Type of data processed:
- Inventory data
- Contact details
- Content data
- Contract data
- Payment details
- Use data
- Meta data/communications data
Categories of data subjects:
- Website visitors and users
We will hereinafter also refer to data subjects collectively as ‘users’.
Purpose of processing:
- To make the website, its content and functions available.
- To fulfil contractual performance, provide services and for customer care.
- To respond to contact requests and communication with users.
- For marketing, advertising and market research.
Taking into account the state of technological knowledge, implementation costs and the type, scope, circumstances and purposes of processing, as well as the varying likelihood and severity of the risks to the rights and freedoms of natural persons, we take appropriate technical and organisational measures to ensure a level of security appropriate to the risk; these measures particularly include securing the confidentiality, integrity and availability of data through controls for physical access to data, as well as access, input, sharing, securing availability and separation that relate to it. We have also established a procedure that ensures that data subject rights are observed, data is deleted and threats to data are responded to. Furthermore, we already observe the protection of personal data in the development and/or selection of hardware, software and processes, taken into consideration in accordance with the principle of data protection using technology design and data protection by default.
Security measures particularly include the encrypted transmission of data between your browser and our server.
Working with contract processors and third parties
If, within the context of processing, we disclose data to other persons or companies (contract processors or third parties), send such data to these parties or otherwise grant them access to data, this is exclusively based on a statutory permission (e.g. if the data must be shared with third parties in order to fulfil a contract, for example a payment service provider), if you have provided your consent, if a legal obligation provides for this, or if this is based on our legitimate interests (e.g. when using contractors, web hosts, etc.).
Data subject rights
You have the right to free information about personal data stored by us relating to you and the right to correct, block or delete this data. For this and for further questions about personal data you can contact us at any time using the address in the Legal Notice.
Providing contractual services
We process inventory data (e.g. names and addresses, user contact details), contract data (e.g. services used, names of contact persons, payment information) for the purposes of fulfilling our contractual obligations and services. Information marked as mandatory in online forms is required in order to conclude the contract.
When placing orders via our online shop, a user account is automatically set up, which in particular allows you to see your orders. The required mandatory information is shown to users when registering. User accounts are not public and cannot be indexed by search engines. If a user deletes its user account, data that corresponds to the user account is deleted, subject to a retention requirement for reasons pertaining to commercial law or tax law. Users are obligated to secure their data if termination occurs before the end of the contract. We are entitled to irretrievably delete all of the data saved about the user for the contractual term.
The IP address and the time of each user action is saved as part of registration and re-registration, as well as the use of our online services. Storage is based on our legitimate interests, as well as protecting the user from misuse and other unauthorised use. Data is not generally shared with third parties unless this is required in order to enforce claims, or if there is a legal obligation to do so.
We process user data (e.g. the website visited, interest in our products) and content data (e.g. contact form or user profile content) in a user profile for advertising purposes, in order to display information such as product instructions based on the services used.
Data is deleted once guarantee obligations and comparable obligations come to an end, where the requirement of retaining the data is reviewed every three years; with respect to statutory archiving obligations, data is deleted once they come to an end, and information in the customer account remains intact until it is deleted.
If we make an advance payment (e.g. when purchasing by invoice), we reserve the right to obtain an ID check and credit check for the purposes of assessing credit risk based on mathematical, statistical procedures from specialist service providers (credit reference agencies), in order to protect legitimate interests.
As part of the credit check, we send the following personal customer data (name, postal address, information about the type of contract) to the following credit reference agency:
We process the information received by the credit reference agency about the statistical probability of a default on payment as part of a proper discretionary decision concerning the justification, implementation and termination of the contractual relationship. We reserve the right to refuse payment on account or another type of advance payment if the credit check comes back negative.
Collecting access data and log files
Based on our legitimate interests, we collect data that relates to each time the server, on which this service is located, is accessed (‘server log files’). Access data includes the name of website accessed, the file, date and time of access, the volume of data transferred, notification of successful access, browser type including version, user operating system, referrer URL (the site previously visited), IP address and requesting provider.
For security reasons (e.g. to clarify any misuse or fraud proceedings), log file information is stored for a maximum of seven days and is then deleted. Data that must be stored for the purpose of providing evidence must be excluded from erasure until each incident has been resolved.
Google is certified under the Privacy Shield Agreement, which provides an additional guarantee of complying with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google uses this information on our behalf to evaluate how users use our website, to compile reports about the activities within our website and to provide other services associated with the use of this website and internet use. In doing so, pseudonym user profiles may be created based on the processed data.
We use Google Analytics to only display adverts from Google and its partners through advertising services to users who have also shown an interest in our website or who have certain characteristics (e.g. interest in certain topics or products, determined based on the websites visited) that we send to Google (‘remarketing’, or ‘Google Analytics audiences’). By using remarketing audiences, we can also ensure that our adverts correspond with users’ potential interests and are not harassing.
We only use Google Analytics if IP anonymisation activated. This means that users’ IP addresses are truncated by Google within the European Union Member States or in other signatory states to the Agreement on the European Economic Area. A full IP address is only sent to a Google server in the USA and truncated there in exceptional cases.
The IP address sent from the user’s browser will not be merged with other Google data. The user can prevent cookies from being saved by changing the respective browser settings; the user can also prevent the data generated by the cookie relating to its use of the website from being captured and processed by Google by downloading and installing the browser plug-in available via the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
You can find more information about how Google uses data, settings and how to object on Google’s web pages: https://policies.google.com/technologies/partner-sites (‘How Google uses information from sites or apps that use our services’), https://policies.google.com/technologies/ads ‘Advertising’), https://adssettings.google.com/authenticated (‘Control the information Google uses to show you ads’).
Facebook and Facebook marketing services
Within the scope of our website, and based on our legitimate interests in analysing, optimising and economically operating our website and these purposes, we use ‘Facebook Pixel’ from the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you reside in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (‘Facebook’).
Facebook is certified under the Privacy Shield Agreement, which provides an additional guarantee of complying with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
By using Facebook Pixel, Facebook is firstly able to determine that our website visitors fall into a specific target group for displaying adverts (‘Facebook ads’). Accordingly, we use Facebook Pixel to only display Facebook ads shown by us to Facebook users who have also shown an interest in our website or who have certain characteristics (e.g. interest in certain topics or products, determined based on the websites visited) that we send to Facebook (‘Custom Audiences’). By using Facebook Pixel, we can also ensure that our Facebook ads correspond with users’ potential interests and are not harassing. By using Facebook Pixel, we can also determine the effectiveness of Facebook adverts for statistical and marketing purposes, whereby we see whether users have been redirected to our website after clicking on a Facebook advert (‘Conversion’).
You can object to Facebook Pixel collecting and using your data to display Facebook ads. To change what types of adverts are shown to you on Facebook, you can access Facebook’s page that relates to this and follow the instructions on changing your settings for use-based adverts: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. The settings do not differ from platform to platform, i.e. apply to all devices, e.g. desktop computers or mobile devices.
To prevent your data from being collected by Facebook Pixel on our website, please click on the link in the next section. Note: If you click on the link, an ‘opt-out’ cookie will be stored on your device. If you delete the cookies stored by this browser, you must click on the link again. In addition, opt-out only applies to the browser you use, and only to our web domain from which the link was clicked on.
Our websites use ‘re-targeting technologies’. We use these technologies to design the website in a way that is more interesting to you. This technology allows us to show you personalised adverts from our partners on the website. We believe that displaying personalised adverts that are based on interests are more interesting to you than an advert that does not have any personal relevance to you. This advertising material is integrated into our partners’ website using cookie technology and an analysis of previous use behaviour. This type of advertising is completely anonymous. No personal data is stored and no user profile is linked to your personal data.
You can prevent re-targeting at any time by rejecting or deactivating the related cookies in the web browser’s menu list (please see more about this under ‘Cookies’), or by using an opt-out process via the following website: https://site.adform.com/privacy-center/platform-privacy/opt-out/.
Integrating third-party services and content
We use content and service offerings from third-party providers on our website to integrate their content and services, such as videos or fonts (hereinafter referred to collectively as ‘content’). This presupposes that the third-party providers of this content use the users’ IP address, as it would not be possible to send content to their browsers without an IP address. The IP address is therefore required in order to display this content. We endeavour to use only use such content where the respective providers solely use the IP address to supply content. Third-party providers may also use ‘pixel tags’ (hidden images, also known as ‘web beacons’) for statistical or marketing purposes. Information such as the visitor traffic for this website’s pages can be evaluated using ‘Pixel tags’. Pseudonym information can also be stored in cookies on the user’s device and may contain technical information about the browser and operating system, referring web pages, the time of the visit and other information about the use of the website, etc., and be linked to such information from other sources.
The following description gives an overview of third-party providers as well as their content and links to their privacy policies, which contain other notes on data processing and opt-out options that may already be outlined here:
- If our customers use third-party payment services (e.g. PayPal), the terms and conditions and privacy policies for the respective third-party providers apply, which are available on the respective websites or from the transaction applications.
Direct Marketing (Non-Customers). BLACKSOCKS processes the personal data of persons who have subscribed to receive personalized (targeted) newsletters. The legal basis for the processing of this data is consent according to Article 6(1)(a) of the GDPR. You have the right to revoke your consent at any time. BLACKSOCKS processes this data as the controller within the meaning of Article 4(7) of the GDPR. The data processed for this purpose can include: email address, gender, login data, time-zone setting, operating system and platform, information on your visits including the URL, search terms, information about what you looked at or searched for on our website, website reaction times, download errors, duration of your visits to certain pages, information about website interaction (e.g. scrolls, clicks and mouseovers) and methods used for leaving the website, user activities, surfing on websites.
Direct Marketing (BLACKSOCKS Customers). BLACKSOCKS processes personal data for the purpose of providing targeted email marketing for existing customers. The data processed for this purpose can include: email address, gender, login data, time-zone setting, operating system and platform, information on your visits including the URL, search terms, information about what you looked at or searched for on our website, website reaction times, download errors, duration of your visits to certain pages, information about website interaction (e.g. scrolls, clicks and mouseovers) and methods used for leaving the website, user activities, surfing on websites. The legal basis for the processing of this data is our legitimate interest according to Article 6(1)(f) of the GDPR. BLACKSOCKS processes this data as the controller within the meaning of Article 4(7) of the GDPR. You have the right to revoke your consent to the processing.
Contract Processing. Personal data can be used when you use the Exponea platform. This data may include the following: (IP) address, last name, first name, gender, email address, login data, time-zone setting, operating system and platform, information on your visits including the URL, search terms, information about what you looked at or searched for on our website, website reaction times, download errors, duration of your visits to certain pages, information about website interaction (e.g. scrolls, clicks and mouseovers) and methods used for leaving the website, user activities, surfing on websites. Exponea processes this data as a processor within the meaning of Article 4(8) of the GDPR. The legal basis for the processing is our legitimate interest according to Article 6(1)(f) of the GDPR.
Exponea analyzes the personal data of BLACKSOCKS website visitors (and customers) in order to create individual profiles in the context of providing a service. These profiles are used to predict future interests and display targeted (online) advertising. The aim is to present our website visitors with offers that they find relevant and interesting. The profiling is based on the (surfing) behavior of website visitors.
BLACKSOCKS does not make any decisions on the basis of automated processing alone which entail legal consequences for our website visitors (and customers) or have a considerable adverse effect on them. We perform profiling solely for the purpose of providing our website visitors with more attractive offers for the purchase of goods and/or services and to adapt the content of websites to the preferences of website visitors.
Within the framework of profiling, we do not process any special categories of personal data within the meaning of Article 9(1) of the GDPR.