Privacy Policy
This privacy policy clarifies the type, range, and purpose of the processing of individual-related data (hereinafter referred to as “data”) within our online offers and to it’s related websites, functions, and content; as well as external online presences, e.g. our social media profiles (hereinafter uniformly referred to as “online offers”). In respect of the used terminology, e.g. “processing” or “person responsible” we refer to the definitions in article 4 of the General Data Protection Regulation (GDPR).
Person Responsible:
San Esprit GmbH & Co. KG
Verwaltung:
Großbergham 16, 83119 Obing
Sales and Advertising
San Esprit Ltd.
Gatterweg 18
79679 Todtmoos
Director: Annette Müller
Email: info(at)san-esprit.de
Types of Processed Data:
Inventory data (e.g. names, addresses).
Contact information (e.g. email, phone numbers).
Content data (e.g. text input, photos, videos).
Usage data (e.g. visited websites, interest in content, access times).
Meta / communication data (e.g. appliance information, IP-addresses).
Categories of Affected Persons:
Visitors and users of the online offers (hereinafter we will be uniformly referring to the affected persons as “users”).
Purpose of Processing:
Provision of the online offers, it’s functions, and content.
Answers to contact requests and communication with users.
Safety measures
Reach measurement / Marketing
Terminology:
“Individual-related data” is all information that refers to an identified or identifiable individual person (hereinafter referred to as “affected person”). A person is viewed as identifiable, who can by identified directly or indirectly, especially through association to an identification such as name, a code number, location data, online identification (e.g. cookie), or one or more special features that are an expression of their physical, physiological, genetic, psychic, economic, cultural, or social identity of this individual person.
“Processing” is every process implemented with, or without, help of automating procedures, or every such set of operations related to individual-related data. In dealing with data, the term is all-encompassing.
“Person responsible” describes the individual, or legal person, authority, facility, or other place who alone, or together with others, decides about the purposes and means of the processing of individual-related data.
Essential Legislative Basis:
Within the meaning of article 13 GDPR, we are informing you about the legislative basis of our information processing. Provided that the legislative basis is not mentioned the following applies: the legislative basis for the obtaining of consent is: art. 6 sect. 1 lit. a and art. 7 GDPR. The legislative basis for processing to fulfill our goods and services, and implementation of contractual activities as well as answering requests is art. 6 sect. 1 lit. b GDPR. The legislative basis for processing to fulfill our legal obligations is art. 6 sect. 1 lit. c GDPR, and the legislative basis for processing to preserve our rightful interests is art. 6 sect. 1 lit. f GDPR. In the case that vital interests of the person concerned, or another individual person, necessitates the processing of individual-relating data, and art. 6 sect. 1 lit. d of the GDPR will serve as legislative basis.
Collaboration with Data Processing Companies and Third Parties:
Provided that, within the scope of our processing, we disclose data to other people and companies (data processing companies or third parties), transfer it to them, or grant them access to it in any other way, this only takes place on the basis of a legal allowance (e.g. when a transfer of data to a third party, such as payment service providers, according to Art. 6 sect. 1 lit. b GDPR is necessary for the fulfillment of a contract), because they have agreed, a legal obligation provides for it, or on the basis of our legal interests (e.g. when using commissioned persons, web-hosters, etc.).
Provided that we assign third parties with the processing of data through a “data processing contract,” this process occurs within the meaning of art. 28 GDPR.
Transmission to Third Countries:
Provided that we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or this happens within the scope of the utilization of services of third parties or disclosures, or transferal of data to third parties, this only takes place when necessary, due to the fulfillment of our (pre-)contractual duties, on basis of their consent, because of a legal obligation, or on the basis of our own legal interests. Under reserve of legal or contractual permissions we process, or have data processed, in a third country only in the presence of the special requirements of art. 44 ff. GDPR. I.e. the processing takes place e.g. on the basis of special warranties, like the officially approved finding of a privacy policy level that matches the EU (e.g. for the USA via the “privacy shield”) or regarding officially approved special contractual obligations commonly called “standard stipulations”).
Rights of the Affected Person:
Within the meaning of art. 15 GDPR you have the right to: demand a confirmation if regarded data will be processed, information about this data, as well as further information, and copies of the data. Within the meaning of art. 16 GDPR you have the right to demand the completion of data, or the revision of inaccurate data, that concerns you. Within the meaning of art. 17 GDPR you have the right to demand that affected data will be deleted immediately, or alternatively, in accordance to art. 18 GDPR, to demand a restriction of the processing of data. Within the meaning of art. 20 GDPR you have the right to demand regarded data that you have provided us with, and to demand the transmission of the data to other persons responsible. Within the meaning of art. 77 GDPR you furthermore have the right to submit a complaint to the responsible surveillance authority.
Right of Revocation:
Within the meaning of art. 7 par. 3 GDPR you have the right to revoke granted consent to take effect after the request is made.
Right of Objection:
Within the meaning of art. 21 GDPR you may object to the prospective processing of data regarding you, at any time. The objection may be made directly against the processing of data for the purpose of direct advertising.
Security:
SSL- or TLS-Encryption:
For reasons of safety and protection of the transmission of confidential content, such as orders or inquiries, that you, as website operator, send to us, this page uses a SSL- or TLS-Encryption. An encrypted connection can be recognized by the address file changing from “http://” to “https://” and by the lock symbol in your address bar.
When the SSL- or TLS-Encryption is activated, the data you send to us cannot be read by third parties.
Cookies and Right of Objection by Direct Advertisement:
“Cookies” refers to small files that are being saved on the computers of the users. In these cookies various information can be saved. A cookie primarily serves to save information about a user (or a device on which the cookie has been saved) during or after their visit to an online offer. A “temporary cookie,” also known as “session-cookie” or “transient cookie,” is a cookie that is deleted after a user leaves an online offer and closes his browser. This kind of cookie can save the content of a shopping cart in an online shop, or a login-status. Cookies described as “permanent” or “persistent” are ones that stay saved even after closing the browser. These cookies save the login-status several days after the user has visited the online offer. These cookies can also save the interests of the users that are used for reach measurements and marketing purposes. “Third-Party-Cookies” refers to cookies that are being offered by hosts other than the one responsible for operation of that specific online offer. If the cookies belong solely to the owner of the online offer, they are called “First-Party-Cookie.”
We may apply temporary and permanent cookies and are clarifying this within the scope of our privacy policy.
If users do not want cookies to be saved to their computers, we ask them to deactivate the corresponding option within the system preferences of their browser. Cookies that have been saved can be deleted in the system preferences of their browser. The exclusion of cookies can lead to functional restrictions of this online offer.
A general objection against cookies used for the purpose of online marketing, by a variety of services, especially in the case of tracking, can be declared via the US-American page http://www.aboutads.info/choices/ or the EU-page http://www.youronlinechoices.com/. Additionally, the saving of cookies can be achieved through their shutoff in the settings of the browser. Please note that possibly not all functions of this online offer can be used.
Deleting Data:
The data that we process will be deleted, or restricted in its processing, within the meaning of art. 17 and 18 GDPR. Provided it has not been explicitly stated within this privacy policy, the data that has been saved by us will be deleted as soon as it is no longer necessary for its original purpose or otherwise, and the deletion is not opposed by a legal obligation to preserve business records. Provided the data is not deleted, because it is necessary for other legal purposes, it’s processing will be restricted. I.e. the data will be blocked and will not be processed for other purposes. E.g. this applies to data that must be kept for marketing or fiscal reasons.
According to statutory provisions in Germany the retention of data lasts for 6 years according to § 257 par. 1 HGB (trading books, inventory, opening balances, annual financial statements, commercial letters, accounting vouchers, etc.) and for 10 years according to § 147 par. 1 AO (books, recordings, management reports, accounting vouchers, commercial and business letters, as well as for taxation and relevant documents, etc.).
According to legal requirements in Austria the retention takes place for especially 7 years according to $ 132 par. 1 BAO (accounting records, vouchers/receipts, accounts, records, business papers, line-up of income and expenses, etc.), for 22 years in connection with property and for 10 years in case of documents relating to services provided electronically, telecommunication-, broadcast-, and television services rendered to non-entrepreneurs in EU counties and for whom the Mini-One-Stop-Shop (MOSS) is being used.
Hosting:
The hosting services we use serve the provision of the following services: infrastructural and platform services, computing capacity, storage space and database services, security services, as well as technical maintenance services that provide the operation of this online offer.
In doing so, we, or our hosting company, process: inventory data, contact information, content data, contract data, usage data, meta- and communications data from customers, interested parties, and visitors of this online offer on the basis of our rightful interest in an efficient and safe provision of this online offer within the meaning of art. 6 par. 1 lit. f GDPR in conjunction with art. 28 GDPR (conclusion job processing contract).
Collection of Access Data and Log Files:
We, or our hosting company, collect, based on our rightful interest (in accordance with art. 6 par. 1 lit. f GDPR), data about every access to the server on which the service exists (commonly called “server log files”). The access data includes: the name of the requested website, file, date and time of the request, transferred data volume, reports about successful retrieval, browser type and version, the operating system of the user, referrer URL (the previously visited page), IP address, and the inquiring provider.
For safety reasons (e.g. to prevent fraudulent activities or defraudation), log file information is saved for a maximum duration of 7 days and deleted afterwards. Data that needs to be saved for evidentiary purposes is exempt from deletion until the respective incident has been definitively solved.
Performance of Contractual Services
We process inventory data (e.g., names and addresses, as well as contact details of users), and contractual data (e.g., utilized services, names of contact persons, payment information) in order to fulfill our contractual obligations and services within the meaning of art. 6 par. 1 lit. b. GDPR. The entries that are labeled as obligatory in online forms are necessary for the conclusion of contract.
Within the scope of the utilization of our online services, we save the IP address and the time of the respective action of the user. This information is stored in the best interest of the individual and the user, to protect against fraud or other unauthorized usage. A transfer of this data to third parties generally does not take place unless it is necessary for the persecution of our claims, or there exists a legal obligation within the meaning of art. 6 par. 1 lit. c GDPR.
We process usage data (e.g. the visited websites of our online offer, interests in products) for advertising purposes in a user profile, e.g. to show the user product information originating from the services they have used so far.
The deletion of the data takes place after the expiry of legal warranty and comparable obligations, the necessity for the safekeeping of this data is verified every 3 years; in the case of legal archiving obligations the deletion takes place after its termination. Information in the possible customer account remains until their deletion.
Administration, Financial Accounting, Office Organization, Contact Management:
We process data within the scope of: administrative tasks, the organization of our business, financial accounting, and compliance of legal obligations, e.g. archiving. In doing so, we process the same data that we process within the scope of the delivery of our contractual services. The allowances for processing are art. 6 par. 1 lit. c GDPR, art. 6 par. 1 lit. f GDPR. Affected by the processing are: customers, interested parties, business partners, and website users. The processing serves the purpose of: administration, accounting, office organization, archiving of data, e.g. tasks that serve the maintenance of our business activities, performance of duties, and the performance of our services. The deletion of data in respect of contractual services and the contractual communication corresponds to the disclosures mentioned within these processing operations.
In doing so we reveal data to financial management and consultants, e.g. tax consultants or auditors, as well as other fee-places and payment service providers.
Furthermore, on the basis of our economic interests, we save information about suppliers, organizers, and other business partners, for further contacting. We generally save business-related data permanently.
Contacting:
When contacting us (e.g. via contact form, email, phone, or social media) we process the information of the user in order to process the contact request and its execution according to art. 6 par. 1 lit b GDPR. The information provided by the user can be saved in a Customer-Relationship-Management System („CRM System“) or a comparable request set-up.
We delete the requests, provided they are no longer necessary. We verify the necessity every two years; furthermore, the legal storing duties apply.
Involvement of Services and Contents of Third Parties:
Within our online offer, in our rightful interests (i.e. interest in the analysis, optimization, and economic operation of our online offer within the meaning of art. 6 par. 1 lit. f GDPR) we use content and service offers from third parties to integrate their contents and services, e.g. videos or font types (hereinafter uniformly referred to as “contents”).
This requires that the third-party providers of these contents can recognize the IP address of users, as they would not be able to distribute contents to their browsers with out the IP address. The IP address is therefore necessary for the presentation of these contents. We try to only use those contents whose respective providers use IP addresses solely for the distribution of the contents. Third-party providers can furthermore use “Pixel-Tags” (invisible graphics, also called “web beacons”) for statistics or marketing purposes. With Pixel-Tags, information, such as the visitor traffic on pages of the website, can be analyzed. The pseudonymous information can furthermore be saved within cookies on the user’s device and, among other things, receive information, including: the bowers and operating system, referring websites, visiting time, as well as other data pertaining to the usage of our online offer, and may be connected to information originating from other sources.
YouTube:
We have integrated YouTube videos into our website that are being saved to the server of the provider and can be played on our website. The embedding of the videos includes an active option for extended privacy settings. When you play these videos, YouTube-Cookies and DoubleClick-Cookies are saved to your computer and potential data will be transferred to: Google Ireland Limited, Gordon House, Barrow Street, Dublin, 4, Ireland, as YouTube-operator.
According to the most recent status, no less than the following data will be sent to Google Inc. as YouTube-operator and operator of the DoubleClick-Network, when playing YouTube videos: IP address and cookies, the specific address of the page you have visited on our website, system date and time of request, and the signature of your browser.
The transferring of this data takes place regardless of whether you have a Google user account that you are logged in to, or not. If you are registered in such a way, Google may assign this data directly to your account. If you do not wish to have this data assigned to your profile you must log out before playing the video.
YouTube, or Google Inc., saves this data as user profiles and possibly uses it for purposes of advertising, market research and / or need-oriented design of their websites. Such an analysis takes place (also for users that are not logged in) specifically in service of need-oriented advertising, and to inform other users about your activity on our website. You have the right to object to the creation of these user profiles, whereby, to pursue this, you must address Google as the provider of YouTube.
Privacy-Policy: https://www.google.de/intl/de/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.
Google Fonts:
For the sake of consistent presentation of fonts, this page uses “Web Fonts” that have been provided by Google. When opening a page your browser loads the necessary Web Fonts into your browser cache to correctly display texts and fonts.
For the Web Fonts to load, your browser must establish contact to the servers of Google. This allows Google to acquire knowledge that our website has been opened via your IP address. The usage of Google Web Fonts takes place in the interest of a uniform and appealing presentation of our online offer. This constitutes a legitimate interest within the meaning of art. 6 par. 1 lit. f GDPR.
If your browser does not support Web Fonts your computer will use a standardized font.
Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.