1) Information on the collection of personal data and contact details of the responsible person
1.1 We are pleased that you are visiting our website and thank you for your interest. In the following we inform you about the handling of your personal data when using our website. Personal data is all data with which you can be personally identified.
1.2 It‘s A Riot! Design, Ulrike Mayer, Wühlischstr. 8, 10245 Berlin, Germany, Tel.: 015903771394, E-Mail: firstname.lastname@example.org is responsible for the data processing on this website in the sense of the data protection basic regulation (DSGVO). The person responsible for processing personal data is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.
1.3 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or enquiries to the person responsible). You can recognize an encrypted connection by the character string "https://" and the lock symbol in your browser line.
2) Data acquisition when visiting our website
If you only use our website for information purposes, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called "server log files"). When you call up our website, we collect the following data, which is technically necessary for us to display the website to you:
- Our visited website
- Date and time at the time of access
- Amount of data sent in bytes
- Source/reference from which you came to the page
- Browser used
- Operating system used
- IP address used (if applicable: in anonymous form)
Processing is carried out in accordance with Art. 6 Para. 1 lit. f DSGVO on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to subsequently check the server log files if there are concrete indications of illegal use.
Hosting by Wix
We use the website construction kit system of Wix HQ, 6350671, Nemal Tel Aviv St 40, Tel Aviv-Yafo, Israel ("Wix") for the purpose of hosting and displaying the website on the basis of processing on our behalf. All data collected on our website is processed on Wix's servers. Within the scope of the aforementioned Wix services, data may also be transferred to Wix Inc., 500 Terry A. Francois Boulevard, San Francisco, California 94158, USA, within the scope of further processing on our behalf. In the event that data is transferred to Wix in Israel, the appropriate level of data protection is guaranteed by the European Commission's adequacy decision. Wix Inc. in the USA is certified for the us-European data protection agreement "Privacy Shield", which guarantees compliance with the data protection level applicable in the EU.
Further information about Wix's data protection can be found at the following website: https://de.wix.com/about/privacy
The scope of the processing of personal data is described below. Further processing on servers other than the aforementioned servers of Wix will only take place within the scope stated below.
In order to make visiting our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your end device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your end device and make it possible to recognize your browser during your next visit (so-called persistent cookies). If cookies are set, they collect and process certain user information such as browser and location data as well as IP address values to an individual extent. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can find the duration of the respective cookie storage in the overview of the cookie settings of your web browser.
In some cases, cookies are used to simplify the ordering process by saving settings (e.g. remembering the contents of a virtual shopping basket for a later visit to the website). If individual cookies used by us also process personal data, the processing is carried out in accordance with Art. 6 Para. 1 lit. b DSGVO either to implement the contract, in accordance with Art. 6 Para. 1 lit. a DSGVO in the event of consent or in accordance with Art. 6 Para. 1 lit. f DSGVO to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit.
Please note that you can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies in certain cases or in general. Each browser differs in the way it manages the cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. These can be found for each browser under the following links:
Please note that if cookies are not accepted, the functionality of our website may be restricted.
5) Making contact
Within the scope of contacting us (e.g. via contact form or e-mail), personal data is collected. Which data is collected in the case of a contact form, is apparent from the respective contact form. These data are stored and used exclusively for the purpose of answering your request or for establishing contact and the associated technical administration. The legal basis for the processing of this data is our legitimate interest in responding to your request pursuant to Art. 6 Para. 1 lit. f DSGVO. If the purpose of your contact is to conclude a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO. Your data will be deleted after final processing of your request. This is the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided there are no legal obligations to retain data.
6) Data processing when opening a customer account and for contract processing
Pursuant to Art. 6 Para. 1 lit. b DSGVO, personal data will continue to be collected and processed if you provide it to us for the execution of a contract or when opening a customer account. Which data is collected can be seen from the respective input forms. A deletion of your customer account is possible at any time and can be done by sending a message to the above address of the responsible person. We store and use the data provided by you for contract processing. After complete completion of the contract or deletion of your customer account, your data will be blocked with regard to tax and commercial retention periods and deleted after these periods, unless you have expressly consented to further use of your data or a legally permitted further use of data from our side was reserved.
7) Use of your data for direct marketing purposes
7.1 Registration for our e-mail newsletter
If you subscribe to our e-mail newsletter, we will regularly send you information about our offers. Your e-mail address is the only mandatory information for sending the newsletter. The provision of further data is voluntary and is used to address you personally. We use the so-called double opt-in procedure to send the newsletter. This means that we will only send you an e-mail newsletter after you have expressly confirmed that you agree to receive the newsletter. We will then send you a confirmation e-mail asking you to confirm that you wish to receive the newsletter in the future by clicking on the appropriate link.
By activating the confirmation link, you consent to the use of your personal data in accordance with Art. 6 para. 1 lit. a DSGVO. When you register for the newsletter, we store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to track any possible misuse of your e-mail address at a later point in time. The data collected by us when you register for the newsletter will be used exclusively for the purposes of advertising in the newsletter. You can unsubscribe from the newsletter at any time via the link provided for this purpose in the newsletter or by sending a corresponding message to the responsible person named at the beginning. After you have unsubscribed, your e-mail address will be immediately deleted from our newsletter distribution list unless you have expressly consented to the further use of your data or unless we reserve the right to make further use of your data which is permitted by law and about which we inform you in this declaration.
7.2 Newsletter dispatch via MailChimp
Our e-mail newsletters are sent via the technical service provider The Rocket Science Group, LLC d/b/a MailChimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA (http://www.mailchimp.com/), to whom we forward the data you provided when registering for the newsletter. This disclosure is made in accordance with Art. 6 Para. 1 lit. f DSGVO and serves our legitimate interest in the use of an effective, secure and user-friendly newsletter system. Please note that your data is usually transferred to a MailChimp server in the USA and stored there.
MailChimp uses this information for the dispatch and statistical evaluation of the newsletter on our behalf. For the evaluation, the e-mails sent contain so-called web beacons or tracking pixels, which represent one-pixel image files stored on our website. This enables us to determine whether a newsletter message has been opened and which links have been clicked. Mailchimp uses web beacons to automatically generate general, non-personal statistics about the response behaviour to newsletter campaigns. On the basis of our justified interest in the statistical evaluation of the newsletter campaigns for the optimisation of advertising communication and the better orientation towards recipient interests, the web beacons in accordance with Art. 6 Para. 1 lit f DSGVO also collect and process data of the respective newsletter recipient (e-mail address, time of retrieval, IP address, browser type and operating system). These data allow an individual conclusion to be drawn about the newsletter recipient and are processed by Mailchimp for the automated generation of statistics that show whether a certain recipient has opened a newsletter message.
If you wish to deactivate data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.
MailChimp can also use this data in accordance with Art. 6 Para. 1 lit. f DSGVO itself on the basis of its own legitimate interest in the needs-based design and optimisation of the service as well as for market research purposes, for example to determine from which countries the recipients come. However, MailChimp does not use the data of our newsletter recipients to write to them itself or to pass them on to third parties.
In order to protect your data in the USA, we have concluded a data processing agreement with MailChimp based on the standard contractual clauses of the European Commission to enable the transfer of your personal data to MailChimp. If you are interested, this data processing agreement can be viewed at the following Internet address: https://mailchimp.com/legal/data-processing-addendum/
In addition, MailChimp is certified under the European data protection agreement "Privacy Shield" and is thus committed to complying with EU data protection regulations.
8) Rights of the data subject
8.1 The applicable data protection law grants you comprehensive data subject rights (information and intervention rights) vis-à-vis the person responsible with regard to the processing of your personal data, about which we will inform you below:
- Right of access pursuant to Art. 15 DSGVO: In particular, you have a right of access to your personal data processed by us, the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data have been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right to rectification, cancellation, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if it has not been collected by us from you, the existence of automated decision-making including profiling and, where applicable, meaningful information about the logic involved and the scope and desired effects of such processing, as well as your right to be informed of the guarantees pursuant to Art. 46 DSGVO that exist when your data are transferred to third countries;
- Right of rectification pursuant to Art. 16 DSGVO: You have the right to have inaccurate data concerning you rectified without delay and/or your incomplete data stored by us completed;
- Right of deletion pursuant to Art. 17 DSGVO: You have the right to demand the deletion of your personal data if the conditions of Art. 17 para. 1 DSGVO are met. However, this right does not exist in particular if the processing is necessary for the exercise of the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
- Right to limitation of processing pursuant to Art. 18 DSGVO: You have the right to demand limitation of processing of your personal data as long as the correctness of your data, which you dispute, is verified, if you refuse to delete your data due to inadmissible data processing and instead demand limitation of processing of your data, if you need your data to assert, exercise or defend legal claims after we no longer need this data after achieving the purpose or if you have lodged an objection due to reasons of your particular situation, as long as it is not yet known whether our justified reasons prevail;
- Right to information pursuant to Art. 19 DSGVO: If you have asserted the right to rectification, cancellation or limitation of processing to the data controller, the data controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification, cancellation or limitation of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed of such recipients.
- Right to data transfer in accordance with Art. 20 DSGVO: You have the right to receive the personal data you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another responsible person, insofar as this is technically feasible;
- Right to revoke consent granted pursuant to Art. 7 (3) DSGVO: You have the right to revoke consent once granted for the processing of data at any time with effect for the future. In the event of revocation, we will immediately delete the data concerned unless further processing can be based on a legal basis for processing without consent. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the revocation;
- Right of appeal pursuant to Art. 77 DSGVO: If you are of the opinion that the processing of your personal data violates the DSGVO, you have the right - without prejudice to any other administrative or judicial remedy - to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, your place of work or the place where the alleged violation occurred.
8.2 RIGHT OF OBJECTION
IF WE PROCESS YOUR PERSONAL DATA AS PART OF A WEIGHING OF INTERESTS ON THE BASIS OF OUR PREDOMINANTLY LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO SUCH PROCESSING WITH EFFECT FOR THE FUTURE FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION.
IF YOU MAKE USE OF YOUR RIGHT OF OBJECTION, WE WILL TERMINATE THE PROCESSING OF THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO FURTHER PROCESSING IF WE CAN PROVE COMPELLING GROUNDS FOR PROCESSING WORTHY OF PROTECTION WHICH OUTWEIGH YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY US FOR THE PURPOSE OF DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING. YOU MAY OBJECT AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT OF OBJECTION, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT ADVERTISING PURPOSES.
9) Duration of storage of personal data
The duration of the storage of personal data is measured according to the respective legal basis, the purpose of processing and - if relevant - additionally according to the respective legal retention period (e.g. commercial and tax retention periods).
If personal data are processed on the basis of an express consent pursuant to Art. 6 para. 1 lit. a DSGVO, these data are stored until the data subject revokes his consent.
If there are legal storage periods for data that are processed within the framework of legal or similar obligations on the basis of Art. 6 para. 1 lit. b DSGVO, these data will be routinely deleted after expiry of the storage periods if they are no longer necessary for the fulfilment of the contract or the initiation of the contract and/or if we no longer have a justified interest in further storage.
When processing personal data on the basis of Art. 6 para. 1 lit. f DSGVO, this data is stored until the data subject exercises his right of objection in accordance with Art. 21 para. 1 DSGVO, unless we can prove compelling grounds for processing worthy of protection which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
If personal data are processed for the purpose of direct marketing on the basis of Art. 6 para. 1 lit. f DSGVO, these data are stored until the data subject exercises his right of objection pursuant to Art. 21 para. 2 DSGVO.
Unless otherwise stated in the other information contained in this declaration on specific processing situations, stored personal data will otherwise be deleted if they are no longer necessary for the purposes for which they were collected or otherwise processed.