隐私政策
本隐私政策阐明了在我们的在线产品、相关网站、功能和内容以及外部在线存在(如我们的社交媒体资料)中处理个人数据(以下简称 "数据")的性质、范围和目的。(以下统称为 "在线服务")。关于使用的术语,如 "处理 "或 "控制者",我们参考《通用数据保护条例》(General Data Protection Regulation)第 4 条中的定义。一般数据保护条例》(GDPR)第 4 条中的定义。
负责人:
公司:钻石服务公司
街道编号: Ankdammsgatan 18
邮编、城市、国家:瑞典索尔纳 17143
商业注册号:556098-0186
常务董事Anders Segerblad Nyström
电话号码+46 08 7304080
电子邮件地址:info(a)diamond-service.se
处理的数据类型:
- 清单数据(如姓名、地址)。
- 联系方式(如电子邮件、电话号码)。
- 内容数据(如文本条目、照片、视频)。
- 合同数据(如合同标的、期限、客户类别)。
- 付款数据(如银行详情、付款历史)。
- 使用数据(如访问过的网站、对内容的兴趣、访问时间)。
- 元数据/通信数据(如设备信息、IP 地址)。
特殊类别数据的处理(《欧洲个人信息权公约》第 9(1)条):
不处理特殊类别的数据。
受处理影响的数据主体类别:
- 客户、相关方、在线服务的访问者和用户、业务合作伙伴。
在下文中,我们也将有关人员统称为 "用户"。
处理目的:
- 提供在线报价、内容和商店功能。
- 提供合同服务、服务和客户关怀。
- 回答联系请求并与用户沟通。
- 营销、广告和市场研究。
- 安全措施
状态05/ 2020
1. 使用的术语
1.1 "个人数据 "是指与已识别或可识别的自然人(以下简称 "数据主体")有关的任何信息;可识别的自然人是指可以直接或间接识别的自然人,特别是通过姓名、识别码、位置数据、在线识别码(如 cookie)或与该自然人的身体、生理、遗传、精神、经济、文化或社会身份有关的一个或多个特定因素。
1.2 "处理 "是指对个人数据进行的任何操作或一系列操作,无论是否通过自动化手段进 行。该词含义广泛,几乎涵盖了对数据的所有处理。
1.3 "控制者 "系指单独或与他人共同决定处理个人数据的目的和方式的自然人或法人、公共当局、机构或其他团体。
2 相关法律依据
根据《德国数据保护法》(GDPR)第 13 条的规定,我们向您告知处理数据的法律依据。GDPR 第 13 条,我们将告知您我们处理数据的法律依据。如果隐私政策中没有说明法律依据,则适用以下法律依据:获得同意的法律依据是《个人信息保护法》第 6 条第 6 款。6 para.1 lit.GDPR 第 7 条,为履行我们的服务、执行合同措施以及回复查询而处理数据的法律依据是第 6 条第 1 款 a 项和第 7 条。6 para.为履行我们的法律义务而进行处理的法律依据是 GDPR 第 6 条第 1 款 b 项。6 para.1 lit. c,以及为保护我们的合法权益而进行处理的法律依据是《个人信息保护法》第 6 条第 6 款。6 para.1 lit.如果数据当事人或其他自然人的重要利益要求处理个人数据,则应遵守《欧洲人权公约》第 6 条第 1 款 c 项的规定。6 para.d 款作为法律依据。
3. 隐私政策的变更和更新
请定期了解我们的隐私政策内容。一旦我们的数据处理方式发生变化,我们将立即调整隐私政策。如果这些更改需要您的配合(如同意)或其他个人通知,我们将尽快通知您。
4. 安全措施
4.1 根据《德国信息权法案》第 32 条的规定,在考虑到技术发展水平、实施成本、处理的性 质、范围、背景和目的以及对权利和自由造成的不同可能性和严重程度的风险的情况下4.1 根据 GDPR 第 32 条,考虑到技术水平、实施成本、处理的性质、范围、背景和目的, 以及对自然人的权利和自由造成的不同可能性和严重程度的风险,采取适当的技术和组织措 施,以确保与风险相适应的安全水平;这些措施尤其包括通过控制对数据的实际访问,以确 保数据的保密性、完整性和可用性,以及数据的访问、输入、披露、可用性保障及其分离。此外,我们还制定了相关程序,确保数据主体权利的行使、数据的删除和数据威胁的应对。此外,根据通过技术设计和数据保护友好型默认设置保护数据的原则,我们在开发或选择硬件、软件和程序时就考虑到了个人数据的保护问题(GDPR 第 25 条)。
4.2 安全措施尤其包括在您的浏览器和我们的服务器之间加密传输数据。
5. 数据的披露和传输
5.1 如果我们在处理过程中向其他个人和公司(处理方或第三方)披露数据、将数据转给他们或以其他方式允许他们访问数据,这只能在法律许可的基础上进行(例如,如果根据第 6 条第 6 款将数据转给第三方,如支付服务提供商)。6 para.1 lit. b GDPR)、您的同意、法律义务的规定或基于我们的合法利益(例如,在使用代理、托管服务提供商、税务、商业和法律顾问、客户服务、会计、账单和类似服务时,这些服务使我们能够高效地履行我们的合同义务、行政任务和职责)。
5.2 如果我们根据所谓的 "订单处理合同 "委托第三方处理数据,则应根据《欧盟数据保护条例》第 28 条进行。28 GDPR。
6. 向第三国转让
如果我们在第三国(即欧盟 (EU) 或欧洲经济区 (EEA) 以外的国家/地区)处理数据,或者在使用第三方服务或向第三方披露或转移数据的情况下处理数据,则只有在以下情况下才会这样做:为了履行我们的(预)合同义务、基于您的同意、基于法律义务或基于我们的合法利益。在法律或合同允许的情况下,我们只有在符合《个人信息保护法》第 44 条及其后条款的特殊要求时,才会在第三国处理数据或让第三国处理数据。44 et seq.44 et seq.例如,这意味着数据处理是在特殊保障的基础上进行的,如官方认可的与欧盟相应的数据保护水平(如美国的 "隐私保护"),或遵守官方认可的特殊合同义务(即所谓的 "标准合同条款")。
7 资料当事人的权利
7.1 您有权要求确认相关数据是否正在被处理,并有权要求获得有关这些数据的信息以及进一步的信息,并根据《欧洲个人信息保护公约》(GDPR)第 15 条获得一份数据副本。15 GDPR。
7.2 根据GDPR 第 16 条,您有权要求完善您的相关数据或更正您的不准确数据。16 GDPR,您有权要求完善与您相关的数据或更正与您相关的不准确数据。
7.3 根据 GDPR 第 17 条的规定,您有权要求立即删除相关数据,或者要求根据 GDPR 第 17 条的规定限制数据处理。您有权要求立即删除相关数据,或者根据《欧洲个人数据保护公约》(GDPR)第 17 条要求限制对数据的处理。18 GDPR。
7.4 您有权要求获得您根据《欧盟数据保护条例》(GDPR)第 20 条提供给我们的与您有关的数据,并有权要求将这些数据传输给其他数据控制方。20 GDPR)的规定,您有权要求接收您提供给我们的有关您的数据,并有权要求将其转给其他数据控制方。
7.5 You also have the right to lodge a complaint with the competent supervisory authority in accordance with Art. 77 GDPR.
8. right of withdrawal
You have the right to withdraw your consent in accordance with Art. 7 (3) GDPR with effect for the future.
9. right of objection
You can object to the future processing of data concerning you at any time in accordance with Art. 21 GDPR. In particular, you may object to processing for direct marketing purposes.
10. cookies and right to object to direct advertising
10.1 “Cookies” are small files that are stored on users’ computers. Different information can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after their visit to an online service. Temporary cookies, or “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online service and closes their browser. The content of a shopping cart in an online store or a login status, for example, can be stored in such a cookie. Cookies that remain stored even after the browser is closed are referred to as “permanent” or “persistent”. For example, the login status can be saved if the user visits the website after several days. The interests of users can also be stored in such a cookie and used for reach measurement or marketing purposes. “Third-party cookies” are cookies from providers other than the controller who operates the online service (otherwise, if they are only the controller’s cookies, they are referred to as “first-party cookies”).
10.2 We use temporary and permanent cookies and provide information about this in our privacy policy.
If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
10.3 A general objection to the use of cookies used for online marketing purposes can be raised for a large number of services, especially in the case of tracking, via the US site http://www.aboutads.info/choices/ or the EU side http://www.youronlinechoices.com/ be explained. Furthermore, the storage of cookies can be achieved by deactivating them in the browser settings. Please note that you may then not be able to use all the functions of this website.
11. deletion of data
11.1 The data processed by us will be deleted or its processing restricted in accordance with Art. 17 and 18 GDPR. Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.
11.2 In accordance with legal requirements, storage is carried out in particular for 6 years in accordance with § 257 para. 1 HGB (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years in accordance with § 147 para. 1 AO (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.)
12. order processing in the online store and customer account
12.1 We process the data of our customers as part of the ordering processes in our online store to enable them to select and order the selected products and services, as well as their payment and delivery or execution.
12.2 The processed data includes inventory data, communication data, contract data, payment data and the data subjects include our customers, interested parties and other business partners. The processing is carried out for the purpose of providing contractual services in the context of operating an online store, billing, delivery and customer services. We use session cookies to store the contents of the shopping cart and permanent cookies to store the login status.
12.3 The processing is carried out on the basis of Art. 6 para. 1 lit. b (execution of order processes) and c (legally required archiving) GDPR. The information marked as necessary is required to justify and fulfill the contract. We only disclose the data to third parties in the context of delivery, payment or within the scope of legal permissions and obligations towards legal advisors and authorities. The data will only be processed in third countries if this is necessary for the fulfillment of the contract (e.g. at the customer’s request for delivery or payment).
12.4 Users can optionally create a user account in which they can view their orders in particular. As part of the registration process, users will be provided with the required mandatory information. The user accounts are not public and cannot be indexed by search engines. If users have terminated their user account, their data will be deleted with regard to the user account, subject to their retention is necessary for commercial or tax law reasons in accordance with Art. 6 para. 1 lit. c GDPR. Information in the customer account remains until its deletion with subsequent archiving in the event of a legal obligation. It is the responsibility of users to back up their data before the end of the contract in the event of termination.
12.5 As part of the registration and renewed logins as well as the use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests as well as those of the user in protection against misuse and other unauthorized use. This data is not passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with Art. 6 para. 1 lit. c GDPR.
12.6 The deletion takes place after the expiry of statutory warranty and comparable obligations, the necessity of storing the data is reviewed every three years; in the case of statutory archiving obligations, the deletion takes place after their expiry (end of commercial law (6 years) and tax law (10 years) retention obligation); information in the customer account remains until its deletion.
13. contact and customer service
13.1 When contacting us (via contact form or e-mail), the user’s details are processed to process the contact request and its handling in accordance with Art. 6 para. 1 lit. b) GDPR.
13.2 User data may be stored in our Customer Relationship Management System (“CRM System”) or comparable inquiry organization.
13.3 We delete the requests if they are no longer required. We review the necessity every two years; we store inquiries from customers who have a customer account permanently and refer to the details of the customer account for deletion. Furthermore, the statutory archiving obligations apply.
14. collection of access data and log files
14.1 On the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR. GDPR, we collect data about every access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
14.2 Log file information is stored for security reasons (e.g. to investigate misuse or fraud) for a maximum period of seven days and then deleted. Data whose further storage is required for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.
15. online presence in social media
15.1 On the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR. GDPR, we maintain online presences within social networks and platforms in order to communicate with the customers, interested parties and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.
15.2 Unless otherwise stated in our privacy policy, we process users’ data if they communicate with us within social networks and platforms, e.g. write posts on our online presences or send us messages.
15.3 We use Google Analytics to display the ads placed by Google and its partners within advertising services only to those users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Google (so-called “remarketing” or “Google Analytics audiences”). With the help of remarketing audiences, we also want to ensure that our ads correspond to the potential interest of users and are not annoying.
16. google analytics
16.1 On the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR), we use Google Analytics, a web analysis service provided by Google LLC (“Google”). GDPR) Google Analytics, a web analysis service of Google LLC (“Google”). Google uses cookies. The information generated by the cookie about the use of the online offer by the user is usually transmitted to a Google server in the USA and stored there.
16.2 Google is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
16.3 Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with further services associated with the use of this online offer and the use of the Internet. Pseudonymous user profiles can be created from the processed data.
16.4 We only use Google Analytics with activated IP anonymization. This means that the IP address of users is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.
16.5 The IP address transmitted by the user’s browser will not be merged with other Google data. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent Google from collecting the data generated by the cookie and relating to their use of the online offer and from processing this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
16.6 Further information on the use of data by Google, setting and objection options can be found on Google’s websites: https://www.google.com/intl/de/policies/privacy/partners (“Data use by Google when you use our partners’ websites or apps”), https://policies.google.com/technologies/ads (“Use of data for advertising purposes”), https://adssettings.google.com/authenticated (“Manage information that Google uses to show you advertising”).
17. communication by post, e-mail, fax or telephone
17.1 We use means of remote communication, such as post, telephone or email, for business transactions and marketing purposes. In doing so, we process inventory data, address and contact data as well as contract data of customers, participants, interested parties and communication partners.
17.2 Processing is carried out on the basis of Art. 6 para. 1 lit. a, Art. 7 GDPR, Art. 6 para. 1 lit. f GDPR in conjunction with legal requirements for advertising communications. Contact is only made with the consent of the contact partners or within the scope of the legal permissions and the processed data is deleted as soon as it is no longer required and otherwise with objection/revocation or discontinuation of the authorization basis or legal archiving obligations.
18. newsletter
18.1 With the following information, we inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedure and your rights of objection. By subscribing to our newsletter, you agree to receive it and to the procedures described.
18.2 Content of the newsletter: We only send newsletters, emails and other electronic notifications with advertising information (hereinafter “newsletter”) with the consent of the recipient or with legal permission. If the contents of the newsletter are specifically described when registering for the newsletter, they are decisive for the user’s consent. Our newsletters also contain information about our products, offers, promotions and our company.
18.3 Double opt-in and logging: Registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registering, you will receive an email asking you to confirm your registration. This confirmation is necessary so that no-one can register with other people’s e-mail addresses. Subscriptions to the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation as well as the IP address. Changes to your data stored with the mailing service provider are also logged.
18.4 Sending service provider: The newsletter is sent via “MailChimp”, a newsletter sending platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can view the privacy policy of the shipping service provider here: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with the European level of data protection (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active).
18.5 If we use a mailing service provider, the mailing service provider may, according to its own information, use this data in pseudonymous form, i.e. without allocation to a user, to optimize or improve its own services, e.g. to technically optimize the dispatch and presentation of the newsletter or for statistical purposes in order to determine from which countries the recipients come. However, the mailing service provider does not use the data of our newsletter recipients to write to them itself or to pass it on to third parties.
18.6 Registration data: To register for the newsletter, it is sufficient to enter your e-mail address. Optionally, we ask you to enter a name so that we can address you personally in the newsletter.
18.7 Performance measurement – The newsletters contain a so-called “web-beacon”, i.e. a pixel-sized file that is retrieved from our server when the newsletter is opened or, if we use a mailing service provider, from their server. As part of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval, is initially collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined with the help of the IP address) or the access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our intention nor, if used, that of the mailing service provider to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
18.8 The newsletter is sent and the success measured on the basis of the consent of the recipients pursuant to Art. 6 para. 1 lit. a, Art. 7 GDPR in conjunction with § 7 para. 2 no. 3 UWG or on the basis of the legal permission pursuant to § 7 para. 3 UWG.
18.9 奥地利:根据第 6 条第 6 款,通讯的发送和成功与否取决于收件人的同意。6 para.1 lit.7 GDPR 以及 TKG 第 107 条第 2 款,或根据 TKG 第 107 条第 2 款和第 3 款的法律许可。
18.10.根据第 6 条第 6 款的规定,登记过程的记录是基于我们的合法权益。6 para.f 条的合法利益,并作为同意接收新闻简报的证明。
18.11.时事通讯收件人可随时取消订阅我们的时事通讯,即撤销同意。您可以在每期通讯的末尾找到取消订阅通讯的链接。同时,他们对性能测量的同意也将失效。遗憾的是,无法单独取消性能测量;在这种情况下,必须取消整个时事通讯的订阅。当您取消订阅时事通讯时,您的个人数据将被删除,除非法律要求或有正当理由保留这些数据,在这种情况下,对这些数据的处理将仅限于这些特殊目的。特别是,我们可能会基于我们的合法权益,将退订的电子邮件地址保存长达三年,然后再将其删除,以用于发送新闻简报,从而能够证明之前已征得同意。对这些数据的处理仅限于可能的索赔辩护。个人可随时提出删除要求,但必须同时确认之前的同意。
19. 整合第三方服务和内容
19.1 基于我们的合法权益(即根据第 6 条第 6 款的规定,对我们的在线服务进行分析、优化和经济运营的利益)。6 para.1 lit. f. GDPR),我们在在线服务中使用第三方提供商提供的内容或服务。GDPR)的内容或服务,以便整合第三方提供商的内容和服务,如视频或字体(以下统一称为 "内容")。这始终以这些内容的第三方提供商知道用户的 IP 地址为前提,因为没有 IP 地址,他们就无法将内容发送到用户的浏览器。因此,IP 地址是显示这些内容的必要条件。我们尽量只使用其各自提供商仅使用 IP 地址传送内容的内容。第三方提供商也可能出于统计或营销目的使用所谓的像素标签(不可见图形,也称为 "网络信标")。像素标签可用于分析本网站页面的访问流量等信息。假名信息也可能存储在用户设备的 cookies 中,除其他外,可能包含浏览器和操作系统的技术信息、引用网站、访问时间和使用我们在线服务的其他信息,以及与其他来源的此类信息的链接。
19.2 下文概述了第三方提供商及其内容,并提供了其数据保护声明的链接,其中包含有关 数据处理的更多信息,以及在某些情况下在此已提及的反对选择(所谓的选择退出): 19.3 下文介绍了第三方提供商及其内容,并提供了其数据保护声明的链接。
- 如果我们的客户使用第三方支付服务(如 PayPal 或 Sofortüberweisung),则适用相应第三方提供商的条款和条件以及数据保护信息,可在相应网站或交易应用程序中访问。
- 视频来自第三方供应商谷歌公司的 "YouTube "平台,地址:1600 Amphitheatre Parkway, Mountain View, CA 94043, USA。隐私政策:https://www.google.com/policies/privacy/Opt-Out: https://www.google.com/settings/ads/。
- Twitter 服务或平台(以下简称 "Twitter")的功能可能被整合到我们的在线服务中。Twitter 是由 Twitter Inc 提供的一项服务,地址为 1355 Market Street, Suite 900, San Francisco, CA 94103, USA。其功能包括在我们的在线产品中展示我们在 Twitter 上发布的帖子、链接到我们在 Twitter 上的个人资料、与 Twitter 上的帖子和功能进行互动的可能性,以及测量用户是否通过我们在 Twitter 上发布的广告到达我们的在线产品(所谓的转换测量)。Twitter 已通过《隐私保护协议》认证,因此可保证遵守欧洲数据保护法 (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active)。隐私政策:https://twitter.com/de/privacyOpt-Out: https://twitter.com/personalization。
