Data Privacy Statement

(as of 24.10.2018)

This information gives you an overview of how your personal data will be processed when you visit the website respeggt.com. We inform you of what data we shall gather from you, and how we shall use these data. Additionally, we clarify your rights under applicable data protection law and inform you of whom you can contact if you have any questions.

1. Who is the controller responsible for the data processing?

The controller responsible for the processing of your personal data when you visit the website respeggt.com is respeggt GmbH (“respeggt”). The contact details are:

respeggt GmbH
Hildeboldplatz 15-17
D-50672 Cologne, Germany
Email: info@respeggt.com

Executive Directors: Dr. Ludger Breloh, Martijn Haarman
Link to the Legal Notice: http://www.respeggt.com/Impressum

2. Whom can you contact if you have any questions relating to data processing?

If you have any questions relating to the processing of your data or any other questions relating to data protection, please contact:

respeggt GmbH
Hildeboldplatz 15-17
D-50672 Cologne, Germany

info@respeggt.com

3. What data from you shall we process?

We shall process your personal data when you visit the website respeggt.com, when you provide us with information via a contact form on our website or when you contact us in any other way. In detail, such data may include the following:

  • data arising as a result of the use of cookies, web beacons, advertising IDs and other unique identifiers (websites accessed, links clicked on, services used, time of use) when you use our website respeggt.com
  • data relating to your location (if you have permitted the collection of location data in your device settings)
  • data that you make available to us via an advertising form or in some other way when you contact us
  • inventory data such as, e.g. personal master data, names or addresses
  • data, such as an email address or a telephone number, that you provide for contact purposes
  • data that we need for proper communication (e.g. device information, IP addresses)

 

4. Is there any obligation to provide the data?

You are not under any legal obligation to provide your data. However, some of the aforementioned data are necessary for making our online platform available in the form in which we do so today. The provision of data is voluntary, but may be necessary for the use of certain services. When you enter data, we shall inform you of whether the provision of these data is necessary for the respective service or feature. These data are marked as mandatory fields. Failure to provide necessary data will mean that we shall be unable to render the service or feature concerned. Failure to provide optional data may mean that we are unable to render our services in the same form and to the same extent as usual.

5. For what purposes shall we process your data and on what legal basis?

  • Advertising

We shall process your data, as described in greater detail below, for advertising purposes. You may at any time opt out of the processing of your data for advertising purposes. It will suffice to send an informal notification using the contact details stated under Section 1.

  • Contact

You can contact us via our web form, by email, by post or by telephone. We shall process your data for answering your enquiry and, if applicable, for sending information material requested. Your data may be sent to the department responsible for your query. The legal basis for the data processing described is Article 6 (1) b), f) General Data Protection Regulation (pre-contractual steps, performance of the contract or balancing of differing interests, based on respeggt’s interest in answering enquiries from customers and other persons).

  • Usage-based online advertising (remarketing/retargeting)

Our website or the website from which you have been directly linked will process your usage behaviour. This works as follows: When you visit our websites, the operator of an advertising network may possibly retrieve recognition features for your browser or your terminal device (e.g. create a so-called browser fingerprint), evaluate your IP address or store a recognition feature in the form of a small text file on your terminal device (e.g. third-party cookie). Additionally, the advertising network operator may possibly link your visit to our Internet sites to one or more of these recognition features in order to display our advertising to you on other Internet sites.

The recognition features described above are designed as a pseudonym and may be used by the advertising network operator to recognise your terminal device on other Internet sites. If, for example, you visit a website that participates in the operator’s advertising network (i.e. inserts advertising on behalf of the advertising network operator), the advertising network operator will be able to recognise your terminal device and your browser with the aid of the aforementioned features.

Additionally, we may add so-called remarketing tags to our websites. This means that we shall include in our Internet sites key words containing statements concerning the content of the website displayed (e.g. product or service categories). In this respect, the key words that we use will reveal neither personal nor sensitive information. The advertising network operator will receive and store these key words relating to the aforementioned recognition features. If, therefore, you visit a website to which we have added a key word with a certain product category, the advertising network operator will store this key word and associate it with your recognition features.

As a result, we shall be able to order from the advertising network operator the placement of ads on our websites on the basis of our websites visited. If, therefore, you visit another Internet site that participates in the operator’s advertising network, the advertising network operator may, with the aid of the recognition features and the stored key words relating to these recognition features, recognise whether and, if so, which of our ads are to be displayed to you.

If you log into an advertising network operator (e.g. Google) using your own log-in data, this operator will be able to link the recognition features of various browsers and terminal devices with each other. If, therefore, the advertising network operator has created a separate recognition feature for every desktop PC used by you or for every notebook, smartphone or tablet used by you, it will be possible to associate these recognition features with each other as soon as you use, or once you have used, a service of the advertising network operator with your log-in data. The advertising network operator can thus also display our advertising campaigns in a targeted manner across terminal devices. However, the advertising network operator will do so only if you have in the past declared to this operator your consent to this data processing.

On the basis of our legitimate interests within the meaning of Article 6 (1) f) GDPR, we, or our hosting provider, gather data concerning all access to the server on which this service is located (so-called server log files). Access data include the name of the website accessed, the file, the date and time of access, the data volume transferred, the notification of successful access, the browser type and version, the user’s operating system, the referrer URL (the website visited beforehand), the IP address and the provider requesting access.

For security reasons (e.g. for clearing up acts of misuse or fraud), log-file information is stored for a maximum period of 7 days and then erased. Data required to be further retained for purposes of proof are excluded from erasure until the respective incident has been finally cleared up.

In order to display advertising on the basis of your usage behaviour, we collaborate with various providers. We have put together an overview of these for you below. You may at any time opt out of this form of advertising. To do so, refer to the Data Privacy Notice, the opt-out options or the usage notice in the following overview:

  • Google Adwords
    Data Privacy Notice: https://support.google.com/adwords/answer/2549063?hl=de
    Opt-out: http://optout.networkadvertising.org/?c=1#!/
  • Google Tag Manager: Google Tag Manager is a solution with which we can manage so-called website tags via an interface (and thus integrate, for example, Google Analytics and other Google marketing services into our online platform). The Tag Manager itself (which implements the tags) does not process any personal data of the users. With regard to the processing of the users’ personal data, please refer to the following information relating to the Google services. Usage guidelines: https://www.google.com/intl/de/tagmanager/use-policy.html.
  • Google Analytics: Google is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
    Google uses this information on our behalf in order to evaluate the use of our online platform by the users, compile reports on the activities carried out within this online platform and provide us with other services in connection with the use of this online platform and the Internet. In this respect, the data processed may be used to create pseudonymous usage profiles of the users.
    We use Google Analytics only with activated IP anonymisation. This means that the users’ IP address is truncated by Google within Member States of the European Union or the European Economic Area. Only in exceptional cases will your full IP address be transferred to a Google server in the USA and be truncated there.
    The IP address transmitted by the user’s browser is not combined with other Google data. By downloading and installing the browser plugin available at the following link, users can prevent the storage of cookies by setting their browser software accordingly. Furthermore, users can prevent data generated by such cookie relating to their use of the online platform from being collected and transmitted to Google and being processed by Google: 
    http://tools.google.com/dlpage/gaoptout?hl=de.
    Further information on data usage by Google and on setting and opt-out options can be found in Google’s Data Privacy Statement (
    https://policies.google.com/privacy) and in the settings for the displaying of ad impressions by Google (https://adssettings.google.com/authenticated).
    The users’ personal data are erased or anonymised after 14 months.
  • Youtube: We integrate the videos from the “YouTube” platform provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland. Data Privacy Statement: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

On the website http://www.youronlinechoices.com/de/ you can find further information on usage-based online advertising and the individual providers. You also have there the option of opting out of some or all of the providers’ usage-based online advertising.

The legal basis for the data processing described is Article 6 (1), f) General Data Protection Regulation (balancing of differing interests, based on the interest of REWE and the advertising network operator in providing advertising orientated towards the recipient’s individual interests).

  • Cookies

In some areas of our website we use cookies in order to, for example, recognise visitor preferences and be able to optimally design the website accordingly. This enables easier navigation and use. Cookies likewise help us to identify particularly popular areas of our Internet platform. Cookies are small text files installed onto the hard drive of your terminal device. They allow information to be kept over a certain period and your terminal device to be identified. For better user guidance and individualised displaying of services, we use permanent cookies. Furthermore, we use so-called session cookies, which will be automatically deleted when you close your browser. You can set your browser to inform you of the placement of cookies. This makes the use of cookies transparent for you. Important: If you fully exclude the use of cookies, you may possibly be unable to use individual features of our website.

We use the following categories of cookies on our website:

  • temporary cookies
  • permanent cookies

Temporary cookies: “Temporary cookies” or “session cookies” or “transient cookies” are cookies that are deleted after the user has left an online platform and closed his browser. For example, the content of a shopping basket in an online shop, or the user’s log-in status, may be stored in such cookie.

Permanent cookies: “Permanent cookies” or “persistent cookies” are cookies that remain stored even after the browser has been closed. For example, the log-in status may be saved in case of a user visit after several days. Likewise, the users’ interests used for the purpose of range measurement or marketing may be stored in such cookie. “Third-party cookies” are cookies offered by providers other than the controller operating the online platform (cookies only from this controller are referred to as “first-party cookies”).

Users who do not wish to have cookies stored on their computer are requested to deactivate the corresponding option in their browser’s system settings. Stored cookies can be deleted in the browser’s system settings. The exclusion of cookies may lead to reduced functionality of this online platform.

You may at any time opt out of this form of advertising. To do so, follow the opt-out link provided in the following overview: In the case of many of the services, particularly tracking, a general objection to the use of cookies for online marketing purposes may be declared via the US-American website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by disabling them in the browser settings. Please bear in mind that some features of this online platform may then possibly be unusable.

6. Does automated processing take place for profiling purposes?

We shall use your personal data neither for automated decision-making nor for profiling.

7. Who will have access to your data and for what reason?

Within respeggt, only persons who need your data for performing the tasks assigned to them will receive access to your data. Outside of respeggt, service providers that assist us with the performance of our tasks may receive access to your data. These encompass the following categories of service providers:

  • hosting service providers for the operation of our servers
  • development service providers for the programming, development, servicing and support of software applications
  • agencies for carrying out prize draws
  • market research companies for carrying out market research studies
  • service providers for the provision of survey tools
  • advertising network operators for advertising campaigns and the display of online advertising (remarketing and retargeting)
  • service providers for delivering online advertising and measuring the success thereof.

Service providers used by us must meet particular confidentiality requirements. They will receive access to your data only to the extent, and for the period, necessary for the performance of their tasks.

If a criminal offence is suspected, we may pass on your data to law enforcement authorities (police, public prosecution department).

8. Are data processed outside of the European Union?

For processing your data, we shall also use service providers located in third countries outside of the European Union. Countries outside of the European Union handle the protection of personal data differently to countries within the European Union. There is currently no resolution of the EU Commission according to which these third countries generally offer an appropriate level of protection. Therefore, we have taken particular measures to ensure that your data are processed in the third parties just as securely as within the European Union. We conclude with service providers in third countries the data protection agreement (standard data protection clauses) provided by the European Union Commission for the processing of personal data in third parties. This agreement provides for suitable safeguards to protect your data with service providers in third countries. You can request a copy of this data protection agreement using the contact details stated above.

9. For how long will the data be processed?

In principle, we shall store your data only for as long as we need your data for the respective processing purposes. If your data are no longer necessary for the fulfilment of the processing purposes stated in this Data Privacy Notice, these data will be erased, unless their further retention is necessary for the fulfilment of retention duties under commercial or fiscal law.

10. What rights do you have?

  • Access

You may request access to your personal data processed by us.

  • Rectification

If your details are incorrect or no longer correct, you may request that your data be rectified. If your data are incomplete, you may request that your data be completed.

  • Erasure

You have the right to request that your data be erased. Please note that any entitlement to erasure will depend upon the existence of a legitimate reason. A further prerequisite is that there must be no existing regulations under which we are obliged to retain your data.

  • Restriction of processing

You have the right to request that the processing of your data be restricted. Please note that any entitlement to restriction of the processing will depend upon the existence of a legitimate reason.

  • Objection

You have the right to object, on grounds relating to your particular situation, to the processing of your data. In the event of a legitimate objection, we shall cease processing your data.

  • Objection to the processing of your data for direct marketing purposes

You have the right to at any time object to your data being processed for direct marketing purposes. This will also apply to any profiling in connection with direct marketing. You can lodge your objection with us informally, preferably using the above contact details, stating the reference “Objection to the processing of my personal data for advertising purposes”.

  • Right to lodge a complaint

If you are not in agreement with the processing of your data, you are entitled to lodge a complaint with a data protection supervisory authority.

  • Data portability

You have the right to receive in an electronic format the personal data that you have provided to us.

  • Revocation of your consent

You have the right to at any time revoke consent that you have granted us regarding the processing of your data. This will also apply to the revocation of declarations of consent that you submitted to us before the General Data Protection Regulation entered into effect, i.e. before 25.05.2018. The easiest way of revoking consent granted by you is to contact us by email using the above contact details. Revocation of consent will not affect the lawfulness of the processing of your data carried out up to the time of revocation.