I. Data Privacy Statement for commercetools.com

1. Responsible body

commercetools GmbH
Adams-Lehmann-Str. 44
80797 Munich
Email: info@commercetools.com
Telephone: +49 (89) 99 82 996-0

commercetools GmbH, Adams-Lehmann-Strasse 44, 80797 Munich (hereinafter only “commercetools”) operates the website commercetools.com and wants to inform you in the following data privacy statement of the extent to which data is gathered for our website commercetools.com and the purposes for which this data is used.

This data privacy statement applies to the website commercetools.com as well as to various sub-domains (for instance docs.commercetools.com) or other domains, insofar as these refer to this data privacy statement. In the case of websites which do not refer to this data privacy statement, their own respective data protection provisions apply

2. Processing of personal data

Personal data are individual pieces of information which make a person identifiable directly or indirectly, such as a name or a postal address. Processing of personal data can occur in the following cases:

a, Access data/ server log files

For technical reasons, commercetools processes a limited number of data for every access to the website (so-called connection data). These data are technically required in order to establish and execute a connection between your end device and our servers. The processing is carried out on the basis of Sections 13 (1) and 15 (3) TMG [the German law pertaining to telemedia]. In doing so, the following data or data categories can be collected:

  • Name of the website or file accessed
  • Date and time of access
  • Volume of data transferred
  • Access status (file transferred, file not found)
  • Browser type and version
  • The user’s operating system
  • Referrer URL (the website visited previously)
  • IP address.

After the connection has ended, these data are erased or made anonymous and shall therefore not be used to generate user profiles.

b, Processing for advertising purposes

Below are further details on how we process your data for the purposes of advertising. Unless stated otherwise, all processing described below is carried out on the basis of Art. 6 (1)(a) GDPR, that is to say your explicit and voluntary consent. Any consents granted electronically to sending the newsletter shall always be in the form of a double opt-in, while written consents (that is to say, confirmed with your signature) shall regularly be made in the form of a single opt-in.

Mailshots: We use your name and your postal address as well as other information assigned to you (professional, industry, business description, name, title, academic level, address and year of birth) in order to send you advertising by post. This processing is carried out on the basis of Art. 6 (1)(f) GDPR. Pursuant to Art. 21 (2) GDPR, you have the right to object to the processing for the purposes of mail advertising at any time and without stating reasons. You will then receive no further mail advertising from us in future. Please send your objection via email or post to the responsible body mentioned in Section 1.

Personalised offers: We want to provide you with offers that are as individual as possible. Therefore, we use the information automatically generated when you visit our website and transmitted to us in order to provide you with advertising that is tailored to you and your interests. For this we use available information, such as your purchase history, email receipts and read confirmations, the date and time of your visit to our website and the products you have viewed. We use this information purely in pseudonym form. By analysing and evaluating this information, we can provide you with advertising that is individually tailored to your interests. We want to make our advertising as useful and interesting as possible. Therefore you will receive advertising such as newsletters and product recommendations that match your interests, by email or direct mail. This processing is carried out on the basis of Sections 13 (1), 15 (3) TMG, unless you have consented to this pursuant to Art. 6 (1)(a) GDPR. You have the right to object to the processing of data for the purpose of individualised advertising at any time and without stating reasons. To exercise your right to object, click the cookie settings button below.

Cookie Settings


Newsletter
: On our website as well as in the web applications offered by us, you have the option to subscribe to our newsletter at various places. The newsletter informs of current commercetools events, new products and new clients and partners. You can find the data required to subscribe as well as other details in the subscription form linked in the data privacy statement. You can revoke the consent to the newsletter at any time and without stating reasons with effect for the future. Please send your objections to the responsible body mentioned in Section 1 or use the unsubscribe function in the newsletter email. If you revoke your consent, you will no longer receive any newsletters from us in future.

c, Cookies

Cookies are text files which enable all device-specific information to be stored on the end device used. This information is necessary in order to offer the products of the information society on our website as well as to be able to guarantee error-free functioning of the website. This includes the localisation of errors as well as their correction. The processing is carried out on the basis of Sections 13 (1) and 15 (3) TMG [the German law pertaining to telemedia]. If you would like to stop the use of cookies, all current browsers offer corresponding settings to block and erase cookies. Blocking cookies can however mean that the website cannot be used or cannot be used in full.

d, Google Analytics 

For the needs-based design of our website, we create pseudonymous user profiles with the aid of Google Analytics. Google Analytics uses cookies, text files stored on your computer that enable analysis of your use of the website. Normally, the information generated by the cookie about your use of this website is transmitted to a Google server in the United States and stored there. Since we have activated IP anonymization on this website, your IP address will however be abbreviated beforehand within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases is the complete IP address conveyed to a Google server in the United States and only abbreviated there. Google uses this information to evaluate your use of our website for us, to compile reports on the activities of website operators and to provide us with other services in conjunction with the use of websites and the Internet. The processing is carried out on the basis of Sections 13 (1) and 15 (3) TMG [the German law pertaining to telemedia]. You may object to the creation of user profiles using a pseudonym at any time. To exercise your right to object, click the cookie settings button below.

Cookie Settings


e, Hubspot

On this website we use HubSpot for our online marketing activities. HubSpot is a US-based software company with a presence in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Phone: +353 1 5187500.

This is an integrated software solution that covers various aspects of our online marketing.

These include: E-mail marketing (newsletters and automated mailings, eg for the provision of event details), social media publishing & reporting, reporting (eg traffic sources, access, etc. …), contact management (eg user segmentation & CRM), landing pages and contact forms.

Our website enables visitors to learn more about our business, download content, and provide us with their contact information and other demographic information. This information and contents of our website are stored on servers of our software partner HubSpot. They can be used by us to connect with visitors of website and to determine what services of our company they are interested in. All information we collect is subject to this Privacy Policy. We use all information collected solely to optimize our marketing activities.

The legal basis for the use of the services of Hubspot is Art. 6 I f GDPR – legitimate interest. Our legitimate interest in using this service is the optimization of our marketing efforts and the improvement of our service quality on the website.

HubSpot is certified under the terms of the “EU – US. Privacy Shield Frameworks ” and governed by the TRUSTe’s Privacy Seal as well as the  “U.S. – Swiss Safe Harbor“ Framework.

More about the HubSpot Privacy Policy.
More information from HubSpot regarding the EU Privacy Policy.
More information about the cookies used by HubSpot can be found here & here.

f, Usage-based online advertising

At this point we wish to inform you in detail about usage-based online advertising. Our website, or the website from which you have just been directed, records and processes your user behaviour anonymously. As a user, you benefit from this because you receive advertising that matches your fields of interest and thus, less random advertising is delivered to you. To record your user behavior, a cookie is stored on your computer. Cookies are small text files that are installed on the hard drive of your computer, enabling you to be recognised, but preventing you from being personally identified. The processing is carried out on the basis of Sections 13 (1) and 15 (3) TMG [the German law pertaining to telemedia].

To improve advertising according to your interests, we use the following tools:

  • Google AdWords Conversion,
  • Google Dynamic Remarketing,
  • Twitter Advertising,
  • Facebook Advertising,
  • LinkedIn Advertising,
  • Hubspot,
  • Google Analytics, Google Tag Manager, Google Ad Manager

Information on your activities on this website (e.g. surfing behavior, the sub-pages of the internet offer that you visited) is recorded. Generally, you can stop cookies from being stored on your hard drive by choosing the browser setting “block cookies”. You can set up your browser so that it asks you whether you wish to accept cookies before it is installed. Ultimately, you can delete installed cookies at any time. To see how this works, please consult your browser’s help pages. If you block all cookies, this can restrict some of the website’s functions. Please note that if you delete cookies, you may have to re-activate previously installed opt-out cookies. We use the following tools to record data to deliver usage-based online advertising:

Cookie Overview


g, Facebook Custom Audiences:

We also use Facebook communications tools for usage-based online advertising, especially Custom Audiences and Website Custom Audiences. Basically, a non-reversible and non-personal related hash value is generated from your user data, which can be conveyed to Facebook for analysis and marketing purposes. The Facebook cookie is targeted for Website Custom Audiences. The processing is carried out on the basis of Sections 13 (1) and 15 (3) TMG [the German law pertaining to telemedia]. You will find more information on the purpose and scope of data collection and on the further processing and use of data by Facebook, as well as about the possible settings options to protect your privacy, from Facebook’s data privacy guidelines which you may review here.

3. Categories of Data Recipients

Personal data can be transferred to the following categories of recipients, where applicable:

  • Public bodies, on the basis of legal requirements.

  • Affiliated companies, for the purpose of fulfilling the contract or to provide the products of the information society.

  • The data processor within the meaning of Art. 28 GDPR in the course of data processing.

  • Other third parties in the course of transfer of function.

4. Transfer to third countries

A transfer of personal data to countries outside of the European Union or the EEA is carried out on the basis of:

  • an adequacy decision of the European Commission within the meaning of Art. 45 GDPR.

  • an approved certification mechanism pursuant to Art. 42 GDPR, together with legally binding and enforceable obligations of the controller or the data processor in the third country.

  • standard data clauses which have been issued by the Commission pursuant to the review procedure under Art. 93 (2) GDPR.

5. Scoring

Your personal data shall not be processed to execute automated case-to-case decisions, including profiling pursuant to Art. 22 (1) and (4) GDPR.

6. Security

commercetools takes the legally required technical and organisational measures in order to protect personal data from loss, destruction, manipulation and unauthorised access.

7. Safekeeping period of the data

Personal data shall only be kept safe for as long as is necessary to satisfy the purposes mentioned here, or as stipulated by the safekeeping periods provided by the legislator. After the purpose no longer applies or after the expiry of the safekeeping periods, the data shall be erased in accordance with the statutory provisions.

8. Rights of data subjects

You have the option to make use of your “data subject rights” at any time:

  • Right to information pursuant to Art. 15 GDPR.

  • Right to rectification pursuant to Art. 16 GDPR.

  • Right to erasure pursuant to Art. 17 GDPR.

  • Right to restriction of processing pursuant to Art. 18 GDPR.

  • Right to data portability pursuant to Art. 20 GDPR.

  • Right to object pursuant to Art. 21 GDPR.

If you would like to make use of your rights, please address your concerns via email to privacy@commercetools.com or by post to the address mentioned in Section 1. Besides that, pursuant to Art. 77 (1) GDPR you have a right to complain to a supervisory authority. You can receive further information from the supervisory authority which is locally competent for you.

9. Data protection officer

Martin Holzhofer
Holzhofer Consulting GmbH
Lochhamer Str. 31
82152 Munich – Planegg
datenschutzbeauftragter-commercetools@holzhofer-consulting.de
Web: https://www.holzhofer-consulting.de/



II. Privacy Statement for sales and marketing (Art. 13 GDPR)

1. Controller

commercetools GmbH
Adams-Lehmann-Str. 44
80797 Munich
Email: info@commercetools.com
Phone: +49 (89) 99 82 996-0

The purpose of this privacy statement on data protection pursuant to Art. 13 et seq. GDPR is to ensure compliance with the obligation to provide information in regard to the collection of personal data within the context of relationships with prospective customers and business partners.

2. Contact details of the data protection officer

Martin Holzhofer
Holzhofer Consulting GmbH
Lochhamer Str. 31
82152 Munich – Planegg
datenschutzbeauftragter-commercetools@holzhofer-consulting.de
Internet: https://www.holzhofer-consulting.de/

3. Purposes for which personal data is processed, as well as the legal basis for processing

In order to process sales and marketing activities with prospective customers and business partners, we – as well as third parties contracted by us and contract processors – process the following data relating to prospective customers or business partners:

  • Contact information such as first names and surnames, business addresses, business phone numbers, business mobile phone numbers, business fax numbers and business email addresses;
  • Other information that needs to be processed in the course of the project or for the performance of a contractual relationship with commercetools, or that has been provided voluntarily by our contacts, e.g. orders, requests or project details; information obtained from public sources, information databases or credit rating agencies

4. Legal basis for processing

The processing of personal data is necessary for the fulfilment of the aforementioned purposes, in order to carry out sales and marketing activities. In the case of a contract, the legal basis for data processing is Article 6(1) lit. b) GDPR, in order to contact you in the context of contract execution.

The legal basis for data processing in case of you have given us a consent is Article 6(1) lit. a) GDPR. According to Article 7 GDPR, you can always revoke your given consent with effect for the future under the e-mail address specified in point 11.

Without a separate consent, the legal basis may also be our legitimate interest for the purpose of direct addressing (pursuant to Article 6(1) lit. f) GDPR and Article 95 GDPR, Section 7 (3) UWG) unless your fundamental rights and freedoms are in conflict. According to Article 21 GDPR, you may object to data processing at any time with future effect due to our legitimate interest under the e-mail address specified in point 11.

5. Obligation to provide data

You are required to provide the data stated in section 3. It will not be possible to enter into or perform a contract if this data is not provided.

6. Automatic decision-making, including profiling

commercetools does not carry out any form of profiling.

7. Data transfer to a third country

Data transfers to countries outside of the EU and the European Economic Area (“third countries”) take place within the context of support services for our Service Desk and our customer database, via our affiliated company in the United States. Transfers are organised on the basis of a Data Processing Agreement or Joint Controller Agreement, as well as standard EU data protection clauses (Art. 46(2) lit. c) GDPR).

8. Categories of data recipients

commercetools submits data to cloud computing service providers (Salesforce, Hubspot) in the provision of the CRM-database as part of order processing.

commercetools may transfer personal data to courts of law, supervisory authorities or law practices where such is legally permissible and necessary for compliance with applicable law or in order to assert, exercise or defend against legal claims. commercetools cooperates with service providers (contract processors), such as providers of IT maintenance services. These service providers act exclusively on the instructions of commercetools and are contractually required to comply with the applicable data protection regulations

9. Data sources

We process personal data that we have received in the course of sales and marketing activities.

10. Duration of storage and criteria for determining the duration

Where an explicit duration of storage is not stated at the time it is collected (e.g. as part of a declaration of consent), your personal data will be erased as soon as it is no longer required for fulfilment of the purpose for which it was stored, except where statutory retention periods (e.g. retention periods under commercial and tax law) prohibit its erasure.

11. Rights of the data subjects

You have the right at any time to exercise your “rights as a data subject”:

  • Right to information according to Art. 15 GDPR.
  • Right to rectification according to Art. 16 GDPR.
  • Right to erasure according to Art. 17 GDPR.
  • Right to restriction of processing according to Art. 18 GDPR.
  • Right to data portability according to Art. 20 GDPR.
  • Right to object according to Art. 21 GDPR.

Should you wish to exercise your rights, kindly submit your requests by email to security@commercetools.com or by post to the address stated under section 1. You also have the right to lodge a complaint with a supervisory authority pursuant to Art. 77(1) GDPR. For further information, contact the competent supervisory authority in your region.

For commercetools, this is
The Data Protection Authority of Bavaria
Postfach 606, 91511 Ansbach; phone: +49 (0) 981 53 1300,
Email: poststelle@lda.bayern.de



III. Privacy Statement for suppliers and business partners, Art. 13 GDPR (20.02.2019)

1. Controller

commercetools GmbH
Adams-Lehmann-Str. 44
80797 Munich
Email: info@commercetools.com
Phone: +49 (89) 99 82 996-0

The purpose of this privacy statement on data protection pursuant to Art. 13 et seq. GDPR is to ensure compliance with the obligation to provide information in regard to the collection of personal data within the context of relationships with our suppliers and business partners.

2. Contact details of the data protection officer

Martin Holzhofer
Holzhofer Consulting GmbH
Lochhamer Str. 31
82152 Munich – Planegg
datenschutzbeauftragter-commercetools@holzhofer-consulting.de
Internet: https://www.holzhofer-consulting.de/

3. Purposes for which personal data is processed, as well as the legal basis for processing

In order to maintain relationships with our suppliers and business partners, we – as well as third parties contracted by us and contract processors – process the following data relating to suppliers or business partners:

  • Contact information such as first names and surnames, business addresses, business telephone numbers, business mobile telephone numbers, business fax numbers and business email addresses;
  • Payment data such as details that are necessary for the processing of payment transactions or for the prevention of fraud;
  • Other information that needs to be processed in the course of the project or for the performance of a contractual relationship with commercetools, or that has been provided voluntarily by our contacts, e.g. orders, requests or project details; information obtained from public sources, information databases or credit rating agencies

4. Legal basis for processing

The processing of personal data is necessary for the fulfilment of the aforementioned purposes, including the (contractual) business relationships with the supplier or business partner.

Unless otherwise explicitly specified, the legal basis for data processing is Article 6(1) lit. b) GDPR, or our legitimate interest in processing the name of our business partner’s contact partner according to Article 6(1) lit. f) GDPR.

5. Obligation to provide data

You are required to provide the data stated in section 3 if you submit or make a contractual offer. It will not be possible to enter into or perform a contract if this data is not provided.

6. Automatic decision-making, including profiling

commercetools does not carry out any form of profiling.

7. Data transfer to a third country

Data transfers to countries outside of the EU and the European Economic Area (“third countries”) take place within the context of support services for our Service Desk and our customer database, via our affiliated company in the United States. Transfers are organised on the basis of a Data Processing Agreement or Joint Controller Agreement, as well as standard EU data protection clauses (Art. 46(2) lit. c) GDPR).

8. Categories of data recipients

commercetools may transfer personal data to courts of law, supervisory authorities or law practices where such is legally permissible and necessary for compliance with applicable law or in order to assert, exercise or defend against legal claims. commercetools cooperates with service providers (contract processors), such as providers of IT maintenance services. These service providers act exclusively on the instructions of commercetools and are contractually required to comply with the applicable data protection regulations.

9. Data sources

We process personal data that we have received in the course of business-related contact with suppliers and business partners.

10. Duration of storage and criteria for determining the duration

Where an explicit duration of storage is not stated at the time it is collected (e.g. as part of a declaration of consent), your personal data will be erased as soon as it is no longer required for fulfilment of the purpose for which it was stored, except where statutory retention periods (e.g. retention periods under commercial and tax law) prohibit its erasure.

11. Rights of the data subjects

You have the right at any time to exercise your “rights as a data subject”:

  • Right to information according to Art. 15 GDPR.
  • Right to rectification according to Art. 16 GDPR.
  • Right to erasure according to Art. 17 GDPR.
  • Right to restriction of processing according to Art. 18 GDPR.
  • Right to data portability according to Art. 20 GDPR.
  • Right to object according to Art. 21 GDPR.

Should you wish to exercise your rights, kindly submit your requests by email to security@commercetools.com or by post to the address stated under section 1. You also have the right to lodge a complaint with a supervisory authority pursuant to Art. 77(1) GDPR. For further information, contact the competent supervisory authority in your region.

For commercetools, this is
The Data Protection Authority of Bavaria
Postfach 606, 91511 Ansbach; phone: +49 (0) 981 53 1300,
Email: poststelle@lda.bayern.de