This Privacy Notice applies to the processing of your data, including your personal data, via the website “kowa-lenses.com”, including all its subdomains and subpages (the Platform). The controller responsible for data processing is Kowa Optimed Deutschland GmbH of Düsseldorf (the Operator). The Operator’s email address is: firstname.lastname@example.org. The complete contact details are listed in the Legal Notice. The Platform is used for informational purposes and to sell goods, in particular camera lenses. You may access the content of this Privacy Notice at any time by visiting the subpage of the same name on the Platform. You may also save or print it using the corresponding function on your internet browser.
I. Preliminary remarks
The operator takes the protection of your data seriously and adheres to the applicable statutory rules of data protection. These laws protect natural persons when personal data are processed. Personal data means any information relating to an identified or identifiable natural person. These data are only processed to the extent necessary for any contract execution or to provide and improve the Platform. Processing for contract execution only takes place if you initiate or conclude a contract with the Operator; in this respect, we would also refer you to the Operator’s T&Cs. Processing for the provision and improvement takes place only where this is indicated below or in a separate agreement, where this is ordered by the authorities or by the courts or otherwise required by law. Data are only processed by the Operator or the data processor on behalf of the Operator in the Member States of the European Union (EU). In particular, the web servers used by the Operator for data processing are located in the EU Member States. As a matter of principle, data are not transmitted to a third country or any international organisation.
II. Data processing
Your data are processed regardless of whether or not these data were provided using a form. Form-dependent data are data you provided using a form on this Platform. Form-independent data are data you provided without using a form when visiting this Platform.
1. Form-dependent processing
The data you have entered in a form on the Platform are processed when the form is utilised, specifically once the form has been submitted. This may include, in particular, data for contacting you, order data, including customer account details, as well as data for the newsletter or a warranty extension. Personal data you send via a form provided for this purpose are always transmitted to the Operator’s server in an encrypted form.
a) Contacting us
If you contact the Operator using a form, the data you provide in the contact form are encrypted and sent to the Operator through the Operator’s server via email. These data may include your request, your name, your email address and other contact details. No further automated processing of your personal data is undertaken in this regard. The data are only used for the purpose of processing your request. Responses are generally sent by email, which is also encrypted, provided your email service provider supports this. The same applies if you contact the Operator by email to an email address stated on the Platform instead of using a contact form. Once your request has been processed and closed, the personal data you provided to the Operator in the contact form or in an email will be erased. This does not apply if these data are still required to execute the contract, if they are required for verification purposes or conflict with statutory retention requirements; however, the processing of your data will be restricted until then.
b) Orders and customer accounts
The Operator provides a newsletter subscription service via email. Should you wish to receive this newsletter, you must provide us with your email address. The Operator also needs additional data to verify that you, as the owner of the email address provided, agree to subscribe to this newsletter. The Operator employs what is known as a double opt-in method (DOI), which means you will receive an email with a unique link to confirm your registration (confirmation link). Only after confirmation will you receive the newsletter. In addition to your email address, the time, date and IP address of the registration and confirmation as well as the confirmation link are stored for the DOI, its verification and to prevent abuse. No additional data are processed in this regard. Data are only processed to be able to offer and send the newsletter. As a rule, your personal data will not be disclosed to third parties. However, the Operator may use an email service provider that processes data on its behalf in accordance with the statutory provisions and the specifications of this Privacy Notice. In this case, such a provider would not be a third party. If you wish to unsubscribe from the newsletter, you can use the corresponding link included in each newsletter or contact the Operator personally to do this, for example through the email address listed at the beginning of this Privacy Notice. Unsubscribing also constitutes a revocation of your consent to the subscription to the newsletter and the data processing required for this. If you unsubscribe from the newsletter or do not complete the DOI within two weeks, your data will be erased unless they are still required to verify a completed DOI or to prevent misuse; however, data processing will be limited. Subscribing to the newsletter is done using an encrypted connection. Newsletters are also sent in an encrypted form, provided your email service provider supports this.
This website uses Sendinblue to send newsletters and automated emails. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany. Sendinblue is a service with which, among other things, the sending of newsletters can be organised and analysed. The data you enter for the purpose of receiving the newsletter is stored on Sendinblue's servers in Germany. If you do not want Sendinblue to analyse your data, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. Furthermore, you can also unsubscribe directly on the website.
With the help of Sendinblue, we are able to analyse our newsletter campaigns. For example, we can see whether a. Newsletter message was opened and which links, if any, were clicked on. In this way, we can determine, among other things, which links were clicked on particularly often. We can also see whether certain previously defined actions were carried out after opening/clicking (conversion rate). For example, we can see whether you have made a purchase after clicking on the newsletter. Sendinblue also enables us to subdivide ("cluster") the newsletter recipients according to various categories. For example, newsletter recipients can be subdivided according to age, gender or place of residence. In this way, the newsletters can be better adapted to the respective target groups. For detailed information on the functions of Sendinblue, please see the following link: https://de.sendinblue.com/newsletter-software/. The data processing is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time. The legality of the data processing operations already carried out remains unaffected by the revocation. The data you provide for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data that has been stored by us for other purposes remains unaffected by this. After you have unsubscribed from the newsletter distribution list, your e-mail address will be stored by us or the newsletter service provider in a blacklist, if necessary, in order to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest. For more details, please refer to the data protection provisions of Sendinblue at: https://de.sendinblue.com/datenschutz-uebersicht/
2. Form-independent processing
Data the operator needs for the provision or improvement of the Platform are processed without the use of forms. In particular, these may include cookies, your IP address and statistical data. Even in the case of form-independent processing, personal data are always encrypted where this is technically possible.
b) Web analytics
You can also prevent data collection by Google Analytics by clicking on the link below. In this case, no browser plugin is downloaded and installed. Instead, an opt-out cookie is set, which prevents your data from being collected when you visit the Platform:
This website also uses HubSpot, a service of HubSpot Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141 United States, for analysis purposes. HubSpot is certified under the EU-US Privacy Shield. The data transfer to the USA takes place in accordance with the Implementing Decision (EU) 2016/1250 of the EU Commission (EU-US Privacy Shield).
HubSpot is a web-based all-in-one marketing software that serves the realisation and control of inbound marketing. In this context, so-called "web beacons" are used and "cookies" are also set, which are stored on the user's computer and enable an analysis of the use of the website. HubSpot evaluates the information collected (e.g. IP address, geographical location, type of browser, duration of visit and pages viewed) on behalf of Kowa Optimed in order to generate reports on the visit/visited pages of www.kowa-lenses.com. We have concluded an order processing contract with HubSpot and implement the strict requirements of the German data protection authorities when using HubSpot.
If you generally do not want HubSpot to collect data, you can prevent the storage of cookies at any time by changing your browser settings.
For more information on how HubSpot works and the cookies set by HubSpot, please refer to the data protection declaration of HubSpot Inc. and at https://knowledge.hubspot.com/articles/kcs_article/reports/what-cookies-does-hubspot-set-in-a-visitor-s-browser.
c) Access log
To ensure the security and functionality of the Platform (e.g. to defend against attacks), an access log is created on the Operator’s server. This log stores data about access to the Platform. These include data that are transferred to the Platform when your browser connects to it. This includes your IP address, the time and date of access, the address (URL) that was accessed, whether the access was successful, and the volume of data transmitted by the server. Provided your browser transmits the respective data, the previous address (referrer) as well as information about your operating system and browser (e.g. version) will also be stored. You may be able to prevent the transmission of these data by adjusting your browser settings. The log files are erased at regular intervals, at the latest by the end of the next calendar month. If necessary, the log files are statistically analysed prior to erasure. The logged data are stored separately from the other data you leave on the Platform and will not be merged with it. They will not be disclosed to third parties and will not be used for any other purpose. The statistical analysis of the log files does not allow for you to be identified.
d) Social networks
1. Facebook (Facebook Ireland Limited based in Ireland):
2. Twitter (Twitter International Company based in Ireland):
3. Instagram (Facebook Ireland Limited based in Ireland):
e) Embedded content
III. Legal basis
The statutory provisions governing data protection is rooted in the German Federal Data Protection Act (Bundesdatenschutzgesetz [BDSG]) and the German Telemedia Act (Telemediengesetz [TMG]). However, as of 25 May 2018, the EU General Data Protection Regulation (GDPR) will take precedence. If you have expressly consented to the processing of your data, this also constitutes the legal basis for data processing for the purposes for which you have consented (Article 6 Para. 1(a) GDPR). In particular, this may include the subscription to our newsletter. Where processing is necessary for the performance or initiation of a contract, this constitutes the legal basis (Article 6 Para. 1(b) GDPR). This includes contracts, in particular sales contracts, which are concluded via the Platform or are initiated at your request. In addition, the legal basis for data processing is to preserve the legitimate interests of the Operator (Article 6 Para. 1(f) GDPR). This is the economic interest in operating the Platform, in particular the sale of goods via the Platform. No automated decision-making (including profiling) as defined by Art. 22 GDPR takes place.
IV. Your rights
If you are concerned about the processing of your personal data, you have certain rights that you may assert to the data controller according to the data protection regulations. You may contact the Operator at any time to exercise these rights, for example through the email address listed at the beginning of this Privacy Notice. The same applies to other questions about data protection by the Operator. In addition to the Operator, the Operator’s data protection officer is also at your disposal: Attorney Daniel Raimer of Kanzlei Daniel Raimer in Düsseldorf. You can find the data protection officer’s contact details in the Legal Notice.
1. Right of revocation
According to Art. 7 Para. 3 GDPR, you have the right to revoke your consent to data processing at any time. The revocation of consent does not affect the lawfulness of the processing based on consent prior to revocation.
2. Right to object
According to Art. 21 GDPR, you have the right to object at any time to the processing of your personal data. This applies, in particular, to an objection to processing for direct advertising purposes.
3. Right to lodge complaints
Pursuant to Art. 77 GDPR, you are entitled to lodge a complaint with a supervisory authority if you believe your personal data are being processed in violation of the statutory provisions. This right is without prejudice to any other administrative or judicial remedy.
4. Right to information
According to Art. 15 GDPR, you have the right to request information from the Operator. In addition to the information that you can largely already find in this Privacy Notice, this right to information includes, in particular, the right to a copy of your personal data that is the subject of processing. The restrictions stipulated in Sec. 34 BDSG also apply to this right to information.
5. Right to rectification
Pursuant to Art. 16 GDPR, you have the right to request that the Operator immediately rectify incorrect personal data relating to yourself. You also have the right to request the completion of incomplete personal data, including through a supplementary declaration, taking into account the purposes of the processing.
6. Right to erasure
Pursuant to Art. 17 GDPR, you have the right to request that the Operator erase your personal data. If data do not have to be erased according to this provision, you may request that further processing be restricted where appropriate. In addition, the restrictions stipulated in Sec. 35 BDSG also apply to this right to erasure. The right to erasure includes what is known as the right to be forgotten.
7. Right to restriction
Pursuant to Art. 18 GDPR, you have the right to request that the Operator restrict the processing of your personal data. According to this provision, apart from storage, data may essentially no longer be processed.
8. Right to data portability
Pursuant to Art. 20 GDPR, you have the right to data portability with respect to your personal data that you have provided to the Operator. This does not affect your right to erasure.
9. Duty of notification
According to Art. 19 GDPR, the Operator must notify all recipients to whom your personal data have been disclosed of any rectification or erasure of these data, or any restriction to processing unless this proves to be impossible or involves a disproportionate amount of effort. The Operator will inform you of any such recipients at your request.
V. Final remarks
Taking into account the nature, scope, context and purposes of processing as well as the risk to your rights and freedoms, of varying likelihood and severity, the Operator will implement appropriate technical and organisational measures to ensure that data are processed in accordance with the statutory provisions. Only persons mandated by the Operator (employees) who require access to personal data to perform their duties have access to the same, and only to the extent required. The Operator’s employees are trained on data processing in advance and are bound by a duty of confidentiality. Compliance with data protection regulations is regularly reviewed and the measures updated if necessary.