Dear visitor, the current version of your browser is not supported by Visaya. Please update your browser version to access our website.

Data Policy

Data Policy

Version: 15.05.2019

We are delighted to welcome you to our website and would like to thank you for your interest in our company and our products. Visaya is a knowledge database and an eShop for process automation. Pursuant to the applicable data protection laws, you will find below information on the purposes for which we use your personal data, how we utilise it to optimise our services for you, and the personal data we collect when

  • you visit our website: https://visaya.solutions/
  • using contact and feedback forms,
  • sending the newsletter,
  • ordering in the eShop

(jointly “website”).

 

A. General provisions

 

1. Data Controller, Data Protection Officer

(1) The Data Controller in accordance with Art. 4, no. 7 of EU General Data Protection Regulation (GDPR) is

Process+Lab Devices Online GmbH
Perlebergerstr. 42C
Haus 7, Schultheiss Quartier, 
10559 Berlin, Germany

Tel.: +49(0)3058849263
Email: shop@visayasolutions.com

hereinafter referred to as “Process+Lab Devices Online GmbH”, “Visaya”, “we” or “us”. You can find further information about the provider in our Legal Notice.

 

(2) You can reach the data protection officer as follows: via email at madhu@visayasolutions.com or via our postal address above with the addition “FAO data protection officer”.

 

2. Types of data processed, categories of data subjects

2.1 Type of data processed

  • Inventory data (e.g. master customer data, such as names, addresses)
  • Contact data (e.g. email, telephone numbers)
  • Content data (e.g. text input, photographs, videos)
  • Contract data (e.g. subject matter of the contract, term, customer category)
  • Payment data (e.g. bank details, payment history)
  • Credit data
  • Usage data (e.g. websites visited, interest in content, access times)
  • Meta/communication data (e.g. device information, IP addresses)
  • Web analysis and tracking data

2.2 Categories of data subjects

  • Visitors and users to the website
  • Customers, interested parties and business partners

(Hereinafter, we also refer to data subjects jointly as “users”).

3. Purpose of processing

We process your personal data

  • for the provision of the website, its functions and content;
  • to create and manage your personal customer account;
  • to identify you as a contractual partner;
  • to process your online purchases from us. This includes your credit check, your orders and returns of purchases via our online shop, processing the payment, as well as notifications about the delivery status and any problems with the delivery. Your personal data can also be processed to handle complaints or in the event of warranty rights;
  • to answer to contact and support requests and to communicate with users;
  • to assert, implement, exercise or defend against legal claim(s) and legal disputes, as well as to discover, solve and prevent crimes;
  • for security measures;
  • for reach measurement;
  • for the purpose of direct marketing, e.g. in the form of an email newsletter or postal advertising.

 

4. Provision of the Website and Log Files

(1) When using the website for purely informational purposes, i.e. if you do not register with us or otherwise transmit information to us, we will only collect the personal data that your browser transmits to our servers automatically. If you would like to visit our website, we will collect the following data, which is technically necessary for us to display our website and to guarantee stability and safety (the legal basis for this is Art. 6, para. 1, letter f) (1) of GDPR):

  • IP address
  • Date and time of the visit
  • Time zone difference with respect to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Quantity of data transferred
  • Website from which the request originated
  • Browser
  • Operating system and its user interface
  • Language and version of browser software

(2) The IP addresses of users are deleted or anonymised after the end of use. When data are rendered anonymous, IP addresses are changed such that the individual pieces of data regarding personal or factual relationships can no longer be traced to a certain or identifiable natural person or that such data could only be traced with an excessive amount of time, money and effort.

 

5. Cookies

(1) In addition to the log file data specified above, cookies are stored on your device when you use our website. Cookies are small text files that are saved on your hard disk by the browser you use, and contain certain information added by the site that places the cookie (in this case, us). Cookies cannot execute any programs nor transmit viruses to your computer. The purpose of cookies is to increase the user-friendliness and efficiency of the website.

 

(2) Use of cookies:

a) This website uses the following types of cookies, the scope and functions of which are explained below:

  • Session cookies (see b)
  • Persistent cookies (see c).

b) Session cookies save what is known as a session ID, which allows different queries from your browser to be assigned to the same session. The session cookies are deleted automatically after 3 hours when you log out or close the browser. If you restart your browser and return to the website, this will not recognise you. You will have to log in again (if a login is required) or you will have to set templates and preferences again if the website offers these functions. Then a new session cookie will be generated, which stores your information and stays active until you leave the site and close your browser.

c) Persistent cookies are deleted automatically after a defined duration, depending on the cookie. You can delete cookies in your browser’s security settings at any time.

(3) What do we use cookies for?

We use cookies to personalise content and displays, to be able to offer social media functions and analyse access to our website. In addition, we forward information about your use of our website to our partners for social media, advertising and analysis. Our partners will possibly combine this information with further data that you have provided or have collected during your use of the services. By continuing to use our website, you agree to our cookie policy.

Basic information

Purpose

Description

Retention time

Technically necessary cookies

Technically necessary cookies allow our website to be used by facilitating underlying functions such as page navigation and access to secure areas of the website. Without these cookies, visits to our website cannot work correctly.

Session cookies are deleted when you close the browser.

Performance (e.g. user’s browser) and preferences

When visiting our website, cookies are used (e.g. to recognise the browser) in order to improve performance (e.g. faster loading of content). If you visit our website, the country and language choice determined or selected by you are stored in cookies in order to save you from having to choose them again on subsequent visits. In advance, it is checked whether your browser supports cookies and this information is stored in a further cookie. You will then be showed country and language-specific localised contact information, which will also be stored. The legal basis is Art. 6, para. 1, letter f) (1) of GDPR.

Session cookies are deleted when you close the browser.

Analysis Cookies (Statistics)

We use analysis cookies from third-party providers to understand how users visit our website. This helps us to improve the quality and content on our website. Aggregated statistical information comprises data such as total number of visitors. For example, we find out how often and in which order the individual pages are accessed and how long visitors spend on our pages on average. We also find out whether users have already visited our website at an earlier point in time. The legal basis is Art. 6, para. 1, letter f) (1) of GDPR. For more information, see point 13 (web analysis services).

Persistent cookies remain stored but are deleted automatically after 1 year if the website is no longer visited, provided that shorter deadlines do not apply in individual cases (see more detailed overview).

Advertising cookies (marketing)

We use advertising cookies to be able to assess the efficiency of our advertising measures and perform optimisations as a result. The legal basis is Art. 6, para. 1, letter f) (1) of GDPR.

 

Persistent cookies remain stored but are deleted automatically after 1 year if the website is no longer visited, provided that shorter deadlines do not apply in individual cases (see more detailed overview).

 

 (4) Control via cookies

You can configure your browser to notify you when any cookies are stored and only permit cookies in individual cases, to reject cookies for certain cases or reject them in general and to activate the automatic deletion of cookies when closing the browser. However, deactivating cookies may limit the functionality of this website.

 

6. Contact and Feedback Form, Email Contact, Live Chat and Messenger

(1) Various forms are made available to you on our website, through which you can contact us simply and easily electronically or give us feedback. If a user makes use of this option, the data entered into the input screen is sent to us and stored. The corresponding data, especially personal data, address data, contact details and messages (free text field) are visible directly in the relevant input screen.

The following data is also stored at the time of sending:

  • user's IP address
  • date and time of the form being sent

(2) Reference is made to this Data Policy for the processing of data as part of the sending process. Alternatively, it is possible to make contact via the email addresses provided. In this case, the user’s personal data transmitted with the email is stored. The data is used exclusively for the processing of queries.

(3) The legal basis for the processing of data that is transmitted when using the contact form or while sending an email, is Art. 6, para. 1, letter f) (1) of GDPR. If the purpose of establishing contact via email is to enter into a contract, the additional legal basis for processing is Art. 6, para. 1, letter b) (1) of GDPR.

(4) The processing of personal data from the input screen is used solely to process the communication. In the event of making contact via email, there is also necessary legitimate interest in processing data. The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our IT systems.

(5) The data is deleted once it is no longer required to achieve the purpose of its collection. This is the case once the conversation with the user has ended as regards the personal data from the input screen on the contact form and the data sent via email. The conversation has ended once it has been determined that the matter concerned has been resolved. The additional personal data collected during the sending process is deleted after no later than seven days.

(6) It is also possible to contact us via the email addresses provided on the website. In this case, the user’s personal data transmitted with the email is stored. The data is used exclusively for the processing of queries. The legal basis for the processing of data that is transmitted when sending an email is Art. 6, para. 1, letter f) (1) of GDPR. If the purpose of establishing contact via email is to enter into a contract, the additional legal basis for processing is Art. 6, para. 1, letter b) (1) of GDPR.

(7) This website uses live chat and messenger software from Intercom. Intercom’s live chat is an integrated messenger for apps and the web. As a result, we can respond directly to your questions without you having to leave the app. Intercom, Inc., is a Delaware Corporation with offices at 55 2nd Street, 4th Floor, San Francisco, CA 94105, USA, providing services to customers whose invoice address on the order form is located in Alabama, Georgia, Maryland, Michigan, Missouri, New Jersey, North Carolina, Ohio or Pennsylvania; or Intercom R&D Unlimited Company, an Irish company with offices on the 2nd Floor, Stephen Court, 18-21 St. Stephen's Green, Dublin 2, Republic of Ireland, providing services to customers whose invoice address is located anywhere else in the world.

Intercom has certified itself in accordance with the EU-US and Swiss-US Privacy Shield. You can find further information in the EU-US and Swiss-US Privacy Shield Policy. You can find further information about data protection online at: https://www.intercom.com/terms-and-policies#terms

 

7. eShop

7.1 Use of the online shop

When ordering goods in our eShop, we collect and process your personal data required for the processing of the order. Mandatory information necessary for the execution of contracts (name and address) are marked separately, further information is voluntary. The legal basis for the processing of this personal data is Art. 6, para. 1, letter b) of GDPR.

7.2 Customer account

During the registration process for a customer account (creation of an account under “My account”) necessary for purchasing from the shop, we process the following personal data: email address and a password you have generated. As a registered customer, you can access your profile and view the orders you have placed or order processes in progress. The deletion of your customer account is possible at any time and can be arranged by sending a message to the contact options described above or vie email. The legal basis for the processing of this personal data is Art. 6, para. 1, letter b) (1) of GDPR.

7.3 Electronic order and payment processes

7.3.1 Once you have decided to make a purchase as a customer or guest, we will collect the following data to execute the order: first name and surname, name of the company, communication data, address, potentially delivery address, items, payment method.

7.3.2 The following payment methods are available to you.

(1) Prepayment

Please transfer the invoice amount by the payment deadline indicated on the invoice to the bank details stated on the invoice. You can also make the transfer online. You must specify your invoice and customer number as the payment reference. This makes it possible to recognise your payment more quickly.

(2) Payment by credit card

After choosing the “credit card” payment method and completing your order, the online shop will connect you immediately to our credit card partner, Stripe, which will take your payment. There, you will enter your personal password and identify yourself as an authorised account holder. Only you and your bank know this password. This means that your card holder data is protected. Please note that payment via credit card is only possible for online purchases. If you have chosen payment by credit card, your credit card will be charged at the time your order is sent. Visaya accepts the following credit cards: Visa, MasterCard, American Express.

(3) Payment through PayPal

To pay with PayPal, choose the option “PayPal” in the “payment method” stage of the order. After placing the order, you will be connected automatically with PayPal’s secure payment form. If you already have a PayPal account, simply log in. Otherwise click on “sign up” and follow the instructions.

(4) Payment by invoice

 During the order process, you can choose the payment method “pay by invoice”. Please transfer the invoice amount by the payment deadline indicated on the invoice to the bank details stated on the invoice. You can also make the transfer online. You must specify your invoice and customer number as the payment reference. This makes it possible to recognise your payment more quickly. Warning: The “pay by invoice” payment method will not always be available.* (* Requires credit check, see Clause 7.4).

7.4 Credit checks

(1) In the case of payment by invoice, we reduce our risk of default through the 4safe® account check (plausibility check of bank details and check of various blacklists, motion profiles and limit). For this purpose, data is transmitted to creditPass GmbH (Mehlbeerenstraße 2, 82024 Taufkirchen near Munich, Germany).

(2) The legal basis is Article 6, para. 1, letter f) of GDPR. Our justified interests lie in the protection against default risks.

(3) You can find further information about data protection by creditPass at the following link: https://creditpass.eu/service/privacy-statement/

7.5 Forwarding data as part of the payment and order processing

7.5.1 Forwarding data as part of payment via PayPal

(1) Should you decide to pay with the online payment provider PayPal during the order process, your contact details will be sent to PayPal as part of the order placed. PayPal is a service offered by PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. PayPal assumes the role of an online payment provider and a trustee and offers customer protection services.

(2) The personal data transmitted to PayPal is primarily first name, surname, address, telephone number, IP address, email address or other data that is necessary to process orders, as well as data that is associated with the order, such as number of items, product numbers, invoice amount and tax as a percentage, invoice information etc.

(3) This transmission is necessary to process your order with the payment method you chose, especially to confirm your identity, to manage your payment and the customer relationship. Please note, however: Personal data can be forwarded by PayPal to service providers, subcontractors or other affiliated companies insofar as this is required to fulfil the contractual obligations under your order or to process your personal data on our behalf.

(4) Depending on the payment method chosen via PayPal, e.g. invoice or direct debit, the personal data sent to PayPal will be sent to credit agencies by PayPal. This transfer takes place to check identity and credit in relation to the order you have placed. You can find out which credit agencies are involved and which data is collected, processed, stored and forwarded by PayPal in general in the PayPal Privacy Policy here https://www.paypal.com/uk/webapps/mpp/ua/privacy-full

7.5.2 Forwarding of data to process the order

We process the data you provide to process your order. To execute contracts, we will pass on your data to the transport company carrying out the delivery to the extent that is required for the delivery of the goods. We are authorised to process this personal data in accordance with Art. 6, para. 1, letter b) of GDPR. Our service providers may only process or use your data for the purpose for which it was shared as necessary. If data is forwarded to third-party service providers, we have taken certain technical and organisational measures to ensure compliance with the requirements of data protection.

7.6 Legal basis

The legal basis for the processing of your order and payment data is Art. 6, para. 1, letter b) (1) of GDPR.

7.7 Retention time

Your address, payment and order data is stored for ten years after the execution of the contract, as required under tax and commercial law, and is then deleted if you have not agreed to longer storage or the further processing of data is required for the assertion, exercise or defence of legal claims. The legal basis for the processing of this personal data for the purpose of complying with statutory archiving and storage obligations is Art. 6, para. 1, letter c) (1) of GDPR.

 

8. Email Newsletter

8.1 Newsletter subscription

(1) With your consent, you can subscribe to our email newsletter (hereinafter referred to as “newsletter”) that we send to inform you about our products, sales and events.

(2) We use the double opt-in method for registering for our newsletter subscription. This means that after your registration, we will send you an email to the email address specified, in which we ask you for confirmation that you wish to be sent the newsletter. If you do not confirm your registration within 14 days, your information will be deleted automatically. In addition, we will save the IP addresses used during registration and confirmation and the times of registration and confirmation. The purpose of the process is to confirm your registration and to clear up any possible misuse of your personal data.

(3) The only mandatory data required for sending the newsletter is your email address. The provision of further information is voluntary and is used to contact you directly. After your confirmation, we will store your email address for the purpose of sending the newsletter.

(4) The legal basis for the aforementioned processing procedures in the context of the newsletter subscription is your consent in accordance with Art. 6, para. 1, letter a) (1) of GDPR.

(5) You can revoke your consent to the sending of the newsletter at any time by unsubscribing from the newsletter. You can unsubscribe by clicking on the email provided in each newsletter or by sending a message to the contact details specified above in Clause 2.1 of this Data Policy.

(6) The data specified when signing up for the newsletter is deleted when you unsubscribe from the newsletter.


 

8.2. Sending the newsletter after purchasing products

(1) If you have purchased products, software or services from our online shop, we will send you our newsletter without you having subscribed to it in advance, and to the email address you specified during the purchase. This concerns newsletters for advertising similar products to those that you purchased in our online shop.

(2) The email address is stored in our newsletter address database for this purpose. To demonstrate the legitimacy of sending the newsletter, we will also store your IP address used during the purchase and the time of the purchase process.

(3) The legal basis for the aforementioned processing procedure in the context of sending the newsletter is your consent in accordance with Art. 6, para. 1, letter f) (1) of GDPR. Our legitimate interest in data processing is advertising our products directly to our customers plus your interest in products and offers.

(4) You can object to the sending of the newsletter at any time. You can object by clicking on the email provided in each newsletter or by sending a message to the contact details specified above in Clause 2.1 of this Data Policy.

8.3. Email service provider

(1) This website uses MailChimp to send newsletters and electronic advertising communication (see Clause 13.8).

(2) Our website uses the email service provided by Mailgun Technologies, Inc, San Francisco, for the sending and analysis of emails in the context of orders (see Clause 13.9).

8.4 Newsletter tracking

(1) Please note that we will evaluate the user behaviour of newsletter recipients. For this evaluation, the emails sent will include web beacons or tracking pickets, which are single-pixel image files. For the evaluations, we connect the data specified in Clause 2.1 of this Data Policy, or parts therefore, and the web beacons with your email address and an individual ID. Links contained in the newsletter also contain this ID. With the data acquired as a result, we will create a user profile to be able to tailor the newsletter to the interests of our customers. In this case, we can find out when you have read our newsletter, which links you click on within it and your personal interests as a result. We may possibly connect this data with the actions you perform on our website.

(2) The legal basis for the aforementioned processing procedures in the context of the newsletter subscription is your consent in accordance with Art. 6, para. 1, letter a) (1) of GDPR.

 (3) You can object to the described tracking at any time by unsubscribing from the newsletter; you can unsubscribe by clicking on the email provided in each newsletter or by sending a message to the contact details specified above in Clause 2.1 of this Data Policy. The information acquired through tracking is stored for as long as you are subscribed to the newsletter. After registering, we will store the data for purely statistical purposes and anonymously.

(4) Tracking is also not possible if you have deactivated the displaying of images as standard in your email program. In this case, the newsletter will not be displayed to you in full and you will potentially not be able to use all functions of the newsletter. If you display the images manually, the aforementioned tracking will take place.

 

9. Job descriptions

 

(1) We advertise opening positions on our website. To process your online application, we will collect, process and use your personal data. The legal basis is Art. 6, para. 1, letter b) (1) of GDPR in conjunction with Article 26 of BDSG (German federal data protection law). Your online application data is sent directly to the management via email. Through suitable technical and organisational measures, it is ensured that your personal data is handled confidentially in line with statutory provisions.

(2) Please note that data is sent unencrypted via email and may be acknowledged by third parties or even falsified. You are welcome to send us your documents via post. If you have sent an application for a specific position and this has already been filled or if we believe you may be more suitable for another position, we will gladly pass on your application within our company. The legal basis is Art. 6, para. 1, letter f) (1) of GDPR to guarantee your and our legitimate interests. Please let us know if you do not agree with this approach. After the end of the application process, but no later than after 6 months, your personal data will be deleted automatically unless you explicitly consent to storage over a longer period.

 

10. Forwarding to Third Parties

(1) To be able to process your order as well as possible, we will collect and store the data required for the transaction and, as far as necessary, will forward it to the companies involved in fulfilling the order (payment, logistics, delivery) in the context of order processing contracts concluded with the relevant providers. To process payments, we use the payment service providers displayed on the order page when choosing the payment method.

(2) The newsletter is sent by involving services and IT systems of an external service provider, MailChimp, which we have commissioned to handle this (see Clause 13.8). We use the external service provider MailGun (see Clause 13.9) to send emails related to the order.

(3) As part of hosting our website, we will process your data that has been processed by us on the basis of a processing contract with Amazon Webservice (AWS). The servers are located in Europa, the regions of Ireland (eu-west-1) and Frankfurt am Main (eu-central-1) so that requests can only be executed there.

(4) If web analysis services and third-party providers are used, the data will be transmitted to them to the extent described herein.

 

11. Automated decision-making

In principle, we do not utilise any fully automated decision-making in accordance with Article 22 of GDPR to enter into and execute our business relationships.

 

12. Profiling

To provide you with targeted information and advice about products, we use or service providers use on our behalf web analysis instruments, especially tracking technology. This facilitates targeted communication and advertising. In this regard, we refer to Clause 13 “Web analysis services and advertising”.

 

B. Data processing by third-party providers

 

13. Web Analysis Services and Advertising

13.1 Google Analytics

(1) This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses “cookies” - text files that are saved on your computer and which allow your usage of the website to be analysed. The information generated by the cookie about your use of this website is generally transmitted to and stored by Google on servers in the United States. When activating IP anonymisation on this website, Google will first abbreviate your IP address within the EU member states and other contracting parties to the European Economic Area Agreement. The full IP address will be transmitted to a Google server in the USA and abbreviated there in exceptional cases only. On behalf of the operator of this website, Google will use this information in order to assess your use of the website, in order to compile reports about website activities and in order to provide further services related to the use of the website and the internet.

(2) The IP addresses transmitted by your browser as part of Google Analytics are not connected with other Google data.

(3) You can reject the storage of cookies on your computer by changing the settings of your browser accordingly. However, please note that not all functions on our website may be fully available if you reject cookies. You can also prevent the collection of data related to your website use and generated by the cookie (incl. your IP address) and their transmission to Google, as well as the processing of this data by Google, by downloading and installing the browser plugin provided by Google:

(4) This website uses Google Analytics with the extension “_anonymizeIp()”. As a result, IP addresses are processed further in abbreviated form, meaning that personal identification is ruled out. Insofar as there is a personal reference in the data collected about you, this will be rectified immediately and the personal data will be deleted immediately.

(5) We use Google Analytics to analyse the use of our website and make regular improvements. With the statistics available from Google Analytics, we can improve our content and make it more interesting to you as a user. For exceptional cases in which personal data is transferred to the United States, Google participates in the EU-US Privacy Shield framework, https://www.privacy-shield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6, para. 1, letter a) (1) of GDPR.

(6) Third-party provider information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of Use: https://marketingplatform.google.com/about/analytics/terms/gb/ Data Protection Overview: http://www.google.com/intl/de/analytics/learn/privacy.html, and the Data Privacy Policy: http://www.google.defintl/de/policies/privacy.

13.2 Google Tag Manager

(1) As part of Google Analytics, this website uses Google Tag Manager. Tags are small code elements on our website, which among other things are used to measure traffic and user behaviour, to record the effects of online advertising and social channels, remarketing and tailoring to address target groups and to test and optimise the website. Google Tag Manager is a solution we use to manage website tags on an interface. The tag manager tool itself (which implements the tags) is a cookieless domain. The tool makes it possible to trigger other tags, which may in turn record data. Google Tag Manager does not access this data. If deactivation takes place on domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.

(2) You can find further information about Google Tag Manager online here: https://www.google.com/analytics/tag-manager/use-policy/

13.3 AdWords and Google Conversion Tracking

(1) This website uses Google Adwords. AdWords is an online advertising program by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”). As part of Google Adwords, we use conversion tracking. If you click on an advert displayed by Google, a cookie will be placed for conversion tracking. Cookies are small text files that the internet browser stores on the user’s computer. These cookies become invalid after 30 days and are not used to identify the user personally. If the user visits certain pages of the website and the cookie has not yet expired, we and Google can recognise that the user has clicked on the advert and was redirected to this website.

(2) Each Google AdWords customer receives another cookie. Cookies cannot be tracked via the websites from AdWords customers. The information obtained using the conversion cookie is used to create conversion statistics for AdWords customers, who have decided upon conversion tracking. Customers can find out the total number of users who have clicked on their advert and were redirected to a page containing a conversion tracking tag. However, you do not receive any information through which users can be identified personally. If you do not want to take part in tracking, you can object to this use by simply deactivating the Google conversion tracking cookie under user settings in your web browser. You will then not be included in conversion tracking statistics.

(3) Conversion cookies are stored on the basis of Art. 6, para. 1, letter f) (1) of GDPR. The website operator has a legitimate interest in the analysis of user behaviour in order to optimise both the website and advertising. You can find more information about Google Adwords and Google conversion tracking in Google’s Data Protection Policy: https://policies.google.com/privacy.

13.4 Google Dynamic Remarketing

(1) In addition to AdWords conversion, we use the Google Remarketing application, provided you have given your consent in the cookie management tool. This allows us to turn on advertising tailored to your interests when you continue to use the internet, based on pages you have visited or used on our site. Google uses cookies to recognise your browser when visiting other websites and to address you with targeted adverts. The information generated by the cookie may be transmitted to and stored by Google on servers in the USA. To display corresponding advertising, your browser’s IP address may also be used.

(2) The combination of the data collected as part of remarketing with your personal data, which may be stored by Google, does not take place according to Google provisions. In particular, according to Google, a pseudonym is used during remarketing. The legal basis for the processing of your data is Art. 6, para. 1, letter a) of GDPR).

(3) If you do not want Visaya to use your data for Google Dynamic Remarketing, you can use plugins in your browser to prevent cookies from using your data. In addition, you have two further opt-out options available. You can protect yourself against tracking directly in Google’s settings: https://adssettings.google.com/authenticated, or you could deregister using a third-party provider, for example the Network Advertising Initiative http://www.networkadvertising.org/managing/opt_out.asp.

 (4) You can find further information about DoubleClick by Google at https://www.google.de/doubleclick and http://support.google.com/adsense/answer/2839090, as well as about data protection at Google in general: https://policies.google.com/privacy. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org. Google has signed up to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

13.5 Heap Analytics

(1) We also use Heap Analytics, a web analysis service from Heap Inc., 116 Natoma St., San Francisco, CA 94105, USA (“Heap Analytics”). Heap Analytics uses cookies, to allow your usage of the website to be analysed. The information generated by the cookie about your use of this website is generally transmitted to and stored by Heap Analytics on servers in the United States. The analysis by Heap Analytics takes place exclusively on the basis of anonymised IP addresses, which are not combined with other data from Heap Analytics.

(2) Insofar as personal data is processed in this respect, this processing is based on Art. 6, para. 1, letter f) (1) of GDPR and serves the legitimate interest in the analysis of user behaviour on our website and being able to tailor our site to your needs as a result.

(3) You can reject the storage of cookies on your computer by changing the settings of your browser accordingly. However, please note that not all functions on our website may be fully available if you reject cookies.

(4) Heap Analytics is not certified under the Privacy Shield agreement. Further information about Heap Analytics and Heap Analytics data protection can be found at https://heapanalytics.com/privacy.

13.6 Hotjar

(1) This website uses an analysis tool from Hotjar. Hotjar is a company from Malta. Contact: Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe, + 1 (855) 464-6788, support@hotjar.com.

(2) We use Hotjar to better understand our users’ needs and to optimise this website.  Using Hotjar’s technology, we obtain a better understanding of our users’ experiences (e.g. how much time users spend on which pages, which links you click on, what you like and what you don’t etc.) and this helps us to tailor our site to users’ feedback. Hotjar works with cookies and other technology to collect information about our users’ behaviour and their devices (especially the IP address of the device (is only recorded and stored in anonymised form), screen size, device type (unique device identifiers), information about the browser used, location (country only) to display our website in your preferred language). Hotjar saves this information in a pseudonymised user profile.  The information is not used by either Hotjar or us to identify individual users or in conjunction with further data about individual users.

(3) Storage of Hotjar cookies takes place on the basis of Art. 6, para. 1, letter f) (1) of GDPR. We have a legitimate interest in the analysis of user behaviour in order to optimise both the website and advertising.

(4) You can find further information about Hotjar data protection here: https://www.hotjar.com/privacy/gdpr-compliance. You can find the data protection policy: https://www.hotjar.com/legal/policies/privacy and detailed information about the use of cookies here https://www.hotjar.com/legal/policies/cookie-information

13.7 TrustPilot

(1) In addition to the newsletter, people who place orders in the online shop will receive a request to evaluate our services and the product following their order. TrustPilot (Trustpilot A/S, Pilestræde 58, 5, 1112 Copenhagen, Denmark) is the evaluation platform used for this purpose.

(2) You can find more information about TrustPilot and data protection at TrustPilot here: https://legal.trustpilot.com/end-user-privacy-terms.

13.8 Use of MailChimp

(1) Newsletters are sent via “MailChimp”, a newsletter-sending platform of the USA-based provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.

(2) The email addresses of our newsletter recipients, as well as their further data described in this policy, will be stored on MailChimp’s servers in the USA. MailChimp uses this information to send and analyse the newsletter on our behalf. In addition, MailChimp can use this data for its own information in order to optimise or improve its own services, e.g. to optimise the technology for the sending and presentation of the newsletter or, for commercial purposes, to determine from which countries the recipients are from. However, MailChimp does not use the data of our newsletter recipients to address them directly or pass on data to third parties.

(3) You can find MailChimp’s data protection provisions here: https://mailchimp.com/legal/privacy

(4) The newsletters receive a “web beacon” i.e. a pixel-sized file, which is loaded on MailChimp’s servers when the newsletter is opened. When this is accessed, technical information, such as information about the browser and your system, plus your IP address and time of access, will first be collected. This information is used for the technical improvement of services using technical data or target groups and their reading behaviour based on their access location (which can be determined using the IP address) or access times. Collecting statistics also includes determining whether the newsletters are opened, when they are opened and which links are clicked on. In addition, the provisions for newsletter tracking apply as per Clause 8.4.

13.9 Use of MailGun

(1) This website uses the services of MailGun to send emails as part of placing and processing orders. The provider is Mailgun Technologies, Inc., 535 Mission St., San Francisco, CA 94105, USA.

(2) MailGun is a service that signs emails and ensures that they are not mistakenly marked as spam. In addition, MailGun allows us to analyse which emails are sent and opened. If you open an email sent with MailGun, a file contained in the email (web beacon) will connect with MailGun’s servers in the USA. This helps to determine whether an email is opened and which links (if any) were clicked on. The results of these analyses may be used to ensure that you receive our emails. Your email address, subject line and further data, but not the content of the email, are stored on MailGun’s servers in the USA for a maximum of 30 days.

(3) MailGun is certified in accordance with the “EU-US-Privacy-Shield”. The “Privacy Shield” is an agreement between the European Union (EU) and the USA, which aims to guarantee that European data protection standards are complied with in the USA.

(4) Data is processed on the basis of your consent (Art. 6, para. 1, letter a) of GDPR). You can revoke this consent at any time by cancelling our service. The revocation does not affect the legality of the data processing that has already taken place.

(5) For more details, see MailGun’s data protection provisions at: https://www.mailgun.com/privacy-policy.

 

14. Social Media

14.1 Use of Facebook and LinkedIn plugins

(1) We use the following social media plugins: Facebook and LinkedIn. The provider of the plugin recognises you by marking the box above its initial letter or the logo. We give you the option to communicate directly with the provider of the plugin via the button. Only if you click on the marked field and activate it will the plugin provider receive the information that you have accessed the relevant page of our site. In addition, the data specified under Clause 3 of this policy is also transmitted. In the case of Facebook, the IP address is anonymised immediately after being collected, according to the relevant provisions of the service provider in Germany. By activating the plugin, personal data will be transmitted from you to the relevant plugin provider and stored there (at US American providers in the USA). Since the plugin provider collects data primarily via cookies, we recommend that you delete all cookies via your browser’s security settings before clicking on the greyed-out box.

(2) We do not have any influence on the data collected and data processing, nor are we aware of the full extent of data collection, the purposes of processing or length of storage. We also do not have any information about the deletion of data collected by the plugin providers.

(3) The plugin provider stores data collected about you as a user profile and uses it for the purpose of advertising, market research and/or to tailor the setup of the website to your needs. Such analysis is carried out in particular (even for users who aren’t logged in) to display tailored advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of this user profile, and can do so by contacting the plugin provider in question. Via the plugins, we offer you the opportunity to interact with social networks and other users, so that we can improve our content and make it more interesting to you as a user. The legal basis for the use of this plugin is Art. 6, para. 1, letter f) (1) of GDPR.

(4) Data is forwarded regardless of whether you have an account with the plugin provider and are logged in there. If you are logged in to the plugin provider, your data collected on our site is associated directly with your account with the plugin provider. When you tap the activated button and e.g. link to the page, the plugin provider will also store this information in your user account and will share it publicly with your contacts. We recommend that you log out regularly after using a social network, especially before activating the button, so that you can prevent the connection with your profile at the plugin provider.

(5) Please note that we as the website provider have no knowledge of the content and scope of the transmitted data or its use by the plugin provider. You can find further information about the purpose and scope of data collection and its processing by plugin providers in the data privacy policies of these providers shared below. In these policies, you will also find further information about your rights in this respect and possible settings to protect your privacy.

(6) Addresses of the plugin provider and URL with its data protection notes:

  • LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland, you can find information about data protection provisions and guidelines here: https://privacy.linkedin.com

14.2 Facebook Custom Audience / Conversion Tracking

(1) This website uses a pixel from Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland). As a result, Facebook Ireland Limited collects information about the use of the website and stores it in a cookie. The legal basis for the processing of your data is the consent you granted to us as per Art. 6, para. 1, letter a) of GDPR.

(2) This data is used to display you tailored advertising from CHECK24 vehicle insurance and to measure its success. Personal data is not transmitted by Visaya. 

(3) The information generated by the cookie is regularly transmitted to a Facebook server, which may be located in the USA. This information is stored there and is potentially combined with your Facebook profile data. As a result, Facebook may create user profiles that go beyond the information that you have provided yourself. You can find further information about this in the Facebook data protection provisions (https://www.facebook.com/about/privacy/).

 

15. Plug-Ins and Tools

 

15.1 YouTube

(1) We have integrated YouTube videos into our website, which are stored on http://www.YouTube.com and are played directly from our website. These are all included in “expanded data protection mode”, i.e. so that no data about you as a user is transmitted to YouTube if you don’t play the videos. The data specified in paragraph 2 is only transmitted if you play the videos. We have no influence on this data transmission.

(2) Through the visit to the website, YouTube receives information that you have accessed the relevant subpage on our website. In addition, the data specified under Clause 2 (visit to the website) is also transmitted. This takes place regardless of whether YouTube provides a user account that you are logged into, or whether there is no user account. If you are logged in to Google, your data is associated directly with your account. If you do not want a connection with your YouTube profile, you must log out before activating the button. YouTube stores your data as a user profile and uses it for the purpose of advertising, market research and/or for the personalised setup of its website. Such analysis is carried out in particular (even for users who aren’t logged in) to display tailored advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of this user profile, and can do so by contacting YouTube.

(3) YouTube is a subsidiary of Google. You can find further information about the purpose and scope of data collection and its processing by YouTube in its data privacy policy. In these policies, you will also find further information about your rights and possible settings to protect your privacy: https://policies.google.com/. Google also processes your personal data in the USA and has committed itself to the EU-US Privacy Shield,  https://www.privacyshield.gov/EU-US-Framework.

 

15.2 Google Fonts

(1) This site uses web fonts provided by Google to depict fonts consistently. When loading a page, your browser saves the necessary web fonts in your browser cache to display texts and fonts correctly.

(2) For this purpose, the browser you are using must connect to Google’s servers. As a result, Google is informed that our website has been accessed via your IP address. Google Web Fonts is used in order to present our website in a consistent and attractive manner. This represents a legitimate interest in accordance with Art. 6, para. 1, letter f) (1) of GDPR. If your browser does not support web fonts, a standard font will be used by your computer. You can find further information about Google Web Fonts at https://developers.google.com/fonts/faq and in Google’s Data Privacy Policy: https://www.google.com/policies/privacy/.

 

C. Customer Rights

16. Your rights

If your personal data is processed, you are a data subject in accordance with GDPR and you have the following rights with regard to us as data controller. If you would like to assert your rights or would like more precise information, please contact us or our data protection officer:

a) Rights under Art. 15 et seq. of GDPR

(1) The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information and the information specified in detail in Art. 15 of GDPR. Under certain legal circumstances, you have the right to correction in accordance with Article 16 of GDPR, the right to restriction of processing in accordance with Article 18 of GDPR and the right to erasure (“right to be forgotten”) in accordance with Article 17 of GDPR In addition, you have the right to issue the data provided by you in a structured, standard and machine-readable format (right to data portability) in accordance with Article 20 of GDPR, insofar as processing takes place on the basis of automated procedures and is based on consent in accordance with Art. 6, para. 1, letter a) or Art. 9, para. 2, letter a) or a contract in accordance with Art. 6, para. 1, letter b) of GDPR.

b) Withdrawal of consent under Art. 7, para. 3 of GDPR

If processing is based on consent, you can withdraw your consent to the personal data processing at any time. Please note that the withdrawal is for future effect only. Processing that took place before withdrawal is not affected.

c) Right of appeal

In case of complaint, you have the possibility to contact us or a data protection authority (Article 77 of GDPR). The relevant supervisory authority in Berlin is: Berlin officer for data protection and freedom of information, Maja Smoltczyk, Friedrichstr. 219, 10969 Berlin, Tel.: +49 (0)30 13889-0, Fax: +49 (0)30 2155050, email: mailbox@datenschutz-berlin.de.

d) Right to objection in accordance with Article 21 of GDPR

In addition to the above rights, you have the right to object as follows:

(1)   Individualised Right to Object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6, para 1, letter e) (1) of GDPR (data processing in the public interest) and Art. 6, para. 1, letter f) (1) of GDPR (data processing for the purpose of legitimate interests); this also applies to profiling based on those provisions in accordance with Art. 4, para. 4 of GDPR.

If you file a complaint, we will then no longer process your personal data unless we can give compelling and legitimate reasons for the processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims.

(2)   Right to object to the data processing for advertising purposes

In specific cases, we will process your data to carry out direct marketing. You have the right to object at any time to data processing for marketing purposes, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, your personal data shall no longer be processed for such purposes.

 

D. Final Provisions

17. Security

(1) We have taken technical and organisational security measures under Art. 24, 32 of GDPR to protect your data against loss, destruction, manipulation and unauthorised access. All of four employees and all third parties involved in data processing are obliged to comply with requirements under GDPR and to handle personal data confidentially.

(2) SSL or TLS encryption: For security reasons and to protect the transmission of confidential content, such as orders or queries that you send to our site operator, we use SSL and TLS encryption. You can recognise an encrypted connection by the address line in the browser changing from “http://” to “https://” and the padlock symbol in your browser bar. If SSL or TLS encryption is activated, the data that you transmit to us is not read by third parties.

 

18. Amendments to our data protection provisions

We reserve the right to amend our security and data protection measures insofar as this is required due to technical developments or legal changes. In these cases, we will adapt our Data Privacy Policy accordingly. Please therefore always observe the current version of our Data Policy.

 

19. General Terms and Conditions

In data protection matters, this Data Policy complements the General Terms and Conditions, which can be accessed via the Visaya website.