
Social Media Plugins
- We use social media social media plug-ins on our website. We use the so-called “two-click solution” -share of c’t or heise.de. When retrieving our website, no personal data will be transmitted to the providers of the plug-ins. Next to the social network logo or brand, you’ll find a slider that lets you activate the plug-in with a click. After activation, the social networking provider receives the information that you have accessed our website and your personal information is transmitted to the provider of the plug-in and stored there. These are so-called third party cookies. For some providers, such as Facebook and XING, their IP will be anonymized immediately after collection.
- The data collected about the user stores the plug-in provider as usage profiles. These are used for purposes of advertising, market research and / or customization of its website. Such an evaluation is carried out in particular (even for users who are not logged in) for the purpose of displaying demand-oriented advertising and to inform other users of the social network about the activities of the user on our website. The user is entitled to a right of objection to the formation of these user profiles, whereby one must turn to the exercise of this right to the respective plug-in provider.
- The legal basis for the use of the plug-ins is our legitimate interest in improving and optimizing our website by increasing our awareness through social networks and the possibility of interacting with you and the users via social networks in accordance with Art. 6 para. 1 p. 1 lit. f) DS-GMO.
- We have no influence on the collected data and data processing operations. Nor are we aware of the scope of the data collection, the purpose of the processing and the retention periods. We also have no information to delete the data collected by the plug-in provider.
- We refer to the respective data protection statements of the social networks regarding the purpose and extent of the data collection and processing. In addition, you will also find information about your rights and options for the protection of your personal data.
- We have social media plug-ins on our website Facebook.com (based in the EU: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland) as part of the so-called “two-click -Solution “from Shariff integrated. You can recognize this by the Facebook logo” f “or the addition” Like “,” Like “or” Share “.
- As soon as you deliberately activate the Facebook plug-in, a connection is made from your browser to the Facebook servers. At the same time, Facebook receives the information, including your IP, that you have accessed our website and transmits this information to Facebook servers in the USA, where this information is stored. If you are logged into your account on Facebook, Facebook can assign this information to your account. Using the functions of the plug-in, e.g. Pressing the “Like” button, this information will also be transmitted from your browser to the Facebook servers in the US and stored there and displayed in your Facebook profile and possibly your friends.
- If you log out of Facebook before visiting our website and delete your cookies, no information about your visit to our website will be associated with your profile on Facebook when activating the plug-in.
- You can also prevent the Facebook plug-in from being downloaded by so-called “Facebook Blockers”, which you can install as an add-on for your browser: Facebook Blocker for Firefox, Chrome and Opera or 1blocker for Safari, iPad and iPhone.
- Facebook has submitted to the Privacy Shield, ensuring that European data protection law is respected: https://www.privacyshield.gov/EU-US framework.
- Facebook Connect
If you do not agree with such a data transfer, use instead of Facebook Connect IndieNuts sign-in for the registration.
- We’ve integrated plug-ins from the Twitter.com social network (Twitter Inc., 1355 Market St., Suite 900, San Francisco, California 94103, USA) into Shariff’s “Two-Click Solution” on our website , These plug-ins can be recognized by the Twitter logo with a white bird on a blue background. An overview of Twitter buttons or tweets can be found at: https://developer.twitter.com/en/docs/twitter-for-websites/overview.
- If you are logged in to your Twitter account while you are activating the Twitter plug-ins at will, Twitter may assign the call to our website to your Twitter profile. What data is transmitted to Twitter, we do not know
- If you would like to exclude the data transmission to Twitter on activation of the plug-in, then log out of Twitter and delete your cookies before visiting our website.
- Twitter has submitted to the Privacy Shield, ensuring that European privacy legislation is respected: https://www.privacyshield.gov/EU-US Framework.
- Wir haben auf unserer Website Plug-Ins vom sozialen Netzwerk Instagram (Instagram LLC., 1601 Willow Road, Menlo Park, CA, 94025, USA) im Rahmen der sog. „Zwei-Klick-Lösung“ von Shariff integriert. Diese erkennen Sie am Instagram-Logo in der Form einer viereckigen Kamera.
- If you willfully activate the plug-in, a connection will be established from your browser to Instagram’s servers. In the process, Instagram receives the information, including your IP address, that you have visited our site and transmits the information to Instagram servers in the US, where this information is stored. If you are logged into Instagram on Instagram, Instagram can assign this information to your account and you can click on the Instagram button to share and save the contents of our pages on your Instagram account and, if necessary, to show your friends there. We have no knowledge of the exact content of the submitted data, their use and storage duration through Instagram.
- If you log out of Instagram before visiting our website and delete your cookies, no information about your visit to our website will be associated with your profile on Instagram when the plug-in is activated.
and privacy settings here: https://help.instagram.com/196883487377501.
Rights of the data subject
- Objection or revocation against the processing of your data
In as far as the processing is subject to your consent in accordance with Art. 6 para. 1 sentence 1 lit. a), Art. 7 DS-GVO, you have the right to revoke your consent at any time. The lawfulness of the processing on the basis of the consent until the revocation is not affected. As far as we have the processing of your personal data on the balance of interests in accordance with Art. 6 para. 1 p. 1 lit. f) support DS-GMO, you can object to the processing. This is the case if, in particular, the processing is not required to fulfill a contract with you, which we present in the following description of the functions. In the event of any such disagreement, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your reasonable objection, we will review the facts and will either discontinue or adjust the data processing or show you our compelling legitimate reasons why we continue processing. You may object to the processing of your personal data for advertising and data analysis purposes at any time. The right to object can be exercised free of charge. You can inform us about your advertising conflict under the following contact details: IndieNutsMoosgasse 1982487 Oberammergau, GermanyManaging Director Matthias Olof EichE-mail: email@example.com
- Right to information
You have the right to ask us for confirmation of your processing of personal information. If this is the case, you have a right to information about your personal data stored by us according to Art. 15 DS-GVO. This includes, in particular, information about the processing purposes, the category of personal data, the categories of recipients to whom your data was or is being disclosed, the planned storage period, the source of their data, if these were not collected directly from you.
- Right to rectification
You have the right to correct inaccurate or complete data according to Art. 16 DS-GVO.
- Right to cancellation
You have a right to deletion of your stored data according to Art. 17 DS-GVO, unless statutory or contractual retention periods or other legal obligations or rights to further storage are contrary to this.
- Right to restriction
You have the right to demand a restriction on the processing of your personal data if one of the conditions set out in Art. 18 (1) lit. a) to d) DS-GVO is fulfilled:
- If you deny the accuracy of your personal information for a period of time that allows the controller to verify the accuracy of your personal information,
- the processing is unlawful and you refuse to delete your personal information and instead restrict the use of your personal information
- the person responsible no longer needs personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
- if you object to the processing pursuant to Art. 21 (1) DS-GVO and it is not yet clear whether the legitimate reasons of the person responsible outweigh your reasons.
- Right to Data PortabilityYou have the right of data transferability according to Art. 20 DS-GVO, which means that you can receive the personal data stored about us in a structured, common and machine-readable format or you can request the transfer to another person responsible.
- Right to appeal
You have a right to complain to a regulator. As a rule, you can contact the supervisory authority for this purpose, in particular in the Member State of your place of residence, your job or the location of the alleged infringement.
In order to protect all personally identifiable information transmitted to us and to ensure compliance with our privacy practices, as well as our external service providers, we have taken appropriate technical and organizational security measures. Therefore, among other things, all data between your browser and our server encrypted over a secure SSL connection.
With the following information we inform you about the content of our newsletter as well as the registration, shipping and statistical evaluation procedures as well as your right of objection. By subscribing to our newsletter, you agree to the receipt and the procedures described.Content of the newsletter: We send newsletters, e-mails and other electronic notifications with advertising information (hereinafter “newsletter”) only with the consent of the recipient or a legal permission. Insofar as the content of a newsletter is concretely described in the context of an application for the newsletter, it is decisive for the consent of the user. Incidentally, our newsletter contains information about our services and us.
Double opt-in and logging: Registration for our newsletter is done in a so-called double opt-in procedure. That After registration, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that nobody can register with external e-mail addresses. Registration for the newsletter will be logged in order to prove the registration process according to the legal requirements. This includes the storage of the logon and the confirmation time, as well as the IP address. Likewise, changes to your data stored with the shipping service provider will be logged.
Credentials: To subscribe to the newsletter, it is sufficient to provide your e-mail address. Optionally, we ask you to give a name in the newsletter for personal address.The dispatch of the newsletter and the related performance measurement are based on the consent of the recipient acc. Art. 6 para. 1 lit. a, Art. 7 DSGVO i.V.m § 7 Abs. 2 No. 3 UWG or if consent is not required, based on our legitimate interests in the direct marketing acc. Art. 6 para. 1 lt. F. DSGVO i.V.m. § 7 Abs. 3 UWG.
The logging of the registration process is based on our legitimate interests in accordance with. Art. 6 para. 1 lit. f DSGVO. We are interested in using a user-friendly and secure newsletter system that serves our business interests as well as meeting the expectations of users and allows us to provide consent.Termination / Withdrawal – You can terminate the receipt of our newsletter at any time, ie. Revoke your consent. A link to cancel the newsletter can be found at the end of each newsletter. We may save the submitted email addresses for up to three years based on our legitimate interests before we delete them to provide prior consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for cancellation is possible at any time, provided that at the same time the former existence of a consent is confirmed.
Newsletter – Mailchimp
The shipping service provider may retrieve the data of the recipients in pseudonymous form, i. without assignment to a user, to optimize or improve their own services, e.g. for the technical optimization of shipping and the presentation of newsletters or for statistical purposes. However, the shipping service provider does not use the data of our newsletter recipients to address them themselves or to pass the data on to third parties.
Newsletter – Success Measurement
The newsletters contain a so-called “web beacon”, i. a pixel-sized file that is retrieved from the server when opening the newsletter from our server, or if we use a shipping service provider. In the course of this call, technical information, such as information about the browser and your system, as well as your IP address and time of the retrieval are collected.This information is used to improve the technical performance of services based on their specifications or audience and their reading habits, based on their locations (which can be determined using the IP address) or access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our intention nor, if used, that of the shipping service provider to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users. A separate revocation of the performance measurement is unfortunately not possible, in this case, the entire newsletter subscription must be terminated.
As of: 11.05.2019