Boxine Sales DAB GmbH (as the operator of websites tonies.de, support.tonies.de, and tonies.com) and Boxine GmbH (as the operator of website meine.tonies.de) take the protection of your personal data very seriously and ensure the safeguarding of your privacy.
We handle your personal data confidentially and in accordance with the statutory data protection regulations (in particular the EU General Data Protection Regulation [GDPR] and the Federal Data Protection Act [Bundesdatenschutzgesetz – BDSG]) and this data privacy statement.
In order to guarantee that you are informed to the full extent about the collection and use of personal data on our websites, and your rights, please take note of the following information.
Name and address of the controller responsible for processing and who you can contact
The controller within the meaning of the General Data Protection Regulation (GDPR), other applicable data protection laws and other provisions of a data protection nature is the following:
Boxine Sales DAB GmbH
Grafenberger Allee 120
40237 Düsseldorf, Germany
Tel: +49 (0)211 73710100
Fax: +49 (0)211 542 540 99
You can reach our data protection officer using the following contact details:
Mr Stephan Schollmeyer
23617 Stockelsdorf, Germany
Tel: +49 (0)451 16085221
Data use – general
The mere use of our websites for information purposes is generally possible without providing personal data. The case is different if personal data is for the purpose of sending a newsletter requested by you, via our general contact form. More details about the general functions of our system can also be found on our website at tonies.com.
If we collect personal data from you, this will always take place, if possible for the provision of our service, on a voluntary basis. If there is no legal basis for such processing, we will generally obtain permission from you. After you have granted permission for this purpose, you can withdraw it at any time.
The use of your data for our regular marketing purposes and for similar goods and services is not excluded. However, you can object to this use at any time, by sending a notification to firstname.lastname@example.org or the above address, for example.
We would like to point out that data transfer via the internet can always involve security flaws. The complete protection of your data against access by third parties is not possible.
Data use in detail
Server log files
The provider of the sites automatically collects and stores information in so-called server log files, which your browser automatically sends to us. This data is as follows:
- Browser type/browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
- Request authorisation
We cannot match this data to certain people. This data will not be compiled with other data sources. We reserve the right to check this data afterwards, if we become aware of specific indications of unlawful use.
The data is needed to correctly supply the content of our website. When using this general data and information, we do not match it to specific people. Instead, this data/information is needed to (1) supply the content of our websites correctly, (2) optimise the content of our websites and its marketing, (3) guarantee the permanent functioning of our information technology systems and the technology of our websites, and (4) to provide prosecution authorities with the information necessary for prosecution in the event of a cyberattack. This anonymously collected data and information will therefore be analysed statistically and with the objective of increasing data protection and data privacy in our company, in order to ultimately ensure an optimal level of protection for the personal data processed by us. The anonymous data in the server log files will be stored separately from all personal data entered by the data subject.
If you send us queries via the contact form, your voluntary details from the contact form, and the contact details given voluntarily by you therein (personal data), your name, and your email address will be automatically stored for us for the purpose of processing the query and in the case of follow-up questions, until the matter concerned is finally clarified. Of course, we will not pass this data on without your permission.
You can also apply to our company electronically (via email). Of course, we will only use your data to process your application and we will not pass it on to third parties. Please note that emails sent without encryption cannot be protected against access. We only collect and process personal data of applicants for the purposes of handling the application process. If we conclude an employment contract with an applicant, the data transferred will be stored by us for the purposes of handling the employment relationship in consideration of the statutory provisions. If we do not conclude an employment contract with an applicant, we will automatically erase the application documents two months after sending notification of the rejection, provided that an erasure does not contradict other legitimate interests (e.g. burden of proof in a procedure in accordance with the AGG [General Equal Treatment Act]).
Newsletter and marketing emails
If you would like to obtain the newsletter offered on our website via email, we require from you an email address and information that enables us to verify that you are the holder of the email address stated and have agreed to receive the newsletter (the verification takes place in a double opt-in process). You can also provide your first and last names, and gender, voluntarily. Other data will not be collected. We will only use this data to send the required information, and we will not pass it on to third parties.
The newsletters we send may contain a tracking pixel – a pixel-sized file that is accessed by our server upon the opening of the newsletter.
We carry out statistical surveys about the above. This includes information about whether the newsletter has been opened and what links have been clicked on. This information may be allocated to the individual newsletter recipients for technical reasons, but it is not our intention to observe individual users. The analyses only enable us to recognise the reading behaviour of our users and adapt our content to you, or to send different content in accordance with the interests of our individual users.
You can withdraw your consent granted to the storage of the data and email address, and its use for the sending of the newsletter, at any time, for example via the “cancel” link in the newsletter or by sending your withdrawal to the address named above or in the legal notice, phoning us or sending an email to email@example.com.
You can also object to the statistical surveying and analysis via the tracking pixels separately using the address named above or in the legal notice, or by sending an email to firstname.lastname@example.org.
Most of the cookies used by us are so-called “session cookies”. They are automatically deleted after the end of your visit. Other cookies will remain stored on your end device until you delete them. These cookies enable us to recognise your browser upon your next visit, in order to make our websites more user-friendly. The following data in particular is stored and sent in such cookies: items in the shopping cart and log-in information.
You can set your browser so that you are informed about the placing of cookies, and only allow cookies on a case-by-case basis, accept cookies for certain cases or generally exclude them, and activate the automatic deletion of cookies when closing your browser. You can also delete already placed cookies at any time via your browser and other software programmes. When deactivating cookies, the functionality of this website may be limited.
Data privacy statement for the use of Facebook plugins (Like button)
Our sites contain integrated plugins of social network Facebook, provided by Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. You will recognise the Facebook plugins by the Facebook logo or the “Like” button on our page. You will find an overview of the Facebook plugins at: http://developers.facebook.com/docs/plugins/. If you live outside the USA or Canada, the controller responsible for the processing of personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
When you visit our sites, a direct connection is established via the plugin between your browser and the Facebook server. Facebook thereby receives information that you have visited our site with your IP address. If you click on the Facebook “Like button” while you are logged into your Facebook account, you can link the content of our sites to your Facebook profile. We would like to point out that as the provider of the sites, we do not receive any knowledge of the content of the data transferred or its use by Facebook. Further information about the collection, processing and use of personal data by Facebook, and the setting options to protect your privacy, can be found in the data privacy statement of Facebook at https://www.facebook.com/about/privacy/.
If you do not wish for Facebook to match the visit to our sites with your Facebook user account, please log out of your Facebook user account before visiting our site.
Data privacy statement for the use of Facebook Website Custom Audiences
Our sites also contain the “Website Custom Audiences” pixel of social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA. A tracking pixel is hereby used to identify the website visitors.
When visiting our pages, a direct connection is established between your browser and the Facebook server via this tracking pixel. Facebook will thereby receive information that you have visited our website with your IP address. Facebook will then be able to match the visit to our sites with your user account and use this information to display Facebook ads. As the provider of the sites, we have no knowledge of the content of the data transferred or its use by Facebook.
For more information, please look at the Facebook data privacy statement at https://www.facebook.com/about/privacy/. Of course, you can deactivate the data collection via Custom Audiences. To do this, please click on the following link: https://www.facebook.com/ads/website_custom_audiences/. If you live outside the USA or Canada, the controller responsible for the processing of personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Data privacy statement for the use of Google Analytics
This website uses functions of website analysis service Google Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website will generally be sent to a Google server in the USA, where it will be stored.
In the event that IP anonymisation is activated on this website, however, your IP address will be shortened beforehand by Google within member states of the European Union or in other signatory states of the Agreement on the European Economic Area. Only under exceptional circumstances will the full IP address be sent to a Google server in the USA and stored there. On behalf of the operator of this website, Google will use this information to analyse your use of the website, create reports about the website activities, and provide the website operator with further services related to the website use and internet use. The IP address sent by your browser as part of Google Analytics will not be amalgamated with other data by Google.
You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out to you that in this case, you may not be able to use all functions of this website to their full extent. You can also prevent the logging of the data generated by the cookie and related to your use of the website (incl. your IP address) from being sent to Google, and the processing of this data by Google, by downloading and installing the browser plugin available via the following link: http://tools.google.com/dlpage/gaoptout.
You will find further information and the applicable data protection terms and conditions of Google (with information about the collection, processing and use of personal data by Google and your protection options in this regard) at https://policies.google.com/privacy and http://www.google.com/analytics/terms/gb.html. Google Analytics is explained in more detail in the following link: https://www.google.com/intl/en_uk/analytics/.
Data privacy statement for the use of Google +1
Our sites use functions of Google +1. The provider is Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.
Collection and transfer of information: With the aid of the Google +1 button, you can publish information worldwide. Via the Google +1 button, you and other users will receive personalised content from Google and our partners. Google stores the information you have given to +1 for content, as well as information about the site you have looked at by clicking on +1. Your +1 can be shown as a notice together with your profile name and your photo in Google services, e.g. in search results or in your Google profile, or at other points on websites and adverts on the internet. Google records information about your +1 activities in order to improve the Google services for you and others. In order to be able to use the Google +1 button, you need a globally visible public Google profile, which must contain the name selected for the profile at least. This name will be used in all Google services. In some cases, this name can also replace another name that you have used when sharing content via your Google account. The identity of the Google profile can be shown to users who know your email address or have other identifying information about you available.
Use of the information collected: As well as the above-mentioned purposes of use, the information provided by you will be used in accordance with the applicable Google data privacy terms and conditions. Google may publish statistics compiled about the +1 activities of the users or pass them on to users and partners, such as publishers, advertisers and affiliated websites.
You will find further information and the applicable data protection terms and conditions of Google (with further information about the collection, processing and use of personal data by Google and your protection options in this regard) at https://policies.google.com/privacy/ and https://www.google.com/intl/en_ALL/+/policy/index.html. Google +1 is explained in more detail in the following link: https://plus.google.com/about.
Data privacy statement for the use of Twitter
Our sites include functions of the Twitter service. These functions are offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the “Retweet” function, the websites visited by you will be linked to your Twitter account and announced to other users. Data will thereby also be sent to Twitter. We would like to point out that as the provider of the sites, we have no knowledge of the content of the data transferred or its use by Twitter. Further information about the collection, processing and use of personal data by Twitter can be found at http://twitter.com/privacy.
You can change your data privacy settings on Twitter in the account settings at http://twitter.com/privacy. You can also prevent the transfer of information to Twitter by logging out of your Twitter account before accessing our websites.
Data privacy statement for the use of Pinterest
On our website, we use social plugins of social network Pinterest, which is operated by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA (“Pinterest”). When you access a page that contains such a plugin, your browser will establish a direct connection to the servers of Pinterest. The plugin will thereby send log files to the Pinterest server in the USA. These log files may contain your IP address, the address of the websites visited (which also contain Pinterest functions), the type and settings of the browser, the date and time of the request, your use of Pinterest, and cookies.
Further information about the collection, processing and use of personal data by Pinterest, as well as your rights in this regard and options to protect your privacy, can be found in the data protection notices of Pinterest at https://policy.pinterest.com/en/privacy-policy.
Data privacy statement for the use of Instagram
Our sites use plugins provided by social network Instagram, which is operated by Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA. You will recognise the Instagram plugin by the “Instagram button” on our website. If you use the Instagram button while logged into your Instagram account, content from our website may be linked to your Instagram profile. Instagram can hereby match the visit to our sites with your user account. As the operator of the sites, we have no knowledge of the content of the data transferred or its use by Instagram. If you would not like information to be transferred to Instagram in such a manner, you can prevent the transfer by logging out of your Instagram account before accessing our websites. You will find further information about the above and the collection, processing and use of personal data by Instagram in the Instagram data privacy statement at http://instagram.com/about/legal/privacy/.
Duration of the storage of your data
We will only process and store your personal data for as long as this is necessary for the performance of our contractual and legal duties. If the purpose of the storage ceases to apply, your personal data will regularly be erased by us, unless its temporary further processing is necessary for the fulfilment of retention obligations under commercial and tax law or the preservation of evidence within the framework of the statutory limitation provisions.
Your data privacy rights
You have the right at any time to access (Art. 15 GDPR), rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction of processing (Art. 18 GDPR), object (Art. 21 GDPR) and data portability (Art. 20 GDPR). Regarding the right to access and erasure, the restrictions of § 34 and § 35 BDSG apply. You also have a right to lodge a complaint with a competent data privacy supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG).
You can withdraw permission you have granted for the processing of personal data from us at any time in accordance with Art. 7(3) GDPR. This also applies for the withdrawal of declarations of consent that were issued to us before the validity of GDPR (in other words, before 25 May 2018). Please note that the withdrawal will only be with future effect. Processing that takes place before the withdrawal is not affected.
INFORMATION ABOUT YOUR RIGHT TO OBJECT IN ACCORDANCE WITH ART. 21 GDPR
IF, WITHIN THE FRAMEWORK OF THE BALANCING OF INTERESTS, WE PROCESS YOUR PERSONAL DATA DUE TO AN OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING, WITH FUTURE EFFECT, FOR REASONS RELATING TO YOUR PARTICULAR SITUATION.
IF YOU MAKE USE OF YOUR RIGHT TO OBJECT, WE WILL END THE PROCESSING OF THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO PROCESS IF WE CAN DEMONSTRATE COMPELLING GROUNDS WORTH PROTECTING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FUNDAMENTAL FREEDONS, OR IF THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL RIGHTS.
IF YOUR PERSONAL DATA IS PROCESSED BY US FOR OUR OWN MARKETING PURPOSES, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO SUCH PROCESSING. IN THIS CASE, WE WILL NO LONGER USE YOUR PERSONAL DATA FOR MARKETING PURPOSES.
To exercise your data privacy rights, you can contact our data protection officer, or any of our employees. You will find the addresses above under the name and address of the controller responsible for the processing and in our legal notice. You can send objections to the use of your personal data for our own marketing purposes to opt-out@boxine, for example.
Protection of your personal data
We endeavour to take appropriate protective measures to guarantee the security, integrity and confidentiality of the information provided by you. For this reason, we have set up technological security strategies that are intended to protect the personal information about you that is collected by us. Furthermore, we take security measures that are prescribed by the applicable data protection provisions. We secure our websites and other systems, by means of technical and organisational measures, against the loss, destruction, changing and distribution of, and access to, your data by unauthorised persons.
Purposes of the data processing and legal bases
We process your personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG):
a) based on your permission (Art. 6 [a] GDPR)
If you have granted us permission to process your personal data for certain purposes (e.g. sending newsletters), the processing will take place based on this permission. You can withdraw this permission at any time. Such a withdrawal is only valid with future effect and does not affect the legitimacy of the data processed before the withdrawal.
b) due to statutory provisions (Art. 6[c] GDPR)
If we are subject to a legal obligation based on which the processing of personal data is necessary, e.g. for the fulfilment of tax obligations, such processing of personal data will be based on Art. 6[c] GDPR.
c) within the framework of the balancing of interests (Art. 6[f] GDPR, § 7 UWG)
If we process personal data that is not covered by the above legal bases, the processing may also be necessary for the safeguarding of a legitimate interest of our company or a third party, provided that it is not overridden by your interests, fundamental rights and fundamental freedoms. This is the case, for example, if we use your personal data for the marketing of our products, if you have not objected to such a use of your data.