Data protection policy
1. Name and contact data of the data controller and also the company data protection officer
This Data Protection Policy covers data processing by:
21 rue du pré Faucon
PAE Les Glaisins
BP 60348 F.
74943 Annecy le Vieux
The data protection officer of Eider, Mr. Christof Stöckli can be reached under firstname.lastname@example.org.
2. Collection and storage of personal data and also nature and purpose and their use
a) When visiting the website
When you access our websites the browser on your end device automatically sends information to our website server. This information is temporarily saved in a log file. The following information is collected without any action on your part and deleted automatically after 4 weeks:
- IP address of the querying computer,
- date and time of the access,
- name and URL of the accessed file,
- website from which the access was made (referrer URL),
- browser type and version and also further information sent by the browser (such as your computer’s operating system, the name of your access provider, geographical origin, language setting etc.).
We process these data for the following purposes:
- ensuring trouble-free connection to the website,
- ensuring comfortable use of our website,
- evaluating system security and stability and also
- for further administrative purposes.
The legal foundation for the data processing is Art. 6 Subs. 1 Sentence 1 lit. f General Data Protection Regulation (GDPR). Our legitimate interest follows from the above purposes for the data collection. Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person.
b) When registering for our newsletter
In so far as you have expressly consented under Art. 6 Subs. 1 Sentence 1 lit. a GDPR, we will use your email address to regularly send you our personalised newsletter. Providing an email address is sufficient for receiving the newsletter.
Cancellation is possible at any time, e.g. via a link at the end of every newsletter.
Alternatively, you can cancel at any time by sending an email to email@example.com.
If you would like to personalize your newsletter voluntarily, we need the following information from you:
- given name, surname,
- country, postal code, city
- date of birth and
- certain interests.
The data processing of these voluntarily given information is based on our legitimate interests under Art. 6 Subs. 1 Sentence 1 lit. f GDPR. Our legitimate interest follows from the above purposes for the data collection.
c) When using our contact form
If you have questions of any nature, you can get in touch with us via a form available in the website contact information. This requires the stating of a valid email address and also your name, a telephone number, the query and a message so that we know who sent the query and how we can answer it.
The data for the purpose of contacting us are processed under Art. 6 Subs. 1 Sentence 1 lit. f GDPR on the basis of our legitimate interests.
The personal data we collected for using the contact form will be automatically deleted after your query has been dealt with.
3. Transfer of data to third parties
Your personal data will not be transferred to third parties for purposes other than those given below.
For contract processing
In so far as this is legally permissible and under Art. 6 Subs. 1 Sentence 1 lit. b GDPR required for the processing of contractual relationships with you, your personal data will be transferred to third parties. This includes in particular transfer to shipping companies for the purpose of delivering the goods you ordered and the transfer of payment data to payment service providers and/or banks to carry out a payment transaction. The transferred data may be used by the third parties solely for the stated purposes.
The cookie stores information which arises in conjunction with the specifically used end device. This does not mean, however, that this gives us direct knowledge of your identity.
Cookies are used on the one hand so that we can make the use of our offerings more pleasant for you. Therefore, we use session cookies to recognise that you have already visited individual pages our website, you have already logged on in your user account or for displaying the shopping cart. These are automatically deleted after you leave our website.
In addition, we use temporary cookies saved on your end device for a certain defined period to optimise user friendliness. If you visit our website again to use our services, it is automatically recognised that you were already here before and which entries and settings you made so that you do not have to repeat them.
The data processed by cookies are required for the stated purposes to protect our legitimate interests and also of third parties under Art. 6 Subs. 1 Sentence 1 lit. f GDPR.
Most browsers accept cookies automatically. You can configure your browser, however, so that no cookies are saved on your computer or a message always appears before a new cookie is created. Complete deactivation of cookies can, however, lead to you not being able to use all the functions of our website.
5. Analytical tools
The following tracking and targeting measures which we use are carried out on the basis of Art. 6 Subs. 1 Sentence 1 lit. f GDPR.
With the deployed tracking measures we want to ensure an appropriate design and continuous optimisation of our website. On the other hand, we use tracking measures to compile statistics on the use of our website and to evaluate the optimisation of our offerings for you.
Via the deployed targeting measures we want to ensure that you only see advertising tailored to your actual or presumed interests on your end devices.
These interests are to be considered as justified within the meaning of the aforementioned regulation.
The pertinent data processing purposes and data categories can be found in the corresponding tracking and targeting tools.
a) Google Analytics
· web browser type / version,
· operating system used,
· referrer URL (the previously visited website),
· host name of the accessing computer (IP address),
· time of server request,
are transmitted to and stored on a server belonging to Google in the USA. Google is subject to the EU-US Privacy Shield so that an adequate level of data privacy is ensured.
The information will be used for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage for the purposes of market research and ensuring an internet experience tailored to users' needs. Furthermore, this information may be transferred to third parties to the extent that this may be legally required or those third parties process these data on our behalf. Under no circumstances will your IP address be associated with any other data held by Google. The IP addresses will be anonymised so that attribution is not possible (IP masking).
You can block the installation of cookies by selecting the appropriate settings in your web browser software; however, please note that if you do so, you may not be able to use the full functionality of this website.
You can also block the collection of the data generated by the cookie and relating to your usage of our website (including your IP address) and the processing of such data by Google by downloading and installing a web browser add-on .
More information on data privacy in relation to Google Analytics can be found on the Google Analytics Help page.
This website uses technologies from Criteo GmbH to collect and save information on the surfing behaviour of website visitors in anonymised form for marketing purposes. This is done by means of cookies (see section 4). Criteo uses an algorithm to analyse surfing behaviour and can then display targeted personalised advertising banners adverts on other websites (publisher). Under no circumstances can the collected data be used to personally identify visitors of this website. The collected data will be used solely to improve our offerings. There will be no other use or transfer to third parties.
You can object to the anonymised analysis of your surfing behaviour on this website by clicking on this link .
If you have opted out (opt-out cookie) and you would like to see personalised Criteo banners again, please click here .
Further information about the Criteo technology can be found in the Criteo data protection policy.
c) Facebook Custom Audiences
In addition, we also use Facebook website custom audiences of Facebook Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland). This is a marketing service at Facebook. It enables us to have individually coordinated and interest-based advertising on Facebook shown to certain groups of pseudonymised visitors to our website who also use Facebook.
On our website, we use Eulerian Analytics – a web analytics service located at162 Boulevard de Magenta, 75010 Paris, France – in order to collect statistical data about our website for the purposes of optimising it. To this end, a Eulerian Analytics cookie will be placed on your computer. These cookies are used to analyse your browser information – the behaviour of visitors to our site. The content of this information may relate to the device being used (computer, tablet, mobile phone), advertising processing, the time of visiting our website, etc.
Data obtained with the aid of these cookies do not enable us, under any circumstances, to identify our visitors either directly or indirectly. The data are transmitted to Eulerian Technologies in encrypted form; we cannot decode them.
This information is used to analyse use of our web site and generate reports on the site’s activity, in order to carry out market research which helps to optimise the design of our website and equip it with other services associated with use of websites and the internet.
The obtained data will not, under any circumstances, be pooled with other data that Eulerian Technologies has obtained from other websites.
You can prevent the installation of cookies by adjusting the settings of your browser software accordingly. However, please note that in this case you will not always be able to use all of the functions on our website.
You can find additional information on data protection at Eulerian Technologies in their Data Protection Charter, available at https://www.eulerian.com/en/privacy/.
e) Google Tag Manager
We use the Google Tag Manager tool provided by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: "Google"). Google Tag Manager helps us to manage the tools about which we inform users in this Data Privacy Statement. You can find more details regarding these tools in the information on the respective tool.
The tag manager tool itself (which implements the tags) is a cookie-free domain. The tool controls the triggering of other tags which again may collect data under certain circumstances. Google Tag Manager will not access those data. If deactivation was made at the domain or cookie level, this continues to apply to all tracking tags which are deployed with Google Tag Manager. You can find more information about Google Tag Manager in the Use Policy for this product.
On this web page, we use the technology of the company trbo GmbH, Römerstraße 6, 80801 Munich (hereinafter called “trbo”) and we process data from which pseudonymized profiles are created in order to offer you personalized customer benefits and measure take-up of our online offers and the efficiency of our online advertising.
These pseudonymized user profiles are used to analyze users’ behavior, and are analyzed in order to improve and adapt our offering to users’ needs. Unless the person concerned separately gives their explicit consent, the pseudonymized usage profiles are not associated with personal data on the pseudonym holder.
For order processing, we have entered into a contract with trbo that guarantees to trbo that data processing complies with the General Data Protection Regulation and safeguards the rights of the people concerned.
You can reject the creation of cookies at any time by clicking on this link.
To learn more about trbo’s data protection policy, click here.
We use the Hotjar analytics service (3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta, Europe) on our website. Hotjar is a tool for studying user behaviour that enables us to measure and evaluate the behaviour of visitors to our website (such as mouse movement, clicks and scroll height).
Hotjar places cookies for this purpose (see item 4) on the devices of site visitors which can store their browser information, operating system, data on time spent on the site, etc. in anonymised form.
h) Bing Ads
We utilise Bing Universal Event Tracking (UET) from Microsoft Bing Ads. This is a service of the Microsoft Corporation ("Microsoft") that allows us to track user activity on our website when the user navigates to our website via Bing Ads advertisements.
A cookie is placed on your computer when you visit our website via a Bing Ads ad, (see item 4). A Bing UET tag is integrated into our website. This tag is a code which in combination with the cookie stores certain non-personally data about your use of the site. This includes the time spent visiting the website, the areas of the website that were visited and the ads via which the user navigated to the website. Information about your identity is not collected.
This information is transmitted to Microsoft servers in the US and stored there for a maximum 180 days. Microsoft is subject to the EU-US Privacy Shield, which guarantees an appropriate level of privacy.
For more information on Bing analytics services, visit the Bing website .
See the Microsoft Data Privacy Policies for further information about data protection at Microsoft.
i) Google Adwords Conversion
We also use Google Conversion Tracking from Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA to statistically capture and analyse the use of our website in order to optimize our offerings for you. To this end, Google Adwords saves a cookie (see sect. 4 above) on your computer in so far as you access our website via a Google advertisement.
These cookies expire after 30 days and do not permit personal identification. If the user visits certain pages of the Adwords customer’s website and the cookie has not yet expired, Google and the customer can recognize that the user clicked the advertisement and was redirected to that page.
Every Adwords customer receives a different cookie. Thus, cookies cannot be tracked via the webpages of Adwords customer. The information generated via the conversion cookie is used to produce conversion statistics for Adwords customers who have opted to use conversion tracking. The Adwords customers find out the total number of users who clicked their advertisement and were redirected to a page containing a conversion tracking tag. They do not receive any information, however, which can be used to identify users personally.
If you do not want to take part in the tracking procedure, you can refuse the required cookie – for example via browser settings which generally deactivate the automatic saving of cookies. You can also deactivate cookies for conversion tracking by setting your browser so that it blocks cookies from the "www.googleadservices.com" domain.
You can find Google's privacy notice on conversion tracking here .
j) Google Dynamic Remarketing
We use the functions of Google Dynamic Remarketing in connection with the cross-device functions of Google AdWords and Google DoubleClick.
This function allows the linking of the advertising target groups created with Google Dynamic Remarketing with the cross-device functions of Google AdWords and Google DoubleClick. In this way, interest-related, personalised advertising messages that have been adapted to you based on your earlier use and surfing behaviour on a terminal device (e.g. mobile phone) can be displayed also on any other of your terminal devices (e.g. tablet or PC).
If you have given appropriate consent to Google, Google will link your web and app browser history with your Google account for this purpose. In this way, the same personalised advertising messages can be shown on any of your terminal devices when you log on to your Google account.
To support this function, Google Analytics captures Google-authenticated IDs of the users that are temporarily linked with our Google Analytics data to define and create target groups for cross-device advertising.
You can permanently object to cross-device remarketing/targeting by deactivating personalised advertisements in your Google account. To do this, go to https://www.google.com/settings/ads/onweb/.
More information and the data protection provisions are provided in Google's data privacy statement at https://www.google.com/policies/technologies/ads/.
k) Google Audiences
On this website, we used the GA Audiences tool, a web analytics service by the contractor Google LLC (1600 Amphitheatre Parkway, Mountain View CA 94043, United States), hereinafter called “Google”. In this context, user profile data are collected and saved under a pseudonym.
With this technology, users who have already visited our web pages and online services will see targeted advertising from us on other external pages of the Google Partner network.
GA Audiences thus has access to the cookies created within the scope of using Google Analytics (see point 4). Some data are assessed for several devices at once.
We can therefore analyze a user’s behavior when they visit our website, then make targeted product recommendations and run advertising based on their interests.
Google is subject to the EU-US Privacy Shield, so an appropriate level of protection is guaranteed.
The cookies are automatically deleted after 30 days.
You will find further details and the data-protection provisions relating to advertising and Google in Google’s confidentiality rules and conditions of use
6. Data subject rights
You have the right:
- pursuant to Art. 15 GDPR to demand information about your personal data we process. In particular, you can demand information about the purposes of the processing, the category of the personal data, the categories of recipients to whom your data were or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction or revocation of processing, the existence a right to lodge a complaint, the origin of your data, in so far as not collected by us, and also about the existence of automated decision-making including profiling and where appropriate meaningful information about to details thereof;
- pursuant to Art. 16 GDPR to demand immediate rectification of inaccurate or completion of your personal data saved with us;
- pursuant to Art. 17 GDPR to demand deletion of your personal data saved with us, in so far as the processing is not required for exercising the right of freedom of expression and information, to comply with a legal obligation, for reasons of public interest or to establish, exercise or defend legal claims;
- pursuant to Art. 18 GDPR to demand restriction of processing of your personal data, in so far as you contest the accuracy of the data, the processing is unlawful but you oppose deletion and we no longer need the data but you do to establish, exercise or defend legal claims or you have objected to processing pursuant to Art. 21 GDPR;
- pursuant to Art. 20 GDPR to receive your personal data you have provided us in a structured, commonly used and machine-readable format or to demand transmission to another controller;
- pursuant to Art. 7 Subs. 3 GDPR to withdraw your consent to us at any time. This means that we may no longer continue processing the data based on that consent for the future and
- pursuant to Art. 77 GDPR to lodge a complaint to a supervisory authority. As a rule, you can contact the supervisory authority for your habitual residence or place of work or our registered offices.
7. Right to object
In so far as your personal data are processed on the basis of legitimate interests pursuant to Art. 6 Subs. 1 Sentence 1 lit. f GDPR, you have the right, pursuant to Art. 21 GDPR, to object to the processing of your personal data, in so far as there are grounds arising from your particular situation or it relates to objection to direct advertising. In the latter case, you have a general right to object which we shall heed without the stating of a particular situation.
If you want to exercise your right to object, simply send an email to firstname.lastname@example.org
8. Data Security
All the data you personally transfer will be sent encrypted with the customary and secure TLS standard (Transport Layer Security). TLS is a secure and proven standard, which is also used for online banking, for example. You can recognise a secure TLS connection inter alia by the "s" appended to the http (i.e. https://..) in the address bar of your browser or by the lock symbol at the bottom of your browser.
We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continually monitored and improved to reflect technological developments.
9. Actuality of and changes to this Data Protection Policy
This Data Protection Policy is the latest version and was last amended as of June 2018.
The further development of our website and offers on it or changes in statutory or public-authority requirements many render it necessary to amend this Data Protection Policy. The latest version of Data Protection Policy can be downloaded and printed out at any time from the website under https://www.eider.com/en/data-protection-policy.html