PRIVACY STATEMENT
May 2018
EVOC SPORTS GmbH respects your privacy and stands for fairness and transparency in the treatment of your personal data. In accordance with the applicable data protection regulations, including the European General Data Protection Regulation (GDPR), we explain in this privacy policy statement how we collect, store, protect and ultimately erase your personal data. This privacy statement contains information about our data protection provisions and measures and also about the decisions you are entitled to take, as part of your right to control your information, regarding the manner in which your information is collected and used online. You can easily access this statement on our homepage and in the footer of every subpage.
1. Name and address of controller
The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States as well as other data protection provisions is:
EVOC SPORTS GmbH,
Tegernseer Landstraße 37a,
D-81541 Munich,
Tel: +49 89 54041140,
Email: info@evocsports.de,
Website: www.evocsports.com
You can contact the Data Protection Officer of EVOC SPORTS GmbH at data_compliance@evocsports.com.
2. Nature and scope of data processing for the provision of the website
When you visit and use our website, we collect the personal data that your browser automatically sends to our server. This information is stored temporarily in a log file. When you use our website, we collect the following data which we require for technical reasons so that we can display our website to you and ensure its stability and security:
(1) information about the browser type, the version used and the language and version of the browser software: this is for analytical purposes to ensure optimum presentation of our websites;
(2) the operating system and its interface: this is for analytical purposes to ensure optimum presentation of our websites;
(3) the internet service provider: this is for analytical purposes to ensure optimum presentation of our websites;
(4) the IP address so that our website can be shown when accessed;
(5) date and time of access and the time zone difference in relation to GMT, content of the request, access status and respective volume of data transmitted, in order to ensure the smooth operation of our offer;
(6) website from which the request is made;
(7) clickstream data (i.e. the pages you access, the links you click on and other actions relating to EVOC websites) and product information.
Legal basis:
The legal basis for the temporary storage of the data and log files is Article 6(1)(f) GDPR. We collect this data in order to be able to show you our website and to ensure the security of our IT systems. Collection of this data is necessary for the operation of our website.
Storage period:
As soon as this data is no longer necessary for the purpose of displaying the website, it is erased. The recording of data in order to make the website available and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, users do not have the option of objecting to this. More extensive storage may occur in a specific case where provided for by law.
3. Use of personal data
3.1. Contact forms
Nature and scope of data processing
On our website we offer you the possibility of contacting us using a form provided for this purpose. During the process of sending your inquiry via the contact form, reference is made to this privacy statement in order to obtain your consent. If you make use of the contact form, the following personal data concerning you will be processed:
Your name, email address, subject line and message. If the inquiry is in relation to a warranty, specifically an inquiry regarding FREE PROTECTOR CRASH REPLACEMENT, the following additional data is requested: postal address, post code, town, telephone number, country, body size.
When you send your message, the following data is also stored: your IP address, and date and time the message is sent. Alternatively, you can contact us using the email address provided. In that case, the user’s personal data sent with the email is saved.
The processing of personal data from the input mask is for the sole purpose of handling the contact request. Similarly, if you get in touch by email, the required legitimate interest in processing the data is also met. The rest of the personal data processed during the sending procedure serves to prevent misuse of the contact form and to ensure the security of our IT systems. The data is not passed on to third parties during this process. The data is used exclusively to process the conversation.
Legal basis for data processing
The legal basis for collecting and sending a contact inquiry is Article 6(1)(b) and (f) GDPR. Legal basis for processing your Personal Data is Article 6(1)(a) when you provided us with your consent.
Storage period
The data is erased as soon as it is no longer required in order to fulfil the purpose for which it was collected. This is the case with the personal data from the input mask of the contact form and data sent by email once the conversation with the user has ended. The conversation has ended when it can be assumed from the circumstances that the relevant situation has been definitively resolved. The additional personal data collected during the sending procedure is erased after seven days at the latest.
Objection and elimination options
A user who contacts us via email may object to the storage of his or her personal data at any time. In this case, it will not be possible to continue the conversation. Any personal data stored during the course of the contact process will be erased in such a case.
3.2.Newsletter
In order to be able to subscribe to our e-mail newsletter, we need your e-mail address where the newsletter is to be sent. You are completely free to decide whether you communicate these data to us. However, without this information, we might not be able to send our newsletter to you. If you subscribe to the newsletter, your e-mail address will be used for our own advertising purposes until you unsubscribe from the newsletter. In order to unsubscribe, you can carry out a cancellation via the link on our website. Your data are stored as long as you subscribe to the newsletter. After unsubscribing from the newsletter, your data are erased. Further storage can take place in individual cases if required by law. The legal basis for processing the data after subscription to the newsletter by the user upon consent of the user is Art. 6 para. 1 lit. a of the GDPR.
4. Use of cookies
Our website uses cookies. Cookies are text files stored in the user’s internet browser and/or by the internet browser on the user’s computer system. When a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic sequence of signs which enables the browser to be clearly identified when it accesses the website again.
We use different types of cookies on the website. These cookies serve different purposes. According to their purpose, cookies may generally be assigned to one of the following categories:
“Strictly Necessary Cookies”, i.e. cookies that are strictly necessary for your shopping and your visit on our website;
“Functional Cookies”, i.e. cookies that enable you to move around our website and use its features, record information about choices that you have made, and tailor the Website to your needs. Without these cookies, we will not be able to provide certain features, such as remembering details you entered and saving your preferred language; and
“Analytical Cookies”, i.e. analytics/statistical cookies that help to improve the performance of our website, and to provide a better user experience. Via Analytical Cookies, we obtain information about the quality and/or effectiveness of our services. It helps us to understand how our visitors use our website, which enables us to improve how we present our content to you.
We employ cookies in order to make the design of our EVOC website more user-friendly. Some elements in our website require that the accessing browser can be identified even after changing page.
a) Strictly Necessary Cookies
Legal basis
Strictly Necessary Cookies will be set by us on your device without us explicitly asking for your consent. The legal basis for processing of personal data using cookies is Article 6(1)(f) GDPR.
Storage period
Cookies are stored on your computer, from where they are sent to us. Therefore, you as user also have complete control over the use of cookies. By changing the settings of your internet browser, you can block or limit the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are blocked for our website, it is possible that not all of the website’s functions can continue to be used in full.
Objection and elimination options
Not all functions of the website can be used without these cookies. If you do not accept the use of Strictly Necessary Cookies, please disable cookies or refrain from visiting our website. You can block the cookies in your browser settings. There are no further possibilities of objection.
b) Analytical Cookies
We further use analytical cookies which allow us to analyse the use of our website by the visitors.The following data can be transmitted in this way:
Data and purpose of processing:
(1) search term entered
(2) frequency of site visits
(3) use of website functions
Analysis cookies are used for the purpose of improving the quality and content of our website. From the analysis cookies we can find out how the website is used and thus constantly optimise our offer. The user data collected in this way is pseudonymised by technical means. Consequently, it is not possible to match the data to the accessing user. The data is not stored together with other personal data of the user. When visiting our website, an info banner informs users of the use of cookies for analytical purposes and refers them to this privacy statement. Users are also informed about how to prevent the storage of cookies in their browser settings.
Legal basis
We collect and process the data based on your consent pursuant to Article 6(1)(a) GDPR.
Storage period
The data will be used until you withdraw your consent. Cookies are stored on the user’s computer, from where they are sent to our website. Therefore, you as user also have complete control over the use of cookies. By changing the settings of your internet browser, you can block or limit the transmission of cookies. Cookies that have already been stored can be deleted at any time.
Objection and elimination options
You may withdraw your consent at any time. By changing the settings of your internet browser, you can block or limit the transmission of cookies and also delete cookies that have been stored.
5.1 Use of Google Maps
On our website, we use the Google Maps component of the company Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA; hereinafter “Google”.
Each time the Google Maps component is accessed, a cookie is inserted by Google in order to process user settings and data when displaying the page into which the Google Maps component is integrated. This cookie is generally not deleted when the browser is closed but expires after a certain period of time unless you delete it manually first.If you do not agree to this processing of your data, you have the option of blocking the Google Maps service and in this way preventing the transmission of data to Google. To do this, you have to deactivate the JavaScript function in your browser. However, we should point out that in this case you will not be able to use Google Maps or only to a limited extent.
The use of Google Maps and the information obtained through it occurs pursuant to Google’s Terms of Service at http://www.google.de/intl/de/policies/terms/regional.html and the additional business terms for Google Maps at https://www.google.com/intl/de_de/help/terms_maps.html.
5.2 Use of Google Analytics
This website uses Google Analytics, a web analysis service of Google Inc. (“Google”), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, which operates as a processor for us.
Google Analytics uses cookies. These are text files stored on your computer which enable analysis of your use of the website. The information about your use of the website generated by cookies is usually transmitted to a Google server in the United States and stored there.
The following data is processed:
browser type/version: aggregate usage analysis plus optimisation of the website and adjustment of content;
operating system used: aggregate usage analysis plus optimisation of the website and adjustment of content;
referrer URL (the website visited before ours);
IP address, which is anonymised;
time of server request.
The IP address transmitted by your browser within the scope of Google Analytics is not combined with other Google data. On our website, we have also expanded Google Analytics by adding the “IP anonymisation” code. This ensures that your IP address is hidden so that all data is collected anonymously. Consequently, in anonymising the IP, your IP address is first abbreviated by Google within the Member States of the European Union or other contracting states to the Agreement on the European Economic Area. Only in exceptional cases is the complete IP address sent to a Google server in the United States and abbreviated there. Google uses this information generated on behalf of the operator of this website in order to evaluate your use of our website, to compile reports about website activity and to provide the website operator with other services related to website use and internet activity.
Our legitimate interest in data processing also resides in these purposes. The legal basis for the use of Google Analytics is Article 6(1)(f) GDPR. For the exceptional cases in which personal data is sent to the United States, Google has agreed to abide by the EU-US Privacy Shield.
You can prevent the storage of cookies through a setting contained for this purpose in your browser software; however, we should point out that in this case you may not be able to use all the functions of this website in full.
You can also prevent the capture for Google of data generated by the cookie referring to your use of the website (including your IP address) as well as the processing of this data by Google by downloading and installing a browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en
As an alternative to the browser add-on, particularly for browsers in mobile devices, you can also prevent the collection of information by Google Analytics by clicking here to block Google Analytics.
This sets up an opt-out cookie preventing the future capture of your data when visiting this website. The opt-out cookie applies only to the browser in question and only to our website and is downloaded to your device. If you delete the cookies in this browser, you will have to set up the opt-out cookie again. [Note. You can find information about the integration of the opt-out cookie at: https://developers.google.com/analytics/devguides/collection/gajs/?hl=de#disable
We also use Google Analytics to evaluate data from double-click cookies as well as AdWords for statistical purposes. If you do not wish this to occur, you can deactivate this in the ad settings manager (http://www.google.com/settings/ads/onweb/?hl=en).
You can find further information about data protection in connection with Google Analytics on the Google Analytics Help page (https://support.google.com/analytics/answer/6004245?hl=en).
5.3. Use of Social plug-ins (Facebook, Instagram, Twitter and YouTube)
Social plug-ins of the social networks "Facebook" (Facebook Inc., 1601 S. California Ave, Palo Alto, California 94304, USA), "Google+" (Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland), "Twitter" (Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA) and YouTube (Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) are contained in our website. These services are offered by the respective companies ("providers"). Within the framework of our online presence, the social plug-ins are identified by the respective buttons associated with the service. Based on the data transmitted via the social plug-ins to the respective service, the service might be able to associate you with your account with them. In order to increase the protection of your data on our website, the social plug-ins are integrated into our website by means of the "2-click solution". This ensures that when a page of our web presence containing such social plug-ins is viewed, an automatic connection with the servers of the respective providers is not yet established. The activation of the function of the respective social plug-in takes place in two steps. In order to enable a social plug-in, you must first click on the link on our website. As a result, the social plug-in is initially activated and your browser connects to the servers of the respective provider. With a second click, you can now interact with the social plug-in and, for example, transmit your recommendation. If you are already logged into one of the providers’ social networks, the providers can directly associate the visit to this website with your profile. If you click onto the social plug-ins, the corresponding information is also transmitted directly to one of the providers’ servers and stored there. The information may also be published in the social network and displayed there amongst your contacts. If you would like to prevent such an immediate association of your data collected via our website with your profile, you must log out of your account with the respective provider before visiting our website. For the scope and purpose of data collection by the respective service as well as the further processing and use of your data there, please refer directly to the data protection information on the website of the service. There, you can also find additional information about your relevant data protection rights and possible settings for protecting your privacy.
a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA
https://www.facebook.com/policy.php
https://www.facebook.com/help/186325668085084
b) Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
https://www.google.com/policies/privacy/partners/?hl=en
c) Twitter Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA
https://twitter.com/privacy?lang=en
d) YouTube,1600 Amphitheater Parkway, Mountain View, California 94043, USA
http://www.youtube.com/t/privacy
5.4. Use of Facebook pixel
This website uses the Facebook pixel of the social network "Facebook" (Facebook Inc., 1601 S. California Ave, Palo Alto, California 94304, USA). This is for the purpose of presenting interest-related advertisements to visitors to our website within the framework of their visit to the social network Facebook. Via the Facebook pixel, a direct connection to Facebook servers is established when our website is visited. In the process, the fact that you visited our website is transmitted to the Facebook server and Facebook associates this information with your personal Facebook user account. We would like to point out that as the provider of this website, we do not obtain knowledge of the content of the transmitted data and their use by Facebook. For more information on the collection and use of the data by Facebook and about your rights in this respect and your options to protect your privacy, please refer to Facebook’s privacy policy at https://www.facebook.com/about/privacy/. We ourselves do not share customer data with Facebook. You can view further information about your relevant data protection rights and possible settings for protecting your privacy at: https://www.facebook.com/policy.php, https://www.facebook.com/help/186325668085084.
5.5. EVOC APP (COMMUTE A.I.R. PRO)
5.5.1. WHAT DATA DO WE COLLECT?
We collect personal information that you voluntarily provide to us when you register with the Services, express an interest in receiving information about us or our products and services, when you participate in activities on the Services, or when you otherwise contact us. The personal information we collect may include:
- names
- e-mail addresses
- mailing addresses
- Application Data.
When you use our application(s), we may also collect the following information if you give us access or permission to:
- Mobile Device Access. We may request access or permission to certain features of your mobile device, including Bluetooth, memory, and other features of your mobile device. If you want to change our access or permissions, you can do so in your device's settings.
- Mobile device data. We automatically collect device information (such as 1D, model, and manufacturer of your mobile device), operating system, version information, and system configuration information, device and application identification numbers
- Push Notifications. We may ask you to send push notifications about your account or certain features of the application(s). You can disable them in the settings of your device. This information is primarily needed to maintain the security and operation of our Application(s), to troubleshoot issues, and to provide internal analysis and reporting. Any personal information you provide to us must be true, complete and accurate, and you must notify us of any changes to such personal information.
5.5.2. HOW DO WE PROCESS YOUR INFORMATION?
We process your information to provide, improve and administer our services, to communicate with you, to prevent security and fraud, and to comply with legal requirements. We may also process your information for other purposes with your consent. We process your personal information for a variety of reasons depending on how you interact with our Services, including;
- To facilitate user account creation and authentication and to otherwise manage user accounts. We may process your information to allow you to create and log in to your account.
- To enable the provision of services to the user.
We may process your information to provide you with the requested services.
5.5.3 STORAGE PERIOD
We will retain your personal information only for as long as is necessary for the purposes stated in this Privacy Policy, unless a longer retention period is required or permitted by law (such as accounting or other legal requirements).
5.5.4 PROVIDER of the APP
Provider of the APP is EVOC SPORTS GmbH in cooperation with MINERVA AS GmbH.
6. Rights of data subjects
If your personal data is processed, you are a data subject within the meaning of the GDPR and have the following rights with respect to the controller:
Right to information
You may request from the controller confirmation as to whether or not we are processing personal data concerning you. If this is the case, you may request from the controller access to the following information:
(1) the purposes for which the personal data is processed;
(2) the categories of personal data processed;
(3) the recipients or categories of recipient to whom the personal data concerning you have been or will be disclosed;
(4) the envisaged period for which the personal data concerning you will be stored, or, if specific information about this is not possible, the criteria used to determine that period;
(5) the existence of the right to request from the controller rectification or erasure of personal data concerning you or the right to restrict personal data concerning you or to object to such processing;
(6) the right to lodge a complaint with a supervisory authority;
(7) where the personal data is not collected from the data subject, any available information as to its source;
(8) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to request information about whether or not personal data concerning you is sent to third countries or international organisations. In relation to the transfer, you may request to be informed of the appropriate safeguards pursuant to Article 46 GDPR.
Right of rectification
You have the right to obtain from the controller rectification and/or completion where the personal data processed concerning you is inaccurate or incomplete. The controller must undertake the rectification without undue delay.
Right to restriction of processing
Subject to the following conditions, you may request restriction of the processing of the personal data concerning you:
(1) if you contest the accuracy of the personal data concerning you, for a period enabling the controller to verify the accuracy of the personal data;
(2) if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
(3) if the controller no longer needs the personal data for the purposes of the processing, but you require the data for the establishment, exercise or defence of legal claims; or
(4) if you have objected to processing pursuant to Article 21(1) GDPR and it has not yet been verified whether the legitimate grounds of the controller override your grounds.
Where processing of the personal data concerning you has been restricted, with the exception of storage, such data will only be processed, with your consent, for the establishment, exercise or defence of legal claims, for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. Where processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction on processing is lifted.
Right to erasure
a) Obligation to erase
You may request that the controller erase personal data concerning you without undue delay and the controller will be obliged to erase this data without undue delay where one of the following grounds applies:
(1) The personal data concerning you is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
(2) You withdraw the consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing.
(3) You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
(4) The personal data concerning you was unlawfully processed.
(5) The personal data concerning you has to be erased to ensure compliance with a legal obligation in Union or Member State law to which the controller is subject.
(6) The personal data concerning you was collected in relation to the offer of information-society services referred to in Article 8(1) GDPR.
b) Information to third parties
Where the controller has made personal data concerning you public and is obliged pursuant to Article 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you, as the data subject, have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
c) Exceptions
There will be no right to erasure where the processing is necessary
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR in so far as the right referred to in part (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) for the establishment, exercise or defence of legal claims.
Right of notification
Where you have exercised your right of rectification, erasure or restriction of processing to the controller, the controller is under an obligation to communicate any rectification or erasure of data or restriction of processing to each recipient to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients by the controller
Right to data portability
You have the right to receive the personal data concerning you, which you provided to a controller, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where
(1) the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR; and
(2) the processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. This may not adversely affect the freedoms and rights of other persons. The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. The controller may no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing. This also applies to profiling, to the extent that it is related to such direct marketing. Where you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes. In the context of the use of information-society services, and notwithstanding Directive 2002/58/EC, you have the option of exercising your right to object by automated means using technical specifications.
Right to withdraw the data protection declaration of consent
You have the right to withdraw your data protection declaration of consent at any time. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
Automated decision-making in individual cases, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you in some similar way. This does not apply if the decision:
(1) is necessary for the entry into, or performance of, a contract between you and a data controller;
(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3) is based on your explicit consent.
However, these decisions must not be based on special categories of personal data referred to in Article 9(1) GDPR, unless point (a) or (g) of Article 9(2) applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
With regard to the cases referred to points (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain human intervention from the controller, to express your point of view and to contest the decision.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or the place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.
Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or the place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.