|Name / Company:||celexon UK Ltd|
|Street, No.:||Victory House/ Chequers Road|
|Post code, city, country:||NR15 2YA, Tharston, Norwich|
|Comm. register / No.:||GB 977 1988 47|
|Managing Director:||Christoph Hertz|
|Telephone number:||01508 53 50 50|
Data Privacy Officer:
|Street, No.:||Victory House/ Chequers Road|
|Post code, city, country:||NR15 2YA, Tharston, Norwich|
|Telephone number:||01508 53 50 50|
Version of: 23/05/2018
1. Fundamental information on data processing and legal bases
1.1. This Data Privacy Statement informs you about the type, scope, and purposes of personal data processing within our online offer and the related websites, functions, and content (hereinafter jointly referred to as the “Online Offer” or “Website”). The Data Privacy Statement applies irrespective of the domains, systems, platforms, and devices (e.g. desktop or mobile) on which the services of the Online Offer are rendered.
1.2. The terms used, such as “personal data” or their “processing”, are pursuant to the definitions specified in § 4 of the General Data Protection Regulation (GDPR).
1.3. The user’s personal data processed within the scope of this Online Offer includes basic data (e.g. customer names and addresses), contract data (e.g. services used, names of persons responsible, payment information), usage data (e.g. the websites visited within our Online Offer, interest in our products), and certificate data (e.g. contact-form entries).
1.4. All persons subject to data processing are covered by the term “User”. These include our business partners, customers, stakeholders, and other visitors to our Online Offer. All terms, such as “User”, are neutral in gender.
1.5. We solely process personal User data under observance of the applicable data privacy provisions. This means that User data are only processed if there exists a regulatory approval, in particular if the data processing is either necessary or legally prescribed to render our contractual services (e.g. processing orders) as well as online services, if the User has provided his consent, or if we have a justified interest (interest pertaining to the analysis, optimisation, and economical operation and safety of our Online Offer pursuant to § 6 (1)(f) GDPR), and particularly pertaining to reach measurements, creation of profiles for advertisement and marketing purposes, as well as the gathering of access data and the use of third-party services).
1.6. We would like to point out that the legal basis of consents is § 6 (1)(a) and § 7 GDPR, the legal basis for the processing to perform our services and enact contractual measures is § 6 (1)(b) GDPR, the legal basis for the processing to fulfil our contractual obligations is § 6 (1)(c) GDPR, and the legal basis for the processing to safeguard our justified interests is § 6 (1)(f) GDPR.
2. Safety measures
2.1. Organisational, contractual, and technical safety measures in correspondence with the state-of-the-art shall be taken by us to guarantee compliance with data safety regulations and to protect the data processed by us against manipulation, loss, destruction, or unauthorised access, with or without intent.
2.2. These safety measures in particular include the encrypted transmission of data between your browser and our server.
3. Data transmission to third parties and third-party service providers
3.1. Data are only transmitted to third parties in compliance with the legal regulations. We undertake to only transmit User data to third parties if e.g. necessitated following § 6 (1)(b) GDPR for contractual purposes or on the basis of justified interests pursuant to § 6 (1)(f) GDPR in safeguarding effective and economical business operation.
3.2. Upon commissioning any subcontractors to support in performing our services, we shall take the appropriate legal, organisational, and technological measures to ensure the protection of personal data in compliance with the applicable legal requirements.
3.3. If, within the scope of this Data Privacy Statement, content, tools, or other means of third-party service providers (hereinafter jointly referred to as “Third-Party Providers”) are used, and if these are located in a non-member state, it can be assumed that the data transfer takes place in the state of residence of the Third-Party Provider. Non-member states are those states, in which the GDPR legislation is not directly applicable, i.e. generally countries outside of the EU and the EEA. Data are transmitted to non-member states if an appropriate level of data privacy, User consent, or legal permission exists.
4. Performing contractual services
4.1. We process inventory data (e.g. User names, addresses, and contact information), contract data (e.g. services used, names of contact persons, payment information) to fulfil our contractual duties and services pursuant to § 6 (1)(b) GDPR.
4.2. Users have the option of creating a User account, which above all serves the purpose of offering an overview of the order history. The User is informed of the obligatory details required for registration during the registration process. User accounts are not public and cannot be indexed by search engines. On termination of the User account, the data present in the User account are deleted, except for those cases in which their storage is necessary for reasons of commercial or tax law pursuant to § 6 (1)(c) GDPR. When terminating, Users themselves are responsible for the storage of their data in due time before the end of the contract. We reserve the right to irrevocably delete all User data stored for the duration of the contract.
4.3. We store the IP address and time of day of each User registration, log-in action, and when our online services are used. We and the User have a justified interest in storing these data, as it protects against misuse and unauthorised use. These data are generally not transmitted to third parties, except for those cases in which this is necessary to pursue our claims or if legally obliged pursuant to § 6 (1)(c) GDPR.
4.4. We process usage data (e.g. the websites of our Online Offer visited, interest in our products) and certificate data (e.g. contact form entries or the User profile) for advertisement purposes, creating a User profile that allows for the e.g. inclusion of product information based on the services already used.
5.1. When contacting us (via contact form or e-mail), User information is processed to process and handle the contact request pursuant to § 6 (1)(b) GDPR.
5.2. User information might be stored in our customer relationship system (“CRM System”) or a comparable enquiry organisation system.
6. Comments and contributions
6.1. When leaving a comment or other type of contribution, the Users’ IP addresses are stored for seven (7) days on the basis of our justified interests in accordance to § 6 (1)(f) GDPR.
6.2. This protects us from cases in which a contributor leaves behind illicit content (insults, illicit political propaganda, etc.). In this case, we can be held liable for this comment or contribution, justifying our interest in the contributor’s identity.
7. Elicitation of access data and log files
7.1. On the basis of our justified interests in accordance with § 6 (1)(f) GDPR, we collect data about each access to a server hosting our service (so-called server logfiles). These data include the name of the website accessed, date and time of access, data quantity transmitted, notification of successful access, browser type and version, User operating system, referrer URL (website visited before), IP address, and requesting provider.
7.2. Logfile information are stored for a maximum of seven (7) days for security reasons (e.g. to clarify malicious or fraudulent actions). The data are then deleted, unless their further storage is necessary for purposes of evidence, in which case they are stored until the relevant case is clarified in full.
8. Cookies & reach measurement
8.1. Cookies are pieces of information that are transmitted by our web server or the web server of a third party to the User web browser and stored there for later access. Cookies can either be small files or other types of data storage.
8.2. We use so-called “session cookies”, which are only stored for the duration of the visit to our online service (e.g. to store your log-in status and offer our shopping cart function, vital to your use of our Online Offer). These session cookies contain a randomly generated unique identifier, a so-called session ID. Moreover, cookies include information on their origin and storage duration. These cookies are not capable of storing other data. Session cookies are deleted at the end of your visit to our Online Offer on logging out of our service or closing the browser.
8.4. If Users do not desire the storage of cookies on their computer, they are requested to disable the relevant function in their browser’s system settings. Stored cookies can be deleted here as well. The functionalities of this Online Offer can be limited by disabling cookies.
9. Google Analytics
9.2 Google is certified with the privacy shield, which guarantees compliance with European data protection regulations (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
9.3. This information is used by Google, as commissioned by us, to analyse the User’s use of our Online Offer, to compile reports on the activities performed within this Online Offer, and to render other services related to the use of this Online Offer and Internet use. The data processed can be used to create pseudonymised User usage profiles.
9.4. We use Google Analytics to only display advertisements, within the advertisement service network of Google and its partners, to those Users who demonstrated an interest in our Online Offer and who possess certain characteristics (e.g. interests in certain topics or products as determined from the browsing history). These advertisements are transferred by us to Google (so-called “remarketing audiences”, or “Google Analytics audiences”). Remarketing audiences helps additionally ensure that our advertisements correspond to the potential interests of Users and do not have a harassing effect.
9.5. We only use Google Analytics with active IP anonymisation. The User IP address is truncated by Google within EU member states or other parties to the Agreement on the European Economic Area. The full IP address is only transmitted to a Google server in the US and truncated there in exceptional cases.
9.6 The IP address transmitted by the User’s browser is not collated with other Google data. Users can make settings in their browser software to prevent the storage of cookies. Users can additionally prevent Google’s gathering of data related to their use of the Online Offer by the cookie and Google’s processing thereof by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
9.7. Further information on the data usage by Google and configuration and rejection options can be found on the websites of Google: https://policies.google.com/privacy/partners?hl=en (“How Google uses data when you use our partners' sites or apps”), https://policies.google.com/technologies/ads?hl=en ("Advertising"), http://www.google.de/settings/ads (“Managing the information Google uses to show you ads”).
10. Google Re/Marketing Services
10.1. We use the marketing and remarketing services (“Google Marketing Service”) by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, US, (“Google”) on the basis of our justified interests (interest pertaining to the analysis, optimisation, and economical operation and safety of our Online Offer pursuant to § 6 (1)(f) GDPR).
10.2. Google is certified with the privacy shield, which guarantees compliance with European data protection regulations (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
10.3. The Google Marketing Services allow us to only present advertisements for and on our website that are better tailored to the potential interests of Users. If a User is shown e.g. advertisements for products in which he has shown interest other websites, this is referred to as “remarketing”. To this end, on accessing our and other websites with active Google Marketing Services, Google immediately executes a code and includes so-called (re)marketing tags (invisible graphics or code, also referred to as “Web Beacons”) into the website. These allow for the storage of a unique cookies (small file) on the User’s device (or comparable technology). The cookies can originate from various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com, or googleadservices.com. This file includes information on the websites visited by the user, in which content interest has been shown, which offers have been clicked on, further information on the browser and operating system, referring websites, time of visit, as well as further information about the use of the Online Offer. In addition, the User’s IP address is logged. We inform Users that the User’s IP address is truncated by Google within EU member states or other parties to the Agreement on the European Economic Area. The full IP address is only transmitted to a Google server in the US and truncated there in exceptional cases. The IP address is not collated with User data within different Google offers. The aforementioned information can be connected by Google to similar information from other sources. If the User subsequently visits other websites, he might be shown advertisements tailored to his interests.
10.4. User data are pseudonymised for processing within the scope of Google Marketing Services, i.e. Google does not store or process the User e-mail address or name, but rather the relevant data related to the cookie within the pseudonymised User profile. Google does not manage and display advertisements for and to a specifically identified person, but rather for the owner of the cookie, regardless of who the owner is, except for those cases in which Users expressly consent to Google’s processing of these data without pseudonymisation. The data gathered by the Google Marketing Services about the Users are transmitted to Google and stored on Google servers in the US.
10.5. The Google Marketing Services used by us include the online advertisement programme “Google AdWords”, each AdWords customer receives a unique “conversion cookie” within the scope of Google AdWords. As such, cookies cannot be tracked through the websites of AdWords customers. The information gathered through these cookies are used to compile conversion statistics for AdWords customers who opted for conversion tracking. The AdWords customers are provided with the overall number of Users who clicked on their advertisements and were subsequently forwarded to a website which includes the conversion tracking tag. However, they do not receive information that allows for the personal identification of Users.
10.6. We can optionally also use the “Google Optimizer” services, which allows us to perform so-called “A/B testing” to track the effects of certain website modifications (e.g. input field changes, design changes, and the like). Cookies are stored on User devices for these test purposes. All User data are solely processed in a pseudonymised manner.
10.7. We might additionally use the “Google Tag Manager” to include and manage Google analysis and marketing services in our website.
10.8. Further information on Google’s use of data for marketing purposes can be found on the overview page: https://policies.google.com/technologies/ads?hl=en, and Google’s Data Privacy Statement can be accessed here https://policies.google.com/privacy?hl=en.
10.9. If you wish to express your objection to interest-based advertisement through Google Marketing Services, you can use the opt-out and settings possibilities provided by Google: http://www.google.com/ads/preferences.
11. Facebook Social Plugins
11.1. We use the social plugins (“Plugins”) of the social network facebook.com, operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland on the basis of our justified interests (interest pertaining to the analysis, optimisation, and economical operation and safety of our Online Offer pursuant to § 6 (1)(f) GDPR). These plugins might display interaction elements or content (e.g. videos, graphics, or textual contributions). They can be recognised by one of the Facebook logos (white “f” on a blue tile, the term “Like”, or a “Thumbs up” sign) or are labelled as such with the additional mention “Facebook Social Plugin”. A list of Facebook Social Plugins and their appearance can be found here https://developers.facebook.com/docs/plugins/.
11.2. Facebook is certified with the privacy shield, which guarantees compliance with European data protection regulations (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
11.3. If a User accesses a function of this Online Offer, which contains such a Plugin, the User device establishes a direct connection to the Facebook servers. The Plugin content is transmitted directly by Facebook to the User device and included into the Online Offer. The processed data allow for the creation of a User usage profile. Thus, we cannot influence the scope of data collection through the Facebook Plugin and will inform Users in accordance with the state of our knowledge.
11.4. By including the Plugin, Facebook receives information about a User’s access to a certain website of the Online Offer. Facebook can assign the User’s visit to his Facebook account if the User is logged in to Facebook. If Users interact with the Plugins, i.e. by clicking on the Like button or leaving a comment, the relevant information is directly transmitted by your device to Facebook and stored there. If the User is not a member of Facebook, there still exists the possibility of Facebook identifying and storing his IP address. Facebook claims that, in Germany, all IP addresses are anonymised before storage.
11.6. If a User is a Facebook member and does not want Facebook to collect data on him through this Online Offer and to link these data with his data stored on his Facebook account, he needs to log out from Facebook and delete his cookies before using our Online Offer. The Facebook profile offers further settings to manage or object to the use of data for advertising purposes: https://www.facebook.com/settings?tab=ads or through the US website http://www.aboutads.info/choices/ or the European website http://www.youronlinechoices.com/. The settings function across platforms, i.e. they are adopted for all devices such as desktop computer or mobile devices.
12. Facebook, Custom Audiences, and Facebook Marketing Services
12.1. We use the so-called “Facebook Pixel” of the social network Facebook, operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, US or, if you’re an EU resident, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland on the basis of and to serve our justified interests (interest pertaining to the analysis, optimisation, and economical operation of our Online Offer).
12.2. Facebook is certified with the privacy shield, which guarantees compliance with European data protection regulations (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
12.3. The Facebook Pixel enables Facebook to compile a target audience for the display of advertisements (so-called “Facebook Ads”) consisting of Users of our Online Offer. As such, we use the Facebook Pixel to solely display our Facebook Ads to those Facebook Users who demonstrated an interest in our Online Offer and who possess certain characteristics (e.g. interests in certain topics or products as determined from the browsing history), which we communicate to Facebook (so-called Custom Audiences). The Facebook Pixel helps additionally ensure that our advertisements correspond to the potential interests of Users and do not have a harassing effect. The Facebook Pixel also allows us to trace the efficacy of Facebook advertisement for statistical purposes and market research, by tracking whether Users were transferred to our website after clicking on a Facebook advertisement (so-called “Conversion”).
12.4. The Facebook Pixel is immediately embedded by Facebook when accessing one of our websites. It can store a so-called cookie (small file) on your computer. If you subsequently log in to Facebook or visit Facebook while logged in, your visit to our Online Offer is registered in your profile. We cannot identify your person through the data collected about you. However, the data are stored and processed by Facebook, allowing for a connection to your User profile to be used by Facebook and for market research. If we transfer data to Facebook for purposes of comparison, these are encrypted locally in the browser before transmitting them to Facebook through an encrypted https connection. The data are solely transferred to compare them to Facebook's data, which are also encrypted.
12.5. You can object to the gathering and processing of your data by the Facebook Pixel to display Facebook Ads. You can access the specially configured Facebook website to configure which types of advertisements are displayed to you within Facebook. You can also find information on the configurations of usage-based advertisement here: https://www.facebook.com/settings?tab=ads. The settings function across platforms, i.e. they are adopted for all devices such as desktop computer or mobile devices.
13.1. The following information serves to inform you about the content of our newsletters as well as the subscription, distribution, and statistical analysis process and your rights of objection. By subscribing to our newsletter, you consent to receiving the newsletter and to the procedures described below.
13.2. Newsletter content: We distribute newsletters, e-mails, and further electronic messages containing promotional information (hereinafter “Newsletter”), solely with the recipients consent or legal permission. The User’s content is decisive given that the Newsletter’s content is described concretely during the subscription process. Our Newsletter might additionally contain information about our products, offers, promotions, and company.
13.3. Double opt-in and record-keeping: The subscription process for our Newsletter follows a so-called double opt-in procedure, i.e. you will receive an e-mail after registration with the prompt to confirm your registration. This confirmation ensures that nobody can register with third-party e-mail addresses. The Newsletter subscriptions are logged to demonstrate the legal compliance of the subscription process. This includes the logging of the time of subscription and confirmation as well as the IP address. Moreover, changes to your stored data at the distribution provider are logged.
13.4. Subscription data: The specification of your e-mail address suffices to subscribe to the Newsletter.
13.5. The logging of the subscription process is substantiated by our justified interests in accordance with § 6 (1)(f) GDPR. Our interests lie in the use of a user-friendly and safe Newsletter system that serves both our business interests and meets the expectations of our Users.
13.6. Cancellation/revocation: You can unsubscribe (i.e. revoke your consents) from our Newsletter at any time. You will simultaneously void all your consents to their distribution by the distribution service provider and to statistical analyses. Separate revocation of your consent to distribution by the distribution service provider or to statistical analyses is unfortunately not possible. Every Newsletter contains a rescindment link. If Users are only registered for the Newsletter and subsequently unsubscribe, their personal data are deleted.
14. Inclusion of third-party services and content
14.1. We use Third-Party Provider services and content to include their content, such as videos or fonts, (hereinafter “Content”) on the basis of our justified interests (interest pertaining to the analysis, optimisation, and economical operation of our Online Offer pursuant to § 6 (1)(f) GDPR). This always presupposes that these Third-Party Providers register the User’s IP address, as this is necessary to transmit Content to User browsers. The IP address is solely necessary to display this Content. We strive to only use Content of which the provider solely uses the IP address to deliver the Content. Third-Party Providers can additionally use so-called pixel tags (invisible graphics, also referred to as “Web Beacons”) for statistical or marketing purposes. These “Pixel Tags” allow for the analysis of data such as website traffic. The pseudonymised information can furthermore be stored on the User device as cookies, which might contain technological information on the browser and operating system, referring website, time of visiting, as well as other information on the usage of our Online Offer. These might additionally be collated with similar information from different sources.
14.2. In the following, you will find an overview of Third-Party Providers as well as their content and links to their Data Privacy Statements, which contain detailed information to their data processing and, as already mentioned here in part, options to express your objection (so-called opt-out):
15. Rights of Users
15.1. Users have the right to request information on the personal data stored by us about them at no charge.
15.2. Additionally, users have the right to rectify incorrect data, to limit their distribution, and to the deletion of their personal data, and, where appropriate, exert their rights to data portability. Users can lodge a complaint with the competent supervisory authority to express an assumption of unlawful data processing.
15.3. Users can also revoke their consents, generally with effect from the future.
16. Data deletion
16.1. We deleted the data stored by us if they are no longer required for their intended purposes and if their deletion is not prohibited by legal retention requirements. If the User data are not deleted because they are necessary for other, legally allowed purposes, their processing shall be restricted, i.e. the data are blocked and not used for other purposes. This applies to e.g. User data that must be stored for reasons of commercial or tax law.
16.2. In accordance with statutory requirements, data are stored for six (6) years pursuant to § 257 (1) German Commercial Code [HGB] (trading books, inventories, opening balances, annual reports, commercial letters, accounting documents, etc.) or for ten (10) years pursuant to § 147 (1) Regulation of Taxation [AO] (accounts, records, status reports, accounting documents, commercial and business letters, documents relevant to taxation, etc.).
17. Right of objection
17.1. Users can reject to the future processing of their personal data at any time, following statutory regulations. This rejection can in particular apply to the processing for direct advertising purposes.
18. Changes to this Data Privacy Statement
18.1. We reserve the right to modify the Data Privacy Statement and adapt them to changes in the legal situations or services or data processing. However, this only applies to statements pertaining to data processing. If User consents are necessary or if parts of the Data Privacy Statement contain provisions on the contractual relationships with Users, these changes are only made with the Users’ consent.
18.2. Users are requested to regularly consult the content of this Data Privacy Statement.