Privacy Policy
Do you agree to the use of cookies?
- Kontakt
- General information on data processing
- Provision of the website and the creation of log files
- Cookies
- Contact form and e-mail addresses
- Analysis by Matomo
- Analysis of user behaviour by Web Extend
- Analysis by Google Analytics
- Rights of the data subject
- Use of social media plugins
- Registering for the Retailer area
- Hama dealer newsletter
- Google Tag Manager
- Google Maps
- Google reCAPTCHA
- OpenStreetMap
- Use of WhatsApp Business
- Web analytics by Amazon Pixel
- Microsoft Clarity
- Use of smart home products; use of wearables
-
Contact
Hama GmbH & Co KG
Dresdner Straße 9
86653 Monheim
Phone.: +49 9091 502-0
E-Mail: info.de@hama.com
Web: de.hama.com
Place of Business - D-86653 Monheim, Dresdner Str. 9
Commercial Register - County Court Augsburg A 12159
Managing Director: Christoph Thomas, Christian Sokcevic -
General information on data processing
-
General information on data processing
We only process our users’ personal data to the extent necessary for the provision of a functionalwebsite as well as the provision of our content and services. In general, we only process our users’ personal data with the users’ consent. One exception is in cases when it is not possible to obtain the user’s consent in advance for practical reasons and the company is permitted to process this data within the scope of the law.
-
Legal basis for the processing of personal data
When consent has been obtained from the data subject for the processing operations for the processing of personal data, point (a) of Article 6(1) of the EC General Data Protection Regulation (GDPR) serves as the legal basis.
When the processing of personal data is necessary for the performance of a contract to which the data subject is party, point (b) of Article 6(1) of the GDPR serves as the legal basis. This also applies for processing operations that are required in order to take the necessary steps prior to entering into a contract.
When the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, point (c) of Article 6(1) of the GDPR serves as the legal basis.
When processing of personal data is necessary in order to protect the vital interests of the data subject or of another natural person, point (d) of Article 6(1) of the GDPR serves as the legal basis.
If the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, and such interests are not overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, then point (f) of Article 6(1) of the GDPR serves as the legal basis for the processing. -
Deletion of data and storage period
The personal data of the data subject is deleted or made unavailable to users once the purpose of the storage of the data no longer applies. Furthermore, data may also be stored if this storage is permitted by the European or national legislative authorities in EU regulations, laws or other guidelines that the controller is subject to. Data is also deleted or made unavailable to users once the storage period defined by the specified norms elapses as long as continued storage of the data is not required in order to conclude or perform a contract.
-
-
Provision of the website and the creation of log files
-
Description and scope of data processing
Every time our website is accessed, our system automatically records data and information from the system of the computer that is being used to access the website.
We use our website to collect personal data, e.g. your name and address or e-mail address, that you voluntarily provide us with in the form of entries made in contact forms or data entered for newsletter subscriptions. We store and use this data in order to process your requests and orders, maintain your customer account, or to provide you with access to specific information. We do not share this confidentialinformation with third parties.
Furthermore, information is automatically collected that is not assigned to a specific person (e.g. the IP address currently being used by your end device, the browser and operating system used to access the website, the date and time the website was accessed, the number of visits, average time spent on the website, pages accessed). We use this information to determine the appeal of our website and improve its functions and content.
This data is also stored in our system’s log files. This data is not stored together with the user’s other personal data. -
Legal basis for data processing
The legal basis for the temporary storage of data and log files is point (f) of Article 6(1) of the GDPR.
-
Purpose of data processing
The system must temporarily store the IP address so that it can transmit the website to the user’s computer. In order to do this, the user’s IP address must be stored during the entire session.
The IP address is then saved in a log file in order to ensure that the website works properly. Furthermore, we use this information to optimise our website and ensure that our information technology systems are secure. The data saved for these reasons is not used for marketing purposes.
These purposes also constitute legitimate interests within the scope of point (f) of Article 6(1) of the GDPR. -
Storage period
Data is deleted as soon as it is no longer required for the purpose for which it was obtained. In terms of the data recorded for the provision of the website, this is the case as soon as the session in question ends.
Data saved in the log files is deleted after 30 days. It is possible that data could be stored for longer than 30 days. In this case, the IP address of the user is deleted or anonymised so that it is no longer possible to associate it with the client that accessed the website. -
Opt-out and disposal options
The collection of data required for the provision of the website and the storage of data in log files is essential in order to operate the website. For this reason, the user cannot opt out.
-
-
Cookies
This website uses two different types of cookies:
-
Persistent cookies are stored on your computer and stay there until they expire or are deleted. Closing your browser does not delete these cookies.
-
Session cookies are generated every time you visit one of our website pages. A session cookie is automatically deleted when you close your browser. All of the information saved in the cookie file is also deleted then.
With cookies, it is impossible to download personal information from the user’s computer on which the cookies are saved.
-
Use of cookies
Tracking cookies collect data about how the user uses the websites that he or she accesses.
Cookies store information about the way the website is used in terms of the history, favourite content and personal settings.
Third-party cookies make it possible to exchange data with third-party websites.
Advertising cookies make it possible to show the user personalised advertising.
-
Consent to the storage of cookies and retrieval of the information stored within those cookies
The user must give their consent to allow cookies to store information on their computer and allow the information stored in those cookies to be retrieved. This consent is given via the cookie settings in the user’s installed browser. Every Internet browser automatically has cookies enabled as standard. To this effect, we ask that our customers check their browser settings and, if necessary, change the settings to enable cookies.
Furthermore, we allow you to choose to agree to the use of cookies directly on our website. If you use this opportunity to agree to the use of cookies, you will automatically deactivate the do-not-track function. -
Legal basis for data processing
The legal basis for the processing of personal data using the technically required cookies is point (f) of Article 6(1) of the GDPR.
The legal basis for the processing of personal data using cookies for analysis purposes with the consent of the user is point (a) of Article 6(1) of the GDPR.
-
Purpose of data processing
The purpose of the use of technically required cookies is to make it easier for the user to use the website. A number of functions on our website cannot be offered without the use of cookies. For these functions, it is necessary that the browser is still recognised when the user moves from one page to another.
The user data recorded by technically required cookies is not used to create user profiles. Analysis cookies are used for the purpose of improving the quality of our website and its content. The analysis cookies tell us how the website is used. These purposes also constitute legitimate interests for the processing personal data within the scope of point (f) of Article 6(1) of the GDPR. -
Storage period, opt-out and disposal options
Cookies are stored on the user’s computer and transmitted to our website from there. For that reason you, as the user, have total control over the use of cookies. By changing the settings in your browser, you can disable or limit the use of cookies. Cookies that have already been saved to your computer can be deleted at any time. You can also change your settings so they are deleted automatically. If you disable cookies for our website, you may not be able to fully utilise all of the functions of the website.
-
-
Contact form and e-mail addresses
-
Description and scope of data processing
Our website contains contact forms that can be used to contact us electronically. If a user takes advantage of this opportunity, we will record and store the data that they enter into the fields of the form. The personal data that is transmitted in this way is determined by the fields in the form.
Furthermore, when the user sends a message, the following data is also saved:The user’s IP address; however this information is masked by a byte
The date and time the user registered
Alternatively, the user can also contact us by writing an e-mail to the e-mail address provided. In this case, the user’s personal data that is transmitted with the e-mail will be saved.
The data collected in this way is not passed on to third parties. The data is only used to process the user’s e-mail.
-
Legal basis for data processing
The legal basis for the processing of data with the consent of the user is point (a) of Article 6(1) of the GDPR.
The legal basis for the processing of the data that is transmitted when the user sends an e-mail is point (f) of Article 6(1) of the GDPR. If the purpose of the e-mail is to conclude a contract, then the additional legal basis for the processing is point (b) of Article 6(1) of the GDPR. -
Purpose of data processing
We only process the personal data included in the contact form to process the user’s message. If the user contacts us via e-mail, this also constitutes a legitimate interest in the processing of the data. Any other personal data processed during the sending operation is used to prevent third parties from misusing the contact form and to ensure the security of our information technology systems.
-
Storage period
Data is deleted as soon as it is no longer required for the purpose for which it was obtained. In terms of the personal data from the fields in the contact form and the personal data that is sent via e-mail, this is the case when the conversation in question with the user comes to an end. The conversation ends when it is clear from the circumstances that the issue in question has been clarified conclusively.
-
Opt-out and disposal options
The user has the option at any time to revoke his or her consent to the processing of his or her personal data. If the user writes us an e-mail, he or she can object to the storage of his or her personal data at any time. Furthermore, the user can contact one of our employees at any time. In this case, the conversation cannot be continued.
All personal data that is stored during the course of the user contacting us will be deleted in this case.
-
-
Analysis by Matomo
-
Scope of the processing of personal data
We use the open-source software tool Matomo (formerly PIWIK) on our website to analyse the surfing patterns of our users. The software saves a cookie in the user’s browser (for more information on cookies, see above). When a user accesses individual pages on our website, the following data is stored:
The first three bytes of the IP address of the system the user is using to access the website
The website accessed
The website that referred the user to the website accessed (referrer)
The sub-pages that the user accesses from the accessed website
The amount of time spent on the website
The frequency with which the user accesses the website
The software runs solely on our website’s servers. The user’s personal data is not saved on these servers. The data is not passed on to third parties.
The software is set up so that IP addresses are not saved in full but rather three bytes of the IP addresses are masked (e.g.: 192.168.001.xxx). This masking means it is no longer possible to allocate the abbreviated IP address to the computer that accessed the website. -
Legal basis for the processing of personal data
The legal basis for the processing of the user’s personal data is point (f) of Article 6(1) of the GDPR.
-
Purpose of data processing
Processing the user’s personal data allows us to analyse the user’s surfing patterns and behaviour. By evaluating the data we obtain, we are able to compile information about the way the various components of our website are used. This helps us to continuously improve our website and make it more userfriendly. These purposes also constitute legitimate interests for the processing of personal data within the scope of point (f) of Article 6(1) of the GDPR. By anonymising the IP address, we sufficiently take into account the interests of the user regarding the protection of their personal data.
-
Storage period
The data is deleted as soon as it is no longer required for our purposes.
-
Opt-out and disposal options
Cookies are stored on the user’s computer and transmitted to our website from there. For that reason you, as the user, have total control over the use of cookies. By changing the settings in your browser, you can disable or limit the use of cookies. Cookies that have already been saved to your computer can be deleted at any time. You can also change your settings so they are deleted automatically. If you disable cookies for our website, you may not be able to fully utilise all of the functions of the website. For more information on Matomo software’s privacy settings, click here: https://matomo.org/docs/privacy/.
-
-
Analysis of user behaviour by Web Extend
-
Scope of personal data processing
Web Extend is the data collection script of the e-mail marketing software Emarsys, which analyses the user behaviour of logged-in users. The software sets both its own cookies and third-party cookies on the user’s computer (see above for more about cookies). The domain of the third-party cookie is scarabresearch.com
The following data is collected:
Information about the service
IP address
Browser
Cookie identifiers
Pseudonymised identifiers (external IDs or encrypted e-mail address) for logged-in users
Information about browsing behaviour
ItemIDs that were viewed
ItemIDs added to the shopping basket
ItemIDs that were purchased
All personal data is generally recorded anonymously or pseudonymised. The data is stored in the database of the e-mail marketing software Emarsys.
-
Legal basis for personal data processing
The legal basis for the processing of users’ personal data is Art. 6 para. 1 lit. f of the GDPR.
-
Purpose of data processing
The processing of the personal user data enables us to analyse user behaviour. User profiles can be enhanced with the acquired data. This allows us to provide users registered for the newsletter with a bespoke offer via the newsletter.
-
Data storage period
We store your data until your consent is withdrawn. We will delete data as soon as it is no longer needed for our purposes.
-
Objection and removal
If you do not wish to receive personalised advertising, you can object at any time. You have the following two options:
-
Under “My account” in the “Newsletter” section you have the option to deactivate Web Extend.
At the beginning of the privacy policy you have the option of refusing the general consent to cookies.
-
-
-
Analysis by Google Analytics
Our website uses the web analysis service Google Analytics by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). The processing of data serves to analyse this website and its visitors. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity and to provide other services to the website operator relating to website and internet use. The IP address communicated by your browser as part of Google Analytics is not associated with any other data held by Google. Google Analytics uses cookies, which make it possible to analyse your use of the website. The information generated by the cookie regarding your use of this website is usually transferred to a Google server in the USA and stored there. IP anonymisation is activated on this website.
Google uses this to shorten your IP address beforehand within Member States of the European Union or in other signatories to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. Your data may be transmitted to the USA. Transmission of data to the USA is covered by an adequacy decision by the European Commission. Processing is carried out on the basis of art. 6 (1) lit. f GDPR due to our justified interest in needs-based and targeted design of the website. You have the right to veto this processing of your personal data according to art. 6 (1) lit. f GDPR by contacting us, for reasons relating to your personal situation.You can prevent the storage of cookies by choosing corresponding technical settings in your internet browser; we would, however, like to point out that this may prevent you from making full use of all the functions of this website. You can also prevent collection of the data (including your IP address) generated by the cookies and related to your use of the website by Google as well as the processing of this data by Google by downloading and installing the browser plug-in available at the following link [https://tools.google.com/dlpage/gaoptout?hl=en].
You can set an opt-out cookie to prevent collection by Google Analytics across devices. Opt-out cookies prevent the future collection of your data when you visit this website. You need to opt-out on all systems and devices in use for this to work comprehensively. If you click here, the opt-out cookie is set:
You can find more detailed information on the terms and conditions of use and data protection at https://www.google.com/analytics/terms/ and at https://policies.google.com/?hl=en.
-
Analysis by Google Analytics 4
This website uses Google Analytics 4, a service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which allows for the analysis of website usage.
When using Google Analytics 4, so-called "cookies" are used by default. Cookies are text files that are stored on your device and enable an analysis of your website usage. The information collected through cookies regarding your website usage (including the truncated IP address transmitted by your device, as explained below) is typically sent to and stored and processed on a server by Google. This may involve the transmission of information to the servers of Google LLC, located in the United States, and further processing of the information there.
When using Google Analytics 4, the IP address transmitted by your device during your website usage is automatically collected and processed in an anonymized manner, ensuring that the collected information cannot be directly associated with any identifiable individual. This automatic anonymization is achieved by truncating the IP address transmitted by your device within the member states of the European Union (EU) or other contracting states of the Agreement on the European Economic Area (EEA).
On our behalf, Google uses this and other information to evaluate your website usage, compile reports on website activities or user behavior, and provide us with additional services related to your website usage and internet usage. The truncated IP address transmitted by your device within the scope of Google Analytics 4 is not merged with other data by Google. The data collected through the use of Google Analytics 4 is retained for 2 months and then deleted.
Google Analytics 4 also allows for the creation of statistics, using a special feature called "demographic characteristics," which provide insights into the age, gender, and interests of website users based on an analysis of interest-based advertising and third-party information. This enables the determination and differentiation of user groups of the website for the purpose of targeted marketing campaigns. However, data collected through the "demographic characteristics" feature cannot be attributed to any specific individual, including yourself. The data collected through the "demographic characteristics" feature is retained for two months and then deleted.
All the processing described above, particularly the setting of Google Analytics cookies for storing and retrieving information on the device you use to access the website, is only carried out if you have given us your explicit consent in accordance with Art. 6 (1) lit. a GDPR. Without your consent, Google Analytics 4 will not be used during your website usage. You can revoke your consent at any time with future effect. To exercise your revocation, please disable this service through the "Cookie Consent Tool" provided on the website. In connection with this website, the Google Signals service is also used as an extension of Google Analytics 4. With Google Signals, we can generate cross-device reports through Google (referred to as "cross-device tracking"). If you have enabled "personalized ads" in your Google account settings and linked your internet-enabled devices to your Google account, Google can analyze your usage behavior across devices when you give consent to the use of Google Analytics 4 in accordance with Art. 6 (1) lit. a GDPR, and create corresponding database models based on that data. This includes considering the logins and device types of all website users who were signed in to a Google account and performed a conversion. The data shows, among other things, on which device you first clicked on an ad and on which device the corresponding conversion occurred. We do not receive any personal data from Google; we only receive statistics created based on Google Signals. You have the option to disable the "personalized ads" feature in your Google account settings and thereby opt out of cross-device analysis in connection with Google Signals. Please follow the instructions on this page: https://support.google.com/ads/answer/2662922?hl=en.
For further information on Google Signals, please visit the following link: https://support.google.com/analytics/answer/7532985?hl=en.
We have concluded a data processing agreement with Google for our use of Google Analytics 4, which obligates Google to protect the data of our website users and not disclose it to third parties. To ensure compliance with the European level of data protection when transferring data from the EU or EEA to the United States and any subsequent processing there, Google relies on the standard contractual clauses of the European Commission, which we have contractually agreed with Google.
For further legal information on Google Analytics 4, including a copy of the mentioned standard contractual clauses, please visit https://policies.google.com/privacy?hl=en&gl=en and https://policies.google.com/technologies/partner-sites.
-
Rights of the data subject
When your personal data is processed, then you are a data subject as defined in the GDPR and you have the following rights vis-à-vis the controller:
-
Right of access
You have the right to obtain confirmation from the controller as to whether or not we are processing any personal data which concerns you.
Where this is the case, you also have the right to access the following information from the controller:
the purposes for which the personal data is being processed
the categories of personal data being processed
the recipients or categories of recipient to whom the personal data has been or will be disclosed
the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
the right to lodge a complaint with a supervisory authority
where the personal data is not collected from the data subject, any available information as to the source
the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and – at least in those cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to be informed if your personal data is to be transferred to a third country or to an international organisation. Where this is the case, you also have the right to be informed of the appropriate safeguards pursuant to Article 46 of the GDPR relating to the transfer.
-
Right of rectification
You have the right to obtain the rectification of inaccurate personal data from the controller in the event that the personal data being processed that concerns you is incorrect or incomplete. The controller must rectify the data without undue delay.
-
Right to restriction of processing
You have the right to obtain restriction of processing of the personal data that concerns you where one of the following applies:
you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data
the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead
the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims, or
you have objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override your grounds.
Where the processing of your personal data has been restricted, such personal data shall – with the exception of storage – only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If you have obtained restriction of processing pursuant to the grounds listed above, you will be informed by the controller before the restriction of processing is lifted.
-
Right to erasure
- Erasure obligation
You have the right to obtain the erasure of personal data concerning you without undue delay, and the controller is obligated to erase this personal data without undue delay where one of the following grounds applies:
the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed
you withdraw the consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) of the GDPR, and there is no other legal ground for the processing
you object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR
the personal data concerning you has been unlawfully processed
the personal data concerning you has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject
the personal data concerning you has been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.
- Sharing information with third parties
Where the controller has made the personal data concerning you public and is obliged pursuant to Article 17(1) of the GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, must take reasonable steps, including technical measures, to inform the controllers who are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, that personal data.
- Exceptions
The right to erasure does not apply to the extent that processing is necessary
for exercising the right of freedom of expression and information
for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) of the GDPR;
for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR in so far as the right referred to in Section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
for the establishment, exercise or defence of legal claims.
- Erasure obligation
-
Right to information
If you exercise your right of rectification, to erasure or to restriction of processing vis-à-vis the controller, the controller is obligated to communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort.
You also have the right to be informed about those recipients by the controller upon request.
-
Right to data portability
You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format. Furthermore, you have the right to transmit that data to another controller without hindrance from the controller to which the personal data has been provided, where:
the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR or on a contract pursuant to point (b) of Article 6(1) of the GDPR; and
the processing is carried out by automated means.
In exercising your right to data portability, you also have the right to have your personal data transmitted directly from one controller to another, where technically feasible. The freedoms and rights of others may not be affected by the exercise of this right.
The right of data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
-
Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) of the GDPR, including profiling based on those provisions.
The controller will no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
Where your personal data is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.
In the context of the use of information society services – and notwithstanding Directive 2002/58/EC – you may exercise your right to object by automated means using technical specifications.
-
Right to withdraw the declaration of consent under data protection law
You have the right to withdraw your declaration of consent under data protection law at any time. Withdrawing your consent does not affect the lawfulness of processing based on consent before its withdrawal.
-
Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. However, this does not apply if the decision:
is necessary for entering into or performance of a contract between you and the controller
is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
is based on your express consent.
However, these decisions may not be based on special categories of personal data referred to in Article 9(1) of the GDPR, unless point (a) or (g) of Article 9(2) of the GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
In the cases referred to above in points (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
-
Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you violates the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.
-
-
Use of social media plugins
Facebook
Our website uses Facebook components. Facebook is a social network. Facebook is a service of Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, is responsible for the processing of personal data from persons in Europe. You can recognise the plugins by the use of the Facebook logo. For more information on all Facebook plugins, go to: https://developers.facebook.com/docs/plugins/. The plugin creates a direct connection between your browser and the Facebook servers. We have no influence on the nature and the scope of the data that the plugin transmits to the Facebook Inc. server. You can find more information on this here: https://www.facebook.com/help/186325668085084 The plugin informs Facebook Inc. that you are a user of our website. It is possible that the plugin will save your IP address. If you are logged in to your Facebook account while you visit the website, the information specified will be linked to your account. If you use the functions of the plugin – for example, by sharing or liking an entry – the corresponding information will also be transferred to Facebook Inc. If you would like to prevent Facebook Inc. from linking this data to your Facebook account, please log out of Facebook before visiting our website.
Facebook pixel
The Facebook pixel makes it possible for Facebook to define visitors to our website as a target audience for the display of ads (so-called ‘Facebook ads’). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us, on Facebook and within the services of Facebook partners (so-called ‘Audience Network’ https://www.facebook.com/audiencenetwork/ ), only to those users who have also shown an interest in our website or have particular characteristics (for example, interest in particular topics or products that appear when the web pages are visited), which we transmit to Facebook (so-called ‘Custom Audiences’). With the help of the Facebook pixel, we would also like to ensure that our Facebook ads are likely to be of interest to the users and are not annoying. Furthermore, the Facebook pixel enables us to track the effectiveness of the Facebook ads for statistical and market research purposes, as we can see whether users were redirected to our website after clicking a Facebook ad (so-called ‘conversion measurement’).
- Types of data processed: Usage data (for example, web pages visited, interest in contents, access times), meta/communications data (for example, device information, IP addresses), location data (data that specifies the location of an end user’s device).
- Affected persons: Users (for example, web page visitors, users of online services).
- Purposes of the processing: Tracking (for example, interest-based/behavioural profiling, use of cookies), remarketing, conversion tracking, interest-based and behavioural marketing, profiling (creation of user profiles), conversion measurement (measurement of the effectiveness of marketing measures), target audience creation (definition of target audiences relevant for marketing purposes or other output of contents), cross-device tracking (cross-device processing of user data for marketing purposes).
- Security measures: IP masking (IP address pseudonymisation).
- Legal bases: Consent (Art. 6 para 1 page 1 lit. a GDPR), Legitimate interests (Art. 6 para 1 page 1 lit. f. GDPR).
Used services and service providers:
- Facebook pixel: service provider: https://www.facebook.com, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; website: https://www.facebook.com; Data Policy: https://www.facebook.com/about/privacy; Privacy Shield (ensuring a level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active; opt-out option: https://www.facebook.com/settings?tab=ads.
LinkedIn
Social network - service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Website: https://www.linkedin.com; Privacy policy: https://www.linkedin.com/legal/privacy-policy; Opt-out option: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Insights tag / Conversion measurement - Service provider: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA; Website: https://www.linkedin.com; Privacy policy: https://www.linkedin.com/legal/privacy-policy, Cookie policy: https://www.linkedin.com/legal/cookie_policy; Opt-out option: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Plugins and content - These may include content such as images, videos or texts and buttons, for example, that allow users to share the content of this online service within LinkedIn. Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Website: https://www.linkedin.com; Privacy policy: https://www.linkedin.com/legal/privacy-policy; Opt-out option: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Twitter
Our website uses the Twitter button. This button is operated by Twitter Inc. (795 Folsom St., Suite 600, San Francisco, CA 94107, USA). If you visit a page that has this button, it will create a direct connection between your browser and the Twitter servers. We have no influence on the nature or scope of the data that the plugin transfers to the Twitter Inc. servers. According to Twitter Inc., they will only collect and save your IP address. For more information on how Twitter Inc. uses your personal data, click here: https://twitter.com/privacy?lang=en
-
YouTube
Among other providers, we use YouTube to embed videos on our website. YouTube is operated by YouTube LLC, which is headquartered at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc., which is headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. We use plugins provided by YouTube on our website. If you access a page of our website on which one of these plugins is installed, the plugin will create a connection to the YouTube servers in order to display the plugin. As a result, the plugin tells the YouTube server which of our pages you visited. If you are logged in to your YouTube account, YouTube will allocate this information to your personal account. If you use the plugin, e.g. by clicking the start button of a video, this information is also allocated to your YouTube account. If you would like to prevent this information from being connected to your account, log out of your YouTube account as well as other accounts connected to the companies YouTube LLC and Google Inc. and delete the associated cookies before accessing our website. For more information about data processing and how YouTube (Google) protects your privacy, click here: https://policies.google.com/privacy?hl=en&gl=de.
Pinterest
Our website includes the Pinterest button from Pinterest Inc., 808 Brannan St, San Francisco, CA 94103, USA. This button transmits your IP address to Pinterest. If you are logged in to Pinterest in the same browser that you use to access our website, this information can be linked to your account. When you click the “Pin It” plugin, this information is also transmitted to Pinterest and published to your account. You can adjust your Pinterest privacy settings at http://pinterest.com/about/privacy/. If you do not consent to having your data sent to Pinterest, log out of Pinterest in the browser that you are using to visit our website.
-
AddThis
Our website uses social plugins (“plugins”) from the bookmarking service AddThis, which is operated by AddThis LLC, Inc. 8000 Westpark Drive, Suite 625, McLean, VA 2210, USA “AddThis”). These plugins generally feature an AddThis logo, for example in the form of a white plus sign on an orange background. For an overview of the AddThis plugin and its appearance, click here: www.addthis.com/get/sharing When you access a page on our website that contains one of these plugins, the browser connects directly to the AddThis servers. The content of the plugin is directly communicated to your browser and integrated into the page by AddThis. This integration provides AddThis with information that your browser has accessed the corresponding page of our website and saves a cookie on your end device to identify your browser. This information (including the IP address) is directly communicated from your browser to one of AddThis’ servers in the US and saved there. AddThis uses the data to create anonymised user profiles that serve as the basis for personalised, interest-based advertising for users who visit websites with AddThis plugins. For information on the purpose and scope of the data collection as well as further processing and use of the data by AddThis, please refer to AddThis’ data privacy policy: www.addthis.com/privacy/privacy-policy. If you object to AddThis collecting your data, you can set an opt-out cookie which you can download by clicking the following link: www.addthis.com/privacy/opt-out You can also use browser extensions to completely block the AddThis plugin from loading, e.g. with the NoScript script blocker (http://noscript.net/).
Registering for the Retailer area
-
Description and scope of data processing
On our website we offer users the opportunity to register by submitting their personal data. The data is entered into the fields of the registration form and then transferred to and stored by us. The data is not passed on to third parties. The following data is recorded as part of the registration process:
Furthermore, when the retailer submits his or her data for registration, the following data is also saved:
The user’s IP address; however this information is masked by a byte
The date and time the user registered
The user’s consent for the processing of this data is obtained as part of the registration process.
-
Legal basis for data processing
The legal basis for the processing of data with the consent of the user is point (a) of Article 6(1) of the GDPR. If registration as a retailer is necessary for the performance of a contract to which the retailer is party or required in order to take the necessary steps prior to entering into a contract, then point (b) of Article 6(1) of the GDPR serves as an additional legal basis for the processing of the data.
-
Purpose of data processing
The user must register in order to gain access to specific content and in order to use specific services on our website. The user must register in order to enter into or perform a contract or carry out the necessary steps prior to entering into a contract.
-
Storage period
Data is deleted as soon as it is no longer required for the purpose for which it was obtained. This is the case for the data recorded as part of the registration process if the registration on our website is cancelled or changed in some way.
-
Opt-out and disposal options
As a user, you have the option to cancel your registration at any time. You can make changes to the personal data concerning you that we have saved at any time. To delete your account, please contact one of our employees using one of the contact options specified in this data privacy policy. You can change or edit your data in the “My Account” area of our website.
Hama dealer newsletter
-
Description of the data processing
If you would like to receive one of the newsletters offered on the website, we require an e-mail address from you, as well as information that allows us to verify that you are the owner of the e-mail address provided and agree to receive the newsletter. When you subscribe to the newsletter, your e-mail address will be used by us, for our own promotional purposes, until you unsubscribe. We use the e-mail marketing software Emarsys for e-mail marketing. The data is stored on both the Hama and Emarsys servers..
With the Hama dealer newsletter, you will receive several newsletters per month, informing you about our new products, current top themes and exclusive offers. In addition to the e-mail address, the user profile for the dealer newsletter is enhanced with additional known customer master data. Furthermore, your user behaviour on the website is analysed. The purpose is to provide you with a bespoke offer via the newsletter. If you do not agree with the analysis of user behaviour, you can object to it at any time and deactivate this functionality. For further information please refer to VII. Analysis of user behaviour by Web Extend.
If you have subscribed to one of our newsletters, the data you provided when registering will be used for the purpose of sending our newsletter to you. Your data will not be disclosed to third parties, except where such parties are partner companies that are responsible for the technical process of sending out the newsletter. In these cases, the scope of the transmitted data is, however, restricted to the required minimum. Our data protection regulations are compliant with the General Data Protection Regulation (GDPR) and the German Act to Adapt Data Protection Law to Regulation (EU) 2016/679 and to Implement Directive (EU) 2016/680 (in German: DSAnpUG-EU).
-
Legal basis for personal data processing
Art. 6 para 1 lit. a GDPR is the legal basis for processing of the data after the user has subscribed to the newsletter and where the user has given their consent.
-
Purpose of data processing
Hama dealer newsletter: we use the data we collect to create a user profile to provide you with a newsletter tailored to your interests. This is the only way for us to be able to offer you the newsletter in a targeted way that is in line with your interests.
-
Data storage period
The data is deleted as soon as it is no longer required for the purpose for which it was collected.
-
Objection and removal
Hama dealer newsletter: If you do not wish to receive personalised advertising, you can object at any time. Simply deactivate the Web Extend data collection script under My Account. Please note that this may lead to limited functionality. Furthermore, the newsletter subscription can be cancelled by the user at any time. You will find a corresponding link for this purpose at the end of the newsletter. You can also send a cancellation by e-mail to news@reply.hama.de.
Google Tag Manager
Google Tag Manager is a solution we use to manage website tags via an interface in order to be able to integrate Google Marketing services into our online presence. The Tag Manager itself (which implements the tags) does not process any of the user's personal data. With regard to the processing of the user's personal data, reference is made to the following information regarding Google services. Usage policy: https://www.google.com/intl/de/tagmanager/use-policy.html.
Google Maps
This site uses the Google Maps map service via an API. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. To use Google Maps, it is necessary to save your IP address. This information is generally transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. The use of Google Maps is in the interest of making our website appealing and to facilitate the location of places specified by us on the website. This constitutes a justified interest pursuant to Art. 6 (1) sentence 1 lit. f GDPR. Further information about handling user data, can be found in the data protection declaration of Google at https://www.google.de/intl/de/policies/privacy/.
Google reCAPTCHA
Based on our legitimate interest in the prevention of spam and abuse, we also use the reCAPTCHA feature of Google on Jimdo websites. This function is primarily used to distinguish whether an input is made by a natural person or abusive by automated processing. The service includes the sending of the IP address and possibly other data required by Google for the reCAPTCHA service to Google. Additional information about Google reCAPTCHA and Google's privacy policy can be found at: https://policies.google.com/privacy.
OpenStreetMap
This site uses the Open-Source-Mapping-Tool „OpenStreetMap“ (OSM) map service via an API. It is operated by the OpenStreetMap Foundation. To use „OpenStreetMap“ (OSM), it is necessary to save your IP address. This information is generally transmitted to an „OpenStreetMap“ (OSM) server and stored there. The provider of this site has no influence on this data transfer. The use of „OpenStreetMap“ (OSM) is in the interest of making our website appealing and to facilitate the location of places specified by us on the website. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO. Further information about handling user data, can be found in the data protection declaration of OpenStreetMap or here http://wiki.openstreetmap.org/wiki/Legal_FAQ.
Use of WhatsApp Business
In order to improve our customer service, we use the service provider MessageBird, MessageBird B.V., Trompenburgstraat 2C, 1079 TX Amsterdam, The Netherlands, to provide and initiate communication through WhatsApp, a service of WhatsApp, Inc., 1601 Willow Road, Menlo Park, California 94025, USA, privacy policy at https://www.whatsapp.com/legal/business-data-processing-terms/?lang=en. When you communicate with us through WhatsApp, we collect and store information such as your name and surname, telephone number and chat or message history. The legal basis for data processing is Art. 6 (1) (f) of the GDPR, whereby our legitimate interests are better customer service and the efficiency of processing customer enquiries.
Web analytics by Amazon Pixel
This website uses the web analysis services Amazon Conversion Pixel and Amazon Remarketing Pixel developed by Amazon.com, Inc., 410 Terry Ave. North Seattle, WA, USA.
When you visit this website, Amazon receives the information that you have accessed our website. For this purpose, Amazon downloads a so-called web beacon (invisible graphics), thereby setting a cookie on your computer. The data specified under the ‘Data processing on this website’ section of this Policy is then transmitted to Amazon. The IP address communicated by your browser in this respect is not combined with other Amazon data.
Amazon uses the cookie placed on your computer to recognise you on other websites, in apps and within Amazon services, and to provide you with personalised advertising, where appropriate.
You can prevent cookies from being stored on your computer by adjusting your browser settings accordingly. We must point out, however, that in this case not all functions of this website, such as the shopping cart, may be available to you to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website for Amazon, as well as the processing of this data by Amazon, by clicking on this link and selecting the setting ‘Do not personalise ads from Amazon for this Internet browser’: https://www.amazon.de/adprefs. Alternatively, you can select the appropriate settings at: http://www.youronlinechoices.com.
An opt-out cookie is then activated in your browser, which prevents your data from being collected by Amazon Pixel when you visit our website in future. This applies until such time as you delete the opt-out cookie.
You can find further information from Amazon on the collection of data at: http://www.amazon.com/gp/BIT/InternetBasedAds
We have no influence over the data collected, nor are we aware of the full scope of data collection. This data is transferred to the USA and evaluated there.
Further information on the purpose and scope of data collection and processing and further information on your rights in this connection and the setting options to protect your privacy is set out in the above Privacy Policy and is available from: Amazon EU S.à.r.l, Amazon Services Europe S.à.r. l. and Amazon Media EU S.à.r. l., all located at 5, Rue Plaetis, 2338 Luxembourg; email: ad-feedback@amazon.de. Amazon.de GmbH, Marcel-Breuer-Str. 12, 80807 Munich is commissioned as the data processor.
Usercentrics
This website uses Usercentrics' cookie consent technology to obtain your consent to the storage of certain cookies on your device and to document this consent in accordance with data protection regulations. The provider of this technology is Usercentrics GmbH, Rosental 4, 80331 Munich, Germany, website: https://usercentrics.com/ (hereinafter referred to as "Usercentrics").
When you visit our website, the following personal data is transmitted to Usercentrics:
- Your consent(s) or the revocation of your consent(s)
- Your IP address
- Information about your browser
- Information about your end device
- Time of your visit to the website
In addition, Usercentrics stores a cookie in your browser in order to be able to assign the consents given or their revocation to you. The data collected in this way is stored until you ask us to delete it, delete the Usercentrics cookie yourself or the purpose for storing the data no longer applies. Mandatory statutory retention obligations remain unaffected.
Usercentrics is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 sentence 1 lit. c GDPR.
Microsoft Clarity
On this website, various user information is collected and stored via the "Microsoft Clarity" service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA (hereinafter "Microsoft") for the statistical analysis of user behaviour and for optimisation and marketing purposes. This information, for which a personal reference is always excluded, includes, among other things, time zone setting, operating system and platform, the geographical origin of the page call, the forwarding origin in the case of forwarding to our page, the duration of visits to certain pages as well as information about website interaction (e.g. scrolling, clicks and mouse-overs). Pseudonymised usage profiles can be created and evaluated from this data for the same purpose. Cookies are used for collection and analysis. Cookies are small text files that are stored locally in the cache of the site visitor's internet browser. Among other things, the cookies enable the recognition of the Internet browser. The data collected using Microsoft technologies will not be used to personally identify the visitor to this website without the separately granted consent of the person concerned, and it will not be merged with personal data about the bearer of the pseudonym. Collected information may be transmitted to Microsoft servers in the USA and stored there. We have concluded an order processing agreement with Microsoft, by which we oblige Microsoft to protect our customers' data and not to pass it on to third parties. All processing described above, in particular the setting of cookies for reading out information on the end device used, is only carried out if you have given us your express consent to do so in accordance with Art. 6 Para. 1 lit. a DSGVO. You can revoke your consent at any time with effect for the future by deactivating this service in the "Cookie Consent Tool" provided on the website. Translated with www.DeepL.com/Translator (free version)
Use of smart home products; use of wearables
Smart Home Products
Our smart home software partner and its subsidiaries recognize that our customers' privacy is important and takes it seriously.
The privacy policy of our smart home software partner describes how he collects, receives, uses, stores and shares your data when you use the various services of our smart home software partner. The services may contain links to other websites or online services that are operated and maintained by third parties and that are not under the control of or maintained by our smart home software partner. The privacy policy of our smart home software partner does not apply to the way in which third parties collect, use, disclose or store information. We recommend that you check the data protection guidelines of the websites or services of these third-party providers.
The privacy policy of our smart home software partner also includes information on how it processes data that it receives on behalf of and under the guidance of its customers via mobile applications from its customers' OEM brands. The processing of such data is limited to the purpose of providing his service for which he has been commissioned by his customers.
You are not obliged to provide your personal data to our smart home software partner. However, certain products and / or services of our smart home software partner may not be made available to you if you refuse to provide such data. You can find more details on the data protection guidelines of our smart home software partner at: data protection declaration for smart home software partners
Wearables (smartwatches, fitness trackers, etc.)
Hama Fit Move und Hama Fit Pro App der Shenzhen DO Intelligent Technology Co., Ltd, 11th Floor, 3# Building, Guole Tech Park, Lirong Road, Dalang, Longhua District, Shenzhen, Guangdong, China.
here
As you can see from this privacy policy, you can also use both apps to their full extent without registering. Your personal data is only stored locally on your end device (e.g. your smartphone). If you would like to access this data on other devices, you will need a user account. All you need for this is a valid e-mail address. Your data will then be stored for you on the cloud servers of our software partner.
In both apps, you can delete your user account and your data stored on the cloud servers at any time. In the Hama Fit Move app, you can also selectively define which data should be synchronised with our software partner's cloud in the "Privacy and security" menu item.
Both the Hama Fit Move and the Hama Fit Pro app are available to you completely free of charge.
Hama FIT-App der Fa. Shenzhen Keeprapid Co., Ltd, 1103, C Building, Shennan Huayuan, Nanshan, Shenzhen
The provider respects and protects the privacy of all users who use its service.
In order to provide you with more accurate and personalized services, the Provider will use your personal data in accordance with the Privacy Policy accessible via the link below. The Provider will treat this information with a high degree of care and prudence. Unless otherwise stated in the Privacy Policy, the Provider will not disclose the information to third parties without your prior consent. The provider will update the privacy policy from time to time. By agreeing to this Application Services User Agreement, you are deemed to have agreed to the entire contents of the Privacy Policy.
This Privacy Policy is an integral part of this Application Service Agreement. Further details on the privacy policy can be found here:
Hama Fit App
Hama Fit Pro App
Hama Fit Move App
Smart Home Products
Our smart home software partner and its subsidiaries recognize that our customers' privacy is important and takes it seriously.
The privacy policy of our smart home software partner describes how he collects, receives, uses, stores and shares your data when you use the various services of our smart home software partner. The services may contain links to other websites or online services that are operated and maintained by third parties and that are not under the control of or maintained by our smart home software partner. The privacy policy of our smart home software partner does not apply to the way in which third parties collect, use, disclose or store information. We recommend that you check the data protection guidelines of the websites or services of these third-party providers.
The privacy policy of our smart home software partner also includes information on how it processes data that it receives on behalf of and under the guidance of its customers via mobile applications from its customers' OEM brands. The processing of such data is limited to the purpose of providing his service for which he has been commissioned by his customers.
You are not obliged to provide your personal data to our smart home software partner. However, certain products and / or services of our smart home software partner may not be made available to you if you refuse to provide such data. You can find more details on the data protection guidelines of our smart home software partner at: data protection declaration for smart home software partners
Wearables (smartwatches, fitness trackers, etc.)
Hama Fit Move und Hama Fit Pro App der Shenzhen DO Intelligent Technology Co., Ltd, 11th Floor, 3# Building, Guole Tech Park, Lirong Road, Dalang, Longhua District, Shenzhen, Guangdong, China.
hereAs you can see from this privacy policy, you can also use both apps to their full extent without registering. Your personal data is only stored locally on your end device (e.g. your smartphone). If you would like to access this data on other devices, you will need a user account. All you need for this is a valid e-mail address. Your data will then be stored for you on the cloud servers of our software partner.
In both apps, you can delete your user account and your data stored on the cloud servers at any time. In the Hama Fit Move app, you can also selectively define which data should be synchronised with our software partner's cloud in the "Privacy and security" menu item.
Both the Hama Fit Move and the Hama Fit Pro app are available to you completely free of charge.
Hama FIT-App der Fa. Shenzhen Keeprapid Co., Ltd, 1103, C Building, Shennan Huayuan, Nanshan, Shenzhen
The provider respects and protects the privacy of all users who use its service.
In order to provide you with more accurate and personalized services, the Provider will use your personal data in accordance with the Privacy Policy accessible via the link below. The Provider will treat this information with a high degree of care and prudence. Unless otherwise stated in the Privacy Policy, the Provider will not disclose the information to third parties without your prior consent. The provider will update the privacy policy from time to time. By agreeing to this Application Services User Agreement, you are deemed to have agreed to the entire contents of the Privacy Policy.
This Privacy Policy is an integral part of this Application Service Agreement. Further details on the privacy policy can be found here:
Hama Fit AppHama Fit Pro App
Hama Fit Move App
Legal regulations or contractual provisions for the provision of personal data; necessity for the conclusion of a contract; obligation of the data subject to provide personal data; possible consequences of failure to provide data
The provision of personal data is legally required in some cases (e.g. in tax law) or is delineated in contractual provisions.
In order to conclude a contract, it may be necessary to provide us with personal data that we need to process for this purpose. Without the provision of this data, it may be impossible to conclude the contract.
For more information about the necessity of the provision of personal data with regards to a specific case, you can contact our employees at any time. Our employees will also inform you as to the possible consequences of the failure to provide this data.
Name and address of the data security officer
The data security officer of the controller is:
Data security officer
Hama GmbH & Co KG
Dresdner Str. 9
86653 Monheim
Deutschland
E-Mail: dpo@hama.com