DATA PRIVACY INFORMATION
In the following you will find a detailed explanation of how we collect personal data when our website is used. Personal data refers to data that is personal to you, such as your name, address, email addresses and behaviour as a user.
The Data Controller responsible according to Art. 4 (7) EU General Data Protection Regulation (GDPR) is:
THOMAS SABO GmbH & Co. KG
Phone: +49 (0)91 23-97 15 0
FAX: +49 (0)91 23-97 15 20
Our data protection officer can be reached at:
THOMAS SABO GmbH & Co. KG
Phone: +49 (0)91 23-97 15 0
FAX: +49 (0)91 23-97 15 20
This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data or sensitive content, such as orders or enquiries to the data controller. You can recognise an encrypted connection by the "https://" and padlock icon in your browser bar.
THE COLLECTION OF PERSONAL DATA WHEN VISITING OUR WEBSITE
If you merely use our website for informative reasons, i.e. you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. When you what to view our website, we collect the following information as a technical requirement for us to be able to display our website to you and guarantee stability and security (legal basis formed by Art. 6. (1) (1) (f) GDPR:
- IP address
- Date and time of access
- Time zone difference to Greenwich Mean Time (GMT)
- Content of your request (specific page)
- Access status/HTTP status code
- Volume of data transferred in each case
- Website from where the request came
- Operating system and its interface
- Language and version of the browser software
Temporary, session or transient cookies are cookies which are deleted after a user leaves the online offering and closes their browser. Permanent or persistent are cookies that remain stored on the user's computer even after the browser is closed. This allows the login status to be saved, for instance, for when the user revisits the websites after a period of several days. Likewise, the interests of users can be stored in a cookie of this type, which is then used, for instance, to measure reach or for marketing purposes.
We use both temporary and permanent cookies so that we can identify you on subsequent visits if you have an account with us. Otherwise you would have to log in again every time you visit our website.
You can configure your browser settings based on your preferences and, for example, refuse to accept third-party cookies (from providers other than the party responsible for operating the website) or all cookies in general. We would like to point out that eventually you may not be able to use all the features of this website as a result.
ADDITIONAL FUNCTIONS AND OFFERINGS ON OUR WEBSITE
In addition to the purely informational use of our website, we offer various services that you can use if you are interested. This usually means that you will have to provide additional details about yourself which we use to provide the relevant service and to which the aforementioned data processing principles apply.
If we use contracted service providers for individual functions of our offering or would like to use your data for advertising purposes, we will inform you in detail below about the respective processes.
Some of our applications use what is referred to as geolocation, i.e. the assignment of a user process to the call location. This takes place exclusively on the basis of the anonymised IP address and only up to geographical level. In no way can conclusions be drawn about a user's actual place of residence from the geographical information obtained in this way.
When establishing contact with us (e.g. over our contact form, by email, telephone or social media), the information you provide is processed exclusively for the purpose of processing the contact request. The legal basis for processing the data is our legitimate interest in answering your enquiry in accordance with Art. 6 (1) (f) GDPR.
Your data will be deleted once we have finally processed your enquiry. This will be the case if it can be inferred from the circumstances that the matter in question has been finally clarified, provided that no statutory retention requirements stand in conflict.
Using our web shop
If you would like to place an order in our webshop, we need your master and communication data for us to able to process your order. By master data we mean your name, address and date of birth. We need your date of birth to ensure that you are over 18 years and to distinguish between duplicate names. By communication data, we mean your email address and, if provided voluntarily, your telephone number. We will only use your telephone number for queries from our Customer Service Dept. when processing the contract and not for marketing purposes. Processing here is based on Art. 6 (1) (1) (b) GDPR (contract fulfilment). If you place an order in our online shop, the collection of your email address is legally necessary in order to be able to send you an electronic order confirmation and is therefore required in accordance with Art. 6 (1) (1) (c) GDPR.
We process the data you provide in order to process your order. To do so we may pass on your payment data to our payment service providers. The legal basis for this is formed by Art. 6 (1) (1) (b) GDPR.
We can also process the data you provide in order to inform you about other interesting products from our range or to send you emails containing technical details.
You also have the option to create a password-protected customer account on a voluntary basis through which we can save your data for future purchases. When you create an account under "My Account", the data you provide is stored revocably. You can manage and change your data yourself here and also view your order history.
Commercial and tax law requirements oblige us to store your address, payment and order data for a period of 10 years. However, we restrict processing after a period of two years. That means that your data will only be used in order to comply with legal obligations.
In order to prevent unauthorised access to your personal data by third parties, in particular financial data, the order process is encrypted using TLS technology.
Newsletter and news services
With your consent and independent of a contract settlement, you can subscribe to our newsletter which informs you about current and interesting offers at our company.
We use the double Opt-in procedure for subscribing to our newsletter. This means that after you subscribe, we send an email to the email address your provide and ask you to confirm that you wish to receive the newsletter. If we do not receive confirmation of your subscription within 48 hours, your information is automatically deleted. We also store your IP addresses and the times when you subscribed and confirmed your subscription. The purpose of this procedure is to prove that you subscribed and, if necessary, to clarify any possible misuse of your personal data.
The only requirement for sending the newsletter is an indication of your email address. and, in order to be able to address you personally, your first and surname as well. The use of a real name is not compulsory and pseudonymous use is possible. Once you have confirmed your subscription, we save the data you provide for the purpose of sending you the newsletter. The legal basis is formed by Art. 6 (1) (1) (a) GDPR.
You can revoke your consent to receiving the newsletter at any time and unsubscribe from the newsletter. You can declare this by clicking on the link provided in each newsletter you receive, by sending an email to email@example.com or by sending a message to the contact details provided in the Legal Notice.
To send the newsletter, THOMAS SABO uses the Salesforce Marketing Cloud service, which is operated by Salesforce.com Inc, Salesforce Tower @ 415 Mission Street, 3rd Floor, San Francisco, California, CA 94105, USA.
In order to make our newsletter even more interesting for you in the future, we use standard market technologies such as cookies or tracking pixels in our newsletter. We evaluate the clicks you make in newsletters using what are referred to tracking pixels, i.e. invisible image files and also personalised links and embedded links (link wrapping). They are assigned to your email address and are linked to their own ID so that clicks in the newsletter can be clearly assigned to you. The user profile is used to tailor the offering and our services to your interests. The legal basis for this is formed by Art. 6 (1) (1) (a) GDPR. We take your cookie settings into account.
We also use certain data (e.g. gender, postcode, VIP status) to segment or personalise our newsletter accordingly. The legal basis for this is our legitimate interest according to Art. 6 (1) (1) (f) GDPR.
If you participate in a competition we run, we will process your data insofar as it is necessary for staging the competition. If required, we will obtain separate consent from you for the additional processing of your data within the framework of the competition.
The data collected for the purpose of participation will be deleted after the competition has ended, unless you have consented to its further processing.
The legal basis for processing personal data here is Art. 6 (I) (a) (separate consent) and Art. 6 (I) (b) EU GDPR.
You can apply online for a position of employment at THOMAS SABO over our application portal. Your online application is forwarded directly to our HR department over an encrypted connection and is treated confidentially in all cases. We will only use your details to process your application and will not disclose them to third parties outside the Group.
Please note that we only offer the applicant portal for the purpose of job applications. If you choose to apply to us by email nevertheless, we explicitly point out that email attachments are not encrypted.
You can, of course, also send in your application by post.
USING OUR MOBILE APP
In addition to our online offering, we provide you with a mobile app that you can download to your mobile device.
When downloading the mobile app, the necessary information is transferred to the App Store, i.e. in particular your user name, email address and customer number for your account, download time, payment information and the individual device code. We have no influence over the collection of this data and we are not responsible for its collection. We only process the data if it is required for downloading the mobile app to your mobile device. Beyond that, we do not store the data. Please also note the data privacy statement from the app store operator in this context:
- For the iOS App Store: Apple Inc., One Infinite Loop, Cupertino, CA 95014, USA, available at https://www.apple.com/uk/legal/privacy/en-ww/ and
- for the Google Play Store: Google LCC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, available at https://www.google.de/intl/en/policies/privacy/.
When you use our app, in addition to the aforementioned data which is collected when you visit our website, the following information is transferred over your mobile device and temporarily stored in a log file:
- End device type and operating system used
- Pages/screens called up within the app
- IP address of the computer requesting access
- Date and time of the server request
Such storage in what are known as server log files is necessary for technical reasons and to safeguard the security of the system. This data is evaluated anonymously for statistical purposes and also to improve the quality of our app. We neither allocate this data to a specific or identifiable natural person nor is it carried out on our behalf by third parties. This data is not used as an aid to create personal user profiles.
Our offering also includes what are known as location-based services, via which we provide you with special services tailored to your respective location. However, you can only use these features once you have agreed that we can collect your location data by GPS over a pop-up as well as your IP address in anonymised form for the purpose of providing the service. You can allow or disable the function in the app settings or your operating system at any time by deactivating the function under "Settings" on your device. Your location will only be transmitted to us if, when using the app, you make use of features which we can only offer you if we know your location.
In order to continuously improve and optimise our offering, we use what are known as tracking technologies for our app. We use the services of Google Firebase for this purpose.
Google Firebase is a service from Google LCC., 1600 Amphitheatre Parkway , Mountain View, CA 94043, USA ("Google"). Google Firebase uses tracking technologies that facilitate our analysis of how you use our website. Google Firebase collects information about your use of our app and transfers it to Google and stores it there. Google uses this information to evaluate how you use our app and to provide us with other app-related services.
You also have the option to receive push messages over our app.
Push messages are messages that are displayed on your mobile device's start screen. We will send you push notifications in the following cases, unless you have disabled them in the settings on your mobile device:
We use the technology from Google Firebase to send you push messages or what are known as in-app messages (messages that are only displayed to you in the app). A pseudonymised push reference is assigned to your mobile device. This serves as the destination for the push messages and in-app messages and we use it to be able to display push messages or in-app messages to you on your mobile device.
You will only receive push messages if you enable them on our app when you first run it or at a later date. You can enable and disable push notifications at any time.
TO WHAT EXTENT DO WE DISCLOSE PERSONAL DATA TO THIRD PARTIES
We disclose your data to third parties if we are obliged to do so compulsorily due to legal provisions or legal processes (e.g. a request from an investigating authority) or if you have expressly consented to a transfer to third parties.
Insofar as we disclose personal data from you in all other cases, we do so exclusively to service providers or partner companies that support us in processing orders, providing customers with information and/or providing services based on instructions (commissioned data processing pursuant to Art. 28 GDPR). These concern, for example, web hosts, delivery service providers, payment service providers, fraud management providers and credit rating agencies. These companies are obliged to comply with data protection regulations for their part. Particularly strict data protection requirements apply to commissioned data processing pursuant to Art. 28 GDPR. In particular, such companies may only use the data to fulfil the tasks they have been commissioned with on our behalf.
Insofar as we process data in a third country (i.e. outside the European Union (EU) or European Economic Area (EEA)), or within the context of use by third-party services or the disclosure or transfer of data to third parties, it only takes place if it is required to fulfil our (pre-)contractual obligations, subject to your consent, subject to a legal obligation or our legitimate interests. Subject to legal or contractual permissions, we only process or have data processed in a third country when the special conditions of Art. 44 et seq GDPR exist. This means, for example, that processing takes place on the basis of special guarantees, such as the officially recognised level of data protection or compliance with officially recognised special contractual obligations (what are known as 'standard contractual clauses').
Below is a list of data recipients that process your personal data:
Bazaarvoice – Bazaarvoice Inc., USA – Rating Analytics Provider
Criteo – Criteo SA, USA – Online Display Advertisement
Die Post – Schweizerische Post AG, Switzerland – Product Delivery
DHL – DHL Paket GmbH, Germany – Product Delivery
Direct Link Worldwide GmbH – Product Delivery for PostNord
Facebook – Facebook Ireland Limited, Ireland – Social Media Platform
Facebook Remarketing/Retargeting – Facebook Ireland Limited, Ireland – Personalised Advertisement
Google Ads – Google Ireland Limited, Ireland – Advertisement
Google Analytics – Google Ireland Limited, Ireland – Analytics
Google Firebase – Google LCC, USA – Analytics
Google Maps – Google LCC USA – Mapping Service
Google Play Store – Google LCC, USA – App Store Platform
Google reCAPTCHA – Google LCC, USA – Captcha Service
GÜLL GmbH, Germany – Product Delivery for Post AT and Die Post
Ingenico – Ingenico ePayments, Netherlands – Payment Service Provider
Intrum – Intrum Justitia GmbH, Germany – Credit Management Service
iOS App Store – Apple Inc., USA – App Store Platform
Instagram – Facebook Ireland Limited, Ireland – Social Media Platform
Klarna – Klarna Bank AB, Sweden – Payment Service Provider
LinkedIn – LinkedIn Ireland Unlimited Company, Ireland – Social Media Platform
Loqate Capture – GB Group Plc, GB – Email Validation
Microsoft Advertising – Microsoft Corporation, USA – Conversion Tracking
parcelLab – parcelLab GmbH, Germany – Shipping Status Communication
PayPal – PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg – Payment Service Provider
Pinterest – Pinterest Inc., USA – Social Media Platform
PowerReviews – PowerReviews, Inc., USA – Rating Analytics Provider
Post AT – Österreichische Post Aktiengesellschaft, Austria – Product Delivery
PostNord – PostNord AB, Sweden, Finland and Denmark – Product Delivery
Salesforce Commerce Cloud – Salesforce.com Inc., USA – Website Hosting
Salesforce Marketing Cloud – Salesforce.com Inc., USA – Newsletter & SMS Marketing
Trbo – trbo GmbH, Germany, Onsite Personalization
Tealium AudienceStream – Tealium Inc., USA – Customer Data Platform
Tealium Tag Manager – Tealium Inc., USA – Tag Management
Twitter – Twitter Inc., USA – Social Media Platform
UPS – United Parcel Service Deutschland S.à.r.l. & Co. OHG, Germany – Product Delivery
Xing – New Work SE, Germany – Social Media Platform
YouTube – Google LCC, USA – Social Media Platform
This list is subject to change if required.
CONSENT TO COOKIES
We use software services over the internet and running on servers from their providers ("cloud services", also referred to as "software as a service") for the following purposes: Document storage and management, calendar management, emailing, spreadsheets and presentations, sharing documents, content and information involving specific recipients or publishing web pages, forms or other content and information, and chatting and participating in audio and video conferences.
If we use cloud services to make forms or other documents and content available to other users or publicly accessible websites, said providers may store cookies on user devices for the web analytics purposes or to remember users' settings (e.g. in the case of media control).
If we ask for consent to use cloud services, the legal basis for processing is consent (Art. 6 (1) (1) (a) GDPR). Furthermore, their use form a component of our (pre-)contractual services, provided that the use of the cloud services has been agreed in this context (Art. 6 (1) (1) (b) GDPR). Apart from that, user data is processed on the basis of our legitimate interests (i.e. our interest in an efficient and secure administrative processes and office organisation) (Art. 6 (1) (1) (f) GDPR).
Services and service providers deployed:
- Salesforce Commerce Cloud
- Salesforce Marketing Cloud
- Salesforce Service Cloud
THOMAS SABO regularly analyses user behaviour in order to optimise their website.
The tracking and associated analysis is performed
- To safeguard the security of our website and hence your data (legal basis: Art. 6 (1) (f) GDPR)
- To provide our service and hence fulfil our contractual obligations (legal basis: Art. 6 (1) (b) GDPR)
- To make the success of advertising campaigns measurable and to optimise the display of advertising (legal basis: Art. 6 (1) (f) GDPR.
- Calculation of statistical parameters concerning the use of our offerings (legal basis: Art. 6 (1) (f) GDPR.
You can object to your data being tracked and used for analytical evaluations at any time by configuring your browser settings based on your preferences and, for example, refusing to accept third-party cookies (from providers other than the party responsible for operating the website) or all cookies in general. or you can follow the recommendations for the individual services used.
This website uses Tag Management System (TMS), a service from Tealium Inc., 11095 Torreyana Road, San Diego, CA 92121, USA (Tealium), to dynamically adapt parts of the website. A cookie called utag_main is created to enable this functionality. The TMS is required for providing the service and therefore cannot be disabled.
Google Analytics is a web analysis service of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”), which in this respect acts as our order processor (Article 28 GDPR).
If you own a Google account and have activated “personalised advertising” or logged into our website with your customer account, we analyse your use of this website with Google Analytics cross-device tracking. In this way, for example, it is possible to record whether an action has been taken on another end device (tablet) in response to an advertisement on a laptop. In the same way, advertisements can be shown on a device if you have previously shown interest in them on another device. The reports we produce (including cross-device) contain only compiled data and do not contain any data about individual users.
In the Google account “personalised advertising” can be deactivated at any time.
If you have a Google account and have activated the “web and app activities” function, you can also see the use of this website in aggregated form to get the option of managing your data yourself.
The information produced by your use of this website can also be transferred to a Google server in the US and stored there. However, as part of the IP anonymisation activated for this website, your IP address is shortened by Google before storage. The information sent can no longer be allocated to an individual person via the IP address.
To guarantee the privacy level when processing data in third countries (especially the US) our service provider, Google Ireland Ltd., has agreed with its subcontractors (especially Google LLC) standard contractual clauses, which are based on Module 3 of the European Commission adopted on 4/6/2021 for the transfer of personal data in third countries (https://business.safety.google/adsprocessorterms/sccs/eu-p2p-intra-group/).
The data processed and linked to cookies by Google Analytics are automatically deleted after a maximum of 50 months.
The legal basis for the data processing is your consent pursuant to point a Article 6(1) GDPR and Section 25 (1) Telecommunications Telemedia Data Protection Act (TTDSG).
We use Tealium AudienceStream, a service from Tealium Inc., 11095 Torreyana Road, San Diego, CA 92121, USA, which collects and stores data on our website, from which user profiles can be created using pseudonyms.
The following including other information is collected for this purpose:
- User/click behaviour (pages visited, products purchased, services used, etc.)
- Time measurements (time and duration of the website visit, etc.)
- Device properties (resolution, operating system, browser version, etc.)
- Interests (product, service, service interests, etc.)
In order to improve your user experience, we combine the data collected from all devices which you are logged in on.
We use this information to adapt parts of our website to your needs and by doing so automate your use of the website in real time as required.
The pseudonymised user profiles are not merged with personal data concerning the bearer of the pseudonym without separately declared consent being granted. The IP address transmitted by your browser is not merged with the user profiles either.
Cookies or similar technologies for mobile devices are used to create the user profiles. The information generated by the cookie about your use of the website is stored exclusively in Germany.
|Remove the check mark to object to data collection by Tealium AudienceStream.
Retargeting is the term used to describe a process in which visitors to a website are identified in order to target them with specific messages on other websites. This method loads measurement pixels onto Internet pages, which in turn are stored in cookies.
The information collected and shared over what are known as third-party cookies is anonymous and not personally identifiable. It contains neither your address, telephone number or email address. The cookies are small text files which are stored on your computer.
This technology used is also referred to as "usage-based online advertising" or "online behavioural advertising" (OBA). You can read more about this technology here: Usage-based online advertising:
Processing here takes place based on our legitimate interest in the optimal marketing of our website in accordance with Art. 6 (1) (f) GDPR.
You can find out how to turn off or prevent the use of this technology used by Google and other service providers here: Managing your preferences.
The service providers named there have committed to complying with this procedure.
In order to optimise our marketing activities, we use the Marketing Cloud from Salesforce.com, Inc, Salesforce Tower @ 415 Mission Street, 3rd Floor, San Francisco, USA. In this context, data from you (activity data outgoing from emails through our online channels, e.g. data on the page accessed, the page history, the device used, the approximate location and data for pseudonymised identification of the user profile) is collected, stored and used in order to adapt our offering (products, website, newsletter) to you. Since Salesforce is an international company with headquarters in the USA, it cannot be ruled out that your data will be transferred to the USA. By using our website, you consent to the use of your data in this way.
You can, of course, object to the collection, storage and use of your data in the Salesforce Marketing Cloud at any time for the future.Google Ads/Remarketing and DoubleClick
Our website uses Google Ads Remarketing, which we use to advertise this website in Google search results and on third-party websites. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). For this purpose, Google places a cookie in the browser on your end device, which automatically enables interest-based advertising with the help of a pseudonymous cookie ID and based on the pages you have visited. Processing here takes place based on our legitimate interest in the optimal marketing of our website in accordance with Art. 6 (1) (f) GDPR.
Any further data processing will only take place if you have given Google permission to link your Internet and app browser history to your Google account and to use information from your Google account to personalise advertisements which you view on the Internet. In this case, if you are logged in to Google when you visit a page on our website, Google will use your data in combination with Google Analytics data to collate and define target group lists for cross-device remarketing. Google temporarily links your personal data with Google Analytics data for this purpose in order to form target groups.
In addition, when DoubleClick is used, cookie IDs are used to record what are known as conversions that relate to ad enquiries. This is the case, for example, when a user sees a DoubleClick ad and visits the advertiser's website later using the same browser and buys something there. Google states that DoubleClick cookies do not contain any personal information. The marketing tools used cause your browser to automatically establish a direct connection to the Google server. We have no control over the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: By embedding DoubleClick, Google receives information that you have called up the corresponding part of our website or clicked on one of our advertisements. As soon as you are registered with a Google service, Google can associate your visit with your account. Even if you are not registered with Google or are not logged in, the provider may still will obtain and store your IP address.
You can permanently disable cookies being set for advertising preferences by downloading and installing the browser plug-in available from the following link: https://www.google.com/settings/ads/onweb/
Alternatively, you can obtain information about setting cookies from the Digital Advertising Alliance at https://www.aboutads.info and make settings for this. Finally can set your browser to inform you when cookies are being set. You can also decide whether you wish to accept them individually and whether you wish to prevent the acceptance of cookies in certain cases or in general. If you choose to disallow cookies, it may limit your ability to use our website in full. You can view additional information and the privacy policies concerning advertising and Google here: https://www.google.com/policies/technologies/ads/
Microsoft Advertising (formerly Bing Ads)
This website uses conversion tracking technology "Microsoft Advertising" from Microsoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). In doing so Microsoft Advertising sets a cookie on your computer if you arrived at our Website over a Microsoft Advertising advertisement. Cookies are small text files which are stored on your computer system. These cookies lose their validity after 180 days and are not used for personal identification. If the user visits certain pages on this website and the cookie has not yet expired, both Microsoft and the website site operator can recognise that the user clicked on the ad and was redirected to this page (conversion page). If personal data is processed in this context, it takes place in accordance with Art. 6 (1) (f) GDPR due to our legitimate interest in effective marketing.
The information collected using the conversion cookie is used to compile conversion statistics, i.e. to record how many users reach a conversion page after clicking on an advertisement. We are informed of the total number of users who clicked on our ad through this and were redirected to a conversion tracking tag page. We do not receive any information that personally identifies users however. If you do not want to participate in tracking, you can opt-out by simply disabling the Microsoft Advertising Conversion Tracking cookie under User Preferences in your browser. Doing so stops you being included in the conversion tracking statistics. Alternatively, you can check whether Microsoft advertising cookies are set in your browser and disable them on the opt-out page for EU consumers at https://www.youronlinechoices.com/uk/your-ad-choices/ You can find more information about the Microsoft Advertising privacy statement at the following URL: https://privacy.microsoft.com/dede/privacystatement
Criteo (Criteo SA)
|Remove the check mark to object to interest-based advertising on Facebook.
Using Bazaarvoice to capture and process product reviews
Objecting to product review emails
You can object to receiving product review emails from the start by clicking on the "Opt-out" button under the following link: https://www.bazaarvoice.com/legal/privacy-policy/#opting out. In this case, a permanent opt-out cookie is set in your browser that prevents your data from being processed for product review emails when you use this browser. If you use another browser, however, the transfer of data to our provider, Bazaarvoice, remains permanently activated, unless you also set the opt-out cookie in this new browser. You should note that the transfer of data to Bazaarvoice is reactivated if you delete the opt-out cookie referred to above in your browser. If you have already received an email asking you to review the product you purchased, you can opt-out of receiving it in future by clicking on the "Cancel" or "Unsubscribe" button/link at any object in each email that asks you to submit a product review.
Using PowerReviews to capture and process product reviews
Objecting to PowerReviews product review emails
If you have already received an email asking you to review the product you purchased, you can opt-out of receiving it in future by clicking on the "Cancel" or "Unsubscribe" button/link at any object in each email that asks you to submit a product review.
Personalised information and offering from trbo GmbH, Leopoldstr. 41, 80802 Munich (http://www.trbo.com/)
We want to design our website in the best possible way and in order to do so we work with external service providers whose tracking tools we use to manage and improve our online services, in particular to measure the use of our online services and the effectiveness of our online advertising. This helps us to understand which pages are particularly attractive to the users of our services, which products our customers are most interested in and which individual offerings we should make to our website users.
The data collected and used in this context is only ever stored under a pseudonym (e.g. a random identification number) and is not merged with personal data about you (e.g. name, address, etc.) Where external service providers have access to the data, this is takes place exclusively on our behalf and under our control.
In technically terms, the tracking tools used use what are known as "cookies" and "web beacons" to collect the following information: Which pages are visited when, how often and in what order, which products are searched for, which links or offerings are clicked on and which orders are placed:
If you do not want us to collect and use information about how you use of our website in this way, you can object to this by clicking on the following link (what is known as "opt-out"): https://track2.trbo.com/optout.php?redirect=thomassabo.com
You can set a corresponding opt-out cookie to this end, which does not contain any data suitable for tracking, but merely facilitates the recognition of your objection to data collection so that it is no longer takes place.
EMBEDDED FUNCTIONS AND CONTENT
We embed functional and content elements into our online offering which are obtained from the servers belonging to their respective providers (hereinafter referred to as "third-party providers"). For example, this can comprise graphics, videos or city maps (hereinafter uniformly referred to as "content").
This embedding always presupposes that the third-party providers of this content process the IP addresses of users, since they would not be able to send their content to users' browsers without the IP address. This means the IP address is needed to display this content or functions. We make every attempt to use the type of content where the supplier only uses the IP address to deliver the content. Third parties may also use what are known as pixel tags (invisible graphics, also referred to as 'web beacons') for statistical or marketing purposes. These 'pixel tags' can be used to analyse information, such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may include, but not limited to, technical information about the browser and operating system, referring websites, time of the visit and other information regarding the use of our online offering.
THE USE OF SOCIAL PLUGINS
We maintain an online presence on social networks and platforms in order to communicate with customers, prospective customers, interested parties and users who are active there and to inform them about our services. When accessing these networks and platforms, the terms and conditions and data privacy statements of the respective operators apply.
When you visit our website, no personal data is initially disclosed to the plug-in providers. You can identify the plug-in provider from the marking on the box above the initial letter or the logo. We open up the chance for you to communicate directly with the plug-in provider over the button. The plug-in provider only receives information about you accessing the corresponding website online offering if you click on the marked field and by doing so activate it. With Facebook and Xing, according to statements by the respective providers in Germany, the IP address is anonymised immediately after collection. By activating the plug-in, your personal data is transferred to the respective plug-in provider and stored there. Since the plug-in provider collects data by specifically using cookies, we recommend that you delete all cookies over the security settings in your browser.
We have no control over the data collected and the data processing operations, nor are we aware of the full extent of the data collection, the purposes of processing and the storage periods. We also have no information concerning the deletion of the data collected by the plug-in provider.
The plug-in provider saves the data collected about you as a user profile and uses it for advertising, market research and/or the needs-based design of their website. Such an evaluation is in particular carried out (also for users who are not logged in) for showing needs-based advertising and to inform other users of the social network about the activities you undertake on our website. You have a right object to the creation of these user profiles, and should contact the respective plug-in provider to exercise your right if you wish to do so. We offer you the chance over the plug-ins to interact with the social networks and other users so that we can improve our offering and make it more interesting for you as a user. The legal basis for using the plug-ins is formed by Art. 6 (1) (1) (f) GDPR.
The data is disclosed regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider, the data we collect is directly assigned to your account with the plug-in provider. If you press the activated button and link the page, for example, the plug-in provider also saves this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social media network, in particular before activating the button, since doing so allows you to avoid being assigned to your profile with the plug-in provider.
The addresses of the respective plug-in providers and URL of their data protection information:
We use the following plug-ins and apps on our website:
We maintain fan pages on several social media platforms. We provide information about our company on these platforms and customers, interested parties and users who are active there can communicate with us directly.
User data is usually also processed for market research and advertising purposes. For example, user profiles can be created from the user behaviour and the interests of the users that result from this. In turn the user profiles can be used, for instance, to place advertisements on and outside the platforms, which presumably correspond to the interests of the users. Cookies are usually stored on users' computers for these purposes, which store the behaviour and interests of the users. What is more, data may also be stored in the user profiles irrespective of the devices the users use (especially if they are members of the respective platforms and are logged in to them).
As a rule, profiles are created there from the users' behaviour and data, which is primarily used to place advertisements on and outside the platforms that correspond to their presumed interests. This takes place by setting cookies on the devices used or independently of them if the users are members of the respective platforms and logged in to them. The legal basis for this form of data collection is formed by Art. 6 (1) (f) GDPR. Our legitimate interest lies in optimising our service with regard to effective communication and information as well as marketing our offerings. If the respective platform providers ask users for explicit active consent to data processing, the legal basis for this is formed by Art. 6 (1) (a) and Art. 7 GDPR.
When using the platforms, the integration of external tracking services may, in individual cases, result in data being transferred to recipients outside the European Union, which can result in risks for the user, especially with regard to the enforcement of users' rights.
For a detailed description of the respective processing instanced and options available for objecting (opt-out), please refer to the information from the providers linked below.
In the case of requests for information and the assertion of user rights, we would like to point out that these can most effectively be made directly to the platform providers. Only these have access to the data from users and can take appropriate measures and provide information. You are welcome to contact us, of course, if you still require any further assistance.
You are entitled to receive information about personal data that concerns you. You can contact firstname.lastname@example.org for information about this at any time. (Art. 15 GDPR)
In the even that you make a request for information other than in writing, please understand that we may ask you to prove that you are the person who you claim to be.
Insofar as you are legally entitled to do so, you also have the right to have your data corrected or deleted, or have its processing restricted. (Art. 16, Art. 17 and Art. 18 GDPR)
You also have the right to object to its processing in accordance with the legal requirements. The same applies to a right to data portability. (Art. 21 GDPR)
If we process your personal data based on consent, you are entitled to revoke the consent at any time for the future without affecting the legality of any processing performed based on the consent given up to the time of revocation. (Art. 7 (3) GDPR)
You have the right to request to receive the relevant data you have provided us with in accordance with Art. 20 GDPR and request that it is transferred to others.
You have the right to appeal to a data protection supervisory authority concerning our processing of your personal data. (Art. 77 GDPR)
DELETION OF DATA
LINKS TO EXTERNAL WEBSITES
AMENDMENT OF THIS DATA PROTECTION STATEMENT
Last updated: 24/10/2023