1. Information concerning the collection of personal data
“Personal information” means all information relating to an identified or identifiable natural person whether recorded in a material form or not, which, by itself or when put together with other information, would reasonably and directly reveal the identity of a natural person. Our website does not knowingly collect nor process “sensitive personal data” as defined under the Data Privacy Act of 2012 (“DPA”).
The primary controller of your personal information is Emma Sleep GmbH, located in Wilhelm-Leuschner-Str. 78 60329 Frankfurt am Main, Germany. In addition you can reach our Data Protection Officer (“DPO”) by sending an email to firstname.lastname@example.org or sending a message by post to Wilhelm-Leuschner-Str. 78 60329 Frankfurt am Main, Germany.
If we use contracted service providers for individual functions to present our services to you or to your data for advertising purposes, we will inform you in detail about the respective processes below.
2. Your rights as a data subject
You have the following rights regarding your personal information:
- Right to be informed (Section 16(a) and 16(b), DPA)
- Right to access (Section 16(c), DPA)
- Right to rectification (Section 16(d), DPA)
- Right to erasure or blocking (Section 16(e), DPA)
- Right to damages (Section 16(f), DPA)
- Right to object (Section 34(b), IRR)
Inquiries and requests regarding your rights as a data subject, including any objections to or complaints regarding our processing of your personal information, can be sent to us at email@example.com.
If you feel that we have not responded in an appropriate manner to your requests or complaints regarding our processing of your personal data, you have the right to complain to the NPC through their website (https://privacy.gov.ph).
3. Collection of personal data when visiting our website
If you use the website simply for informational purposes (i.e. if you do not register yourself or send us any personal information) we collect only the personal data which your browser sends to our server. If you wish to view our website, we collect the following technical information on the legal basis of legitimate interests (Section 12(f), DPA) to enable us to show you our website and ensure stability and security: IP address, date and time of the query, time zone difference relative to Greenwich Mean Time (GMT), content of the query (specific site), access status/HTTP status code, data volume transmitted in each case, website from which the request emanates, browser, operating system and its user interface, language and version of the browser software.
The information mentioned above are processed for the following purposes: to ensure a smooth experience of the website, to guarantee a comfortable use of the website, and to evaluate the system security and stability as well as for other administrative purposes. This information are temporarily stored in so-called log files, recorded without your intervention, and stored until the same are automatically deleted.
When you make a purchase from our store, we will collect certain personal information from you. Without it, we would not be able to fulfill the contract of sale with you.
- Delivery and purchase information: If you would like to order from our webshop, it is necessary for the conclusion of the contract (Section 12(b), DPA) that you provide your personal information, which we need to process your order. Mandatory personal information necessary for the processing of the contracts are marked in our forms, such as your name, address, phone number, and email address.
- Payment information: When you pay using our payment service providers, we do not directly process your payment information (e.g. credit card information). However, we receive responses from our trusted payment service providers about the status of your payment so we can process your order. Depending on your payment method, this may include a payment ID provided by the payment service provider so we can identify your order.
4. Contact form
When you contact us, the personal information you provide will be processed for the purpose of processing your request and for the event that follow-up questions arise based on legal obligations (Section 12(c), DPA).
The personal information collected by us in this context will be deleted when the data subject request associated with the contact has been completely clarified and it is also not to be expected that the specific contact will become relevant again in the future, unless legal storage obligations stand against this. We will retain a copy of the final communication regarding your data subject request in order to evidence our compliance with our legal obligations as controller (Section 12(c), DPA) and in our legitimate interest to protect and defend against future litigation (Section 12(f), DPA).
We send newsletters, e-mails and other electronic notifications containing promotional information. Our newsletters contain information about our products, offers, promotions and our company. With the following notes we inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedure and your right of objection.
Newsletter subscriptions are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. Changes to your personal information stored by the service provider are also logged. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal information.
To subscribe to the newsletter, it is sufficient to enter your e-mail address. The provision of further information is voluntary and is used to address you personally. After your confirmation we will save your e-mail address for the purpose of sending the newsletter. The newsletter dispatch and the measurement of performance are based on your consent (Section 12(b), DPA).
You may withdraw your consent to receive our newsletter at any time and stop receiving the newsletter. You can declare your revocation by clicking on the link provided in every newsletter e-mail, or by sending an e-mail to firstname.lastname@example.org.
6. Recipients or categories of recipients of personal information
Within the scope of our activities and services, it may become necessary for us to disclose the personal information stored about you to natural persons, legal entities or public authorities. We conclude contracts with our service providers, which ensure that they may only process your personal information in a way that we have explicitly instructed them to do so. Furthermore, we ensure that they take the necessary technical and organizational measures to process your information securely and store your personal information only as long as necessary. External service providers who may receive personal information generally fall into the following categories of recipients:
- Subsidiaries and affiliates
- Credit institutions and providers of payment services for billing and payment processing (online payment providers)
- Parcel shipper
- Non-Governmental/Charitable Organization that collects product returns
- IT service provider to maintain our IT infrastructure
- Cloud provider
- Service provider for the optimization of the online offer
- Collection service providers or lawyers to collect receivables and enforce claims in court
If, in the event of a collection case, personal data (customer and contact data, payment and consumption data and data on the claim) is transferred to a collection service provider, we will inform you in advance about the intended transfer.
If personal data is processed in countries outside the Philippines, we will ensure that your personal information is transferred to countries that provide a level of protection of personal data that is adequate to the provisions of the DPA or that there are acceptable contractual guarantees in place to ensure the processing of your personal information in accordance with the DPA’s data protection level. In the absence of these, we will request your explicit consent for the international transfer of your personal information.
7. Data retention and deletion
Your personal data shall not be kept for longer than is necessary. Subject to exceptions under the DPA or other applicable laws, your personal data shall be deleted or anonymized in a secure manner after the accomplishment of the relevant purpose/s or when no longer needed.
This website uses the following types of cookies:
- Transient Cookies: these are automatically deleted when you close your browser. These are mostly session cookies, which save a so-called “session-ID”, which allows for the assigning of different queries within your browser during a particular session. This can be used to identify your device when one repeatedly visits a website during a session. These cookies are deleted once you log out or the browser window is closed.
- Persistent Cookies: these cookies enable the website to remember your information and settings on your next visit. This gives you faster and more convenient access to the website, as you do not have to change your language settings again, for example. How long the cookie remains on your device depends on the duration or expiration date of the respective cookie and your browser settings. These cookies are automatically deleted after a set period of time which can differ from cookie to cookie. Persistent cookies can be deleted via the security settings in your browser at any time.
9. Social-Media, portals
We are represented in the social networks and employer evaluation portals mentioned below. These presences are operated exclusively by the respective provider. They serve to communicate directly with customers, interested parties and users. If you contact us via our social media channels, we process the personal information that you provide us with on the basis of consent (Section 12(b), DPA) while we process your personal data that is necessary to process your request on the basis of our legal obligation (Section 12(c), DPA) or legitimate interests (Section 12(f), DPA) depending on the type of request.
When you visit our social media pages, your user data is recorded and provided to us by the operator. The exact types of data differ from provider to provider, but generally include the following information:
- Follower: number and stored profiles; information about growth and development over a defined time frame.
- Reach: number of people who see a specific contribution; number of interactions with a contribution. From this, it can be deduced, for example, which content is better received by the community than others.
- Ad performance: How many people were reached by a contribution or a paid ad and have interacted with it.
- Demographics: Average age of visitors, gender, location, language.
Since our social media channels are operated by the providers of the respective social networks, there may be a supplementary use of your personal data by the respective operator, over which we have no influence. This often involves the recording of your IP address, the creation of static evaluations and the processing of further information stored in the form of cookies. We have no influence on the generation and presentation of this personal data and can neither turn off this function nor prevent the processing of the personal data.
The assertion of data subject rights and requests can most effectively be addressed directly to the platform providers, since only they have access to your data and can take immediate action and provide information. Should our cooperation be necessary for this, we will support you in enforcing your rights as a data subject.
- Facebook (Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA): http://www.facebook.com/policy.php; weitere Informationen zur Datenerhebung: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications sowie http://www.facebook.com/about/privacy/your-info#everyoneinfo.
- Instagram (Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA): http://instagram.com/legal/privacy/
10. Social-Media Plug-Ins
We have integrated Plug-ins on our web services. These plug-ins are indicated by the respective button belonging to the service. With the help of the plug-ins, users can share or post links to the corresponding websites in social networks such as Facebook or Twitter or recommend the contents there. Through your active interaction with these plugins (e.g. by clicking the respective button or leaving a comment) the information is transmitted directly to the respective service and stored there.
When you visit one of our web services that contain an activated plugin, your browser establishes a connection with the servers of the respective service, which in turn transmits the content of the plugin to your browser, which then integrates it into the displayed page. Thus, the information about the visit of our web services is forwarded to the respective service. We do not collect personal data ourselves by means of the social plugins or about their use and have no influence on which data an activated plugin collects and how these are used by the provider. It must be assumed that at least the IP address and device-related information is collected and used. It is also possible that the service provider will attempt to store cookies on the computer used. If you are logged in to the respective service at the same time as visiting our web services via your personal user account (e.g., via another browser session), the service provider can assign the visit to our web services to your account.
Usual social media plug-ins transfer the above-mentioned user personal data to the operator of the social network each time the website is accessed. This also applies when you the website user is not logged in or a member of the network. In order to prevent the unconscious and unintentional collection and transmission of personal data to the service provider, we use the so-called "2-click solution" on our web services: In order to activate a desired plugin, it must first be activated by clicking on the corresponding button. Only when the plugin is activated, the collection of personal data and its transfer to the service provider is triggered. Without activating the plugin, which is only done at your own request, you can therefore surf our web services without transmitting personal data to the operators of social networks in a data protection compliant manner. In this case, data processing is carried out on the basis of legitimate interests (Section 12(f), DPA) of preserving your freedom of opinion and making contributions more easily (co-)shareable.
For data protection reasons, we use the so-called “Shariff solution” developed by c't magazine. The Shariff solution functions in a way that as a first step, all personal data and functions required to display the buttons are provided by our web server. Only when you decide to share an article via the corresponding button and click on it, personal data will be transferred to the operator of the respective social media service. In this case, data processing is carried out on the basis of legitimate interests of preserving your freedom of opinion and making contributions more easily (co-)shareable (Section 12(f), DPA).
The plug-ins used are limited to applications of the companies listed under "Social media, portals". We have no influence on the collected personal data and personal data processing procedures, nor are we aware of the full scope of personal data collection, the purposes of processing, the storage periods. We also have no information about the deletion of the collected personal data by the plug-in provider. We make every effort to comply with our duty to inform and to offer those affected maximum transparency of information. Should you require more detailed information about personal data processing by these companies, we recommend that you contact the controller of the respective service. Should our cooperation be necessary, we will of course support you in enforcing your rights as a data subject.
11. Facebook Insights - "Facebook Fanpages"
Upon a visit of our Facebook page collects Facebook among others your IP address as well as other information, which is saved on your device in form of cookies. This information will be used to provide us as the operator of the Facebook page with statistical information on Facebook usage. We can access these statistics through so-called Facebook “insights”. These statistics are collected and provided solely by Facebook. We as the operator of the page have no influence over their generation and presentation. We cannot either stop or prevent their generation and data processing. You can find further information about “Insights” provided by Facebook here: https://www.facebook.com/help/pages/insights.
Following information will be provided to us by Facebook through “Insights”: Number of page views, “likes”, page activities, reach, impressions, video views, post clicks and reactions, post reach, comments, shared content, answers, gender ratio, regional distribution of the users (origin based on country and city), language, opens and clicks in the shop, clicks on the address and on the telephone number.
The operation of this Facebook page and processing of personal data of the users arising out of it is based on legitimate interests (Section 12(f), DPA) to inform and interact with users and visitors of our Facebook page.
We as the operator of this fan page are responsible for personal data processing together with Facebook. For this reason, we have agreed with Facebook under the framework of so-called “Page Insights” add-on, which party bears which obligations. The main responsibility for processing of the insight data stays with Facebook. Facebook is bound to duly fulfill all obligations connected to processing of insight data. You can claim your data subject rights either with us or with Facebook Ireland Limited (“Facebook Ireland”). Should you as a data subject contact us with regard to processing of the insight data and obligations of Facebook Ireland connected to “Page Insights” add-on, we are obliged to forward all relevant information in this regard to Facebook Ireland. You can find comprehensive information about page insights add-on and the obligations of the data controller here: https://www.facebook.com/legal/terms/page_controller_addendum
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; for more information about Facebook’s data collection and processing: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo.
12. Google Analytics
This website uses Google Analytics, a web analysis service of Google LLC. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
We use Google Analytics to analyze the use of our website in order to improve it regularly. With the statistics obtained, we can improve our offer, make it more interesting for you as a user and increase the success of our marketing campaigns. For this purpose, your usage data is recorded, e.g. your IP address, the pages you have called up (click path), conversions such as newsletter registrations or downloads, clicks, length of stay, region or the technical information on your browser. For this Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transferred and stored in a Google server in the US.
The legal basis for this data processing is according to legitimate interests (Section 12(f), DPA). Processing is performed to analyze and optimize our website. You can also prevent the storage of cookies by changing the settings of your browser software. However, we would like to point out that in this case you may not be able to use all functions of our website to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
This website uses Google Analytics with the extension "anonymizeIp". This means that IP addresses are processed in abbreviated form, which means that it is not possible for us to identify a person. Only in exceptional cases the full IP address is transferred to a Google server in the USA and shortened there. The IP address transmitted by your browser within the framework of Google Analytics is not merged with other data from Google.
This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. You can deactivate the cross-device analysis of your usage in your customer account under "My data", "Personal data".
13. Google Remarketing
Our website uses the Google Analytics Remarketing function in connection to the across functions from Google AdWords and Google DoubleClick providers. The responsible service provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
This function enables the advertising target groups, created with the Google Analytics Remarketing-Tool, to be connected with the cross-device function of Google AdWords and Google DoubleClick. In this way, interested-based, personalized advertising messages, that have been adapted to you, depending on your previous usage and surfing behavior on one device (e.g. mobile phone), can also be displayed on another of your devices (e.g. Tablet or Laptop). Supporting this function, Google Analytics collects Google-authenticated user IDs in order to define and create target groups for cross-device advertising.
The legal basis for the processing of your personal data is legitimate interests (Section 12(f), DPA). You can also prevent the storage of cookies by setting your browser-software. Accordingly, we would like to inform you, that in this case, you may not be able to use all the functions of our website. You can also prevent Google from collecting the personal data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by permanently contradicting the cross-device remarketing tool by deactivating personalized advertising in your Google-Account, following this link: https://www.google.com/settings/ads/onweb/.
The recipient of personal data is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland as the processor. We have concluded with Google an order processing contract for this purpose and the EU Standard Data Protection Clauses (SCC). Google LLC, based in California, and possibly U.S. American authorities, can access the data stored by Google. Further information and the data protection regulations can be found in the Google data protection declaration: https://www.google.com/policies/technologies/ads/.
14. Facebook Custom Audiences
The Website also uses the remarketing-function “Custom Audiences” of Facebook Inc. (“Facebook”). This allows users of the website to be shown interest-related advertisements (“Facebook-Ads”), when visiting the social network Facebook or other websites that also use the process. We are pursuing the interest of showing you advertisements, that are of interest to you in order to make our website more interesting for you.
Due to the marketing-tools used, your browser automatically establishes a direct connection with the Facebook server. We have no influence on the scope and further use of the data, that is collected through the use of this tool by Facebook and therefore we inform you according to our level of knowledge. By integrating Facebook Custom Audiences, Facebook receives information, that you have accessed our website or that you have clicked on an ad from us. If you are registered with a Facebook service, Facebook can assign the visit of our website to your account. Even if you are not registered or logged in to Facebook, there is a possibility, that Facebook will find out and save your IP address and other identification features.
The function “Facebook Custom Audiences” can be deactivated (here and) for logged-in users under the following link: https://www.facebook.com/settings/?tab=ads#._
The legal basis for the processing of your personal data is legitimate interest (Section 12(f), DPA). Further information about the data processing is available at the following: https://www.facebook.com/about/privacy.
15. Google AdWords
This website uses Google Adwords, a web service of Google LLC. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
We use Google Adwords to draw attention to our offers by means of advertising material (so-called Google Adwords) on external websites. We can determine in relation to the data of the advertising campaigns, how successful the individual advertising measures are. With this, we pursue the interest to show you advertising that is of interest to you, to make our website more interesting and to achieve a fair calculation of advertising costs. These advertising media are delivered by Google via so-called "Ad Servers". For this purpose, we use ad server cookies, which allow us to measure certain parameters to measure success, such as the display of ads or clicks by users. If you reach our website via a Google ad, Google Adwords will store a cookie on your device. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be contacted) are usually stored as analysis values for this cookie. These cookies enable Google to recognize your internet browser. If a user visits certain pages of an AdWords client's website and the cookie stored on their computer has not expired, Google and the client can recognize that the user clicked on the ad and was redirected to that page. A different cookie is assigned to each Adwords client. Cookies cannot be tracked through the websites of Adwords clients.
We receive statistical evaluations from Google. By means of these evaluations we can recognize which of the advertising measures used are particularly effective. We do not receive any further personal data from the use of the advertising material, in particular we cannot identify the users on the basis of this information. Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of AdWords Conversion, Google receives the information that you have called up the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider will find out and save your IP address
The legal basis for this personal data processing is according to legitimate interests (Section 12(f), DPA). You can also prevent the storage of cookies by adjusting your browser software settings accordingly. However, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent. Furthermore, you can prevent the collection of the personal data generated by the cookie and related to your use of the website (including your IP address) to Google as well as the processing of this personal data by Google by permanently contradicting the cross-device remarketing/targeting by deactivating personalized advertising in your Google account; follow this link to do so: https://www.google.com/settings/ads/onweb/.
16. Freshdesk and Freshchat
Our website uses the Freshdesk customer service platform and ticketing system. The responsible service provider is Freshworks Inc. 2950 S. Delaware Street, Suite 201, San Mateo, CA 94403. Our website uses Freshdesk to handle customer complaints and requests and Freshchat to allow us to communicate with our customers in real time. The main function is to assist users directly on the website and solve problems as quickly as possible. For these purposes, necessary data such as your last name, first name, postal address, telephone number, e-mail address are collected via the website, in order to be able to answer your inquiries and requests. The legal basis for the processing of your personal data is legitimate interests (Section 12(f), DPA) for purposes of handling customer complaints and requests.
17. Personal data collected from minors, legally-incompetent persons, and other individuals
Our Website is intended only for persons who are of legal age and are deemed legally competent to provide their valid and binding consent under Brazilian law. If you are an individual below legal age or an individual deemed legally competent to give valid and binding consent (hereinafter, collectively referred to as a “Minor” or “Minors”), If you are a Minor, please do not provide any personal data to us including, but not limited to, your name, age, gender, email address, contact information and the like. Kindly consult your parent(s) or legal guardian(s) first before visiting this website.
We neither offer products or services to, nor knowingly collect personal data of Minors without any legal basis. Should we learn that we were provided with personal data of Minors without any legal basis, we will delete the same.
To the extent that you have provided (or will provide) personal data about your family members, spouse, other dependents, and/or other natural persons, you represent and warrant that, prior to sharing their personal data, you have explained to them that you will provide their personal data to us and that they consented to the same being processed (including disclosure and transfer) in accordance with this privacy statement.
18. Changes and updates to the privacy statement
We may modify or amend this privacy statement from time to time to keep up with any changes in relevant laws and regulations applicable to us or how we collect, use, protect, store, share or dispose of your personal data. Any changes or updates will be posted on our website and the same shall be effective immediately upon such posting.