Data Protection Declaration of Yaasa Living AG

As amended on: 29 October 2019

1. Controller of the processing of your personal data, representative of the controller in the European Union

1.1 With this data protection declaration we would like to inform you about which personal data we collect and process from you and for which purposes we do this. We process your personal data only to the extent that you have given us your consent to do so or if legal provisions permit us to do so. All following references to articles the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR).

1.2 We, the

Yaasa Living AG
Kornhausstrasse 28,
CH-9000 St.Gallen
Switzerland

are “Controller” regarding the processing of your personal data in accordance with Art. 4 No. 7 GDPR.

If you have any questions regarding the collection, processing or use of your personal data, or rectification, restriction or erasure of data as well as withdrawal of consent granted or objection to a specific use of data, please contact us directly via the contact data in our imprint.

1.3 Our representative in the European Union is

Dr. Gabriele Hucklenbruch
Kaistraße 16 A
40221 Düsseldorf
Germany

 

2. Personal data

The term personal data includes your personal details (e.g. your name, date of birth, address, nationality), your identification data (e.g. your identity card data), your order and purchase order data including your e-mail address, your technical connection data, such as your IP address, depending on the payment method your account and payment data, advertising and sales data and other comparable data.

 

3. Collection of your personal data

When processing your personal data, we distinguish between data that we collect directly from you and data that we obtain from other sources.

3.1 Personal data that we collect from you:

3.1.1 If you are our customer, we process the personal data provided by you when you contact us (e.g. via contact form or e-mail). This includes, for example, your name and your e-mail address. This is done in accordance with Art. 6 para. 1 lit. b) GDPR for the purpose of fulfilling the contract concluded with you.

3.1.2 When you use our website: www.yaasa.de (hereinafter referred to as “website”) and the associated conclusion of a contract, we process the personal data you have provided us with, which is necessary for the initiation of this contract and for its execution, as well as, if applicable, for the provision of warranty or for the unravelling of the contract, Art. 6 para. 1 lit. b) GDPR. The processed data includes inter alia your address, date of birth and account/payment data. In addition, your technical connection data is also collected during the electronic ordering process.

3.1.3 If you access and use our website for purely informational purposes, we only collect data that is automatically transmitted by your Internet browser. This includes, for example, the date and time you access our website, the amount of data transferred, the website from which the request comes, browser type, browser settings and your IP address. This access data is processed solely for the purpose of ensuring the undisrupted operation of the site and improving our services. This is done in accordance with Art. 6 para. 1 lit. f) GDPR due to our legitimate interest in a correct presentation of our goods and services.

3.1.4 On our website we publish your comments on our goods and services. Your contributions will be published with your chosen user name. We recommend using a pseudonym instead of your real name. The indication of user name, e-mail address as well as the comment itself is required, all other information can be given voluntarily. We need your e-mail address in order to contact you in case a third party objects to your comment as unlawful. The legal basis for data processing is Art. 6 para. 1 lit. f) GDPR. The data processing is carried out for the purpose of presenting your comments on our website. The use of our website must not lead to a violation of applicable legal provisions. In particular, the comments you make must not infringe the rights of third parties, especially personal rights and other rights. Comments may not violate applicable competition law or criminal law and regulations for the protection of minors. Above all, no racist, grossly offensive, pornographic or sexual, harmful to minors, extremist, violence glorifying or trivialising, war glorifying, advertising for a terrorist or extremist political association, inciting to a crime, including a defamatory statement, insulting or other punishable contents may be distributed. We reserve the right not to publish comments if they violate the aforementioned provisions.

3.1.5 If you are a legal representative or employee of one of our customers, your personal data may be collected if you act in the name or on behalf of our customer within the business relationship with us. This is done for the purpose of initiating or fulfilling the contract concluded with you, Art. 6 para. 1 lit. b) GDPR.

3.2 Personal data that we obtain from external sources
We may also draw on personal data which has been lawfully collected by another controller and which is also lawfully transmitted to us, such as publicly available information. This includes debtor lists, public registers such as insolvency notices or information from the commercial register as well as from the press and the Internet.

 

4. Transfer of your personal data and transfer of your personal data to a third country

We will transmit your personal data to commissioned service providers in Germany and abroad, if this is necessary for economic or technical reasons. For this purpose, we will carefully select the respective service provider, conclude a contract for data processing with them in accordance with Art. 28 GDPR and carefully monitor them. For the purpose of outsourcing certain business processes, we have a legitimate interest in concluding contracts for data processing with the respective service provider in accordance with Art. 6 para. 1 lit. f) GDPR. We ensure that we only work with service providers located in countries that have an appropriate and sufficient level of data protection. If the European Commission has decided that the third country in question offers an adequate level of protection, your personal data may be transferred to that country. In other cases we use binding corporate rules or standard data protection clauses of the European Commission, Art. 44, 46 lit. b) and c), 47 GDPR. The standard contractual clauses of the European Commission in accordance with resolutions 2001/497/EC, 2004/915/EC, 2010/87/EU are available at http://eur-lex.europa.eu.

4.1 We transmit your data for the purpose of fulfilling the contract in accordance with Art. 6 para. 1 lit. b) GDPR, for example to the shipping company entrusted with the delivery of your goods.

4.2 Depending on which payment service provider you select during your ordering process, we will pass on your payment data to the credit institute or payment service provider commissioned with the payment for the purpose of processing payments. This is also done for the purpose of fulfilling the contract concluded with you in accordance with Art. 6 para. 1 lit. b) GDPR.

4.3 We may also transfer your personal data to companies affiliated with us, i.e. group companies. For the purpose of internal administration, we have a legitimate interest in the transfer of the data to our group companies in accordance with Art. 6 para. 1 lit. f) GDPR.

4.4 For the purpose of fulfilling the contract in accordance with Art. 6 para. 1 lit. b) GDPR, we may also transfer your personal data to anyone to whom we assign rights resulting from the contractual relationship with you.

 

5. Hosting services by a third party provider

5.1 We store the collected personal data of our customers and website visitors on servers located in the European Union. For this purpose we use the services of the hosting provider Host-Europe GmbH, Hansestrasse 111, 51149 Cologne, Germany. Your data will be stored in the Datadock data center, 1 Rue de Havre, 67100 Strassbourg, France. You can view the data protection declaration of Host-Europe GmbH here: https://www.hosteurope.de/AGB/Datenschutzerklaerung/.

5.2 We have concluded a contract with the third-party provider for data processing in accordance with Art. 28 GDPR. The use of hosting services from a third party provider is based on our legitimate interest in the correct presentation of our services and goods on our website, Art. 6 para. 1 lit. f) GDPR.

 

6. Platform

To operate our website, we use the services of WordPress. WordPress is a web application for building and managing the content of a website. We have a legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR in using such services to communicate with you via our chat, to reply to you via the comment function and to offer you our products online.

 

7. Newsletter

7.1 With your consent you can subscribe to our newsletter, with which we inform you about our current interesting offers. The legal basis for this is Art. 6 para. 1 lit. a) GDPR.

7.2 For the registration to our newsletter we use the so-called double-opt-in procedure. This means that after your registration we will send you an e-mail to the e-mail address provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and the dates of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.

7.3 Your e-mail address is the only mandatory information for subscribing to the newsletter. After your confirmation we will save your e-mail address for the purpose of sending the newsletter.

7.4 You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can revoke your consent by clicking on the link provided in each newsletter e-mail, by e-mail to info@yaasa.com or by sending a message to the address stated in section 1.2.

7.5 We would like to point out that we analyse your user behaviour when sending the newsletter. For this analysis, the newsletters sent by e-mail contain so-called web beacons or tracking pixels, which are one-pixel image files that are retrieved from the server of the newsletter sending provider MailChimp when the newsletter is opened. For the analysis we link the data mentioned in paragraph 3.1.3 (data for informational use of the website) and the web beacons with your e-mail address and an individual ID. This information will be used for technical improvement of the services based on the technical data, the target groups and their reading behavior due to their retrieval locations or access times. The data also serves to determine whether and when the newsletter is opened and which links are clicked. Links contained in the newsletter also contain this individual ID. We use the data thus obtained to create a user profile in order to tailor the newsletter to your individual interests. We record when you read our newsletters, which links you click in them and conclude from this your personal interests. We link this data to actions you take on our website.

7.6 This data is stored by us for as long as you have subscribed to the newsletter. After you have unsubscribed, we store this data in purely statistical and anonymized form.

7.7 The newsletter is sent via “MailChimp”, a newsletter sending platform of the US provider Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. Your e-mail and IP address, the time of registration and confirmation as well as the time of your retrieval of our newsletters are stored on the servers of MailChimp in the USA. MailChimp is certified under the US-EU data protection agreement “Privacy Shield” according to Art. 45 para. 1 GDPR and is therefore obliged to comply with the EU data protection regulations. The data protection declaration of MailChimp can be viewed here: https://mailchimp.com/legal/privacy/

8. Cookies

8.1 When you use our website, cookies are stored on your computer. Cookies are small text files that are stored on your hard drive assigned to the browser you are using and through which certain information is transmitted to the site that sets the cookie (in this case, us). Cookies cannot execute programs or transfer viruses to your computer. They are used to make the Internet service as a whole more user-friendly and effective.

8.2 This website uses transient as well as persistent cookies, the scope and functionality of which are explained below:

8.2.1 Transient cookies are automatically deleted when you close the browser. This includes in particular session cookies. These store a so-called session ID, which can be used to assign various requests from your browser to the shared session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.

8.2.2 Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

8.3 You can configure your browser settings according to your wishes and, for example, refuse to accept third-party cookies or all cookies. Please note that in this case you may not be able to use all functions of our website.

8.4 The legal basis for the use of cookies is your consent in accordance with Art. 6 para. 1 lit a) GDPR. Consent is obtained by means of a notice (“cookie banner”) provided by us on our website.

 

9. Use of web analysis tools

9.1 Google Analytics

9.1.1 Our website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help our website analyze how you use the site. The information generated by the cookie about your use of our website is usually transferred to a Google server in the USA and stored there. However, as IP anonymisation is activated on our website, your IP address will be shortened by Google within the member states of the European Union or in other signatory states to the Agreement on the European Economic Area before this happens. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On our behalf, Google will use this information to evaluate your use of our website, to compile reports on the website activities and to provide further services to us in connection with the use of our website and the internet.

9.1.2 The IP address transmitted by your browser within the framework of Google Analytics is not combined with other data from Google.

9.1.3 You may refuse the storage of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of our website. You can also prevent the collection of data generated by the cookie and related to your use of our website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

9.1.4 Our website uses Google Analytics with the extension “_anonymizeIp()”. This allows IP addresses to be processed in a shortened form, thus excluding any reference to persons. If the data collected about you contains a personal reference, this is immediately excluded and the personal data is immediately deleted.

9.1.5 We use Google Analytics to analyse and regularly improve the use of our website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user. The legal basis for the use of Google Analytics is Art. 6 para. 1 lit. f) GDPR. If you have given us your consent to the use of cookies on the basis of a notice (“cookie banner”) provided by us on the website, the legality of the use is additionally governed by Art. 6 para. 1 lit. a) GDPR.

For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield. Information is available at https://www.privacyshield.gov/EU-US-Framework.

9.1.6 Third party information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. terms of use:

http://google.com/analytics/terms /en.html, overview of data protection: https://policies.google.com/?hl=de&gl=de, and the data protection declaration: http://www.google.de/intl/de/policies/privacy

9.2 Simultaneously with the use of Google Analytics, our website uses the Leadfeeder service, which is operated by Liidio Oy / Leadfeeder, Mikonkatu 17 C, 00100 Helsinki, Finland. Leadfeeder accesses the list of IP addresses of the website visitors provided by Google Analytics in the analysis and links the list of IP addresses with information about the companies that can be found on the Internet under these IP addresses. Due to the shortening of the IP addresses of the website visitors already carried out when using Google Analytics, a direct personal reference is not established. A probabilistic personal reference can presumably arise when viewing the linked company information. For more information about Leadfeeder and the data collected, please see: www.leadfeeder.com/privacy/, information about Leadfeeder and compliance with the GDPR: help.leadfeeder.com/faqs-and-troubleshooting/is-leadfeeder-ready-for-gdpr

 

10. Use of social media plug-ins

10.1 We currently use the following social media plug-ins: Facebook, Instagram, Pinterest, LinkedIn and YouTube. In order to increase the protection of your data when visiting our website, the plug-ins are not fully integrated into the page, but only integrated by using an HTML link (so-called “Shariff solution” from c’t). This integration ensures that when a page of our website containing such plug-ins is called up, no connection is yet established with the servers of the provider of the respective social network. If you click on one of the buttons, a new window of your browser will open or you stay in the same window of your browser and call up the page of the respective service provider, where you can (if necessary after entering your login data) e.g. press the Like or Share button.

10.2 Via these plug-ins we offer you the possibility to interact with social networks and other users, so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 para. 1 lit. f) GDPR.

10.3 If you do not want the respective social networks to generate data relating to you via our website, you can take the following action: Always log out of social networks before you visit our website or other websites.

10.4 For more information about the purpose and extent of data collection and processing by the respective plug-in provider, please refer to the data protection declaration of those providers as set out below. There you will also find further information on your rights in this regard and setting options for protecting your privacy:

– Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

– Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA; https://help.instagram.com/519522125107875?helpref=page_content

– Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland; https://policy.pinterest.com/de/privacy-policy.

– LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; https://www.linkedin.com/legal/privacy-policy?_l=de_DE.

– Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, https://policies.google.com/privacy?hl=en.

11. Retention periods and criteria for the storage of your personal data

All processed personal data is only stored for as long and as far as it is necessary for the fulfilment of our contractual and legal obligations. The data storage is necessary, among other things, for the performance and processing of the contract, including the defence against and the enforcement of civil claims. In individual cases, such claims can only become time-barred after 30 years. Storage obligations and the resulting storage periods also exist on the basis of tax, money laundering, trade and other legal regulations. The periods for storage/documentation provided for in these regulations are 6 to 10 years. In order not to violate legal provisions or to lose the possibility of enforcing a claim or defending ourselves against such a claim, we reserve the right to delete data only after the expiry of the last period which legitimises data storage. For the purpose of sending our newsletter, we store your e-mail address until you unsubscribe from the newsletter. All technical access data is stored until you delete the cookies in your browser.

12. Your rights

You have the following rights in relation to the personal data concerning you:

– Right to information (Art. 15 GDPR)

– Right to rectification or erasure (Art. 16, 17 GDPR)

– Right to restriction (Art. 18 GDPR)

– Right to data portability (Art. 20 GDPR)

– Right of objection (Art. 21 GDPR)

– Right of withdrawal (Art. 7 para. 3 GDPR)

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you, which is carried out on the basis of Art. 6, para. 1 lit. f) GDPR (data processing on the basis of a legitimate interest). If you lodge an objection, we will no longer process your personal data unless we can demonstrate legitimate grounds for processing which override your interests, rights and freedoms, or unless the processing serves to establish, exercise or defend legal claims.

Furthermore, you have the right to object to the processing of personal data concerning you direct marketing purposes, Art. 21 para. 2 GDPR. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

12.2 Should you have any questions regarding the processing of your personal data, object to the processing of your data, revoke any consent you have given or wish to exercise your rights as stated in section 12, please contact us by e-mail at info@yaasa.com or at the address stated in section 1.2.

12.3 You also have the right to lodge a complaint with the competent data protection supervisory authority about the processing of your personal data by us.