Privacy notice of KLEKKS
I. Controller, Scope
This privacy notice informs you about the scope, kind and purpose of data processing of personal data (hereinafter “Data”) via our website https://klekks.com/ (hereinafter „Website“).
Controller
Strong & Kind GmbH
Torstr. 105-107
10119 Berlin
Please find further information in the imprint section of the Website.
II. General information about data processing
- Purposes of processing
In principle, we only process personal data of users as necessary to provide a functional Website, our contents and to provide our services.
- Legal basis for the processing of personal data
We mostly process personal data according to on one of the following legal bases:
consent
Whenever we collect the data subject’s consent to the processing of personal data, Art. 6 para. 1 a EU General Data Protection Regulation (GDPR) serves as the legal basis.
contract or pre-contractual measures
If the processing of personal data is necessary for the performance of a contract to which the data subject is party, Art. 6 para. 1 b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
legal obligation
If the processing of personal data is necessary for compliance with a legal obligation which the Controller is subject to, Art. 6 para. 1 c GDPR serves as the legal basis.
legitimate interests
If processing is necessary for the purposes of the legitimate interests pursued by the Controller or a third party and if such interests are not overridden by the interests, fundamental rights and freedoms of the data subject, Art. 6 para. 1 f GDPR serves as the legal basis.
Whenever we process your data based on your consent, you have a right to withdraw your consent at any time without stating a reason, effective for the future.
- Data erasure and retention time
In principle and unless otherwise stated, your personal data will only be stored until the purpose of the collection and storage is achieved. If the storage is based on your consent, personal data can be stored as long as you do not revoke such consent.
Furthermore, data may be stored if it is required by European or national legal provisions, laws or regulations which we are subject to. Personal data will be blocked or deleted if the retention period set forth by the any such regulations expires, unless further storage is necessary for the conclusion or fulfilment of a contract.
- Processors
In order to provide our services, we may cooperate with selected third-party providers who process data on our behalf (“Processors”). This applies for instance to content delivery networks, payment services providers, newsletter services providers, crm and hosting providers. Such Processors shall only process your personal data on our behalf. As far as legally required, we have entered into agreements pursuant to art. 28 GDPR with Processors processing your personal data on our behalf.
- Transfer to third countries
Unless otherwise stated, all data processing operations take place within the EU or the EEA countries.
Data processing operations carried out by third-party providers established outside the mentioned geographical area may be carried out in part or in full in the countries the respective providers are based in, in accordance with the relevant and applicable data protection regulations.
A transfer of personal data outside the EU or the EEA shall only take place on the basis of on an adequacy decision of the European Commission (including the EU-US Privacy Framework) or subject to appropriate safeguards, such as standard data protection clauses adopted by the European Commission.
III. Processing of personal data in general
Whenever you visit our Website, we automatically collect Data about your use of the Website, including information about your device, the accessed URL, access date and time, transferred data volume, http status code of the access reply, web browser type and operating system, HTTP referrer, as well as IP address.
We collect and process such data to ensure Website operation and availability. In addition, it is used to analyse, store and evaluate information about user behaviour anonymously and to continuously improve and further develop our service. We only store your IP address in the log files for a limited period of time, if this is necessary for security purposes. The provision of Data is neither required under statute nor under contract. Failure to provide such Data could result in partial or total unavailability of our Website.
These purposes constitute our legitimate interest, which justifies data processing pursuant to art. 6 par. 1 lit. f) GDPR.
IV. Processing of Data of registered users
You have the option to create a user account on our Website to take advantage of our services. For the creation of an account we collect the following data: username, password, e-mail.
We need this information in order to make sure you user account is functional and can only be assigned to yourself. The provision of all above-mentioned data is required to perform the contract you close with us regarding the use of our services. Failure to provide them so will result in unavailability of user accounts and any services related thereto.
The legal basis for processing is therefore art. 6 par. 1 lit. b) GDPR.
If you purchase any of the products or services available on the Website, we will collect the following Data during the purchasing process: name, last name or business name, delivery address. To the extent they differ, we will also collect the same information for invoicing purposes. You may provide additional information voluntarily. Should you have already specified such information within your account, we will extract it from there.
The provision of all above-mentioned Data is required to perform the contract you close with us and communicate with you in such context. Should you fail to provide such Data, we will not be able to enter into any purchase contract with you.
We do not collect payment Data. Rather, the payment services provider you’ve chosen for your transaction will collect such Data, while we only receive a confirmation from the payment services provider about whether the payment has gone through.
The legal basis for processing is therefore art. 6 par. 1 lit. b) GDPR.
Please note that, in addition, we may collect, process and store Data about your use of the Website and our services, and the placing of orders pursuant to any applicable legal obligations which we are subject to. For instance, we may be obliged to store your Data for a legally determined period to comply with tax law provisions and to disclose it to tax authorities, tax consultants or auditors, other governmental authorities or payment services providers.
In such cases the legal basis for processing is art. 6 par. 1 lit. c) GDPR.
V. Reviews and Ratings
Users are allowed to post reviews and ratings of our own offering on our Website. Upon publication of any such review or rating the following Data shall be collected: email address and name or nickname.
We need to collect this information in order to provide the reviewing and rating feature to you. Failure to provide such Data will result in the unavailability of this feature. We need your email address in order to be able to assign your review or rating uniquely. This is relevant for instance in case of later complaints. We will, however, not publish your email address. We need your name or nickname in order to be able to publish and display a review or rating as yours: this information shall be made public in connection with the relevant review or rating.
The legal basis for processing is art. 6 part. 1 lit. b) GDPR.
VI. Direct e-mail marketing (DEM)
When subscribing to our newsletter (either upon creation of a user account or separately) you agree to receiving DEM messages and to the described process.
DEM content
We send newsletters, emails and other electronic notifications to promote our own offering based on your consent or based on any applicable statutory provision allowing us to do so.
Double opt in and tracking
When signing up for our newsletter, we implement a so-called double opt in procedure. This means that, after signing up, you will receive an automated email with instructions to confirm your subscription. Such confirmation is necessary to make sure that nobody uses your email address to sign you up. We keep record of all subscriptions in order to be able to provide evidence thereof, as required under applicable law. The record includes date and time of signing up and of confirmation as well as IP address. We also track any change of your Data saved with our emailing service provider.
Legal basis, revocation and objection
DEM messages are sent to you based on your consent, pursuant to art. 6 par. 1 a) GDPR.
If we’ve collected your email address in the context of an order you’ve placed on our Website, we may use it to send you email information about our own similar products or services, as long as you don’t object to receiving such information. In such cases, the legal basis is § 7 Abs. 3 UWG (German Unfair Competition Act).
You can object or withdraw your consent to receiving newsletters at any time without stating reasons and at no cost other than the base cost for connectivity (i.e. the cost of your internet services provider). We will inform you about your right to object upon collection of your email address and within each DEM message sent. You will find an unsubscribe link in the footer of each DEM message.
VII. Analytics
In order to improve our business operations and to understand market trends, customer and user preferences we perform analytics on Data related to transactions, contracts, enquiries etc.. For this purpose we process base data, communication data, contract, payment, usage data and metadata based on art. 6 par. 1 lit. f) GDPR. The affected natural persons include contracting partners, prospects, customers, visitors and users of our Website. We perform such analytics for the evaluation of our business operations, marketing strategies and for market research purposes. We could thereby consider user-related information, such as the services that have been taken advantage of. Such analytics help us improve user-friendliness, optimisation and sustainability of our offering. We do not disclose or publish such analytics to any third parties, unless they are anonymous and based on aggregate data.
The legal basis for processing is art. 6 part. 1 lit. f) GDPR.
VIII. Use of Tracking technologies
In order to improve user experience of our Website and to enable selected functions, we implement cookies or other tracking technologies (hereinafter jointly referred to as “Cookies”) on various pages. These are small data sets being stored on your device. Some of the Cookies we use expire after the end of the browser session, i.e. after closing your browser (so-called session Cookies). Other Cookies remain on your device and enable us or our partner companies to recognize your browser or device on your next visit (persistent Cookies).
You can set your browser preferences in order to be notified about the setting of Cookies and decide individually about accepting or refusing them in certain cases or generally. You can also manually delete Cookies from your device at any time.
Failure to accept Cookies may result in minor limitations in our service’s functionalities.
Some of the Cookies we use are strictly necessary to allow us to deliver the service you requested or to operate our Website. Some elements of our Website require that your browser be identified after page changes. Such technical Cookies may collect personal information about you, such IP address, log-in information, etc.
The processing of personal data through strictly necessary cookies – if any – is art. 6 par. 1 lit. f) GDPR. In case such cookies are necessary as a pre-contractual measure or for performing a contract with you, the legal basis is art. 6 par. 1 lit. b) GDPR. If we place Cookies to comply with a legal obligation that we’re subject to, the legal basis for processing is art. 6 par. 1 lit. c) GDPR.
- Other Cookies
In addition, we use third-party Cookies to monitor and evaluate user behaviour for statistics and market analysis purposes subject to your consent as per art. 6 par 1 lit. a) GDPR. Such Cookies are provided by third parties and implemented in our Website. Please refer to the following sections for details. Unless otherwise specified, any transfer of Data to the USA taking place via any of the Cookies deployed on our Website is based on the EU-US Privacy Framework.
Unless otherwise specified, the legal basis of processing through other Cookies mentioned below is your consent pursuant to art. 6 par. 1 lit. a) GDPR.
GOOGLE SERVICES
GOOGLE ANALYTICS
We work with Google Analytics, a web analytics service provided by Google Inc. The information generated by the Google Analytics cookie about your use of our website is usually transferred to a Google server in the USA and stored there. IP anonymisation has been activated on our websites, so that the IP address of users within member states of the European Union or in other states party to the Agreement on the European Economic Area is truncated beforehand. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide us with other services related to website activity and internet usage. The IP address transmitted by your browser within the scope of Google Analytics will not be merged with other data from Google. You can prevent the storage of cookies by selecting the appropriate settings in your browser software; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.
TARGET GROUPS
We use Google Analytics to display advertisements placed within Google's advertising services and those of its partners only to users who have shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Google (so-called ‘remarketing’ or ‘Google Analytics audiences’). With the help of remarketing audiences, we also want to ensure that our advertisements correspond to the potential interests of users.
GOOGLE ADS AND CONVERSION MEASUREMENT
We use the online marketing method Google Ads to place ads in the Google advertising network (e.g. in search results, in videos, on websites, etc.) so that they are displayed to users who are likely to be interested in the ads. This allows us to display ads for and within our online offering in a more targeted manner, so that users are only presented with ads that are potentially relevant to their interests. If, for example, a user is shown ads for products that they have shown interest in on other online offerings, this is referred to as ‘remarketing’. For these purposes, when you visit our website and other websites on which the Google advertising network is active, Google immediately executes a code from Google and so-called (re)marketing tags (invisible graphics or code, also known as ‘web beacons’) are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user's device (comparable technologies may also be used instead of cookies). This file records which websites the user has visited, which content they are interested in and which offers the user has clicked on, as well as technical information about the browser and operating system, referring websites, visit time and other information about the use of the online offer.
We also receive an individual ‘conversion cookie’. Google uses the information collected with the help of the cookie to compile conversion statistics for us. However, we only learn the anonymous total number of users who clicked on our ad and were redirected to a page tagged with a conversion tracking tag. However, we do not receive any information that can be used to personally identify users.
User data is processed pseudonymously within the Google advertising network. This means that Google does not store and process the name or email address of users, for example, but processes the relevant data in a cookie-related manner within pseudonymous user profiles. This means that, from Google's perspective, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly permitted Google to process the data without this pseudonymisation. The information collected about users is transmitted to Google and stored on Google's servers in the United States.
GOOGLE TAG MANAGER
Google Tag Manager is a tool that allows us to integrate tracking or statistics tools and other technologies on our website. Google Tag Manager itself does not create user profiles, store cookies or perform independent analyses. It is used solely to manage and display the tools integrated via it. However, Google Tag Manager does collect your IP address, which may also be transferred to Google's parent company in the United States.
FACEBOOK (META) – SERVICES
META PIXEL
We use Meta Pixel as part of the technologies described below from Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland (‘Facebook (by Meta)’ or ‘Meta Platforms Ireland’). Meta Pixel automatically collects and stores data (IP address, time of visit, device and browser information, and information about your use of our website based on events specified by us, such as visiting a website or subscribing to a newsletter), which is used to create usage profiles using pseudonyms. For this purpose, when you visit our website, Meta Pixel automatically sets a cookie that uses a pseudonymous cookie ID to recognise your browser when you visit other websites. Facebook (by Meta) will combine this information with other data from your Facebook account and use it to compile reports on website activity and to provide other services related to website usage, in particular personalised and group-based advertising.
The information automatically collected by Facebook (by Meta) technologies about your use of our website is usually transferred to a server of Meta Platforms, Inc., 1 Hacker Way, Menlo Park, California 94025, USA, and stored there. There is no adequacy decision by the European Commission for the USA. If the data transfer to the USA falls within our responsibility, our cooperation is based on standard data protection clauses of the European Commission. Further information about data processing by Facebook can be found in Facebook's privacy policy (by Meta).
FACEBOOK ANALYTICS
As part of the Facebook Business Tools, statistics on visitor activity on our website are compiled from the data collected about your use of our website using the Meta Pixel. Data processing is based on a data processing agreement with Facebook (by Meta). Your analysis is used to optimise the presentation and marketing of our website.
The processing of data by Facebook is carried out in accordance with Facebook's data usage policy. Accordingly, general information on the display of Facebook ads can be found in Facebook's data use policy: https://www.facebook.com/policy. Specific information and details about the Facebook Pixel and how it works can be found in Facebook's help section: https://www.facebook.com/business/help/651294705016616.
You can revoke your consent to data collection by Facebook at any time. To set which types of advertisements are displayed to you within Facebook, you can also visit the page set up by Facebook and follow the instructions on settings for usage-based advertising: https://www.facebook.com/settings?tab=ads. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.
You can also object to the use of cookies for reach measurement and advertising purposes via the deactivation page of the Network Advertising Initiative (http://optout.networkadvertising.org/) and additionally via the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
MABLE.AI
Mable.ai is a service provided by Mable GmbH, Bahnhofplatz 12, 76137 Karlsruhe, Germany.
Through Mable.ai, we collect both historical and current customer orders in order to analyse this information and identify recurring purchase patterns. Mable.ai only stores non-personal data such as order numbers, transaction amounts and product names, and only for a period of up to 3 months for comparison and verification purposes.
For more information about Mable.ai, please refer to Mable.ai's privacy policy at: https://www.mable.ai/privacy.
SHOPIFY
Shopify is a web shop platform provided by Shopify Inc., 151 O'Connor Street, Ground floor, Ottawa, ON, K2P 2L8, Canada. Our website is hosted on Shopify's infrastructure. In addition, we use Shopify pixels to track customer events. Customer events are actions that take place in the customer's browser, such as clicking on a link or adding a product to the shopping cart. Shopify collects and processes this information exclusively on our behalf and does not use it for its own purposes.
For more information, please refer to Shopify's privacy policy (https://www.shopify.com/uk/legal/privacy/app-users?country=gb&lang=en) and cookie policy (https://www.shopify.com/uk/legal/privacy#cookies).
KLAR
Klar Attribution
We use the services of Klar (Klar Insights GmbH, Marktstr. 18, 80802 Munich, Germany) on our website. Klar, collects, processes and stores data on this website and its subpages for reach measurement, statistical analysis.
For the aforementioned processing, different Cookies are used to achieve several processing purposes.
You may withdraw your consent to the use of Cookies placed by Klar at any time using the dedicated options within our cookie banner. In addition, you may object to the use of Klar in principle using this Link. This will set a cookie with the name "do_not_track" from the domain "pascal.sh". Please do not delete it, otherwise we cannot guarantee that you will not be tracked by Klar. Information on data protection and data use can be found on the following website of Klar: https://www.getklar.com/data-protection.
Cookies are stored on the user's computer and transmitted to our Website or to the above-mentioned third parties. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our Website, it may no longer be possible to use all functions of the Website to their full extent. The storage and lifetime of individual cookies can be found in the linked privacy policies of the third-party providers.
IX. Data Subjects’ rights
As a data subject, you have the following rights pursuant to the GDPR:
Your right of access - You have the right to ask us about the data we process about you.
Your right to rectification - You have the right to ask us to rectify or integrate information about you that you think is inaccurate or incomplete.
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances.
Your right to object to processing - You have the right to object to the processing of your personal data in certain circumstances.
Your right to withdraw consent - You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Your right to data portability - You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.
Your right to file a complaint
You can also complain to a data protection authority if you do not agree on how we have used your data.
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR; this also applies to profiling based on those provisions. In case of an objection, the Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
X. Amendments to this privacy notice
Due to the dynamic development of the Internet, new technologies and possibilities are constantly emerging. In order to enable you to benefit from these possibilities and technologies, we reserve the right to amend this privacy policy in the future when introducing new, additional or amended services or service elements.
Insofar as the change to the privacy policy only affects data use in general and/or data use when concluding contracts and not also data use within the scope of a user account, the new privacy policy shall apply from the date of its update on the website.
A change to the privacy policy that relates to the use of data already collected and stored for the purpose of sending newsletters will only be made if this is reasonable for you. If and to the extent that changes to the privacy policy relate to the use of data already collected and used for sending newsletters, we will notify you in good time by email, on our website or in another form. If no objection is made within the specified period, the amended privacy policy shall be deemed accepted by you. We will inform you of your right to object and the significance of the objection period in the notification.