This Privacy Notice applies to the processing of your data, including your personal data, via the website “kowasnextbigthing.com”, including all its subdomains and subpages (the Platform). The controller responsible for data processing is Kowa Optimed Deutschland GmbH of Düsseldorf (the Operator). The Operator’s email address is: scope@kowaoptimed.com. The complete contact details are listed in the Legal Notice. The Platform is used for informational purposes, in particular spotting scopes and binoculars. You may access the content of this Privacy Notice at any time by visiting the subpage of the same name on the Platform. You may also save or print it using the corresponding function on your internet browser.
I. Preliminary remarks
The operator takes the protection of your data seriously and adheres to the applicable statutory rules of data protection. These laws protect natural persons when personal data are processed. Personal data means any information relating to an identified or identifiable natural person. These data are only processed to the extent necessary for any contract execution or to provide and improve the Platform. Processing for contract execution only takes place if you initiate or conclude a contract with the Operator; in this respect, we would also refer you to the Operator’s T&Cs. Processing for the provision and improvement takes place only where this is indicated below or in a separate agreement, where this is ordered by the authori-ties or by the courts or otherwise required by law. Data are only processed by the Operator or the data processor on behalf of the Operator in the Member States of the European Union (EU). In particular, the web servers used by the Operator for data processing are located in the EU Member States. As a matter of principle, data are not transmitted to a third country or any international organisation.
II. Data processing
Your data are processed regardless of whether or not these data were provided using a form. Form-dependent data are data you provided using a form on this Platform. Form-independent data are data you provided without using a form when visiting this Platform.
1. Form-dependent processing
The data you have entered in a form on the Platform are processed when the form is utilised, specifically once the form has been submitted. This may include, in particular, data for con-tacting you, order data, including customer account details, as well as data for the newsletter or a warranty extension. Personal data you send via a form provided for this purpose are always transmitted to the Operator’s server in an encrypted form.
a) Contacting us
If you contact the Operator using a form, the data you provide in the contact form are encrypted and sent to the Operator through the Operator’s server via email. These data may include your request, your name, your email address and other contact details. No further automated processing of your personal data is undertaken in this regard. The data are only used for the purpose of processing your request. Responses are generally sent by email, which is also encrypted, provided your email service provider supports this. The same applies if you contact the Operator by email to an email address stated on the Platform instead of using a contact form. Once your request has been processed and closed, the personal data you provided to the Operator in the contact form or in an email will be erased. This does not apply if these data are still required to execute the contract, if they are required for verification purposes or conflict with statutory retention requirements; however, the processing of your data will be restricted until then.
b) Newsletter
The Operator provides a newsletter subscription service via email. Should you wish to receive this newsletter, you must provide us with your email address. The Operator also needs addi-tional data to verify that you, as the owner of the email address provided, agree to subscribe to this newsletter. The Operator employs what is known as a double opt-in method (DOI), which means you will receive an email with a unique link to confirm your registration (confirmation link). Only after confirmation will you receive the newsletter. In addition to your email address, the time, date and IP address of the registration and confirmation as well as the con-firmation link are stored for the DOI, its verification and to prevent abuse. No additional data are processed in this regard. Data are only processed to be able to offer and send the news-letter. As a rule, your personal data will not be disclosed to third parties. However, the Opera-tor may use an email service provider that processes data on its behalf in accordance with the statutory provisions and the specifications of this Privacy Notice. In this case, such a pro-vider would not be a third party. If you wish to unsubscribe from the newsletter, you can use the corresponding link included in each newsletter or contact the Operator personally to do this, for example through the email address listed at the beginning of this Privacy Notice. Un-subscribing also constitutes a revocation of your consent to the subscription to the newsletter and the data processing required for this. If you unsubscribe from the newsletter or do not complete the DOI within two weeks, your data will be erased unless they are still required to verify a completed DOI or to prevent misuse; however, data processing will be limited. Sub-scribing to the newsletter is done using an encrypted connection. Newsletters are also sent in an encrypted form, provided your email service provider supports this.
2. Form-independent processing
Data the operator needs for the provision or improvement of the Platform are processed without the use of forms. In particular, these may include cookies, your IP address and statis-tical data. Even in the case of form-independent processing, personal data are always en-crypted where this is technically possible.
a) Cookies
This Platform uses cookies. These are small text files or simple database entries stored local-ly by your browser. The data in the cookies can only be read by the Platform that saved them. Cookies are used to make websites more user-friendly and secure. Cookies are only stored or read via an encrypted connection. To do so, the Platform uses what are known as session cookies, in particular to recognise a login to a customer account. These cookies en-sure that only you can access the data stored in your customer account after logging in. For this purpose, a session ID is stored in the cookie. After logging off or at the end of your visit to the Platform, for example when you close your browser, the cookie with the ID will be erased. In addition, the Platform uses cookies so that you can store products in a virtual shopping cart before placing an order. This cookie, which allows only you to access your shopping cart, is not a session cookie. This means that the cookie will not be erased after the end of your visit to the Platform. This will allow you to access your shopping cart when you visit the Platform again. However, the cookie, and therefore your shopping cart, will be erased if you do not visit the Platform for a month. Until then, the data relating to your shopping cart will only be pro-cessed automatically when you revisit the Platform. These data are not processed for other purposes or shared with third parties. The cookies used by the Platform do not harm your device (e.g. computer/tablet) and do not contain viruses. You can prevent the use of cookies by selecting the appropriate settings on your browser. Please note that this may result in your being unable to make full use of some of the Platform’s functions. The same applies to the erasure of stored cookies.
b) Access log
To ensure the security and functionality of the Platform (e.g. to defend against attacks), an access log is created on the Operator’s server. This log stores data about access to the Plat-form. These include data that are transferred to the Platform when your browser connects to it. This includes your IP address, the time and date of access, the address (URL) that was accessed, whether the access was successful, and the volume of data transmitted by the server. Provided your browser transmits the respective data, the previous address (referrer) as well as information about your operating system and browser (e.g. version) will also be stored. You may be able to prevent the transmission of these data by adjusting your browser settings. The log files are erased at regular intervals, at the latest by the end of the next calen-dar month. If necessary, the log files are statistically analysed prior to erasure. The logged data are stored separately from the other data you leave on the Platform and will not be merged with it. They will not be disclosed to third parties and will not be used for any other purpose. The statistical analysis of the log files does not allow for you to be identified.
c) Social networks
The Platform enables the placement of links to social networks operated by third parties. This is done to enable you to share (e.g. “Share”/”Retweet”) or “like” the Platform or articles on it on the respective network. However, these links are only provided once you have clicked the button for the respective network on the Platform. Because of the processing of personal data undertaken by social networks over which the Operator has no influence, we would refer you to the privacy policy of the respective responsible provider:
1. Facebook (Facebook Ireland Limited based in Ireland):
https://www.facebook.com/privacy/explanation
2. Twitter (Twitter International Company based in Ireland):
https://twitter.com/en/privacy
3. Instagram (Facebook Ireland Limited based in Ireland):
https://help.instagram.com/519522125107875
d) Embedded content
The Platform sometimes embeds content from YouTube (online videos) and Google Maps (interactive maps). This content is not provided through the operator’s servers, but through the servers of Google, Inc., headquartered in the US (“Google”). Google is certified under the Privacy Shield. When displaying and using this embedded content, your IP address is trans-mitted to Google. This is because your browser is unable to retrieve the embedded content without transmitting your IP address. In addition, your browser may transmit additional data to Google (such as your location when using the respective function). The operator has no con-trol over this. The same applies to cookies that Google may set to make content more user-friendly and secure. These cookies cannot be read by the Operator. For more information about data processing by Google and your rights with respect to Google Analytics, see Google’s Privacy Policy:
https://policies.google.com/privacy?hl=gb
III. Legal basis
The statutory provisions governing data protection is rooted in the German Federal Data Pro-tection Act (Bundesdatenschutzgesetz [BDSG]) and the German Telemedia Act (Tel-emediengesetz [TMG]). However, as of 25 May 2018, the EU General Data Protection Regu-lation (GDPR) will take precedence. If you have expressly consented to the processing of your data, this also constitutes the legal basis for data processing for the purposes for which you have consented (Article 6 Para. 1(a) GDPR). In particular, this may include the subscrip-tion to our newsletter. Where processing is necessary for the performance or initiation of a contract, this constitutes the legal basis (Article 6 Para. 1(b) GDPR). This includes contracts, in particular sales contracts, which are concluded via the Platform or are initiated at your re-quest. In addition, the legal basis for data processing is to preserve the legitimate interests of the Operator (Article 6 Para. 1(f) GDPR). This is the economic interest in operating the Plat-form, in particular the sale of goods via the Platform. No automated decision-making (includ-ing profiling) as defined by Art. 22 GDPR takes place.
IV. Your rights
If you are concerned about the processing of your personal data, you have certain rights that you may assert to the data controller according to the data protection regulations. You may contact the Operator at any time to exercise these rights, for example through the email ad-dress listed at the beginning of this Privacy Notice. The same applies to other questions about data protection by the Operator. In addition to the Operator, the Operator’s data protection officer is also at your disposal: Attorney Daniel Raimer of Kanzlei Daniel Raimer in Düsseldorf. You can find the data protection officer’s contact details in the Legal Notice.
1. Right of revocation
According to Art. 7 Para. 3 GDPR, you have the right to revoke your consent to data pro-cessing at any time. The revocation of consent does not affect the lawfulness of the pro-cessing based on consent prior to revocation.
2. Right to object
According to Art. 21 GDPR, you have the right to object at any time to the processing of your personal data. This applies, in particular, to an objection to processing for di-rect advertising purposes.
3. Right to lodge complaints
Pursuant to Art. 77 GDPR, you are entitled to lodge a complaint with a supervisory authority if you believe your personal data are being processed in violation of the statutory provisions. This right is without prejudice to any other administrative or judicial remedy.
4. Right to information
According to Art. 15 GDPR, you have the right to request information from the Operator. In addition to the information that you can largely already find in this Privacy Notice, this right to information includes, in particular, the right to a copy of your personal data that is the subject of processing. The restrictions stipulated in Sec. 34 BDSG also apply to this right to infor-mation.
5. Right to rectification
Pursuant to Art. 16 GDPR, you have the right to request that the Operator immediately rectify incorrect personal data relating to yourself. You also have the right to request the completion of incomplete personal data, including through a supplementary declaration, taking into ac-count the purposes of the processing.
6. Right to erasure
Pursuant to Art. 17 GDPR, you have the right to request that the Operator erase your person-al data. If data do not have to be erased according to this provision, you may request that fur-ther processing be restricted where appropriate. In addition, the restrictions stipulated in Sec. 35 BDSG also apply to this right to erasure. The right to erasure includes what is known as the right to be forgotten.
7. Right to restriction
Pursuant to Art. 18 GDPR, you have the right to request that the Operator restrict the pro-cessing of your personal data. According to this provision, apart from storage, data may es-sentially no longer be processed.
8. Right to data portability
Pursuant to Art. 20 GDPR, you have the right to data portability with respect to your personal data that you have provided to the Operator. This does not affect your right to erasure.
9. Duty of notification
According to Art. 19 GDPR, the Operator must notify all recipients to whom your personal data have been disclosed of any rectification or erasure of these data, or any restriction to processing unless this proves to be impossible or involves a disproportionate amount of effort. The Operator will inform you of any such recipients at your request.
V. Final remarks
Taking into account the nature, scope, context and purposes of processing as well as the risk to your rights and freedoms, of varying likelihood and severity, the Operator will implement appropriate technical and organisational measures to ensure that data are processed in ac-cordance with the statutory provisions. Only persons mandated by the Operator (employees) who require access to personal data to perform their duties have access to the same, and only to the extent required. The Operator’s employees are trained on data processing in ad-vance and are bound by a duty of confidentiality. Compliance with data protection regulations is regularly reviewed and the measures updated if necessary.