Boxine Sales DAB GmbH (as the operator of websites tonies.com, including support - tonies.com/support, and our online shop - tonies.com/shop) and Boxine GmbH (as the operator of website my.tonies.com) take the protection of your personal data very seriously and ensure the safeguarding of your privacy.
We handle your personal data confidentially and in accordance with the statutory data protection regulations (in particular the EU General Data Protection Regulation [GDPR] and the Federal Data Protection Act [Bundesdatenschutzgesetz – BDSG]) and this data protection statement.
In order to guarantee that you are informed to the full extent about the collection and use of personal data on our websites, and your rights, please take note of the following information.
Name and address of the controller responsible for processing and who you can contact
The controller within the meaning of the General Data Protection Regulation (GDPR), other applicable data protection laws and other provisions of a data protection nature is the following:
Boxine Sales DAB GmbH
Grafenberger Allee 120
40237 Düsseldorf, Germany
Tel: +44 (0)20 31 92 14 92
Fax: +49 (0)211 542 540 99
You can reach our data protection officer using the following contact details:
Mr Philipp Herold
23617 Stockelsdorf, Germany
Data use – general
The mere use of our websites for information purposes is generally possible without providing personal data. The case is different if personal data is required within the framework of an order process in our online shop, for the creation of a customer account in the online shop, for the personalised use of Toniecloud at my.tonies.com (Toniecloud customer accounts), as part of a customer care query or the sending of a newsletter requested by you, via our general contact form, or for the use of our blog. As a net-based system with a server the Toniecloud and clients, the Tonieboxes and Tonies with audio content - we also have further data exchange processes, without which the full use of the system is not possible. More details about the general functions of our system can also be found on our website at www.tonies.com/idea.
If we collect personal data from you, this will always take place, if possible for the provision of our service, on a voluntary basis. If there is no legal basis for such processing, we will generally obtain permission from you. After you have granted permission for this purpose, you can withdraw it at any time. Your personal data will not be passed on to third parties, with the exception of our service partners that require personal data for the processing of the order from our online shop or within the framework of customer care queries (e.g. the shipping company tasked with the delivery, the credit and payment institution tasked with the payment processing, our service partners for customer care/customer service queries, and our technical support). In these cases, however, the scope of the data transferred will be limited to the minimum necessary for the respective service, and all personal data will of course be handled in strict confidence by our service partners. To the extent legally permitted and in consideration of your respective interests worth protecting, an exchange of address and credit details with a recognised third-party company (i.e. Dun & Bradstreet) will take place for the purposes of a credit check. However, we accept no liability for third parties, unless stated specifically.
The use of your data for our regular marketing purposes and for similar goods and services is not excluded. However, you can object to this use at any time, by sending a notification to firstname.lastname@example.org or the above address, for example.
We would like to point out that data transfer via the internet can always involve security flaws. The complete protection of your data against access by third parties is not possible.
Data use in detail
Server log files
The provider of the sites automatically collects and stores information in so-called server log files, which your browser automatically sends to us. This data is as follows:
- Browser type/browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
- Request authorisation
We cannot match this data to certain people. This data will not be compiled with other data sources. We reserve the right to check this data afterwards, if we become aware of specific indications of unlawful use.
The data is needed to correctly supply the content of our website. When using this general data and information, we do not match it to specific people. Instead, this data/information is needed to (1) supply the content of our websites correctly, (2) optimise the content of our websites and its marketing, (3) guarantee the permanent functioning of our information technology systems and the technology of our websites, and (4) to provide prosecution authorities with the information necessary for prosecution in the event of a cyberattack. This anonymously collected data and information will therefore be analysed statistically and with the objective of increasing data protection and data privacy in our company, in order to ultimately ensure an optimal level of protection for the personal data processed by us. The anonymous data in the server log files will be stored separately from all personal data entered by the data subject.
If you send us queries via the contact form, your voluntary details from the contact form, and the contact details given voluntarily by you therein (personal data), your name, and your email address will be automatically stored for us for the purpose of processing the query and in the case of follow-up questions, until the matter concerned is finally clarified. Of course, we will not pass this data on without your permission.
You can also apply to our company electronically (via email). Of course, we will only use your data to process your application and we will not pass it on to third parties. Please note that emails sent without encryption cannot be protected against access. We only collect and process personal data of applicants for the purposes of handling the application process. If we conclude an employment contract with an applicant, the data transferred will be stored by us for the purposes of handling the employment relationship in consideration of the statutory provisions. If we do not conclude an employment contract with an applicant, we will automatically erase the application documents two months after sending notification of the rejection, provided that an erasure does not contradict other legitimate interests (e.g. burden of proof in a procedure in accordance with the AGG [General Equal Treatment Act]).
Data use in our online shop
We require your personal data to implement your order in our online shop. For this purpose, we need your title, first names, last names, email address, delivery address, billing address, and, as voluntary information, your telephone number for queries about your order. If you would like to create a customer account with us, we will store your personal data so that it does not have to be entered again for each order. This will save you time and protect you against any typing errors. You will also receive personal access to your order history, and you can set individual user settings, should you wish. When setting up a customer account, the following personal data about you will be stored: title, first name, surname, email address, delivery address, billing address, payment method (as a default setting for the first purchase), your telephone number (as voluntary information for queries about your order) and the password selected by you.
Data use: Toniebox, Tonies and Toniecloud, Toniecloud customer account
Each Toniebox has an individual client certificate ex works, with which it can clearly authenticate itself in the Toniecloud. As well as this client certificate, a Toniebox ID is also stored in the Toniecloud for each Toniebox. This Toniebox ID is also applied on the underside of the Toniebox. During the first activation and when connecting to a new Wi-Fi network, you will be asked to enter the Toniebox ID for calibration with the Toniecloud. This is to ensure that only authorised Tonieboxes can contact the Toniecloud.
Via the Toniebox ID, the Toniebox will also be linked to a Toniecloud customer account. For the creation of this account, you need a valid email address, and you can enter additional personal details (first name, surname and gender) and subscribe to the newsletter. You also have to enter your Toniebox ID, in order to connect your Toniebox to your customer account.
The creation of a Toniecloud customer account is absolutely necessary for the use of the Creative-Tonies, connections to other Toniecloud members, and other functions.
When you use your Toniebox, it will attempt to establish a connection to the Toniecloud in the following events: upon first-time activation, when switching on, when setting up an unknown Tonie, and upon a search for new Tonie content triggered by you. If the connection to the Toniecloud is successful, the Toniebox will send your individual client certificate, your IP address and a time stamp. When you use Tonies and a Toniebox, we will also receive data about operation events (Tonie set up/removed, including the names of the Tonies [e.g. Creative-Tonie or The Gruffallo Tonie], volume changed, rewind and skip, headphones inserted/removed, charging station connected/removed). We thereby want to continuously improve our service and our product for you. The data transfers described above are therefore stored in server log files and can be analysed by us at any time. This data will generally be collected by us anonymously. If you make contact with our customer service and name the Toniebox ID as part of a support request (e.g. because your Toniebox has a technical problem or because a Toniebox and/or a Tonie has/have been lost in transit), the hitherto anonymous data will be linked to any personal data named by you as part of the query. In this case, the customer service staff will actively point this out to you. This enables us to process your support matter, track Tonieboxes or Tonies lost in transit, uncover cases of misuse and rights violations in this regard, and defend ourselves against them. The data thereby linked will be erased as soon as your support request has been processed completely. In cases in which a rights violation is possible, we will store the data until the clarification of the rights violation or, if proceedings have been initiated, until their conclusion, and we will only erase it when we no longer need the data for evidence or legal defence purposes, or due to retention requirements.
Should you set up a Toniecloud customer account and connect your Toniebox to this account using the Toniebox ID, we can match your customer data with the data described above, and we will therefore be able to tailor our newsletters (if you have decided to receive them) and other advertising measures to you and your individual interests, and continually improve their benefits. If you do not wish for this to happen, you have the opportunity at any time, of course, to deactivate it in your Toniecloud customer account settings (under "Mein Profil" [My Profile]) or inform us of your decision via email (email@example.com) or over the telephone. You will find our contact details above or in the legal notice.
If you upload audio files in the Toniecloud for your Creative-Tonies (via the Tonie smart phone app or via our website), these files will be converted by our server to the required audio format and then provided for playing on the Creative-Tonies. Your originally uploaded data will be automatically deleted after seven days. The converted data will then be located in our Toniecloud. You can upload new data for the desired Creative-Tonie as often as you like; the old data will thereby be deleted and replaced by the new data. We do not store the old data; for technical reasons, however, the converted data is kept for at least seven days after the conversion. We reserve the right to randomly examine the uploaded data to check for any possible violation of applicable law (including copyright law, personality rights and competition law), the applicable jurisdiction, and/or moral standards. Should we discover a violation, we reserve the right to delete the data from our Toniecloud and close your Toniecloud customer account.
If you close your Toniecloud customer account, you have the opportunity to grant another user administration rights before leaving and therefore authorise him/her to continue to use the Toniecloud account. In this case, despite the deletion of the Toniecloud customer account, uploaded data will remain in the Toniecloud.
Data use: Tonie smart phone app and QR code on Toniebox packaging
If you use our Tonie smart phone app, you require a Toniecloud customer account, and you also have to log onto the Tonie smart phone app with your email address and your password before you can use the app. The app enables you to make voice recordings and connect them to a selected Creative-Tonie by uploading them via the app from your smart phone in the Toniecloud.
Finally, we would like to point out that each Toniebox package is provided with a QR code in the factory; this is primarily for internal purposes (ERP system). This information is generally not linked to your customer account. The only case in which this does not apply is when we have sufficient indications of fraud. The QR code would then be linked to your customer account in order to trace Tonieboxes that have not arrived. This is for our protection against rights violations. The personal data thereby used will be erased by us as soon as the suspicion of fraud has failed to be confirmed or as soon as fraud proceedings initiated have been closed, and the data is no longer required for the purposes of evidence and legal defence.
If you contact our customer service staff by telephone, via email to tonies.com/support, or directly, your telephone number and email address, as well as other details you provide to our customer service staff, will be taken, stored and analysed for the purpose of processing your query. This is to enable a response to your query and improve our products and service quality. If, within the framework of such a support query, the Toniebox ID must be named in order to respond to your query, data about operation events that is so far anonymised may be linked to any personal data given by you due to the query. However, the customer service staff will actively point this out to you in such a case before such a link is carried out, and you can refuse at any time, of course.
Newsletter and marketing emails
If you would like to obtain the newsletter offered on our website via email, we require from you an email address and information that enables us to verify that you are the holder of the email address stated and have agreed to receive the newsletter (the verification takes place in a double opt-in process). You can also provide your first and last names, and gender, voluntarily. Other data will not be collected. We will only use this data to send the required information, and we will not pass it on to third parties.
The newsletters we send may contain a tracking pixel – a pixel-sized file that is accessed by our server upon the opening of the newsletter.
We carry out statistical surveys about the above. This includes information about whether the newsletter has been opened and what links have been clicked on. This information may be allocated to the individual newsletter recipients for technical reasons, but it is not our intention to observe individual users. The analyses only enable us to recognise the reading behaviour of our users and adapt our content to you, or to send different content in accordance with the interests of our individual users.
You can withdraw your consent granted to the storage of the data and email address, and its use for the sending of the newsletter, at any time, for example via the “cancel” link in the newsletter or by sending your withdrawal to the address named above or in the legal notice, phoning us or sending an email to firstname.lastname@example.org.
You can also object to the statistical surveying and analysis via the tracking pixels separately using the address named above or in the legal notice, or by sending an email to email@example.com.
Most of the cookies used by us are so-called “session cookies”. They are automatically deleted after the end of your visit. Other cookies will remain stored on your end device until you delete them. These cookies enable us to recognise your browser upon your next visit, in order to make our websites more user-friendly. The following data in particular is stored and sent in such cookies: items in the shopping cart and log-in information.
You can set your browser so that you are informed about the placing of cookies, and only allow cookies on a case-by-case basis, accept cookies for certain cases or generally exclude them, and activate the automatic deletion of cookies when closing your browser. You can also delete already placed cookies at any time via your browser and other software programmes. When deactivating cookies, the functionality of this website may be limited.
Data privacy statement for the use of Facebook plugins (Like button)
Our sites contain integrated plugins of social network Facebook, provided by Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. You will recognise the Facebook plugins by the Facebook logo or the “Like” button on our page. You will find an overview of the Facebook plugins at: http://developers.facebook.com/docs/plugins/. If you live outside the USA or Canada, the controller responsible for the processing of personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
When you visit our sites, a direct connection is established via the plugin between your browser and the Facebook server. Facebook thereby receives information that you have visited our site with your IP address. If you click on the Facebook “Like button” while you are logged into your Facebook account, you can link the content of our sites to your Facebook profile. We would like to point out that as the provider of the sites, we do not receive any knowledge of the content of the data transferred or its use by Facebook. Further information about the collection, processing and use of personal data by Facebook, and the setting options to protect your privacy, can be found in the data privacy statement of Facebook at https://www.facebook.com/about/privacy/.
If you do not wish for Facebook to match the visit to our sites with your Facebook user account, please log out of your Facebook user account before visiting our site.
Data privacy statement for the use of Facebook Website Custom Audiences
Our sites also contain the “Website Custom Audiences” pixel of social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA. A tracking pixel is hereby used to identify the website visitors.
When visiting our pages, a direct connection is established between your browser and the Facebook server via this tracking pixel. Facebook will thereby receive information that you have visited our website with your IP address. Facebook will then be able to match the visit to our sites with your user account and use this information to display Facebook ads. As the provider of the sites, we have no knowledge of the content of the data transferred or its use by Facebook.
For more information, please look at the Facebook data privacy statement at https://www.facebook.com/about/privacy/. Of course, you can deactivate the data collection via Custom Audiences. To do this, please click on the following link: https://www.facebook.com/ads/website_custom_audiences/. If you live outside the USA or Canada, the controller responsible for the processing of personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Data privacy statement for the use of Google Analytics
This website uses functions of website analysis service Google Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website will generally be sent to a Google server in the USA, where it will be stored.
In the event that IP anonymisation is activated on this website, however, your IP address will be shortened beforehand by Google within member states of the European Union or in other signatory states of the Agreement on the European Economic Area. Only under exceptional circumstances will the full IP address be sent to a Google server in the USA and stored there. On behalf of the operator of this website, Google will use this information to analyse your use of the website, create reports about the website activities, and provide the website operator with further services related to the website use and internet use. The IP address sent by your browser as part of Google Analytics will not be amalgamated with other data by Google.
You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out to you that in this case, you may not be able to use all functions of this website to their full extent. You can also prevent the logging of the data generated by the cookie and related to your use of the website (incl. your IP address) from being sent to Google, and the processing of this data by Google, by downloading and installing the browser plugin available via the following link: http://tools.google.com/dlpage/gaoptout.
You will find further information and the applicable data protection terms and conditions of Google (with information about the collection, processing and use of personal data by Google and your protection options in this regard) at https://policies.google.com/privacy and http://www.google.com/analytics/terms/gb.html. Google Analytics is explained in more detail in the following link: https://www.google.com/intl/en_uk/analytics/.
Data privacy statement for the use of Google +1
Our sites use functions of Google +1. The provider is Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.
Collection and transfer of information: With the aid of the Google +1 button, you can publish information worldwide. Via the Google +1 button, you and other users will receive personalised content from Google and our partners. Google stores the information you have given to +1 for content, as well as information about the site you have looked at by clicking on +1. Your +1 can be shown as a notice together with your profile name and your photo in Google services, e.g. in search results or in your Google profile, or at other points on websites and adverts on the internet. Google records information about your +1 activities in order to improve the Google services for you and others. In order to be able to use the Google +1 button, you need a globally visible public Google profile, which must contain the name selected for the profile at least. This name will be used in all Google services. In some cases, this name can also replace another name that you have used when sharing content via your Google account. The identity of the Google profile can be shown to users who know your email address or have other identifying information about you available.
Use of the information collected: As well as the above-mentioned purposes of use, the information provided by you will be used in accordance with the applicable Google data privacy terms and conditions. Google may publish statistics compiled about the +1 activities of the users or pass them on to users and partners, such as publishers, advertisers and affiliated websites.
You will find further information and the applicable data protection terms and conditions of Google (with further information about the collection, processing and use of personal data by Google and your protection options in this regard) at https://policies.google.com/privacy/ and https://www.google.com/intl/en_ALL/+/policy/index.html. Google +1 is explained in more detail in the following link: https://plus.google.com/about.
Data privacy statement for the use of Twitter
Our sites include functions of the Twitter service. These functions are offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the “Retweet” function, the websites visited by you will be linked to your Twitter account and announced to other users. Data will thereby also be sent to Twitter. We would like to point out that as the provider of the sites, we have no knowledge of the content of the data transferred or its use by Twitter. Further information about the collection, processing and use of personal data by Twitter can be found at http://twitter.com/privacy.
You can change your data privacy settings on Twitter in the account settings at http://twitter.com/privacy. You can also prevent the transfer of information to Twitter by logging out of your Twitter account before accessing our websites.
Data privacy statement for the use of Pinterest
On our website, we use social plugins of social network Pinterest, which is operated by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA (“Pinterest”). When you access a page that contains such a plugin, your browser will establish a direct connection to the servers of Pinterest. The plugin will thereby send log files to the Pinterest server in the USA. These log files may contain your IP address, the address of the websites visited (which also contain Pinterest functions), the type and settings of the browser, the date and time of the request, your use of Pinterest, and cookies.
Further information about the collection, processing and use of personal data by Pinterest, as well as your rights in this regard and options to protect your privacy, can be found in the data protection notices of Pinterest at https://policy.pinterest.com/en/privacy-policy.
Data privacy statement for the use of Instagram
Our sites use plugins provided by social network Instagram, which is operated by Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA. You will recognise the Instagram plugin by the “Instagram button” on our website. If you use the Instagram button while logged into your Instagram account, content from our website may be linked to your Instagram profile. Instagram can hereby match the visit to our sites with your user account. As the operator of the sites, we have no knowledge of the content of the data transferred or its use by Instagram. If you would not like information to be transferred to Instagram in such a manner, you can prevent the transfer by logging out of your Instagram account before accessing our websites. You will find further information about the above and the collection, processing and use of personal data by Instagram in the Instagram data privacy statement at http://instagram.com/about/legal/privacy/.
Transfer of personal data outside of our company
The personal data collected by us will be passed on to the transport companies tasked with the delivery as part of the contract handling, if this is necessary for the delivery of the goods. We will pass on your payment details to the assigned credit institution as part of the processing of payments.
For payments via PayPal, we will pass on your payment details to PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (PayPal) as part of the payment processing. When selecting the payment option “PayPal”, you agree to the necessary transfer of personal data in the payment process. This data is generally the first and second names, address, email address, IP address, telephone number, mobile number and other data that is necessary for the payment processing and order processing. The transfer of the data is for payment processing and fraud prevention. In some circumstances, the personal data exchanged will also be sent by PayPal to credit agencies for the purposes of an identity and credit check. PayPal may also pass on personal data to affiliated companies, service providers and subcontractors, if this is necessary for the fulfilment of the contractual obligations or if the data needs to be processed on its behalf. You will find further date protection information, e.g. about the credit agencies used by PayPal and your rights as a data subject, in the PayPal data privacy statement at www.paypal.com/uk/webapps/mpp/ua/privacy-full.
If you have decided to pay by Visa or Mastercard credit/debit card, the payment will be processed by HUELLEMANN & STRAUSS ONLINESERVICES S.à.r.l., 1, Place du Marché, L-6755 Grevenmacher, R.C.S. Luxembourg B 144133. By selecting this payment option, you agree to the transfer of personal data necessary for the payment processing. The transfer of the data is for payment processing.
Our goods are delivered by transport service provider GROUP7 AG, Eschenallee 8, 85445 Schwaig, Germany. We will pass on your name and delivery address to GROUP7 AG. The transfer of this data is for the delivery of your order.
You will find further details about the collection, processing and use of personal data by GROUP7 AG and any subcontractors, and your protection options as a data subject, here.
Within the framework of our customer service, and the technical and IT/EDP support, we work with order data processors and other external service providers, which receive personal data from us for the processing of customer queries and the provision of technical and IT/EDP support. We also work with other consultancy, sales and marketing companies, and, for example, providers of cloud solutions, which support us in the fulfilment of our contractual tasks and our internal marketing measures. To the extent permitted by law and in consideration of your respective interests worth protecting, an exchange of address and credit details may take place with a recognised third-party company (i.e. Dun & Bradstreet) for the purposes of a credit check. The transfer of your personal data, however, will only take place in all cases described beforehand if this is necessary for the fulfilment of our contractual tasks or for the protection of our legitimate interests, or if you have provided the corresponding permission. The transfer will generally by anonymised. All order data processors and external service providers that work with us have undertaken to protect your data in accordance with the principles of this data privacy statement and the statutory provisions, and to treat it confidentially. If you have any other questions about this topic, please contact our data protection officer at any time using the following contact details:
Mr Stephan SchollmeyerRudolf-Diesel-Straße 1023617 Stockelsdorf, GermanyTel: +49 (0)451 16085221Email: firstname.lastname@example.org.
If you do not agree to the passing on of your data, you can object to the transfer. In this case, we will not pass on your personal data unless we can demonstrate compelling legitimate grounds for the transfer that outweigh your interests, rights and freedoms, or unless the transfer is for the assertion, exercise or defence of legal rights. Please direct such an objection to the contact person responsible for the processing whose name and address are given above, or use the contact details in our legal notice. You can also direct objections to the transfer of data for our own marketing to email@example.com.
Duration of the storage of your data
We will only process and store your personal data for as long as this is necessary for the performance of our contractual and legal duties. If the purpose of the storage ceases to apply, your personal data will regularly be erased by us, unless its temporary further processing is necessary for the fulfilment of retention obligations under commercial and tax law or the preservation of evidence within the framework of the statutory limitation provisions.
Your data privacy rights
You have the right at any time to access (Art. 15 GDPR), rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction of processing (Art. 18 GDPR), object (Art. 21 GDPR) and data portability (Art. 20 GDPR). Regarding the right to access and erasure, the restrictions of § 34 and § 35 BDSG apply. You also have a right to lodge a complaint with a competent data privacy supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG).
You can withdraw permission you have granted for the processing of personal data from us at any time in accordance with Art. 7(3) GDPR. This also applies for the withdrawal of declarations of consent that were issued to us before the validity of GDPR (in other words, before 25 May 2018). Please note that the withdrawal will only be with future effect. Processing that takes place before the withdrawal is not affected.
INFORMATION ABOUT YOUR RIGHT TO OBJECT IN ACCORDANCE WITH ART. 21 GDPR
IF, WITHIN THE FRAMEWORK OF THE BALANCING OF INTERESTS, WE PROCESS YOUR PERSONAL DATA DUE TO AN OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING, WITH FUTURE EFFECT, FOR REASONS RELATING TO YOUR PARTICULAR SITUATION.
IF YOU MAKE USE OF YOUR RIGHT TO OBJECT, WE WILL END THE PROCESSING OF THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO PROCESS IF WE CAN DEMONSTRATE COMPELLING GROUNDS WORTH PROTECTING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FUNDAMENTAL FREEDONS, OR IF THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL RIGHTS.
IF YOUR PERSONAL DATA IS PROCESSED BY US FOR OUR OWN MARKETING PURPOSES, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO SUCH PROCESSING. IN THIS CASE, WE WILL NO LONGER USE YOUR PERSONAL DATA FOR MARKETING PURPOSES.
To exercise your data privacy rights, you can contact our data protection officer, or any of our employees. You will find the addresses above under the name and address of the controller responsible for the processing and in our legal notice. You can send objections to the use of your personal data for our own marketing purposes to opt-out@boxine, for example.
Protection of your personal data
We endeavour to take appropriate protective measures to guarantee the security, integrity and confidentiality of the information provided by you. For this reason, we have set up technological security strategies that are intended to protect the personal information about you that is collected by us. Furthermore, we take security measures that are prescribed by the applicable data protection provisions. We secure our websites and other systems, by means of technical and organisational measures, against the loss, destruction, changing and distribution of, and access to, your data by unauthorised persons.
Purposes of the data processing and legal bases
We process your personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG):
a) based on your permission (Art. 6 [a] GDPR)
If you have granted us permission to process your personal data for certain purposes (e.g. sending newsletters), the processing will take place based on this permission. You can withdraw this permission at any time. Such a withdrawal is only valid with future effect and does not affect the legitimacy of the data processed before the withdrawal.
b) due to statutory provisions (Art. 6[c] GDPR)
If we are subject to a legal obligation based on which the processing of personal data is necessary, e.g. for the fulfilment of tax obligations, such processing of personal data will be based on Art. 6[c] GDPR.
c) within the framework of the balancing of interests (Art. 6[f] GDPR, § 7 UWG)
If we process personal data that is not covered by the above legal bases, the processing may also be necessary for the safeguarding of a legitimate interest of our company or a third party, provided that it is not overridden by your interests, fundamental rights and fundamental freedoms. This is the case, for example, if we use your personal data for the marketing of our products, if you have not objected to such a use of your data.
d) within the framework of the balancing of interests (Art. 6[f] GDPR, § 7 UWG)
If we process personal data that is not covered by the above legal bases, the processing may also be necessary for the safeguarding of a legitimate interest of our company or a third party, provided that it is not overridden by your interests, fundamental rights and fundamental freedoms. This is the case, for example, if we use your personal data for the marketing of our products, if you have not objected to such a use of your data, or if a potential data exchange takes place with a recognised third-party company (i.e. Dun & Bradstreet) for the purposes of a credit check or during the processing of an order.