I. Controller for data processing
VISIT-X B.V.
Krijn Taconiskade 424
1087 HW Amsterdam
Netherlands
Telefon: 00 800 300 000 77
II. Data Protection Officer
You can reach our Data Protection Officer by post at the above address adding the suffix "Data Protection Officer" or by e-mail at [email protected].
III. Provision of website and creation of log files
Every time our website is accessed, our system automatically records data and information from the computer system of the accessing computer.
The following data are thereby collected:
(1) information on the browser type and version used
(2) user’s operating system
(3) user’s Internet service provider
(4) user’s IP address
(5) date and time of access
(6) websites from which the user’s system gains access to our website
(7) websites accessed from user’s system via our website
The data are stored in the log files of our system. Based on the IP address, we can allocate to the user those payment options available in his/her country if he/she orders paid services. We moreover have the possibility of detecting cases of attempted fraud.
Additionally, the system temporarily stores the IP address of each user for the purpose of delivering the website to the user’s computer. The data are stored in access logs for a period of 7 days.
For the purpose of preventing fraud, IP addresses are stored until the contract has been terminated.
The legal basis for data processing is provided by Article 6(1)(f) of the General Data Protection Regulation (GDPR). We have a legitimate interest in data processing in the cases specified here.
IV. Use of cookies
We use cookies on our website. These are small files which are created by your browser automatically and which are stored on your terminal device (laptop, tablet, smart phone, or similar) when you visit our website. Cookies do not damage your terminal device, do not contain any viruses, Trojans or other malware.
A cookie stores information resulting in each case in connection with the specifically used terminal device. However, that does not mean that we thereby directly obtain knowledge of your identity. The use of cookies thus on the one hand serves to make it more convenient for you to use our offering. For example, we use what are referred to as session cookies to detect that you have already visited specific pages of our website. These are deleted automatically after you leave our site.
We also use temporary cookies, stored for a specifically defined period on your terminal device, to optimise user-friendliness. If you visit our site again to use our services, it is automatically detected that you were already on our site, and which data were entered and what settings were made by you. That way you don’t have to enter such data again. Information is also stored to identify what are referred to as webmasters. A webmaster is the operator of a website who has placed an advertisement on its website referring that website. By clicking on this ad, users can gain access to our website. The information identifying the webmaster is provided so that it can be allocated a fee.
On the other hand, we use cookies to statistically record the use of our website and to evaluate such use to optimise our offering and improve the visitor experience for you (see V.). These cookies enable us to detect automatically, when you visit our site again, that you had already visited our site. These cookies are automatically deleted after a specifically defined period of time of 50 months maximum.
The data processed by cookies are required for the aforementioned purposes of safeguarding our legitimate interests as well as those of third parties pursuant to the first sentence of Article 6(1)(f) GDPR. Most browsers accept cookies automatically. However, you may configure your browser in such a way that no cookies are stored on your computer or that a notice is always displayed before a new cookie is created. But completely deactivating cookies may mean that you cannot use all functions of our website.
V. Google Analytics
The basis for performing the tracking measures with Google Analytics is provided by the first sentence of Article 6(1)(f) GDPR. With the tracking measures used we want to ensure that our website is designed to meet the needs of users and optimised on a continuous basis. We moreover use the tracking measures to statistically record the use of our website and to evaluate such use to optimise our offering for you. Such interests are to be deemed legitimate within the meaning of the aforementioned provision.
For the purpose of ensuring that our website is designed to meet the needs of users and optimised on a continuous basis, we use Google Analytics, a website analysis service of Google Ireland Limited https://www.google.de/intl/de/about/ (Gordon House, Barrow Street, Dublin 4, Ireland; hereinafter „Google") as well as the extension Google Optimize. In this context, pseudonymised user profiles are created and cookies are used (see IV. below). The information generated by the cookie on your use of this website, such as
VI. Further Google services
To optimize our website we use other Google services provided by the first sentence of Article 6(1)(f) GDPR:
• Google Tag Manager Use Policy | Google Tag Manager - Google
• Google Recaptcha https://www.google.com/recaptcha/intro/v3.html
• Google Fonts https://developers.google.com/fonts/faq
• Google Ads https://ads.google.com/home/faq/?subid=ww-ww-et-g-aw-a-about_products_1-redlmo2!m--ahpm-0000000008-0000000001
• Google Forms https://www.google.de/intl/de/forms/about/
Further information can be found on the privacy policy of Google at: https://policies.google.com/privacy?hl=en
To this and for further questions about the Google services we use you can always turn to the address given in the imprint or by e-mail at [email protected].
VII. Error monitoring service RollBar
This website uses the error monitoring service of RollBar, Inc. (665 Third Street, Suite 150, San Francisco, CA 94107, USA) in accordance with Art. 6 para. 1 lit. f GDPR to ensure the availability and integrity of the website. For this purpose data like performance and utilization values, which provide information about the stability and possible disruptions of the website, are transmitted to RollBar servers in the USA. In order to identify and eliminate sources of error data such as information on the user's operating system, browser versions or the IP address are saved as well. This data is saven anonymously, which means that the IP address of the user is cut off by the last two digits (so-called IP masking) and therefore does not allow any connection to the person of the user. All data is deleted after three months at the latest, the anonymized data after seven days. For more information on how Rollbar handles your user information, please refer to Rollbar, Inc.'s Privacy Policy at https://docs.rollbar.com/docs/privacy-policy.
VIII. Social media plug-ins
On our website we use social plug-ins of the social networks Facebook, Instagram, Snapchat and Twitter to make our company better known through them. The basis for this is provided by the first sentence of Article 6(1)(f) GDPR. The advertising purpose pursued thereby is to be qualified as a legitimate interest within the meaning of the GDPR. Responsibility for operation in accordance with data protection provisions is to be ensured by the respective provider.
We embed these plug-ins using what is referred to as the two-click method so as to provide visitors to our website with the best possible protection.
1. Facebook
Social media plug-ins of Facebook are used on our website to make their use more personal. For this purpose we use the "LIKE" or "SHARE" button. This is an offering of Facebook.
When you access a page of our website that contains such a plug-in, your browser establishes a direct link to the servers of Facebook. The content of the plug-in will be transmitted from Facebook directly to your browser, which will embed it into the web page. Through this embedding of the plug-in, Facebook is provided with the information that your browser has accessed the respective page of our website, even if you do not have a Facebook profile or are not logged in to Facebook at the time. This information (including your IP address) will be transmitted directly to a Facebook server in the USA by your browser, and will be stored there.
If you are logged in to Facebook, Facebook may directly allocate the visit to our website to your Facebook account. If you interact with the plug-ins, e.g. click the „LIKE" or „SHARE" button, this information will likewise be transmitted directly to a Facebook server and be stored there. The information will also be published on Facebook and displayed to your Facebook friends. Facebook may use this information for the purpose of advertising, market research and designing the Facebook sites to meet the needs of users. For this purpose, user, interest and relationship profiles are created by Facebook, e.g. to evaluate your use of our website with respect to the ads displayed to you on Facebook, to inform other Facebook users about your activities on our website and to provide additional services associated with the use of Facebook.
If you do not wish Facebook to allocate the data collected through our website to your Facebook account you must log out of Facebook before you access our website.
For details on the purpose and scope of the data collection and further processing and use of the data by Facebook and users' rights and configuration options to protect their privacy, users are advised to refer to the privacy information of Facebook at https://www.facebook.com/about/privacy/
2. Instagram
On our website, social plug-ins ("plug-ins") of Instagram, which is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram") are also used.
The plug-ins are designated with an Instagram logo, e.g. in form of an Instagram camera. When you access a page of our website containing such a plug-in, your browser will establish a direct connection to the servers of Instagram. The content of the plug-in will be transmitted from Instagram directly to your browser, which will embed it into the web page. Through this embedding, Instagram is provided with the information that your browser has accessed the respective page of our website, even if you do not have an Instagram profile or are not logged in to Instagram at the time.
This information (including your IP address) will be transmitted directly to an Instagram server in the USA by your browser, and will be stored there. If you are logged in to Instagram, Instagram may directly allocate the visit to our website to your Instagram account. If you interact with the plug-ins, e.g. click the "Instagram" button, this information will likewise be transmitted directly to an Instagram server and be stored there. This information will also be published in your Instagram account and be displayed alongside your contacts.
If you do not wish Instagram to allocate the data collected through our website directly to your Instagram account you must log out of Instagram before you access our website. Further information in this regard can be found in the privacy policy of Instagram at https://help.instagram.com/155833707900388.
3. Twitter
Plug-ins of the short messaging network of Twitter Inc. (Twitter) are embedded on our website pages. You can recognise the Twitter plug-ins (tweet button) by the Twitter logo on our site. You can find an overview of the tweet buttons at https://about.twitter.com/resources/buttons.
When you access a page of our website containing such a plug-in, a direct connection is established between your browser and the Twitter server. Twitter is thereby provided with the information that you have visited our website with your IP address. If you click on the Twitter "tweet button" while logged on to your Twitter account, you can link the content of our pages on your Twitter profile. That enables Twitter to allocate the visit to our pages to your user account. We point out that as provider of the website pages we do not obtain any knowledge of the data transmitted and their use by Twitter.
If you do not wish Twitter to be able to allocate the visit to our website pages, please log out of your Twitter user account.
Further information on this can be found in the privacy policy of Twitter at https://twitter.com/privacy.
4. Snapchat
Social media plug-ins of Snapchat are used on our website. This is an offering of Snapchap.
When you access a page of our website containing such a plug-in, your browser establishes a direct link to the servers of Snapchat. The content of the plug-in will be transmitted from Snapchat directly to your browser, which will embed it into the web page. By imbedding of the plug-ins, Snapchat receives the information that your browser has accessed the respective web page of our website. This information (including your IP address) will be transmitted directly to a Snapchat server in the USA by your browser, and will be stored there. Further information on this can be found in the privacy policy of Snapchat at https://www.snap.com/de-DE/privacy/privacy-policy/.
IX. Social sign-in
We offer you the possibility of registering or logging onto the social networks Facebook and Google with us directly with your existing profile. You may use this function on a voluntary basis by clicking on the button of the respective social network in the window "register for free" or "log-in".
The legal basis for this is provided by the first sentence of Article 6(1)(f) GDPR. The purpose, which at the same time constitutes our legitimate interest, is to provide users with a convenient way of registering or log-in. Responsibility for operation in accordance with data protection provisions is to be ensured by the respective social network.
If you do not wish your data to be transmitted from our website in the context of the registration or log-in to a social network, do not use the buttons of the social network in the window "register for free" or "log-in".
1. Sign-in with Facebook
We use the function "Facebook Connect" provided by Facebook. If you wish to use this function, you will first be directed to Facebook. There you will be requested to log on with your user name and password. We of course do not gain any knowledge of your log-in data. If you are already logged on to Facebook, this step is skipped. After that, Facebook informs you which data are transmitted to us. You then confirm this with the "OK" button. With the data transmitted, we create your customer account. You can find detailed information on the data in your customer account under X. Beyond that, no permanent link between your customer account and your account with Facebook is established.
Your browser establishes a direct link with the servers of Facebook. Facebook is provided with the information that your browser has accessed the respective page of our website, even if you do not have a Facebook account or are not logged in to Facebook at the time. This information (including your IP address) will be transmitted directly to a Facebook server in the USA by your browser, and will be stored there.
If you are logged in to Facebook, Facebook may directly allocate the visit to our website to your Facebook account.
For details on the purpose and scope of the data collection and further processing and use of the data by Facebook and users' rights and configuration options to protect their privacy, users are advised to refer to the privacy information of Facebook at https://www.facebook.com/about/privacy/.
2. Sign-in with Google
We also use the function "Google+ Sign In" provided by Google. If you wish to use this function, you will first be directed to Google. There you will be requested to log on with your user name and password. We of course do not gain any knowledge of your log-in data. If you are already logged on to Google, this step is skipped. After that, Google informs you which data are transmitted to us. You then confirm this with the "Accept" button. In addition, you may indicate whether and with what groups you wish to share your registration with us. With the data transmitted we create your user profile, but of course do not store your list of contacts in your groups. You can find detailed information on the data in your customer account under X. No permanent link between your customer account and your account with Google is established.
Your browser establishes a direct link with the servers of Google. Google is provided with the information that your browser has accessed the respective page of our website, even if you do not have a Google account or are not logged in to Facebook at the time. This information (including your IP address) will be transmitted directly to a Google server in the USA by your browser, and will be stored there. If you are logged in to Google, Google may directly allocate the visit to our website to your Google account.
For details on the purpose and scope of the data collection and further processing and use of the data by Google and users' rights and configuration options to protect their privacy, users are advised to refer to the privacy information of Google at https://policies.google.com/privacy?hl=de.
X. Registration and use of our offering
a) Basic data
On our website we offer users the possibility of registering with their personal data. In this case, the data are entered into an input mask, transmitted to us and stored. The following data are processed in the registration process on the legal basis of processing for the performance of a contract or in order to take steps prior to entering into a contract (Article 6(1)(b)) GDPR) and are deleted at the end of the contractual relationship with you giving due regard to the statutory retention periods, unless otherwise stated hereinafter at the time of the deletion:
Name, address, date of birth, AVS/ID card data
These data are used to identify you as a contractual partner. The date of birth and proof thereof are also important to ensure that services intended exclusively to persons of full legal age are provided only to such persons. Data collection for verifying full legal age is required to meet our legal obligations (Article 6(1)(c)) GDPR).
E-mail address, mobile phone number, verification of e-mail address, landline/mobile phone number
The e-mail address and its verification as well as the landline / mobile phone number and their verification are required to ensure contact with you in the context of performance of the contract and for the purpose of preventing fraud. All contact data specified serve to transmit contractual information including dunning in the case of payment default. These data are likewise collected for processing for the performance of a contract or in order to take steps prior to entering into a contract (Article 6(1)(b)) GDPR).
The e-mail address is also used for the purpose of performing advertising measures on the legal basis of Article 6(1)(a)) GDPR based on your consent given voluntarily on commencement of the registration procedure. You may receive advertisement for products/websites of our company as well as for products/websites of EDEV Media AG.
You may advertise our company's products / websites through a messenger service on the legal basis of Art. 6 para. 1 lit. a) DSGVO due to your voluntarily granted consent. To run the service, the messenger service uses your mobile phone number.
Consent
"I to the processing of my mobile number to receive advertising for your products/websites through the Messenger service."
You can exercise your right of withdrawal at any time without giving any reason for the future by terminating the messenger service by sending the message "STOP" to the appropriate number."
You may also yourself make detailed settings for desired e-mail notifications or deactivate them, as well as unsubscribe from the newsletter or once again request to receive them. Moreover, you can decide on the option of a text notification being sent to your mobile phone number when the favourites selected by you are online. The buttons provided for this purpose are clearly recognisable in your personal log-in area.
Consent
"I hereby consent to data processing of my e-mail address for the purpose of the sending the newsletter as well as the sending of advertisement for your products/websites and products/websites of EDEV Media AG, and to the processing of my e-mail address and mobile phone number for the purpose of notifications by e-mail and text messages by clicking on the buttons provided for this purpose. I hereby consent to such data being transmitted to service providers that have been instructed with activities required for performing the desired notifications."
You can exercise your right to withdraw your consent at any time with effect for the future by terminating the selected notification functions by means of the buttons provided for such purpose. These buttons are clearly recognisable in your user account. Alternatively, you may declare your withdrawal of consent at any time for the future. Such notice of revocation must be directed to our Data Protection Officer by post at the above address of the controller adding the suffix "Data Protection Officer" or by e-mail at [email protected]. This does not give rise to any costs for you. You will find information on your rights in XVI.
Banking data / credit card data
Banking data / credit card data are also collected for performance of your payment obligation under the contract in accordance with the selection made by you and the option of convenient loading on the legal basis of Article 6(1)(b)) GDPR.
To prevent charge-backs and attempted fraud through use of publicly accessible banking data, we compare your banking data (only IBAN and BIC or account number and bank routing code, no personal details) with the Return-debit Prevention Pool (RPP) of infoscore Consumer Data GmbH (ICD), Rheinstr. 99, 76532 Baden-Baden, Germany. In the RPP non-personal data on charge-backs due to lack of coverage, and so-called non-consumer accounts (e.g. donation accounts and other publicly accessible banking particulars), are stored. The RPP has the function of a blocking file. This data comparison is performed on the legal basis of Article 6(1)(f)) GDPR. Our legitimate interest lies in avoiding charge-backs or payment defaults and preventing attempted fraud.
Data in your user account about your purchases, your top-ups with time stamp (incl. failed transactions), via VIP-Abo / Premium TV with date of ordering of such services and the mode of payment, chats with time stamp and duration of chat, messages written and received
These data are likewise processed for processing for performance of your contract (Article 6(1)(b)) GDPR), particularly for the purpose of contractual invoicing to you. The data are deleted as soon as this purpose is fulfilled.
Profile name and password
In order for you to use our system, it is necessary to collect your profile name and your password. The basis for this is likewise the performance of your contract (Article 6(1)(b)) GDPR). The profile name also serves as your pseudonym in your voluntary communication with other users within our system. Our system does not provide other users with information on which person is behind a pseudonym.
b) Data in the context of registration process and log-in
The following data are collected in the registration process or subsequent log-in on the legal basis of Article 6(1)(f)) GDPR:
Date and time of log-in (including failed log-ins and unsuccessful password entries), the website from which access was made; browser type, browser version and browser settings, IP address, operating system, referrer URL, the requesting provider, screen resolutions, dial-in location.
The purpose of and our interest in collecting the data are the technical optimisation of our website and making improvements to our products, as well as conducting investigations in cases of fraud adversely affecting us, and in identifying the payment methods applicable at the customer’s location.
c) Photos and chats
You may upload profile photos or other photos on a voluntary basis and delete the same again. These images are visible for users who access your profile. They serve the purpose of personalising your image. Use of the photos by us for other purposes is excluded.
For processing these data, your voluntary consent pursuant to Article 6(1)(a)) GDPR is required. If on the basis of these photos any conclusions are possible as regards your sex life or your sexual orientation, your voluntary consent is given pursuant to Article 9(2)(a)) GDPR.
Consent
"I hereby consent to data processing of my uploaded profile photo and other uploaded photos. I consent to such data processing also in the case where such photos allow for conclusions as regards my sexual orientation or my sex life. I hereby consent to such data being transmitted to service providers that have been instructed with activities required for providing the contractually agreed services. This includes storing, saving and keeping available my data as well as the related services and Internet access."
You can exercise your right to withdraw your consent at any time with effect for the future by deleting one, several or all pictures without giving any reasons for such withdrawal. The functions provided for this purpose are clearly recognisable in your user account. Alternatively, you may declare your withdrawal of consent at any time for the future. Such notice of withdrawal must be directed to our Data Protection Officer by post at the above address of the controller adding the suffix "Data Protection Officer" or by e-mail at [email protected]. You will find information on your rights in XVI.
d) Chat transcripts, name, e-mail address, banking details, credit card data and interactions
Data from chat transcriptions, your name, your e-mail address, banking details, credit card data and interactions are analysed in accordance with Article 6(1)(f) GDPR to protect us from misuse of our platform, from immoral behaviour and in particular from fraud. We have a legitimate interest in such purposes. These data, with the exception of the banking details and the credit card data, also serve the purpose of handling complaints or legal claims of other users based on alleged unlawful behaviour. If on the basis of the chat transcripts any conclusions are possible as regards your sex life or your sexual orientation, data processing is performed exclusively on the legal basis of Article 9(2)(f)) GDPR for establishment, exercise or defence of legal claims. The data are then deleted as soon as a case of fraud can be excluded in the specific case and/or a complaint / a legal claim has been conclusively processed.
e) Profile properties
You may voluntarily store your profile properties such as your gender, your date of birth, your location and your gender-specific search information as well as your preferences, your properties and a selection of desired services, and create "about you" texts. These details are made accessible to your chat partners to give them the opportunity to fulfil your wishes. You may change the stated profile properties at any time. They are kept preserved in your personal log-in area until the contractual relationship with you ends.
For processing these data, your voluntary consent pursuant to Article 6(1)(a)) GDPR is required. If on the basis of your particulars any conclusions are possible as regards your sex life or your sexual orientation, your voluntary consent is given pursuant to Article 9(2)(a)) GDPR.
Consent
"I hereby consent to data processing of my particulars on my profile properties such as my gender, my date of birth, my location and my gender-specific search information as well as my selection of desired services and my "about you" texts, and to such particulars being made accessible to my chat partners. I consent to such data processing also in the case where such particulars allow for conclusions as regards my sexual orientation or my sex life, my religious beliefs and my ethnic origin. I hereby consent to such data being transmitted to service providers that have been instructed with activities required for providing the contractually agreed services to me. This includes storing, saving and keeping available my data as well as the related services and Internet access."
You can exercise your right to withdraw your consent at any time with effect for the future by deleting the particulars from your user account without giving any reasons for such withdrawal. The functions provided for this purpose are clearly recognisable in your user account.
Alternatively, you may declare your withdrawal of consent at any time for the future. You may send your withdrawal by e-mail to [email protected]. You will find information on your rights in XVI.
f) Interactions
We analyse your interactions resulting from your use of our service, e.g. which chat partners you choose, what ratings you give and which profiles you access, so that with the help of such data analysis we can provide you with the recommendations suited to you for using our services. These offerings appear in your personal log-in area. The legal basis for this is provided by Article 6(1)(f)) GDPR. Our legitimate interest lies in being enabled to optimise our services provided to you to meet your personal needs so as to achieve a greater use of our services. Such analysis data are deleted when the contractual relationship to you is ended.
g) Correspondence content
If you correspond with us, we collect data on the content of such correspondence. Where the purpose of the correspondence is performance of the contract, the data are collected on the legal basis of Article 6(1)(b)) GDPR. If the correspondence is for a different purpose, the data are processed pursuant to Article 6(1)(a)) GDPR. The purpose of processing the data and our legitimate interest in such processing is to properly handle the concerns of our customers. The data are then deleted once the purpose of the correspondence has been achieved.
h) SMS data
As a user of our TV channel, you have the possibility of sending an SMS (short text message) whose content is inserted into the TV programme. The SMS data are processed for this purpose and then deleted. The legal basis for this data processing is the performance of the contract entered into with you (Article 6(1)(b)) GDPR).
i) Telephone data for telephone services
When using the service "Telephone carousel" or a 0900 number, your telephone number is processed in order to invoice such services to you. Such data processing is for the purpose of performing the contract on the legal basis of Article 6(1)(b)) GDPR. Once the invoicing procedure has been successfully completed, the data are deleted.
For the purpose of preventing fraud, phone number lists are kept available within the telephone system. The legal basis for this is provided by Article 6(1)(f) GDPR. The purpose of processing the data establishes our legitimate interest.
j) Use of media library
With the use of our media library you have the possibility of sending an e-mail with a video clip from the media library to an e-mail address which you have entered. To enable use of this function, such e-mail address is transmitted to a service provider. The legal basis for this is provided by Article 6(1)(b)) GDPR.
k) Data that draw conclusions as regards your sexual orientation
On the basis of your selection and use of the products offered by us, it may be possible to draw conclusions as regards your sexual orientation or your sex life, including on the basis of your profile details. Also on the basis of the chat transcripts which are briefly stored for preventing fraud, it may likewise be possible to draw a conclusion as regards your sexual orientation or your sex life. We are allowed to process such data only on the basis of your voluntary consent pursuant to Article 9(2)(a)) GDPR. If you do not give such consent, it will not be possible for you to use our services.
Consent
"I hereby consent to the processing of data on the products selected and accessed by me attributable to me, as well as of data on chat transcripts attributable to me, if such data allow for conclusions as regards my sexual orientation or my sex life. I hereby consent to such data being transmitted to service providers that have been instructed with activities required for providing the contractually agreed services. This includes storing, saving and keeping available my data as well as the related services and Internet access." You can exercise your right of withdrawal at any time without stating reasons and withdraw this declaration of consent with effect for the future. Such notice of withdrawal must be directed to our Data Protection Officer by post at the above address of the controller adding the suffix "Data Protection Officer" or by e-mail at [email protected]. You will find information on your rights in XVI.
l) Data for the use of the Telegram service by visit-x
If you want to use the Telegram service on your mobile phone, you need to install the Messenger app Telegram on your mobile phone. In this context you agree to the general terms and conditions (GTC) as well as the Privacy Policy of Telegram, on which visit-x has no influence. You can find the purpose and extent of the data collection and the further processing and use of the data by Telegram as well as your relevant rights and setting possibilities for the protection of your privacy in the data protection information of Telegram: https://telegram.org/privacy visit-x has access to the following data from Telegram:
In order to answer service requests, users of our telegram service are assigned an internal user ID.
The following data is legally permissible according to Article 6(1)(f) GDPR for personal message exchange with providers:
XI. Share information with providers
After login on the Internet offer of the provider, the following information may be shared with the provider, as soon as you use a service from the provider:
• Your e-mail address and other profile information
• Any message that you send to the provider via VISIT-X
• Your separately specified shipping address, as far as you have ordered an order from the provider, which requires a postal delivery
• Time of your registration and login
• Information about the amount of your balance and sum, as well as the time of last credit charge (but never your pay data information)
XII. Disclosure of data
Your personal data will not be disclosed to third parties for purposes other than those specified hereinafter.
We disclose your personal data to third parties only if:
To the extent your personal data are disclosed to third parties for performing the contractual relationship, the data will be disclosed to the following recipients / categories of recipients:
We have instructed service providers with storing, saving and keeping available of your data as well as with providing all related services such as maintenance of the IT systems. We use service providers for all manner of services relating to Internet access, telephony, SMS, Messenger services and e-mail. We disclose your personal data to financial services providers to receive your payment for the remuneration of our services. We work together with providers of debt collection services and legal service providers when you are in payment default.
We use the services of credit service agencies to verify whether you are able to meet your payment obligation under our contract pursuant to Article 6(1)(f) GDPR. This purpose also establishes the legitimate interest in such data processing. Moreover, we have engaged service providers that ensure an access and age verification of the users of our services, which are suitable for purposes aged 18 and up, on the legal basis of Article 6(1)(c) GDPR in order to fulfil our legal obligation.
We transmit your information (name, address, and date of birth as applicable) for purposes of credit checks and for the acquisition of information to assess the risk of default based on mathematical methods utilizing address data to infoscore Consumer Data GmbH, Rheinstr. 99, 76532 Baden-Baden. The legal bases for such transmissions are found in Article 6, paragraph 1, letter b and Article 6, paragraph 1, letter f of the EU General Data Protection Regulation ("EU GDPR"). Information may be transmitted on the basis of these provisions only insofar as doing so is necessary to safeguard the legitimate interests of our company or third parties and where this does not override the data subject’s interests or fundamental rights and freedoms that require the protection of personal data. Detailed information on ICD within the meaning of Article 14 of the EU GDPR, i.e., information on the business purpose, on the purposes for storing data, on the data recipients, on the data subject’s right to obtain information, on the right to have information deleted or corrected, etc. can be found at the following link: https://finance.arvato.com/icdinfoblatt."
Within the framework of this contractual relationship, we transmit collected personal data for the purpose of requesting, implementing and terminating this business relationship, as well as data regarding noncontractual conduct or fraudulent conduct to CRIF Bürgel GmbH, Leopoldstraße 244, 80807 Munich/Germany.
The legal basis for these transfers is set out in point (b) of Article 6 (1) and point (f) of Article 6 (1) General Data Protection Regulation (GDPR). The exchange of data with CRIF Bürgel GmbH also serves to comply with statutory duties of conducting creditworthiness assessments (Sections 505 a und 506 German Civil Code).
CRIF Bürgel GmbH processes the data received and also uses it for the purpose of creating profiles (scoring) to provide its contractual partners in the European Economic Area and Switzerland, and where applicable, third countries (if there exists for the country an adequacy decision of the European Commission) with information, among other things, for assessing the creditworthiness of individuals. You may find more detailed information about the operations of CRIF Bürgel GmbH in their Fact Sheet or online at www.crifbuergel.de/en/privacy.
If the disclosure of data constitutes contract processing, we have entered into a contract with the service providers for contract processing and have complied with all other statutory requirements for contract processing. Our service providers are predominantly based in the European Union, and furthermore in Switzerland and the USA. The level of data protection in Switzerland was considered by the European Commission to be adequate and recorded in an adequacy decision. The adequacy decision is called 2000/518/EC: Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data provided in Switzerland (notified under document number C(2000) 2304); accessible at https://eu.vlex.com/vid/gem-ischen-angemessenheit-personenbezogener-37729414.
XIII. Consent to Fraud Prevention and Fraud Detection
I hereby consent to this platform automatically checking whether there is any reason to suspect misuse of the platform by collecting, processing and using
1) my ordering data (e.g., item purchased, name, mailing address, e-mail address, delivery address, payment method and bank account data)
2) he user data on my visits to this platform (e.g., start time, end time, extent of the webpages visited as well as the click paths) along with
3) a cookie (i.e., a small text file stored locally in the browser's cache) and/or a visitor ID that may contain anonymous control data on the terminal used (e.g., my screen resolution or operating system version), which allow me to be recognized with a certain degree of reliability when I return to the website based on the terminal I use,
for the purpose of securing my user account, the websites I visit and the services I use on the website against fraud (e.g. account takeover, automated creation of fake user accounts by bots, the use of stolen identities or payment data or incorrect ratings for services), or abuse (e.g. by technical attacks on the IT infrastructure, „Man-in-the-middle"-attacks, brute-force-attacks or the usage of malware) or for product optimization and further development.
I also agree that the above data be transmitted from the platform to the Device Transaction Pool (DTP) and stored there. The purpose of the DTP is to be an industry-wide alert service to protect member companies involved in the DTP against fraud and, as a result, bad debts, which may arise in the provision of commercially provided, paid telecommunication or telemedia services to users who are unwilling or unable to pay for the services.
In the case of a request from a member company to the DTP, only the results of the fraud suspicion test are sent to that member company. Positive data can also be transmitted. This means that devices via which payments have been made often and in time receive a positive rating. There is no storage of results for individual member companies except in the case of the above mentioned single request. The DTP is operated by infoscore Profile Tracking GmbH (IPT), Kaistrasse 7, 40221 Düsseldorf, in its role as a data processor for the member companies.
Your data will be automatically deleted after five months.
I hereby warrant that I am authorized to give this consent for all the terminals I use to visit this platform and that I will inform third parties whom I allow to use my terminals of my consent and make sure that said third parties also consent to the above-described measures or, if not, that they refrain from visiting the platform on my terminals.
The platform has commissioned infoscore Tracking Solutions GmbH, Kaistrasse 7, 40221 Düsseldorf, to carry out the fraud prevention and fraud detection as the outsourced data controller in accordance with Art. 28 DSGVO.
Recipients of the data are exclusively contractual partners of the platform. In this case, the recipients are infoscore Tracking Solutions GmbH, Kaistrasse 7, 40221 Düsseldorf, infoscore Profile Tracking GmbH, Kaistrasse 7, 40221 Düsseldorf, infoscore Tracking Technology GmbH, Kaistrasse 7, 40221 Düsseldorf and data center service providers who were commissioned to store the data.
The provision of personal data is required for the conclusion of a contract. If the data is not provided, the platform reserves the right to interrupt the purchase process.
If, for an order, there is a suspicion of fraud or misuse, an employee of the platform checks the evaluation and the underlying evidence.
If, for an order, there is a suspicion of fraud or misuse, an employee of the platform checks the evaluation and the underlying evidence. If my order is not authorized, I will be told so. Upon request, I will be informed of the main reasons for the decision. I will then be given an opportunity to express my point of view here: [email protected] at which point an employee will reconsider the decision.
Every person concerned has the right of disclosure pursuant to Art. 15 DSGVO, the right of correction pursuant to Art. 16 DSGVO, the right of deletion pursuant to Art. 17 DSGVO, the right of limitation of processing pursuant to Art. 18 DSGVO and the right of data transmission pursuant to Art. 20 DSGVO vis-à-vis the platform.
In addition, it is possible to contact the supervisory authority responsible for the platform.
If you want to know which personal data we have stored about you and to whom we have transmitted which data, we will be happy to inform you of this in the form of a – free of charge - self-disclosure letter. We ask for your understanding that for data protection reasons we are not allowed to give any information by telephone, as an unambiguous identification of your person over the phone is not possible. In order to avoid misuse by third parties, we require the following information from you:
XIV. Information obligation of Concardis GmbH when collecting personal data
For card payments (direct debit/girocard/credit cards) we work with Concardis GmbH (Concardis), Helfmann Park 7, D-65760 Eschborn, represented by its managing directors Mark Freese, Jens Mahlke and Luca Zanotti. In this context, card data are transferred to the above company in addition to the purchase amount and date. All payment data, as well as data on any chargebacks, are only stored for as long as necessary to process the payment (including processing of any chargebacks and collection of the receivable) and to combat fraud. Data are generally deleted no later than 13 months after collection. Data may be stored for longer if and for as long as necessary to comply with statutory regulations or to prosecute a concrete case of fraud. The legal basis for data processing is Art. 6 para. 1 f) General Data Protection Regulation. You can request information about your data, ask for it to be rectified or deleted and for processing to be restricted and/or you can withhold your consent to the processing of your data. If you have any questions about data processing by Concardis or to exercise your aforementioned rights, you can write to the data protection officer at the address provided above or by email to [email protected]. Furthermore, you have the right to complain to a supervisory authority (in Germany to the state data protection officer). You are advised that you have no statutory or contractual obligation to provide your payment data. If you do not wish to provide your payment data you can choose another payment method (e.g. cash).
XV. Information of GiroSolution GmbH in the collection of personal data
1. Description and scope of data processing
For the use of payment systems on our website, we use GiroSolution GmbH as payment service provider. By means of an interface to its "GiroCheckout" system, GiroSolution GmbH ensures the system-side connection of our website to the following payment methods for us:
a) giropay
b) eps
Depending on the payment method, the following data will be passed on to GiroSolution GmbH via GiroCheckout and then to the respective payment system and its service provider for processing the payments:
a) Surname and first name
b) IBAN
c) e-mail address
d) Information on the age of majority with giropay ID - Age Verification (the date of birth will not be forwarded)
Further information can be found in the GTC of GiroSolution GmbH (www.girosolution.de).
2. Legal basis for data processing
Legal basis for data processing and transfer of data to the above mentioned Third party is Art. 6 para. 1 lit. b DSGVO. In addition, Art. 6 para. 1 lit. f DSGVO Legal basis for data processing.
3. Purpose of the data processing
The transmission of the data and the processing of the same is necessary in order to be able to make the payment of the transaction you have made on our website using the payment method you have selected and to be able to complete the transaction.
The connection of many different payment methods is complex and expensive. Therefore, we use a service provider for the technical connection, in which our legitimate interest in the o.g. Data processing by GiroSolution GmbH according to Art. 6 para. 1 lit. f DSGVO is justified.
4. Duration of storage
The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. In the o.g. this is the case if the contract has been settled and there are no claims for rescission, after expiry of the statutory warranty or guaranteed warranty periods. Subject to legal retention periods beyond this date, the data will be deleted.
5. Rejection and removal possibility
The collection of the data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no contradiction on the part of the user.
XVI. Rights of data subject
You have the right:XVII. Right of withdrawal
You may object to the processing of data for legitimate interests pursuant to Article 6(1)(f) GDPR if reasons arise from your particular situation arguing against such data processing. Such objection must be directed to our Data Protection Officer by post at the above address of the controller adding the suffix "Data Protection Officer" or by e-mail at [email protected].
XVIII. Amendment of this Privacy Policy
The further development of our website and offerings relating to the same, or changes in legal requirements or those of public authorities, may make it necessary to amend this Privacy Policy. The current Privacy Policy or previously valid Privacy Policies may be accessed by you on this website at any time and printed out.
Last updated: August 2021