INFORMATION ON DATA PROTECTION
Below we explain how we collect personal data when you use our website. Personal data are data that relate to you personally (e.g. name, address, email addresses, user behaviour, etc.).
The controller in the sense intended by art. 4 para. 7 of the EU General Data Protection Regulation (GDPR) is
THOMAS SABO GmbH & Co. KG
Tel. +49 (0)91 2397 150
Fax +49 (0)91 2397 1520
Our data protection officer can be contacted at
THOMAS SABO GmbH & Co. KG
Tel. +49 (0)91 2397 150
Fax +49 (0)91 2397 1520
For reasons of security and to guard against the transfer of personal data and other confidential information (e.g. during orders or enquiries to the controller), this website uses SSL or TLS encryption. Encrypted connections can be identified in your browser address bar by the prefix "https://" and the symbol of a lock.
Under art. 13 GDPR we are obliged to inform you of the legal basis of our data processing activity. Unless expressly specified in the data protection statement below, the legal basis for obtaining permission is art. 6 para. 1a) and art. 7 GDPR, the legal basis for processing for performance of our services and the implementation of contractual measures is art. 6 para. 1b) GDPR, the legal basis for processing for the fulfilment of our legal obligations is art. 6 para. 1c) GDPR and the legal basis for the vouchsafing of our legitimate interests is art. 6 para. 1f) GDPR.
COLLECTION OF PERSONAL DATA WHEN YOU VISIT OUR WEBSITE
If you use our website simply for informational purposes – i.e. if you do not register or provide us with any information in any other way – we will collect only the personal data that your browser transmits to our server. If you visit our website, we collect the following data, which we require in order to ensure the website displays properly and to guarantee its stability and security (legal basis is art. 6 para. 1 sentence 1 f GDPR):
- IP address
- Date and time of request
- Time difference from Greenwich Mean Time (GMT)
- Content of request (specific page)
- Access status/http status code
- Volume of data transmitted
- Website from where the request originates
- Operating system and its interface
- Language and version of browser software
In addition to collection of the aforementioned data, your use of our website will result in cookies being stored on your computer. Cookies are small text files saved on your hard drive and assigned to your browser and via which the party that has placed the cookie (in this case us) can collect specific information. Cookies cannot execute any programmes or infect your computer with any virus. Their purpose is to make our website more user-friendly and effective.
Temporary cookies or session cookies are cookies that are deleted when the user leaves the website and closes their browser. Permanent cookies are cookies that remain stored on your computer even after you have closed your browser. This enables details such as your log-in status to be saved so that the website recognises you when you return. Permanent cookies can also be used to save information about the user's interests, which is then used to measure reach or for marketing purposes.
By saving your settings, cookies help to simplify the order process (e.g. by recording the content of your virtual shopping basket for when you next visit the website). Insofar as individual cookies placed by us are used to process personal data, the processing is carried out under art. 6 para. 1 b) GDPR either for the performance of the contract or under art. 6 para. 1 f) GDPR to safeguard our legitimate interests in ensuring the optimum functioning of our website and a user-friendly experience and effective browsing session.
You can adjust your browser settings in accordance with your preferences by e.g. rejecting cookies. However, if you do so, you may not be able to use all the functions of this website.
OTHER FUNCTIONS AND SERVICES AVAILABLE ON OUR WEBSITE
As well as the purely informational use of our website, we also offer various services that require you to provide additional personal data, which we will use to provide the services concerned and for which the aforementioned data processing principles apply.
If in order to provide specific functions on our website we use the services of third parties, or if we intend to use your data for commercial purposes, information on the processes involved will be provided below.
Some of our applications use geo-localisation, a tool that identifies the user's location. This is done solely via anonymised IP addresses and only at the geographical level. The information thus obtained cannot in any circumstances be used to identify the user's place of residence.Contacting us
When you contact us (e.g. via the contact form or by email, phone, or social media) your details will be used solely for processing your enquiry. The legal basis for the processing of your data is our legitimate interest in responding to your query as per art. 6 para. 1 f) GDPR.
Once your query has been satisfactorily dealt with, your data will be deleted, provided it can be assumed from the circumstances that the matter has been sufficiently clarified and there is no statutory obligation to retain the data concerned.Using our online shop
If you wish to purchase items in our online shop, you will need to provide the personal data required for the processing of your order in order to form a valid contract. The data you provide will be used to process your order, for which we may pass your payment details to our payment service provider. The legal basis for this is art. 6 para. 1 sentence 1 b GDPR.
You will also have the option to create a password-protected customer account, which we can then use to save your data for future purchases. When you create an account under My Account, the data you provide will be saved for future use. You can manage and amend your data yourself and see your order history.
Under trade law and tax law regulations, we are obliged to save your address and payment and order details for ten years, although after two years the use of these data will be restricted. This means that your data will be used solely for the purposes of complying with our statutory obligations.
In order to prevent unauthorised access to your personal data, especially financial data, the order process is encrypted using TLS technology.Newsletter and news services
Regardless of whether or not you place an order, you can subscribe to our newsletter, which we use to keep users up-to-date with our latest offers.
When you register for our newsletter, we use a double opt-in process. This means that, following your registration, we send an email to the address you have provided in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm registration within 48 hours, your information will be automatically deleted. We will also save your IP address and the date and time of your registration and confirmation. The purpose of this process is to be able to prove you registered for the newsletter and to clarify any potential misuse of your personal data.
In order for us to send you the newsletter, you will need to provide us with your email address as well as your first and last name to allow us to address you personally. You don't have to give your real name: a pseudonym will suffice. Once we have received your confirmation, we will save the data you have provided for the purpose of sending you the newsletter. The legal basis for this is art. 6 para. 1, 1a GDPR.
You can at any time revoke your permission for the sending of the newsletter and can also cancel your subscription. You can cancel by clicking on the link provided in every newsletter email or by sending an email to email@example.com or by contacting us using the contact details provided in the Company Information section of this website.
For the dispatch of our newsletter we use the Salesforce Marketing Cloud service, which is operated by salesforce.com, Inc., The Landmark@One Market, Suite 300, San Francisco, California 94105, USA ("Salesforce"). In order to make our newsletter more interesting for our readers in the future, Salesforce evaluates on our behalf the opening and click patterns of our readers in an anonymous form. This enables us to learn e.g. how many of our readers
open our newsletter and which links have proved especially popular. For these purposes we use standard technologies such as cookies, which are placed on your server when you click on a link in the newsletter, or tracking pixels (also known as web beacons), which are embedded in the newsletter. These data are collected anonymously only and is not linked to your other personal data. It cannot be used to identify you personally.
This information will be saved for as long as you remain subscribed to the newsletter. If you unsubscribe, we will keep the data anonymously and purely for statistical purposes.
For our news service provided via WhatsApp and Facebook we use the services of WhatsBroadcast, which uses your data solely for the purposes of sending you our messages. WhatsBroadcast can for this purpose use the user data saved at the message service concerned (esp. phone number, first and last name, end device, and all messages sent to this service). WhatsBroadcast's detailed data protection statement can be found at https://www.whatsbroadcast.com/de/datenschutz/
We will save your mobile phone number solely for the purposes of sending you the newsletter. We will not disclose it to any third parties. Nor will it be visible to other subscribers to the news service, so they will not be able to contact you.
If you choose to receive messages via Facebook Messenger, you will find more information on the use of your data by Facebook in their data protection statement at https://de-de.facebook.com/privacy/explanationCompetitions
If you enter a competition offered by us, we will process your data to the extent required for the administration of the competition. We may as part of the competition process ask for your permission for the additional processing of your data. The data collected for your participation in the competition will be deleted once the competition is over unless you have consented to their further use. The legal basis for such use of personal data is art. 6 I a) (special permission) or art. 6 I b) GDPR.Applications
You can apply for jobs online through our application portal at THOMAS SABO. Your online application will be sent direct to the HR department via an encrypted connection and handled in the strictest confidence. We will use your data solely for the purposes of processing your application and will not disclose it to any external third party.
Further information on data processing as part of the application process can be found in the data protection statement of our application portal. If you have applied for a specific role and either the role is already taken or we have another role to which you are equally or more suited, we will pass your application on to the department concerned. Please let us know if you would prefer us not to do this. Following conclusion of the application process, your personal data will be deleted immediately or within six months, unless you have provided your consent for it to be kept for longer.
Please note that all applications should be submitted through the portal. Should you nonetheless apply to us by email, please note that email attachments are not encrypted.
Applications may also be sent by post.Olapic
On this website we use Olapic in order to display user-generated content. For more information, see Olapic's general terms and conditions at http://tos.olapic.com/
USE OF OUR MOBILE APP
As well as our website, you can also use our mobile app, which you can download onto your mobile device.
When you download the app, the information required for it to work will be transferred to the app store. This includes your user name, email address, the customer number of your account, time of download, payment information, and the individual device ID number. We have no control over the collection of these data and take no responsibility for their use. We will process your data only insofar as is required for the download of the app onto your mobile device. Your data will not otherwise be saved. In this context, please also note the data protection statements of the app store operators:
- for the iOS App Store: Apple Inc., 1 Infinite Loop, Cupertino, CA 95014, USA, available online at https://www.apple.com/de/privacy/privacy-policy/, and
- for the Google Play Store: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, available online at https://www.google.de/intl/de/policies/privacy/
For the functioning of the app, the following data are required: your unique device ID (IMEI = international mobile equipment identity).
When you use our app, the following information (in addition to the data referred to that is collected when you access our website) will be transferred from your mobile device and temporarily stored in a protocol file:
- Device and operating system used
- Pages/screens accessed within the app
- IP address of requesting end device
- Date and time of server request
This saving of data in server log files is required on technical grounds and to guarantee system security. These data will be evaluated anonymously solely for statistical purposes and to improve the quality of our app. It cannot be matched with any specific of identifiable natural person either by us or by any third party acting on our behalf. Nor will these data be used to create personal user profiles.
Our website and app also include location-based services, which we can use to offer you special services tailored to your specific location. You can use this function only once you have agreed via a pop-up message that for the purposes of service provision we may collect your location data in anonymised form via GPS and your IP address. You can allow or deactivate this function at any time by adjusting the settings of your app or operating system on your device. When you use the app, your location will be transmitted to us only if you access functions that we can provide only if we know your location.
In order to continually improve and optimise our services, our app uses tracking technologies, for which we use the services of Google Firebase.
Google Firebase is a service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). It uses tracking technologies that enable analysis of your use of our service. It captures information on your use of our app that is then transmitted to Google and saved there. Google is bound by Privacy Shield certification to comply with the US Department of Commerce's EU-US Privacy Shield Framework governing the collection, use, and storage of personal data from EU member states. Google will use the aforementioned information to evaluate your usage of our app and to provide us with additional services relating to app usage.
You can also use our app to receive push messages. These are messages displayed on the start-up screen of your mobile device. Unless you have deactivated them by adjusting your settings, we will send you push messages in the following circumstances:
In order to be able to send you push messages or in-app messages (messages that are shown to you only within the app), we use technology from Google Firebase (see 4. above). This will entail your mobile device being assigned an anonymous push reference. This serves as a target destination for the push messages and in-app messages and will be used by us to show you such messages on your device.
You will receive push messages only if you activate them for our app when you launch it or at a later point. Push messages can be deactivated and reactivated at any time.
TO WHAT EXTENT DO WE SHARE PERSONAL DATA WITH THIRD PARTIES?
We will share your data with third parties if we are compelled to do so under statutory regulations or by legal processes (e.g. a request from an investigative authority) or if you have expressly consented to such sharing.
Any other sharing of your personal data by us will be done solely with service providers or partner organisations who assist us, subject to our instruction, in processing orders, providing customers with information, and/or supplying services (contract processing as per art. 28 GDPR). Such organisations could be hosting providers, delivery agents payment service providers, fraud prevention services, and credit rating agencies. Such organisations are for their part bound by the applicable data protection regulations. Contract processing under art. 28 GDPR is subject to especially stringent data protection regulations. Such organisations are obliged to use such data solely for the performance of their duties on our behalf.
Where we process data in a non-EU or non-EEA country or such processing takes place as part of our use of third-party services or as part of the disclosure or sharing of data with third parties, this will only happen 1) where required for the fulfilment of our (pre)contractual obligations, 2) where you have provided your consent, 3) where there is a legal obligation to do so, or 4) where it is in the service of our legitimate interests. Subject to statutory or contractual permissions, we will process (or allow to be processed) data in a non-EU or non-EEA country only where the special conditions of art. 44 GDPR are met, i.e. only if processing is carried out subject to special guarantees such as those provided by official data protection schemes that provide protection equal to that offered by the EU (e.g. the US's Privacy Shield scheme) or where officially recognised special contractual obligations (i.e. standard contractual clauses) are in force.
Tracking and the evaluation linked to it is done
- to ensure the security of our website and therefore of your data (legal basis: art. 6 para. 1 f) GDPR)
- to provide our services and comply with our contractual obligations (legal basis: art. 6 para. 1 b) GDPR)
- to measure the success of advertising campaigns and optimise the display of advertising (legal basis: art. 6 para. 1 f) GDPR)
- evaluation of statistics for the use of our services (legal basis: art. 6 para. 1 f) GDPR)
You can at any time opt out of the tracking of your data and their use for analytical evaluation by adjusting your browser settings by e.g. declining to accept third-party cookies or any cookies or you can follow the recommendations provided for each individual service.
This website uses a tag management system (TMS) from Tealium Inc., 11085 Torreyana Road, San Diego, CA 92121, USA (Tealium) in order to dynamically adapt parts of the website. To enable this function, a cookie called utag_main is used. The TMS is required for the provision of the service and therefore cannot be deactivated.
This website uses Google Analytics only with the extension _anonymizeIp(), which ensures IP addresses are anonymised via abbreviation and precludes direct personal identification. It ensures that, within member states of the EU or in other states signatory to the Treaty on the European Economic Area, your IP address will be subject to prior abbreviation by Google. Only in exceptional circumstances will your full IP address be transferred to a Google server in the US and abbreviated there. In such circumstances, processing takes place under art. 6 para. 1 f) GDPR on the basis of our legitimate interest in the statistical analysis of user behaviour for optimisation and marketing purposes.
On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide us with further services related to website use and Internet use. The IP address transferred from your browser by Google Analytics will not be merged with other data held by Google.
You can prevent cookies being stored on your computer by adjusting your browser settings, but if you do so, you may not be able to make full use of all the functions on this website. You can also prevent Google from capturing and processing the data produced by cookies and based on your website use (incl. your IP address) by downloading and installing the plug-in available at https://tools.google.com/dlpage/gaoptout?hl=de
Based in the US, Google LLC is a certified member of the US-EU data protection agreement known as Privacy Shield, which guarantees adherence to data protection levels applicable in the EU.
For more information on how Google Analytics handles user data, see Google's data protection statement at: https://support.google.com/analytics/answer/6004245?hl=de
Retargeting is the name given to the process that tags visitors to a website so that they can be targeted with specific messages when they visit other websites. This method involves the placing of tracking pixels on websites, which in turn are stored in cookies.
The information captured and shared via third-party-provider cookies is anonymous and cannot be used for personal identification purposes. It contains neither your name nor your address, phone number, or email address. Cookies are text files that are saved on your computer.
This technology is also known as use-based online advertising or online behavioural advertising (OBA). For more information on these technologies, see Nutzungsbasierte Online-Werbung.
This processing is based on our legitimate interest in the optimal marketing of our website as per art. 6 para. 1 f GDPR.
For information on how to prevent Google and other service providers from using these technologies, see Präferenzmanagement.
The service providers referred to there have agreed to comply with this process.Salesforce Marketing Cloud
In order to optimise our marketing activity, we use Marketing Cloud, a service provided by salesforce.com EMEA Limited, Village 9, Floor 26 Salesforce Tower, 110 Bishopsgate, London EC2N 4AY, UK. This involves the collection, storage, and use of your data (activity data transmitted via our online channels, e.g. data on pages accessed, browsing history, device used, approximate location, and data on the anonymous identification of the user profile) in order to better target our service (products, website, and newsletter) to you. As Salesforce is an international company based in the US, the possibility cannot be excluded that your data will be transferred to the US. Salesforce is listed under Privacy Shield, the EU-US data protection programme, and therefore guarantees that your data will enjoy an appropriate level of protection in the US as well. By using our website, you provide your consent to this use of your data. You can opt out of the collection, storage, and use of your data by Salesforce Marketing Cloud with future effect by informing us at any time.Google AdWords/Remarketing und DoubleClick
Our website uses Google AdWords Remarketing, which allows us to advertise this website in Google search results as well as on third-party websites. This service is provided by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). To this end, Google places a cookie in the browser of your device which automatically facilitates interest-based advertising by means of anonymous cookie IDs and on the basis of the websites you have visited. Data are processed on the basis of our legitimate interest in the optimal marketing of our website as per art. 6 para. 1 f GDPR.
Any additional data processing will take place only insofar as you have allowed Google to link your Internet and app browsing history with your Google account and have agreed that information from your Google account can be used to personalise ads that you see on the Internet. If in such cases you are logged in to your Google account while you are visiting our website, Google will use your data together with Google Analytics data to produce and refine target group lists for remarketing across devices. To that end Google will temporarily combine your personal data with Google Analytics data in order to create target groups.
Where DoubleClick technology is used, cookie IDs will be used to capture conversions relating to ad-based enquiries. This may happen if a user sees a DoubleClick ad and later, using the same browser, visits the advertiser's website and makes a purchase there. According to Google, DoubleClick cookies do not contain any personal information. On the basis of the marketing tools deployed, your browser will automatically create a direct connection to Google's server. We have no control over the scope and further use of the data collected by Google via this tool. To the best of our knowledge, the use of DoubleClick informs Google that you have accessed a certain part of our website or have clicked on one of our ads. If you are registered for one of Google's services, Google can then match your visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the service provider may obtain and store your IP address.
You can permanently deactivate the placement of cookies for advertising purposes by downloading and installing the browser plug-in available at https://www.google.com/settings/ads/onweb/
You can learn more about the placement of cookies by visiting the website of the Digital Advertising Alliance at https://www.aboutads.info and adjusting your settings accordingly. You can also adjust your browser settings so that you are notified of the placement of cookies and can decide which of them to accept on a case-by-case basis or allow for rejection of cookies either in specific cases or in general. If you choose to reject cookies, the functionality of our website may be restricted. Based in the US, Google LLC is certified under Privacy Shield, the EU-US data protection agreement that guarantees a level of data protection equivalent to that in the EU. For further information and for data protection regulations concerning advertising and Google, see https://www.google.com/policies/technologies/ads/Bing Ads (Microsoft Corporation)
This website uses Bing Ads, a conversion tracking technology by Microsoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). This means that if you arrive at our website via a Microsoft Bing ad, a cookie will be placed on your computer. Cookies are small text files that are placed on your computer. These cookies expire after 180 days and cannot be used to identify you personally. If the user visits certain pages of this website and the cookie is still active, both Microsoft and we will know that the user has clicked on the ad and has been taken to this page (conversion page). Insofar as personal data are processed as part of this procedure, they are processed in compliance with art. 6 para. 1 f GDPR on the basis of our legitimate interest in effective marketing.
Information gathered from conversion cookies allows the generation of conversion statistics – i.e. an understanding how many users arrive at a conversion page having clicked on an ad. We therefore learn how many users have clicked on our ad and been taken to a page containing a conversion tracking tag. We nonetheless do not obtain any information that could be used to identify users personally.
Based in the US, the Microsoft Corporation is certified under Privacy Shield, the EU-US data protection agreement that guarantees a level of data protection equivalent to that in the EU. If you wish to opt out of tracking, you can do so by adjusting your browser's settings so that the cookie for Bing Ads conversion tracking via your browser is deactivated. You will then not be included in conversion tracking statistics. Alternatively you can use the EU's deactivation page for consumers at https://www.youronlinechoices.com/uk/your-ad-choices/ to check whether advertising cookies have been set in your browser by Microsoft and to deactivate them.
For more information regarding the data protection regulations governing Microsoft Bing Ads, visit https://privacy.microsoft.com/de-de/privacystatementCriteo (Criteo SA)
On this website technology provided by Criteo SA, 32 Rue Blanche, 75009 Paris, France ("Criteo") is used in conjunction with cookies to collect, store, and evaluate anonymous information on users' surfing behaviour. This is done on the basis of our legitimate interest in the embedding of personalised ads as per art. 6 para. 1 f GDPR. Criteo uses an algorithm to analyse surfing behaviour and then to display targeted product recommendations as personalised ad banners on other websites (known as publishers). Under no circumstances can the data captured be used to personally identify users of this website. Nor are the data used in any other way or shared with any third party. To opt out with future effect from data collection and the creation of anonymous user profiles, download the opt-out cookie from Criteo at https://www.criteo.com/de/privacy/. For more information on Criteo technology, see their data protection regulations at https://www.criteo.com/de/privacy/
Facebook remarketing/retargeting (custom audiences)
Our website uses Facebook Pixel, a service from Facebook Inc. ("Facebook") 1601 South California Avenue, Palo Alto, CA 94304, US. This allows us to show to visitors to our website targeted ads based on their use of the social network Facebook. To this end, embedded on our website is a Facebook pixel that creates a direct connection to Facebook servers. This tells the Facebook server that you have visited our website and Facebook then allocates this information to your personal Facebook user account. As the operator of this website, we have no knowledge of the content of the data thus shared or the way Facebook uses it. For more information on the collection and use of data by Facebook as well as regarding your privacy rights and options, see Facebook's data protection regulations at https://www.facebook.com/about/privacy/. We ourselves do not share any customer data with Facebook.
|Untick box to opt out of targeted ads on Facebook.|
Using Bazaarvoice to capture and process product reviews
Objecting to product review emails
You can object to receiving product review emails from the start by clicking on the "Opt-out" button under the following link: https://www.bazaarvoice.com/legal/privacy-policy/#opting out. In this case, a permanent opt-out cookie is set in your browser that prevents your data from being processed for product review emails when you use this browser. If you use another browser, however, transfer of your data to our provider, Bazaarvoice, remains permanently activated, unless you also set the opt-out cookie in this new browser. Please note that the transfer of data to Bazaarvoice is reactivated if you delete the opt-out cookie referred to above in your browser. If you have already received an email asking you to review the product you purchased, you can opt-out of receiving it in future by clicking on the "Cancel" or "Unsubscribe" button/link at any time in each email that asks you to submit a product review.
USE OF SOCIAL PLUG-INS
In order to be able to communicate with customers, potential customers, and users on social networks and platforms and to provide them with information about our services, we maintain an online presence on such networks and platforms. When you access these networks and platforms, their terms and conditions and data protection notices apply.
When you visit our website, none of your personal data will initially be shared with the plug-in provider. The plug-in provider can be identified by its initial letter in a box or by its logo. You can use this button to communicate directly with the plug-in provider. Only when you click on the marked field and thereby activate it does the plug-in provider receive the information that you have visited our website. In the case of Facebook and Xing in Germany, they have stated that the IP address is anonymised immediately after capture. Activating the plug-in will therefore involve your personal data being shared with and saved by the plug-in provider concerned. As the plug-in provider especially collects data via cookies, we recommend that you delete all cookies via your browser's security settings.
We have no control over the data collected or the data processing that takes place. Nor do we know the full extent of the data collection, the purpose of the processing, or how long data are kept for. Nor do we have any information regarding the deletion of data collected by the plug-in provider.
The plug-in provider will save the data it collects about you as a usage profile and will use this profile for advertising and market research purposes and/or to optimise the design of its website. This evaluation will especially be used – even for users who are not logged in – to display targeted advertising and to notify other users of the social network about your activity on our website. You have the right to opt out of the creation of this user profile. To exercise this right you should contact the plug-in provider concerned. The plug-ins allows us to offer you the option of interacting with other users of the social networks so that we can improve our service and make it more relevant to you as a user. The legal basis for the use of the plug-ins is art. 6 para. 1 sentence 1 f GDPR.
The data are shared regardless of whether you have an account with the plug-in provider or whether you are logged in. If you are logged in with the plug-in provider, the data collected on our website will be assigned directly to your account with the plug-in provider. If you click on the button and link to the provider's website, the plug-in provider will save this information in your user account too and share it publicly with your contacts. We recommend logging out after you have used a social network, especially before you click on the button, as you can in this way avoid your data being assigned to your profile at the plug-in provider.
For more information on the purpose and scope of data collection and processing by the plug-in provider, see the providers' data protection statements as indicated below. There you will also learn more about your rights in this regard and how you can adjust your settings to protect your privacy.
Addresses of plug-in providers and URLs with their data protection notices:
We use the following plug-ins and apps on our websites: Facebook, Google+, Twitter, Pinterest, YouTube, Instagram, Snapchat, WhatsApp
facebook.com plug-in and app as used by us and operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. Facebook's data protection statement: https://www.facebook.com/about/privacy/
Google+ plug-in as used by us and operated by Google. Google's data protection statement: https://www.google.com/intl/de/policies/privacy/
Twitter's plug-in as used by us and operated by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA ("Twitter"). Twitter's data protection statement: https://twitter.com/privacy
Pinterest's plug-in as used by us and operated by Pinterest Inc., 635 High Street, Palo Alto, CA, USA ("Pinterest"). Pinterest's data protection statement: https://about.pinterest.com/privacy
YouTube's plug-in as used by us and operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States ("YouTube"). YouTube's data protection statement: https://www.google.com/intl/de/policies/privacy/
Instagram's plug-in as used by us and operated by Instagram, LLC Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram"). Instagram's data protection statement: https://instagram.com/about/legal/privacy/#
Snapchat's plug-in as used by us and operated by Snapchat, Inc., Attn: copyright Agent, 63 Market Street, Venice, CA 90291, USA ("Snapchat"). Tumblr's data protection statement: https://www.snapchat.com/l/de-de/privacy
WhatsApp plug-in as used by us and operated by WhatsApp Inc., 650 Castro Street, Suite 120-219, Mountain View, Kalifornien, 94041 USA ("WhatsApp"). WhatsApp's data protection statement: https://www.whatsapp.com/legal/?l=de
These companies are based in the US and all of them have signed up to the EU-US Privacy Shield scheme.
We operate fan pages on our social media. We provide information about our company, and customers, interested parties and users who are active on these platforms can communicate with us directly.
In addition, the user data is generally processed for the purposes of market research and advertising. Therefore, the user behaviour and resulting user interests can be used to create usage profiles, for example. In turn, the usage profiles can be used to place advertisements inside and outside the platforms that are presumed to match the interests of the users. For this purpose, cookies are generally stored on the computers of the users, and they store the user behaviour and the interests of the users. In addition, data may also be stored in the usage profiles, regardless of the devices used by the users (particularly if the user is a member of the respective platforms and is logged into them).
As a rule, these are where profiles are compiled from the behaviour and data of the users; they are mainly used to place advertisements inside and outside the platforms, in accordance with your presumed interests. This takes place via the placing of cookies on the devices used or irrespective of the devices, if the user is a member of the respective platforms and is logged into them. The legal basis for this form of data collection is Art. 6(1)(f) GDPR. Our legitimate interest is in the optimisation of our service in terms of effective communication and information, and the marketing of our products. If the user is asked by the respective platform providers for explicit, active consent to the data processing, the legal basis of the processing is Art. 6(1)(a) and Art. 7 GDPR.
When using the platforms, data may be sent to recipients outside the territory of the European Union in individual cases as a result of the involvement of external tracking services; this could result in risks for the users, mainly regarding the enforcement of the rights of the users.
Regarding US providers that are certified under the Privacy Shield, we would like to point out that they are obliged to comply with the EU data privacy standards.
For detailed information about the respective processing and possibilities of objecting (opt-out), we refer to provider information linked below.
In the case of requests for information and the exercising of user rights, we would like to be point out that these can take place most effectively by contacting the platform providers directly. Only they have the respective access to the user data and can directly take according measures and provide information. Should you still require assistance, you can contact us.
WhatsApp & FACEBOOK Messenger
THOMAS SABO uses MessengerPeople GmbH service to send you newsletters and messages via the WhatsApp and Facebook Messenger messaging services. We use this service provider's platform to send messages to the channel you have subscribed to. You will only receive newsletters from us if you have explicitly ordered them. We use the double opt-in procedure for security purposes.
You have the option to discontinue our service with a individual message at any time. To do this, send us the message in Messenger "Stop". You will receive no further messages until you start a new subscription.
We use this service provider's platform to send messages to the channel you have subscribed to. You will only receive newsletters from us if you have explicitly ordered them. We use the double opt-in procedure for security purposes.
You have the right to be informed of the personal data held about you. To exercise your right, contact firstname.lastname@example.org (art. 15 GDPR).
If you make your request verbally, please understand that we may request proof that you are who you say you are.
Unless prevented by statute (art. 16 - 18 GDPR), you are further entitled to the correction or deletion of your data and to the restriction of their processing.
You also have the right to opt out of data processing under statutory regulations. The same applies for the right to data portability (art. 21 GDPR).
Where we process your data on the basis of your consent, you have the right to revoke you permission at any time with future effect. This will not have any implications for the lawfulness of any processing carried out on the basis of your consent prior to its revocation (art. 7 para. 3 GDPR).
You have the right under art. 20 GDPR to receive personal data that you have provided to us and to have it transmitted to others.
You have the right to complain to a data protection supervisory authority about the processing of your personal data by us (art. 77 GDPR).
DELETION OF DATA
Data we process will in accordance with art. 17 GDPR be deleted or their processing restricted. Unless expressly stated as part of this data protection statement, the data we store will be deleted as soon as they are no longer required for their original purpose and if no statutory retention obligations apply. Where data are not deleted because they are required for other statutorily permissible purposes, their processing will be restricted. This means data will be locked and not processed for other purposes. This applies for example to data that for reasons relating to trade law or tax law must be retained.
LINKS TO EXTERNAL WEBSITES
The website of THOMAS SABO as well as this data protection statement contain links to external websites over whose content THOMAS SABO has no control. THOMAS SABO can therefore provide no guarantee of the content, quality, nature, or reliability of these external websites. In providing a link we imply no support for or approval of the information or services offered on the site(s) concerned. Solely the provider or operator of the linked-to site is responsible for that site.
AMENDMENT OF THIS DATA PROTECTION STATEMENT
We reserve the right to amend or enhance this data protection statement as required. Any amendments will be published here. Please revisit this website regularly to ensure you remain up-to-date with the latest version of the statement.
As at: 07.05.2018