Privacy Policy
Privacy Policy 321wms for eKey
Privacy Policy 321wms for eKey
version: 1.0
effective date: 2023 - 08 - 20
1. Name and contact details of the body responsible for the data processing (“Controller”)
This Privacy Policy applies to the data processing by:
eKey Warehouse GmbH
Adam-Opel-Str.10 im Hof. Geb.A
60386 Frankfurt am Main Germany
This Privacy Policy applies for the following domains and their subdomains as well as all services offered by eKey and other responsible domains.
2. Collection and use of your data
The scope and nature of the collection and use of your data differ according to whether you only visit our website for obtaining information or use any offers we propose on our website which require you to disclose further data concerning you.
2.1.When you visit our website
When you visit our website, the browser which you use on your terminal automatically sends information to the server of our website. This information is temporarily stored in a so-called log file.
The following information is collected without any contribution on your part and stored until its automated deletion:
● IP address of the requesting computer,
● Date and time of access,
● Name and URL of the retrieved file,
● Website from which the access is made (referrer URL),
● the browser used and, as the case may be, the operating system of your computer and the name of your access provider.
If you visit our website for information purposes only, we only collect and use the aforesaid information as non-personalised data. The collection and use of this data is indispensable to enable the use of the web pages you have accessed and to enable us to control whether the web pages are displayed to you in an optimal manner.
We use the IP address only for the duration of your visit and store the data exclusively in anonymised form for logging purposes; for this, we shorten the IP address such that it can no longer be related to a specific computer.
The legal basis for the processing is Art. 6 (1) sentence 1 point (f) GDPR (weighing of interests) and the processing is based on our interest in displaying our web pages to you in a reliable and preferably failure-free manner.
2.2.When you subscribe to our newsletter
Subject to your explicit consent given under Art. 6 (1) sentence 1 point (a) GDPR, we will also use your email address for sending you our regular newsletter. If you have subscribed to our newsletter, we will send you regular emails to provide you with current information and offers regarding our services. If you want to receive the newsletter, you only need to provide us with an email address.
For the subscription to our newsletter, we use the so-called double opt-in procedure. This means that, after you have provided us with your email address, we will send you a confirmation email to the email address provided by you, in which we ask you to confirm that you want us to send you our newsletter. If you do not confirm our email within 24 hours, your subscription will be deleted automatically. If you confirm your subscription to the newsletter, we will store your email address until you unsubscribe. The storage only serves the purpose of enabling the sending of the newsletter. In addition, we store the IP addresses from which you subscribe to the newsletter and confirm your subscription as well as the times when you do that, in order to prevent any misuse of your personal data.
The only required field for sending the newsletter is your email address. If you disclose further data to us, these will be used for personalising the newsletter. These data, too, will be deleted completely when you unsubscribe or withdraw your consent. You may at any time withdraw your consent to receiving the newsletter. You can withdraw your consent by clicking the link which is provided in every newsletter email.
2.3. When you use the contact form
We can propose the option to contact us through the contact form provided on our website. In this case, you will be asked to fill in certain required fields, which may differ depending on the nature and purpose of the request or contact form.
We collect your personal data if you voluntarily disclose them to us for the purposes of your request or when you contact us. Required fields are specifically marked. You can see from the entry forms which data we collect.
The data processing for the purpose of contacting us is based on your voluntary consent according to Art. 6 (1) sentence 1 point (a) GDPR. The personal data we collect when you use the contact form will be deleted after your request has been processed.
If you are already our customer and send us a request in the context of our contractual relationship, we will use the data you have provided to us for processing your requests in accordance with Art. 6 (1) sentence 1 point (b) GDPR (necessary for contract performance). After the request has been finally processed or the contract has been performed, the further processing of your data will be restricted and the data will be deleted after expiry of the statutory retention periods.
3 Registration / Customer account
If you use our website or another communication channel to enter into a contract with us for the use of our services, your data will be stored in a customer account.
We collect personal data if you disclose them to us voluntarily in the context of contract initiation or when you contact us or when a customer account is established. Required fields are specifically marked because we are in need of these data for contract performance, for processing your contact request or for establishing the customer account. The purchase order and/or opening of the customer account cannot be completed and/or the contact request cannot be processed without these data.
You can see from the entry forms and/or the fields in the forms which data are collected. We use the data you have disclosed to us for performing the contract and for processing your requests, as provided for by Art. 6 (1) sentence 1 point (b) GDPR (necessary for contract performance). After the contract performance has been completed or your customer account has been deleted, the further processing of your data will be restricted and the data will be deleted after expiry of the retention periods prescribed by tax law and commercial law.
The use of the data will only be continued if you have explicitly consented to the further processing of your data or we have reserved the right of further use of the data, provided this is permitted by law and we have informed you about such further use in this Privacy Policy. You can delete the customer account at any time, either by sending a message to the contact address stated herein or by using the appropriate feature in the customer account.
Your personal data are not transferred to third parties for purposes other than those stated in this Privacy Policy.
We only disclose or transfer your personal data to third parties if:
●you have explicitly consented to the disclosure or transfer according to Art. 6 (1) sentence 1 point (a) GDPR,
● the disclosure or transfer is necessary for the establishment, exercise or defence of legal claims according to Art. 6 (1) sentence 1 point (f) GDPR and there is no reason to assume that you have an overriding interest in the non-disclosure of your data,
● there is a legal obligation to disclose or transfer the data according to Art. 6 (1) sentence 1 point (c) GDPR, and
● this is permitted by law and necessary for performing contractual relationships with you according to Art. 6 (1) sentence 1 point (b) GDPR.
We use paypal (PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg) as a payment service provider whose platforms can be used by us and the users for processing payment transactions for plug-in purchases on plentymarketplace. The Privacy Policy of paypal is available under the following link:
https://www.paypal.com/de/webapps/mpp/ua/privacy -full
The legal basis for involving the payment service providers in the context of contract performance is Art. 6 (1) sentence 1 point (b) GDPR. Otherwise, we involve external payment service providers based on our legitimate interests according to Art. 6 (1) sentence 1 point (f) GDPR to provide our users with an efficient and secure payment option.
The processing of payment transactions is governed by the terms and conditions of business and the data protection information of the payment service provider, which can be retrieved directly from the payment service providers during the payment process. With respect to the data stored by the payment service provider, you may assert against the payment service provider the right of access to, and information about, the stored data as well as all other rights to which you are entitled as a data subject.
The data processed by the payment service provider include, for instance, names and addresses, bank details (e.g. account numbers or credit card numbers, access data and checksums) as well as the details of the payment and the payment recipient. This information is necessary for processing the payment transaction. The data provided by you are processed and stored exclusively by the payment service provider. We only get informed about whether the payment has been confirmed or rejected. However, the payment service providers may transfer the data to credit enquiry agencies. For this, please read the GTC and data protection information of the relevant payment service provider.
In order to provide the services we offer and keep our online offer available, we engage service providers who provide the technical infrastructure. If and to the extent necessary, we have concluded with our service providers agreements for data processing on our behalf. We have informed our contractual partners that the relevant service providers act as our sub-suppliers.
If your data are not processed within the European Union, they may only be processed in a third country if the special conditions of Art. 44 et seq. GDPR are fulfilled. This means that the processing of your data is subject to compliance with appropriate safeguards. Such safeguards may consist either in a so-called adequacy decision whereby the EU Commission decides that the relevant third country ensures an adequate data protection level equal to that of the EU or in the compliance with officially acknowledged special contractual obligations - the so-called “standard contractual clauses”.
We use the services of the provider Amazon Web Services, Inc(AWS). Further information on data processing by services can be found in the privacy policy of Amazon Web Services, Inc.: http://aws.amazon.com/privacy.
Amazon Web Services, Inc.
206-266-7010
410 Terry Avenue North,
Seattle, WA 98109-5210
U.S.A.
Amazon Web Services, Inc. is a hosting provider for us. A section of our website is provided by this provider. The legal basis for the processing is Art. 6 (1) sentence 1 point (f) GDPR (weighing of interests) and the processing is based on our interest in displaying our web pages in a reliable and preferably failure-free manner.
Amazon Web Services, Inc.
206-266-7010
410 Terry Avenue North,
Seattle, WA 98109-5210
U.S.A.
7 Cookies and Analysis Functions
We use cookies on our website. These are small files which are automatically generated by your browser and stored on your terminal (laptop, tablet, smartphone or the like) when you visit our website. Cookies do not cause any harm to your terminal, they do not contain viruses, trojans or other malware.
In the cookie, information is stored which arises in connection with the specific terminal used. However, this does not mean that we can immediately identify you by that information.
First of all, the use of cookies helps us make the use of our website more comfortable for you. We use so-called session cookies to recognise that you have already visited individual pages of our website before. These cookies are deleted automatically when you have left our website.
In addition, also for the purpose of optimising the user-friendliness of our website, we use temporary cookies which are stored on your terminal for a certain specified period. If you come back to our website and use our services again, we automatically recognise that you have already visited us before and we know which entries you have made and which settings you have chosen before to spare you from entering them again.
You can in your discretion set your browser to accept or block the setting and retrieval of cookies. You can, for instance, completely disable the storage of cookies in your browser or restrict their storage to certain websites or configure your browser to alert you automatically when a cookie is being set and ask you for acceptance or refusal. You can also block or delete certain individual cookies. This may however cause certain features of our website to be impaired for technical reasons so that they no longer work properly.
• Essential cookies enable the basic features and functions and are necessary to ensure faultless operation of the website.
• Statistics cookies collect information in anonymous form. This information helps us understand how our visitors interact with our website.
• Contents of video platforms and social media platforms are blocked by default. If cookies of external media are accepted, access to these contents no longer requires manual acceptance.
• Functional cookies allow user choices and preferred user settings to be saved (e.g. the disabling of automatic language redirection).
We only use statistics cookies, cookies of external media and largely functional cookies if you consent to their use. You can accept or refuse these cookies by clicking a banner which appears when the cookie which is necessary for choosing the aforesaid functions has not yet been set (consent cookie). The acceptance or refusal is saved in this consent cookie which is an essential cookie.
8 Integration of third-party services
On our website, we use content or services offered by third parties; the legal basis for this use is either our legitimate interest (Art. 6 (1) sentence 1 point (f) GDPR) or the consent you have given (Art. 6 (1) sentence 1 point (a) GDPR).
The functioning of the said contents requires the parties providing them to identify the IP addresses of the users. The IP address is necessary for displaying and using the contents.
However, the third-party providers may also use pixel tags or cookies for statistical purposes or marketing purposes. Pixel tags are invisible graphics, which are also called “web beacons”. They allow the providers to collect and analyse additional information about the interaction with websites. This Privacy Policy explains to you how you can disable or restrict the use of these data which are usually anonymous.
The following data are processed where third-party services are integrated in our website:
• Data categories: usage data (e.g. websites visited, interest in contents, times of access), meta / communication data (e.g. IP addresses, device information).
• Data subjects: website visitors and users of online services.
• Purposes of the processing: marketing, profiles with user-related information, remarketing, identification of audiences that are relevant for marketing purposes or other content issue, measuring the efficiency of marketing measures.
• Security measures: seudonymization of IP addresses.
The legal basis for the data processing is the data subjectʼs consent (Art. 6 (1) sentence 1 point (a) GDPR) or the providerʼs legitimate interest (Art. 6 (1) sentence 1 point (f) GDPR).
If your data are not processed within the European Union, they may only be processed in a third country if the special conditions of Art. 44 et seq. GDPR are fulfilled. This means that the processing of your data is subject to compliance with appropriate safeguards. Such safeguards may consist either in a so-called adequacy decision whereby the EU Commission decides that the relevant third country ensures an adequate data protection level equal to that of the EU or in the compliance with officially acknowledged special contractual obligations - the so-called “standard contractual clauses”.
9 Consent and withdrawal of consent
If and to the extent that we are not allowed to process personal data for the purposes of our legitimate interests (Art. 6 (1) sentence 1 point (f) GDPR) or for the purposes of contract performance (Art. 6 (1) sentence 1 point (b) GDPR), as described in the foregoing provisions, the processing is based on the consent given by you (Art. 6 (1) sentence 1 point (a) GDPR). As far as our website is concerned, a banner is displayed to you asking for your consent. There you can give or deny consent to the features and functions specified in § 9 and § 10 of this Privacy Policy.
You may at any time withdraw your consent with effect for the future by adjusting your personal settings in the field “Cookie settings” or “See/change my privacy settings” at the bottom of our websites where you can activate or deactivate the relevant buttons.
For the purposes of the contractual services we provide, we conclude with our customers agreements for data processing on behalf, which contain further information and regulations regarding the data processing.
We explicitly refer to the data protection information of the relevant providers and the proposed opt-out options. If no opt-out option is offered in any individual case, you may in any case disable the cookies in your browser settings. This may however cause restrictions of the features and functions of our website.
You can also use general opt-out options. The following options are available:
Europe: https://www.youronlinechoices.eu
and for all territories:
We use the services of the provider AWS for the hosting and management of our websites. These services are provided by Amazon Web Services, Inc.
206-266-7010
410 Terry Avenue North,
Seattle, WA 98109-5210
U.S.A.
Further information on data processing by Hubspot and Hubspot's services can be found in HubSpot's privacy policy:
https://legal.hubspot.com/privacy-policy
We use the following AWS services:
● AWS LoadBalancer
We use the service to access additional services and data from HubSpot, Inc. Your IP address is transmitted in the process. The use is based on our legitimate interests in the provision of our website and its optimisation (pursuant to Art. 6 para. 1 lit. f. GDPR).
● AWS CloudFront
A CDN is used to make the content of our websites, in this case files such as graphics or scripts, available more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to HubSpot's servers, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of the HubSpot CDN. The use of the CDN is based on our legitimate interests,i. e. interest in the secure and efficient provision of our websites within the meaning of Art. 6 para. 1 lit. f. GDPR.
● Analytics
We use AWS CloudWatch as an analysis service for the statistical evaluation of our websites. This includes, for example, the number of visits to our website, subpages visited and the time spent by visitors. HubSpot Analytics uses cookies and other browser technologies to evaluate user behaviour and recognise users. We process data with the help of HubSpot Analytics for the purpose of optimising our website and for marketing purposes on the basis of your consent in accordance with Art. 6 para. 1 lit. a. GDPR.
If the user, when subscribing to the newsletter, was explicitly made aware of tracking for statistical purposes and has consented thereto, we are allowed to carry out newsletter tracking. For this purpose, we use a web beacon (also called tracking pixel). When sending the newsletter, the external server can collect certain data of the recipient such as the time of access, the IP address or information on the email software used by the recipient (client).
The name of the image file is individualised for each email recipient by adding a unique ID. The email sender remembers which ID belongs to which email address and, when an image is retrieved, the sender can determine which newsletter recipient has just opened the email.
We store and analyse the personal data which are collected by the tracking pixels contained in the newsletters to optimise the newsletter distribution and better tailor the content of future newsletter to the recipients’ interests. The data are not transferred or disclosed to third parties.
The user can prevent the tracking by setting his/her email software to disable the loading of images in emails. If the user unsubscribes from the newsletter, we will consider this as a withdrawal of the userʼs consent.
We have pages on the social networks. This is another channel for us to inform our customers and potential customers about the services we offer. The networks can also be used for simple communication or interaction regarding our services and our company. For this, the terms and conditions of business and the privacy policies of the platform operators apply.
The data of the users may be processed outside the European Union, which may bear risks. It may for instance be more difficult for the user to assert and enforce his/her rights.
The social media providers usually use the data in the social networks to prepare user profiles, which influences the display of ads and other contents. For this purpose, the providers use cookies which store the user behaviour and the interests of the users. For the details regarding the nature and scope of the processing and the possibilities to opt out or object to the processing, please go to the terms of service and the privacy policies of the relevant networks.
You can always address any information requests and claims regarding your rights as a data subject directly to the relevant platform. The assertion of claims directly with the platform is more efficient because only the network operators have direct access to the data. We will support and assist you if needed.
We are also allowed within the limits of this Privacy Policy to process the data which customers, potential customers and users provide to us through the platforms. The processing is based on your consent (Art. 6 (1) sentence 1 point (a) GDPR) or on the purpose of contract performance (Art. 6 (1) sentence 1 point (b) GDPR) or on our legitimate interest (Art. 6 (1) sentence 1 point (f) GDPR).
13 Data protection in applications and application procedures
We collect and process personal data of applicants for handling and processing application procedures. The data may also be processed electronically, which in particular occurs when an applicant sends his/her application documents electronically, e.g. by email. If we enter into an employment contract with an applicant, the data provided to us are stored in accordance with the statutory provisions for the purpose of processing the employment relationship. If we do not enter into an employment contract with the applicant, the application documents will be deleted three months after the application has been rejected unless there are other legitimate interests preventing the deletion. Such a legitimate interest may for instance be the burden of proof in proceedings under the Allgemeines Gleichbehandlungsgesetz (German General Act on Equal Treatment - “AGG”).
The legal basis for the data processing is Art. 6 (1) sentence 1 point (b) GDPR if and to the extent the processing is necessary in order to take steps prior to entering into a contract. If no employment contract is concluded, the data processing is based on Art. 6 (1) sentence 1 point (f) GDPR.
14 Termination, correction and deletion
As a user, you can at any time terminate the registration. You can have your personal data which have been stored by us corrected at any time. Please let us know if you want to renounce digital provision of the data.
If the data are necessary for the performance of a contract or in order to take steps prior to entering into a contract, early deletion of the data is only possible if there is no contractual or legal obligation preventing the deletion.
You have the right
• under Art. 15 GDPR to obtain information about, and access to, your personal data processed by us. You may in particular (without limitation) request information about the purposes of the processing, the categories of the personal data concerned, the categories of recipients to whom your data have been or are being disclosed, the envisaged period of storage, the existence of the right to request rectification or erasure of personal data or restriction of processing or the right to object to the processing, the existence of the right to lodge a complaint, the source of the data if they have not been collected by us as well as about the existence of automated decision-making including profiling and, if applicable, meaningful information about the details thereof.
● under Art. 16 GDPR to request and obtain without undue delay the rectification of inaccurate, or completion of incomplete, personal data concerning you which we have stored;
● under Art. 17 GDPR to request and obtain the erasure of your personal data stored by us unless the processing is necessary for exercising the right of freedom of expression and the right to information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
● under Art. 18 GDPR to request and obtain the restriction of the processing of your personal data if the accuracy of the personal data is contested by you, the processing is unlawful and you oppose the erasure of the personal data and we no longer need the personal data but they are required by you for the establishment, exercise or defence of legal claims or if you have objected to the processing pursuant to Art. 21 (1) GDPR;
● under Art. 20 GDPR to receive the personal data you have provided to us in a structured, commonly used and machine-readable format or to request the transmission of the data to another controller;
● under Art. 7 (3) GDPR to withdraw your consent given to us at any time. As a consequence, we will no longer be allowed to continue the data processing, which was based on that consent, in the future; and
● under Art. 77 GDPR to lodge a complaint with a supervisory authority. As a rule, you can lodge the complaint with the supervisory authority at the place of your habitual residence or your place of work or our company domicile.
You have the right under Art. 21 GDPR to object, on grounds relating to your particular situation, at any time to the processing of your personal data which is based on legitimate interests according to Art. 6 (1) sentence 1 point (f) GDPR, or if your data are processed for direct marketing purposes. In the latter case, you have an unconditional right to object to the processing, which we will admit and implement without any need for you to state a particular situation.
For exercising your right of withdrawal or objection, it will be sufficient to send an email to the email address indicated in this Privacy Policy.
While you are visiting our website, we use the common SSL procedure (Secure Socket Layer) in combination with the highest encryption level that is supported by your browser. This usually is the 256-bit encryption. If your browser does not support 256-bit encryption, we use the 128-bit v3 technology instead. You can see by the closed key or lock symbol in the status bar at the bottom of your browser window whether or not the
transmission of individual pages of our website is encrypted.
In addition, we use appropriate technical and organisational measures to protect your data from accidental or wilful manipulation, partial or total loss, destruction or unauthorised access by third parties. Our security measures are continuously improved according to technological progress.
This document is drafted in Chinese and English. The Chinese version is for convenience purposes only. In the case of discrepancies or differences in the interpretation of the Chinese version on the one hand and the English version on the other hand, the English version shall be authoritative and exclusively binding.
Data protection officer
Veronika
eKey warehouse germany GmbH
Adam-Opel-Str.10 im Hof. Geb.A
60386 Frankfurt am Main Germany
Germany
veronika@321wms.com