Terms of privacy, 13.09.2018
Data Privacy Statement for commercetools.com
1. Responsible body
Telephone: +49 (89) 99 82 996-0
commercetools GmbH, Adams-Lehmann-Strasse 44, 80797 Munich (hereinafter only “commercetools”) operates the website commercetools.com and wants to inform you in the following data privacy statement of the extent to which data is gathered for our website commercetools.com and the purposes for which this data is used.
This data privacy statement applies to the website commercetools.com as well as to various sub-domains (for instance dev.commercetools.com) or other domains, insofar as these refer to this data privacy statement. In the case of websites which do not refer to this data privacy statement, their own respective data protection provisions apply
2. Processing of personal data
Personal data are individual pieces of information which make a person identifiable directly or indirectly, such as a name or a postal address. Processing of personal data can occur in the following cases:
a, Access data/ server log files
For technical reasons, commercetools processes a limited number of data for every access to the website (so-called connection data). These data are technically required in order to establish and execute a connection between your end device and our servers. The processing is carried out on the basis of Sections 13 (1) and 15 (3) TMG [the German law pertaining to telemedia]. In doing so, the following data or data categories can be collected:
- Name of the website or file accessed
- Date and time of access
- Volume of data transferred
- Access status (file transferred, file not found)
- Browser type and version
- The user’s operating system
- Referrer URL (the website visited previously)
- IP address.
After the connection has ended, these data are erased or made anonymous and shall therefore not be used to generate user profiles.
b, Processing for advertising purposes
Below are further details on how we process your data for the purposes of advertising. Unless stated otherwise, all processing described below is carried out on the basis of Art. 6 (1)(a) GDPR, that is to say your explicit and voluntary consent. Any consents granted electronically to sending the newsletter shall always be in the form of a double opt-in, while written consents (that is to say, confirmed with your signature) shall regularly be made in the form of a single opt-in.
Mailshots: We use your name and your postal address as well as other information assigned to you (professional, industry, business description, name, title, academic level, address and year of birth) in order to send you advertising by post. This processing is carried out on the basis of Art. 6 (1)(f) GDPR. Pursuant to Art. 21 (2) GDPR, you have the right to object to the processing for the purposes of mail advertising at any time and without stating reasons. You will then receive no further mail advertising from us in future. Please send your objection via email or post to the responsible body mentioned in Section 1.
Personalised offers: We want to provide you with offers that are as individual as possible. Therefore, we use the information automatically generated when you visit our website and transmitted to us in order to provide you with advertising that is tailored to you and your interests. For this we use available information, such as your purchase history, email receipts and read confirmations, the date and time of your visit to our website and the products you have viewed. We use this information purely in pseudonym form. By analysing and evaluating this information, we can provide you with advertising that is individually tailored to your interests. We want to make our advertising as useful and interesting as possible. Therefore you will receive advertising such as newsletters and product recommendations that match your interests, by email or direct mail. This processing is carried out on the basis of Sections 13 (1), 15 (3) TMG, unless you have consented to this pursuant to Art. 6 (1)(a) GDPR. You have the right to object to the processing of data for the purpose of individualised advertising at any time and without stating reasons. To exercise your right to object, click here. From the time of receipt of your objection, you will not receive any personalised advertising from us.
Newsletter: On our website as well as in the web applications offered by us, you have the option to subscribe to our newsletter at various places. The newsletter informs of current commercetools events, new products and new clients and partners. You can find the data required to subscribe as well as other details in the subscription form linked in the data privacy statement. You can revoke the consent to the newsletter at any time and without stating reasons with effect for the future. Please send your objections to the responsible body mentioned in Section 1 or use the unsubscribe function in the newsletter email. If you revoke your consent, you will no longer receive any newsletters from us in future.
d, Google Analytics
There are several ways to do this:
- One way to object to web analysis by Google Analytics is to set an opt-out cookie that tells Google not to store or use your data for the purpose of web analysis. Please note that with this solution, web analysis is blocked only for as long as the opt-out cookie is stored in the browser. If you would like to set the opt-out cookie now, please click here.
- You can block the storage of cookies used to create profiles by means of an appropriate setting on your browser software.
- Depending on the browser you use, you can install a browser plug-in that blocks tracking. For this purpose, please click here and install the browser plug-in that can be downloaded from there.
On this website we use HubSpot for our online marketing activities. HubSpot is a US-based software company with a presence in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Phone: +353 1 5187500.
This is an integrated software solution that covers various aspects of our online marketing.
These include: E-mail marketing (newsletters and automated mailings, eg for the provision of event details), social media publishing & reporting, reporting (eg traffic sources, access, etc. …), contact management (eg user segmentation & CRM), landing pages and contact forms.
The legal basis for the use of the services of Hubspot is Art. 6 I f GDPR – legitimate interest. Our legitimate interest in using this service is the optimization of our marketing efforts and the improvement of our service quality on the website.
HubSpot is certified under the terms of the “EU – US. Privacy Shield Frameworks ” and governed by the TRUSTe’s Privacy Seal as well as the “U.S. – Swiss Safe Harbor“ Framework.
If you generally do not want to be registered by HubSpot, you can prevent the storage of cookies at any time by your browser settings or use the following opt-out link: Hubspot Opt-Out Link.
f, Usage-based online advertising
At this point we wish to inform you in detail about usage-based online advertising. Our website, or the website from which you have just been directed, records and processes your user behaviour anonymously. As a user, you benefit from this because you receive advertising that matches your fields of interest and thus, less random advertising is delivered to you. To record your user behavior, a cookie is stored on your computer. Cookies are small text files that are installed on the hard drive of your computer, enabling you to be recognised, but preventing you from being personally identified. The processing is carried out on the basis of Sections 13 (1) and 15 (3) TMG [the German law pertaining to telemedia].
To improve advertising according to your interests, we use the following tools:
- Google AdWords Conversion,
- Google Dynamic Remarketing,
- Twitter Advertising,
- Facebook Advertising,
- LinkedIn Advertising,
- Google Analytics, Google Tag Manager, Google Ad Manager
Information on your activities on this website (e.g. surfing behavior, the sub-pages of the internet offer that you visited) is recorded. Generally, you can stop cookies from being stored on your hard drive by choosing the browser setting “block cookies”. You can set up your browser so that it asks you whether you wish to accept cookies before it is installed. Ultimately, you can delete installed cookies at any time. To see how this works, please consult your browser’s help pages. If you block all cookies, this can restrict some of the website’s functions. Please note that if you delete cookies, you may have to re-activate previously installed opt-out cookies. We use the following tools to record data to deliver usage-based online advertising:
On the website youronlinechoices.com you can find further information about cookies and individual providers. There you can also block usage-based online advertising with individual tools or all of them. To reach the preference manager directly, please click here.
g, Facebook Custom Audiences:
We also use Facebook communications tools for usage-based online advertising, especially Custom Audiences and Website Custom Audiences. Basically, a non-reversible and non-personal related hash value is generated from your user data, which can be conveyed to Facebook for analysis and marketing purposes. The Facebook cookie is targeted for Website Custom Audiences. The processing is carried out on the basis of Sections 13 (1) and 15 (3) TMG [the German law pertaining to telemedia]. You will find more information on the purpose and scope of data collection and on the further processing and use of data by Facebook, as well as about the possible settings options to protect your privacy, from Facebook’s data privacy guidelines which you may review here. If you wish to opt out of Facebook Website Custom Audiences, you can do so here.
3. Categories of Data Recipients
Personal data can be transferred to the following categories of recipients, where applicable:
Public bodies, on the basis of legal requirements.
Affiliated companies, for the purpose of fulfilling the contract or to provide the products of the information society.
The data processor within the meaning of Art. 28 GDPR in the course of data processing.
Other third parties in the course of transfer of function.
4. Transfer to third countries
A transfer of personal data to countries outside of the European Union or the EEA is carried out on the basis of:
an adequacy decision of the European Commission within the meaning of Art. 45 GDPR.
an approved certification mechanism pursuant to Art. 42 GDPR, together with legally binding and enforceable obligations of the controller or the data processor in the third country.
standard data clauses which have been issued by the Commission pursuant to the review procedure under Art. 93 (2) GDPR.
Your personal data shall not be processed to execute automated case-to-case decisions, including profiling pursuant to Art. 22 (1) and (4) GDPR.
commercetools takes the legally required technical and organisational measures in order to protect personal data from loss, destruction, manipulation and unauthorised access.
7. Safekeeping period of the data
Personal data shall only be kept safe for as long as is necessary to satisfy the purposes mentioned here, or as stipulated by the safekeeping periods provided by the legislator. After the purpose no longer applies or after the expiry of the safekeeping periods, the data shall be erased in accordance with the statutory provisions.
8. Rights of data subjects
You have the option to make use of your “data subject rights” at any time:
Right to information pursuant to Art. 15 GDPR.
Right to rectification pursuant to Art. 16 GDPR.
Right to erasure pursuant to Art. 17 GDPR.
Right to restriction of processing pursuant to Art. 18 GDPR.
Right to data portability pursuant to Art. 20 GDPR.
Right to object pursuant to Art. 21 GDPR.
If you would like to make use of your rights, please address your concerns via email to firstname.lastname@example.org or by post to the address mentioned in Section 1. Besides that, pursuant to Art. 77 (1) GDPR you have a right to complain to a supervisory authority. You can receive further information from the supervisory authority which is locally competent for you.
9. Data protection officer
Holzhofer Consulting GmbH
Lochhamer Str. 31
82152 Munich – Planegg