PRIVACY POLICY
Privacy Notice
This Privacy Notice applies to the processing of your data, including your personal data, via the website “kowa-lenses.com”, including all its subdomains and subpages (the Platform). The controller responsible for data processing is Kowa Optimed Deutschland GmbH of Düsseldorf (the Operator). The Operator’s email address is: lens@kowaoptimed.com. The complete contact details are listed in the Legal Notice. The Platform is used for informational purposes and to sell goods, in particular camera lenses. You may access the content of this Privacy Notice at any time by visiting the subpage of the same name on the Platform. You may also save or print it using the corresponding function on your internet browser.
I. Preliminary remarks
The operator takes the protection of your data seriously and adheres to the applicable statutory rules of data protection. These laws protect natural persons when personal data are processed. Personal data means any information relating to an identified or identifiable natural person. These data are only processed to the extent necessary for any contract execution or to provide and improve the Platform. Processing for contract execution only takes place if you initiate or conclude a contract with the Operator; in this respect, we would also refer you to the Operator’s T&Cs. Processing for the provision and improvement takes place only where this is indicated below or in a separate agreement, where this is ordered by the authorities or by the courts or otherwise required by law. Data are only processed by the Operator or the data processor on behalf of the Operator in the Member States of the European Union (EU). In particular, the web servers used by the Operator for data processing are located in the EU Member States. As a matter of principle, data are not transmitted to a third country or any international organisation.
II. Data processing
Your data are processed regardless of whether or not these data were provided using a form. Form-dependent data are data you provided using a form on this Platform. Form-independent data are data you provided without using a form when visiting this Platform.
1. Form-dependent processing
The data you have entered in a form on the Platform are processed when the form is utilised, specifically once the form has been submitted. This may include, in particular, data for contacting you, order data, including customer account details, as well as data for the newsletter or a warranty extension. Personal data you send via a form provided for this purpose are always transmitted to the Operator’s server in an encrypted form.
a) Contacting us
If you contact the Operator using a form, the data you provide in the contact form are encrypted and sent to the Operator through the Operator’s server via email. These data may include your request, your name, your email address and other contact details. No further automated processing of your personal data is undertaken in this regard. The data are only used for the purpose of processing your request. Responses are generally sent by email, which is also encrypted, provided your email service provider supports this. The same applies if you contact the Operator by email to an email address stated on the Platform instead of using a contact form. Once your request has been processed and closed, the personal data you provided to the Operator in the contact form or in an email will be erased. This does not apply if these data are still required to execute the contract, if they are required for verification purposes or conflict with statutory retention requirements; however, the processing of your data will be restricted until then.
b) Orders and customer accounts
The data you enter in the forms when ordering (the ordering process) are transmitted in an encrypted form to the Operator’s server and stored in a database. These include order data such as your name, address, email address and other contact details, the type and quantity of items ordered and their price. The data are only used for the purpose of processing your order. During the ordering process, you can also set up a customer account on the Platform. In this respect, in addition to your order data, a username with a password (access credentials) and, where appropriate, information later stored by you in your customer account via the forms will be stored. The stored data can be viewed at any time via your customer account and, if necessary, rectified or completed using the forms available in the account settings. You may, of course, also contact the Operator personally to do this, for example through the email address listed at the beginning of this Privacy Notice. The same applies to the erasure of your customer account and your order data. If you have not set up a customer account, your order data will be erased as soon as they are no longer required to execute the contract, are no longer required for verification purposes and are no longer subject to statutory retention requirements. If you have set up a customer account, your order data will only be erased when you close your customer account. Where data no longer need to be processed automatically, processing is then restricted. In order to ship your items, your name and address may be forwarded to a postal or parcel service provider. In addition, your payment details (e.g. bank details) may be forwarded to a payment service provider (e.g. financial institution) to process payment. As a rule, these service providers are subject to postal or bank secrecy, and any electronic transmission of your data is encrypted. When processing payments via PayPal, the privacy policy of PayPal (Europe) S.a.r.l. et Cie, S.C.A. of Luxembourg applies. You can access this via the following link:
https://www.paypal.com/en/webapps/mpp/ua/privacy-full
c) Newsletter
The Operator provides a newsletter subscription service via email. Should you wish to receive this newsletter, you must provide us with your email address. The Operator also needs additional data to verify that you, as the owner of the email address provided, agree to subscribe to this newsletter. The Operator employs what is known as a double opt-in method (DOI), which means you will receive an email with a unique link to confirm your registration (confirmation link). Only after confirmation will you receive the newsletter. In addition to your email address, the time, date and IP address of the registration and confirmation as well as the confirmation link are stored for the DOI, its verification and to prevent abuse. No additional data are processed in this regard. Data are only processed to be able to offer and send the newsletter. As a rule, your personal data will not be disclosed to third parties. However, the Operator may use an email service provider that processes data on its behalf in accordance with the statutory provisions and the specifications of this Privacy Notice. In this case, such a provider would not be a third party. If you wish to unsubscribe from the newsletter, you can use the corresponding link included in each newsletter or contact the Operator personally to do this, for example through the email address listed at the beginning of this Privacy Notice. Unsubscribing also constitutes a revocation of your consent to the subscription to the newsletter and the data processing required for this. If you unsubscribe from the newsletter or do not complete the DOI within two weeks, your data will be erased unless they are still required to verify a completed DOI or to prevent misuse; however, data processing will be limited. Subscribing to the newsletter is done using an encrypted connection. Newsletters are also sent in an encrypted form, provided your email service provider supports this.
This website uses Sendinblue to send newsletters and automated emails. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany. Sendinblue is a service with which, among other things, the sending of newsletters can be organised and analysed. The data you enter for the purpose of receiving the newsletter is stored on Sendinblue's servers in Germany. If you do not want Sendinblue to analyse your data, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. Furthermore, you can also unsubscribe directly on the website.
With the help of Sendinblue, we are able to analyse our newsletter campaigns. For example, we can see whether a. Newsletter message was opened and which links, if any, were clicked on. In this way, we can determine, among other things, which links were clicked on particularly often. We can also see whether certain previously defined actions were carried out after opening/clicking (conversion rate). For example, we can see whether you have made a purchase after clicking on the newsletter. Sendinblue also enables us to subdivide ("cluster") the newsletter recipients according to various categories. For example, newsletter recipients can be subdivided according to age, gender or place of residence. In this way, the newsletters can be better adapted to the respective target groups. For detailed information on the functions of Sendinblue, please see the following link: https://de.sendinblue.com/newsletter-software/. The data processing is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time. The legality of the data processing operations already carried out remains unaffected by the revocation. The data you provide for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data that has been stored by us for other purposes remains unaffected by this. After you have unsubscribed from the newsletter distribution list, your e-mail address will be stored by us or the newsletter service provider in a blacklist, if necessary, in order to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest. For more details, please refer to the data protection provisions of Sendinblue at: https://de.sendinblue.com/datenschutz-uebersicht/
2. Form-independent processing
Data the operator needs for the provision or improvement of the Platform are processed without the use of forms. In particular, these may include cookies, your IP address and statistical data. Even in the case of form-independent processing, personal data are always encrypted where this is technically possible.
a) Cookies
This Platform uses cookies. These are small text files or simple database entries stored locally by your browser. The data in the cookies can only be read by the Platform that saved them. Cookies are used to make websites more user-friendly and secure. Cookies are only stored or read via an encrypted connection. To do so, the Platform uses what are known as session cookies, in particular to recognise a login to a customer account. These cookies ensure that only you can access the data stored in your customer account after logging in. For this purpose, a session ID is stored in the cookie. After logging off or at the end of your visit to the Platform, for example when you close your browser, the cookie with the ID will be erased. In addition, the Platform uses cookies so that you can store products in a virtual shopping cart before placing an order. This cookie, which allows only you to access your shopping cart, is not a session cookie. This means that the cookie will not be erased after the end of your visit to the Platform. This will allow you to access your shopping cart when you visit the Platform again. However, the cookie, and therefore your shopping cart, will be erased if you do not visit the Platform for a month. Until then, the data relating to your shopping cart will only be processed automatically when you revisit the Platform. These data are not processed for other purposes or shared with third parties. The cookies used by the Platform do not harm your device (e.g. computer/tablet) and do not contain viruses. You can prevent the use of cookies by selecting the appropriate settings on your browser. Please note that this may result in your being unable to make full use of some of the Platform’s functions. The same applies to the erasure of stored cookies.
b) Web analytics
This Platform uses Google Analytics, a web analysis service provided by Google Ireland Limited from Dublin (“Google”) and processes the analytical data on our behalf... Google Analytics also uses cookies to be able to analyse the use of the Platform. The information generated by cookies about your use of the Platform is usually transferred to a Google server in the US and stored there. However, we have enabled IP anonymisation, meaning your IP address will be truncated in advance of being transmitted to the US within the Member States of the EU, or other States party to the agreement in the European economic area (EEA). Google will process this information for the purpose of evaluating your use of the Platform, compiling reports on activity on the Platform for us, and providing other services relating to Platform activity and internet usage. Google will not associate the IP address transferred by your browser as part of Google Analytics with any other data held by Google. The cookie, and therefore the reference to activities on the Platform, will be erased fourteen months after your last visit. You can additionally prevent the collection of data produced by the cookie and associated with your use of the website (including your IP address), its transmission to, and its processing by Google, by downloading and installing the browser plugin available at the following link:
https://tools.google.com/dlpage/gaoptout?hl=gb
You can also prevent data collection by Google Analytics by clicking on the link below. In this case, no browser plugin is downloaded and installed. Instead, an opt-out cookie is set, which prevents your data from being collected when you visit the Platform:
<a href=”javascript:gaOptout()”>Disable Google Analytics</a>
However, this of course assumes that you have not adjusted your browser settings to refuse cookies from being saved or deleted the opt-out cookie. For more information about data processing by Google Analytics, see Google’s Privacy Policy:
https://policies.google.com/privacy?hl=gb
This website also uses HubSpot, a service of HubSpot Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141 United States, for analysis purposes. HubSpot is certified under the EU-US Privacy Shield. The data transfer to the USA takes place in accordance with the Implementing Decision (EU) 2016/1250 of the EU Commission (EU-US Privacy Shield).
HubSpot is a web-based all-in-one marketing software that serves the realisation and control of inbound marketing. In this context, so-called "web beacons" are used and "cookies" are also set, which are stored on the user's computer and enable an analysis of the use of the website. HubSpot evaluates the information collected (e.g. IP address, geographical location, type of browser, duration of visit and pages viewed) on behalf of Kowa Optimed in order to generate reports on the visit/visited pages of www.kowa-lenses.com. We have concluded an order processing contract with HubSpot and implement the strict requirements of the German data protection authorities when using HubSpot.
If you generally do not want HubSpot to collect data, you can prevent the storage of cookies at any time by changing your browser settings.
For more information on how HubSpot works and the cookies set by HubSpot, please refer to the data protection declaration of HubSpot Inc. and at https://knowledge.hubspot.com/articles/kcs_article/reports/what-cookies-does-hubspot-set-in-a-visitor-s-browser.
c) Access log
To ensure the security and functionality of the Platform (e.g. to defend against attacks), an access log is created on the Operator’s server. This log stores data about access to the Platform. These include data that are transferred to the Platform when your browser connects to it. This includes your IP address, the time and date of access, the address (URL) that was accessed, whether the access was successful, and the volume of data transmitted by the server. Provided your browser transmits the respective data, the previous address (referrer) as well as information about your operating system and browser (e.g. version) will also be stored. You may be able to prevent the transmission of these data by adjusting your browser settings. The log files are erased at regular intervals, at the latest by the end of the next calendar month. If necessary, the log files are statistically analysed prior to erasure. The logged data are stored separately from the other data you leave on the Platform and will not be merged with it. They will not be disclosed to third parties and will not be used for any other purpose. The statistical analysis of the log files does not allow for you to be identified.
d) Social networks
The Platform enables the placement of links to social networks operated by third parties. This is done to enable you to share (e.g. “Share”/”Retweet”) or “like” the Platform or articles on it on the respective network. However, these links are only provided once you have clicked the button for the respective network on the Platform. Because of the processing of personal data undertaken by social networks over which the Operator has no influence, we would refer you to the privacy policy of the respective responsible provider:
1. Facebook (Facebook Ireland Limited based in Ireland):
https://www.facebook.com/privacy/explanation
2. Twitter (Twitter International Company based in Ireland):
https://twitter.com/en/privacy
3. Instagram (Facebook Ireland Limited based in Ireland):
https://help.instagram.com/519522125107875
e) Embedded content
The Platform sometimes embeds content from YouTube (online videos) and Google Maps (interactive maps). This content is not provided through the operator’s servers, but through the servers of Google Ireland Limited from Dublin, (“Google”). When displaying and using this embedded content, your IP address is transmitted to Google. This is because your browser is unable to retrieve the embedded content without transmitting your IP address. In addition, your browser may transmit additional data to Google (such as your location when using the respective function). The operator has no control over this. The same applies to cookies that Google may set to make content more user-friendly and secure. These cookies cannot be read by the Operator. For more information about data processing by Google and your rights with respect to Google Analytics, see Google’s Privacy Policy:
https://policies.google.com/privacy?hl=gb
III. Legal basis
The statutory provisions governing data protection is rooted in the German Federal Data Protection Act (Bundesdatenschutzgesetz [BDSG]) and the German Telemedia Act (Telemediengesetz [TMG]). However, as of 25 May 2018, the EU General Data Protection Regulation (GDPR) will take precedence. If you have expressly consented to the processing of your data, this also constitutes the legal basis for data processing for the purposes for which you have consented (Article 6 Para. 1(a) GDPR). In particular, this may include the subscription to our newsletter. Where processing is necessary for the performance or initiation of a contract, this constitutes the legal basis (Article 6 Para. 1(b) GDPR). This includes contracts, in particular sales contracts, which are concluded via the Platform or are initiated at your request. In addition, the legal basis for data processing is to preserve the legitimate interests of the Operator (Article 6 Para. 1(f) GDPR). This is the economic interest in operating the Platform, in particular the sale of goods via the Platform. No automated decision-making (including profiling) as defined by Art. 22 GDPR takes place.
IV. Your rights
If you are concerned about the processing of your personal data, you have certain rights that you may assert to the data controller according to the data protection regulations. You may contact the Operator at any time to exercise these rights, for example through the email address listed at the beginning of this Privacy Notice. The same applies to other questions about data protection by the Operator. In addition to the Operator, the Operator’s data protection officer is also at your disposal: Attorney Daniel Raimer of Kanzlei Daniel Raimer in Düsseldorf. You can find the data protection officer’s contact details in the Legal Notice.
1. Right of revocation
According to Art. 7 Para. 3 GDPR, you have the right to revoke your consent to data processing at any time. The revocation of consent does not affect the lawfulness of the processing based on consent prior to revocation.
2. Right to object
According to Art. 21 GDPR, you have the right to object at any time to the processing of your personal data. This applies, in particular, to an objection to processing for direct advertising purposes.
3. Right to lodge complaints
Pursuant to Art. 77 GDPR, you are entitled to lodge a complaint with a supervisory authority if you believe your personal data are being processed in violation of the statutory provisions. This right is without prejudice to any other administrative or judicial remedy.
4. Right to information
According to Art. 15 GDPR, you have the right to request information from the Operator. In addition to the information that you can largely already find in this Privacy Notice, this right to information includes, in particular, the right to a copy of your personal data that is the subject of processing. The restrictions stipulated in Sec. 34 BDSG also apply to this right to information.
5. Right to rectification
Pursuant to Art. 16 GDPR, you have the right to request that the Operator immediately rectify incorrect personal data relating to yourself. You also have the right to request the completion of incomplete personal data, including through a supplementary declaration, taking into account the purposes of the processing.
6. Right to erasure
Pursuant to Art. 17 GDPR, you have the right to request that the Operator erase your personal data. If data do not have to be erased according to this provision, you may request that further processing be restricted where appropriate. In addition, the restrictions stipulated in Sec. 35 BDSG also apply to this right to erasure. The right to erasure includes what is known as the right to be forgotten.
7. Right to restriction
Pursuant to Art. 18 GDPR, you have the right to request that the Operator restrict the processing of your personal data. According to this provision, apart from storage, data may essentially no longer be processed.
8. Right to data portability
Pursuant to Art. 20 GDPR, you have the right to data portability with respect to your personal data that you have provided to the Operator. This does not affect your right to erasure.
9. Duty of notification
According to Art. 19 GDPR, the Operator must notify all recipients to whom your personal data have been disclosed of any rectification or erasure of these data, or any restriction to processing unless this proves to be impossible or involves a disproportionate amount of effort. The Operator will inform you of any such recipients at your request.
V. Final remarks
Taking into account the nature, scope, context and purposes of processing as well as the risk to your rights and freedoms, of varying likelihood and severity, the Operator will implement appropriate technical and organisational measures to ensure that data are processed in accordance with the statutory provisions. Only persons mandated by the Operator (employees) who require access to personal data to perform their duties have access to the same, and only to the extent required. The Operator’s employees are trained on data processing in advance and are bound by a duty of confidentiality. Compliance with data protection regulations is regularly reviewed and the measures updated if necessary.