Data processing and protection
We attach great importance to the protection of your personal data and treat it confidentially and in accordance with the statutory data protection regulations. Your data will only be processed to the extent necessary for the provision of our services. We take appropriate technical and organisational measures to protect your data from unauthorised access, loss or misuse. If you have any questions about our privacy policy or would like information about the processing of your data, you can contact us at any time.
We are committed to protecting the privacy of visitors to our website. This policy applies where we act as a data controller in relation to the personal data of our website visitors, i.e. where we determine the purposes and means of the processing of that personal data.
When you visit our website for the first time, we will ask you to consent to the use of cookies in accordance with the terms of this policy. In this Policy, the terms ‘we’, ‘us’ and “our” refer to ‘Supportify’.
How we use your personal data
In this section we have set out:
(a) the general categories of personal data that we may process;
(b) the purposes for which we may process personal data; and
(c) the legal bases for the processing.
We may process data about your use of our website (‘Usage Data’). Usage Data may include [your IP address, geographic location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, and information about the timing, frequency and pattern of your use of the Services. The source of the usage data is our analytical tracking system. This usage data may be processed for the purpose of analysing the use of the website. The legal basis for this processing is your consent.
We may process information contained in an enquiry you submit to us in relation to services (‘enquiry data’). The enquiry data may be processed to understand which enquiries are most frequently made and how we can best present useful information on our website. The legal basis for this processing is your consent.
We may process information that you provide to us in order to subscribe to our email notifications and/or newsletters (‘Notification Data’). The notification data may be processed in order to send you the relevant notifications and/or newsletters. The legal basis for this processing is your consent.
We may process information contained in or relating to any communication you send to us (‘correspondence data’). The correspondence data may include the content of the communication. The correspondence data may be processed for the purposes of communicating with you. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and communication with users,
We may process your personal data referred to in this policy if this is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in administrative or out-of-court proceedings]. The legal basis for this processing is our legitimate interest, namely the protection and enforcement of our legal rights, your legal rights and the legal rights of others.
We may process your personal data referred to in this policy] if this is necessary for taking out or maintaining insurance cover, for risk management or for obtaining professional advice. The legal basis for this processing is our legitimate interest, namely the proper protection of our company against risks.
In addition to the specific purposes set out in this section for which we may process your personal data, we may also process your personal data where the processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
Please do not disclose any other person’s personal data to us unless we ask you to do so.
Sharing your personal data with others
We may disclose your personal data to our insurers and/or professional advisers to the extent reasonably necessary to obtain or maintain insurance cover, manage risks, obtain professional advice or establish, exercise or defend legal claims, whether in court proceedings or in administrative or out-of-court proceedings.
Your personal data stored in our databases is stored on the servers of our hosting service provider in the Federal Republic of Germany.
We may share your name and email address with our suppliers or subcontractors to the extent necessary for the proper administration of our website and business.
We may disclose your personal data to our insurers and/or professional advisers as appropriate for the purposes of obtaining and maintaining insurance cover, managing risk, obtaining professional advice and resolving disputes.
We may share personal data with our suppliers or subcontractors to the extent necessary for the performance of marketing or sales activities we have assigned to them on our behalf.
We may share your enquiry data with one or more selected third party suppliers of goods and services identified on our website so that they can contact you to offer, market and sell relevant goods and/or services to you. Each such third party will act as a data controller in respect of the enquiry data that we provide to them and, upon contacting you, each such third party will provide you with a copy of their own privacy policy which will govern that third party’s use of your personal data.
In addition to the specific disclosures of personal data set out in this section, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data if this is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in administrative or out-of-court proceedings.
International transfer of your personal data
In this section, we inform you about the circumstances in which your personal data may be transferred to countries outside the European Economic Area (EEA).
We and our other group companies have offices and facilities in Germany. All of our marketing and sales subcontractors are based in Germany. The hosting facilities for our website are located in Germany. The European Commission has made an ‘adequacy decision’ in relation to the data protection laws of each of these countries. Transfers to each of these countries are protected by appropriate safeguards, in particular through the use of standard data protection clauses adopted or authorised by the European Commission.
You acknowledge that personal data you submit for publication via our website or services may be available worldwide via the internet. We cannot prevent the use (or misuse) of such personal data by others.
Automated decision making
We will use your personal data for the purposes of automated decision-making in relation to our website and our sales and marketing processes.
This automated decision making includes marketing personalisation via our website and other marketing communications such as email.
The significance and potential consequences of this automated decision making are that you are likely to receive a personalised experience with content and other marketing assets.
Storage and deletion of personal data
Personal data that we process for one or more purposes shall not be kept for longer than is necessary for that purpose or those purposes.
Notwithstanding the other provisions of this section, we may retain your personal data if this is necessary to fulfil a legal obligation to which we are subject or to protect your vital interests or the vital interests of another natural person.
Security of personal data
We will take reasonable technical and organisational precautions to protect your personal data and to prevent the loss, misuse or alteration of your personal data.
We will store all your personal data on secure servers, PCs and mobile devices and in secure manual recording systems.
You acknowledge that the transmission of unencrypted (or inadequately encrypted) data over the internet is inherently insecure and we cannot guarantee the security of data transmitted over the internet.
You should ensure that your password cannot be guessed, either by a person or by a computer programme. You are responsible for keeping the password you use to access our website confidential and we will not ask you for your password.
Websites of third parties
Our website contains hyperlinks to and information about third party websites. We have no control over and are not responsible for the privacy policies and practices of third parties.
Third party websites
Our website contains hyperlinks to and information about third party websites. We have no control over and are not responsible for the privacy policies and practices of third parties.
Use of WhatsApp
Our website uses WhatsApp as a means of communication. Please note that when you use WhatsApp, your data will be processed. This data includes your telephone number, message content and metadata such as the date and time of communication. Our company has no influence on WhatsApp’s terms of use or privacy policy. Further information on data processing by WhatsApp can be found in WhatsApp’s privacy policy hier.
Use of Google services
Our website uses various Google services to improve the user experience. These include Google Analytics, Google Maps and Google Ads. When you use these services, data such as your IP address, location information and usage data is processed. This data may be used by Google to show you personalised advertising and to ensure the functionality of the services. Further information on data processing by Google can be found in Google’s privacy policy hier.
Your rights
In this section, we have listed the rights to which you are entitled under data protection law. Your main rights under data protection law are
- The right of access – you can request copies of your personal data;
- The right to rectification – you can ask us to rectify inaccurate personal data and complete incomplete personal data;
- The right to erasure – you can ask us to erase your personal data;
- The right to restriction of processing – you can ask us to restrict the processing of your personal data;
- The right to object to processing – you can object to the processing of your personal data;
- The right to data portability – you can request that we transfer your personal data to another organisation or to you;
- The right to lodge a complaint with a supervisory authority – you can complain about our processing of your personal data; and
- The right to withdraw consent – where the legal basis for processing your personal data is consent, you can withdraw that consent.
- You can exercise any of your rights in relation to your personal data by writing to us using the contact details below.
- You may instruct us to provide you with any personal data we hold about you; the provision of such information is subject to the production of appropriate evidence of your identity.
We may withhold personal data requested by you to the extent permitted by law.
Data protection declaration
Unless otherwise specified below, the provision of your personal data is neither required by law nor by contract, nor is it necessary for the conclusion of a contract. You are not obliged to provide your data. Failure to do so will have no consequences. This only applies unless otherwise stated in the following processing procedures. ‘Personal data’ means any information relating to an identified or identifiable natural person.
Server log files
You can use our websites without transmitting personal data. Each time you access our website, your Internet browser transmits usage data to us or our web host/IT service provider and stores it in server log files. This stored data includes, for example, the name of the page accessed, the date and time of the request, the IP address, the amount of data transferred and the requesting provider. Processing is carried out on the basis of Article 6(1)(f) GDPR due to our legitimate interest in ensuring the smooth operation of our website and improving our services.
Proactive contact of the customer by e-mail
If you contact us proactively by e-mail, we will only collect your personal data (name, e-mail address, telephone number, message text, etc.) to the extent specified by you. The purpose of data processing is to process and respond to your contact enquiry.
If the initial contact is made for the purpose of implementing pre-contractual measures (e.g. advice on an interest in purchasing, order creation) or if it relates to a contract already concluded between you and us, this data processing is carried out on the basis of Article 6(1)(b) GDPR. If the initial contact is made for other reasons, this data processing is carried out on the basis of Article 6(1)(f) GDPR for the purpose of our overriding legitimate interest in processing and responding to your enquiry. In this case, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (f) of Article 6(1) GDPR. We will only use your email address to process your enquiry. Your data will then be deleted in compliance with the statutory retention periods, unless you have consented to further processing and use.
Collection, processing and transmission of personal data for orders
When you place an order, we collect and use your personal data only insofar as this is necessary for the fulfilment and processing of your order and for processing your enquiries. The provision of the data is necessary for the conclusion of a contract. Failure to provide the data will result in a contract not being concluded. The processing is carried out on the basis of Article 6 (1) b) GDPR and is necessary for the fulfilment of a contract with you. Your data will be passed on, for example, to the shipping companies and dropshipping providers you have selected, payment service providers, service providers for order processing and IT service providers. We always adhere strictly to the legal requirements. The scope of data transmission is limited to a minimum.
Data collection when writing a comment
If you comment on an article or post, we will only collect your personal data (name, e-mail address, comment text) to the extent specified by you. The purpose of the processing is to enable you to comment and to display the comments. By submitting the comment, you consent to the processing of the transmitted data. The processing is carried out on the basis of Art. 6 (1) lit. a GDPR with your consent. You can revoke your consent at any time by contacting us without affecting the legality of the processing carried out on the basis of your consent until revocation. Your personal data will then be deleted. When publishing your comment, only the name you have entered will be published.
Use of your e-mail address for sending newsletters
We use your e-mail address outside of contract processing exclusively to send you a newsletter for our own marketing purposes if you have expressly consented to this. The processing is carried out on the basis of Art. 6 (1) lit. a GDPR with your consent. You can withdraw your consent at any time without affecting the lawfulness of processing based on your consent before its withdrawal. You can unsubscribe from the newsletter at any time via the corresponding link in the newsletter or by contacting us. Your e-mail address will then be deleted from the mailing list.
Use of your email address for sending direct marketing
We will use your email address, which we have obtained as part of the sale of a good or service, for the electronic transmission of advertising for our own goods or services that are similar to those that you have already purchased from us, unless you have objected to this use. You must provide your e-mail address in order to conclude a contract. If you do not provide it, no contract will be concluded. The processing is carried out on the basis of Art. 6 (1) lit. f GDPR due to our legitimate interest in direct marketing. You can object to this use of your email address at any time by contacting us. You can find the contact details for exercising your right to object in our legal notice. You can also use the link provided in the marketing email. You will not incur any costs other than the transmission costs at the basic rate.
Cookies
Our website uses cookies. Cookies are small text files that are stored in the user’s Internet browser or by the user’s Internet browser on the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.
The cookies are stored on your computer. You therefore have full control over the use of cookies. By making the appropriate technical settings in your Internet browser, you can be notified before cookies are set and decide on a case-by-case basis whether to accept the setting of cookies and prevent the storage of cookies and the transmission of the data they contain. Cookies that have already been saved can be deleted at any time. However, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent.
Rights of data subjects and duration of storage
Duration of storage
After completion of the contract, the data will initially be stored for the duration of the warranty period, then in accordance with the statutory retention periods, in particular under tax and commercial law, and deleted after expiry of the period, unless you have consented to further processing and use.
Rights of the data subject
If the legal requirements are met, you have the following rights under Art. 15 to 20 GDPR: right to information, rectification, erasure, restriction of processing, data portability. You also have the right to object to processing on the basis of Art. 6 (1) GDPR and to processing for direct marketing purposes in accordance with Art. 21 (1) GDPR.
Right to lodge a complaint with the regulatory authority
You have the right to lodge a complaint with the supervisory authority in accordance with Art. 77 GDPR if you believe that the processing of your data is not lawful.
Right to object
If the data processing described here is based on our legitimate interests in accordance with Article 6 (1) f) GDPR, you have the right to object to the processing of your data at any time with effect for the future on grounds relating to your particular situation. If the objection is successful, we will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests or rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims. If personal data is processed for the purpose of direct advertising, you can object to this at any time by notifying us. If the objection is successful, we will no longer process the personal data for the purposes of direct marketing.
Changes
We may update this policy from time to time by publishing a new version on our website. You should check this page occasionally to ensure that you are happy with any changes to this policy. We may notify you of changes to this policy by email or through the private messaging system on our website.
Our details
Our website and services are owned and operated by Supportify (UG) haftungsbeschränkt). We are registered in Germany.
You can contact us:
via the contact form on our website; or by post, at the postal address given above; by telephone, at the contact number published on our website; by email, at info@supportify.eu