Ortovox Privacy Policy
DATA PRIVACY STATEMENT
ORTOVOX Sportartikel GmbH (in the following: “ORTOVOX”) is firmly committed to data privacy. Therefore, as a matter of course, we strictly adhere to the legal regulations concerning the protection of data privacy (in particular those in GDPR (General Data Protection Regulation) and BDSG [German Data Protection Act] and will do everything possible to ensure the privacy of your data. In addition, it is important for us that you know at any given time which data we store and how we use them. Please take a moment to read the following text informing you about the way we deal with your data. We reserve the right to revise the content of this data privacy statement from time to time, in particular to adapt it to new legal stipulations and technical development so that we can also safeguard data protection in the future. It is therefore advisable to regularly take note of our information and remarks concerning data processing. This Data Privacy Statement refers to the internet presence of ORTOVOX Sportartikel under the domain ortovox.com as well as other subdomains (hereinafter referred to as the „Website”).
1. RESPONSIBLE PERSON AND SCOPE
The responsible person is: ORTOVOX Sportartikel GmbH, Rotwandweg 5, 82024, Taufkirchen, Germany (hereinafter “ORTOVOX”).
2. DATA PROTECTION OFFICER
Our Data Protection Officer is: Mr. Sebastian Meyer, Schwanweg 1 – 90562 Heroldsberg, Germany. Please refer to our Data Protection Officer if you have any questions regarding data protection issues at our company. You can reach him under the email-address: Datenschutz@schwan-stabilo.com .
3. GENERAL PRINCIPLES ON DATA PROCESSING
We collect and use personal data from our users basically only then, when this is necessary to provide a functional Website as well as to deliver our content and services.
3.1. PERSONAL DATA
Personal data is all information relating to an identified or identifiable natural person. This includes, for example, information such as your name, email-address, address, date of birth or your phone number. Non-personal data is ex. data regarding the number of users at a website.
3.2. PROCESSING OF PERSONAL DATA
Processing of personal data is any operation or set of operations which is performed on personal data or on sets of personal data, whether by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction. We process personal data through our Website only if you provide us with this data, ex. when filling out our contact form or sending us an email. We process this data for the named purposes or for the purposes defined in your request. We do not disclose your personal data to third parties, unless otherwise provided by law or you have given us your consent thereto. The data collected as part of an order and return will be forwarded to Sportco AG, Worblentalstrasse 28 in 3063 Ittigen for processing or shipment within Switzerland. Apart from that you may use the general information at www.ortovox.com without revealing your personal data. In particular we process your personal data as provided:
3.2.1. REGISTRATION (CUSTOMER ACCOUNT AND SERVICE ACCOUNT) AND REGISTRATION PROCESS
On our website, we offer users the opportunity to register by providing their personal data for the purpose of opening a customer account in the ORTOVOX online store and for using the ORTOVOX service platform. The data is entered into an input screen and sent to us and stored. Data is generally not transferred to third parties unless it is necessary for the fulfilment of a contract.
The following personal data is collected during the registration process:
• First name and surname, address, email address, phone number and a password of your choice. ORTOVOX cannot see the password.
The following personal data is also collected:
• IP address
• Date and time of registration
We use the processed data to create your customizable user account that will enable you to make use of specific content and services on our website, such as the ORTOVOX online store and/or the service platform.
The service platform is to be used to register ORTOVOX products, in particular to have these checked, serviced or repaired during or after the warranty period. You can also use the service account to extend your warranty within the framework of our warranty conditions.
This includes processing your email address so that we can send you new login details should you forget your current login details, or send you information about your service request.
As soon as the registration on our website is cancelled or modified, the data processed during the registration process will be deleted. In individual cases and if required by law, your data will continue to be stored.
As a user, you have the option to cancel your registration at any time. To do this, send an email with your request to: info@ortovox.com.
You can modify the data stored about you at any time in your customer account.
Processing the personal data stated here is necessary for the implementation of pre-contractual measures and/or the performance of a contract in accordance with Article 6(1)(b) GDPR.
3.2.2. NEWSLETTER
In order for you to subscribe to our email newsletter, we require at least your first name and surname, your gender, your country, the language in which you would prefer to receive the newsletter, and the email address to which the newsletter should be sent, in addition to your consent. In your profile settings you can also optionally add your birthday, interests and town/city.
It is entirely your choice whether you provide us with this data. However, without this data we might not be able to send you our newsletter.
Processing your first name and surname will allow us to send you a personalized newsletter.
After subscribing, your email address will be used for advertising purposes until you unsubscribe from the newsletter. To unsubscribe, follow the link at the end of the newsletter. Use of the newsletter software allows access to personal recipient reactions. By subscribing to our newsletter, you consent to the tracking permission and processing of personal reactions. You can withdraw and, therefore, cancel tracking permission at any time by following the link at the end of the newsletter.
Your data will be stored as long as you are subscribed to the newsletter. After unsubscribing from the newsletter, your data will be deleted. In individual cases and if required by law, your data will continue to be stored.
In order to optimize our newsletter, we check how often it is opened by readers and which links the readers click (analysis of user behavior).
The legal basis for processing data after sign-up for the newsletter by the user if the user’s consent is given is Article 6(1)(a) GDPR. Please note that we are currently working with InxMail GmbH, Wentzingerstrasse 17, 79106 Freiburg, Germany to send our newsletters. Further information about InxMail, your privacy protection settings and your rights to data protection can be found at: https://www.inxmail.com/data-conditions.
3.2.3. PRESS REVIEW
If you subscribe to our press review, we will use your e-mail address in order to send you the ORTOVOX press review. Other personal data, such as address, language, fax number are voluntary and are used only to personalize the press review, as well as to contact you in the event of inquiries. You may freely decide, whether you want to provide this information to us. Without this information we will however not be able to send you our press review. Your first and last name allows us to personalize the press review. Your personal data will be stored for the time you have subscribed to the ORTOVOX press review.
Upon unsubscribing your personal data will be deleted. You can unsubscribe at any time and for any reasons. For unsubscribing you can follow the link in each press review. No costs are connected with un-subscription. Any further storage may however take place, if storage is required by law.
The data processing described above is carried out in accordance with article 6 (1) lit. a GDPR (your consent).
3.2.4. REGISTRATION TO THE ORTOVOX SAFETY NIGHTS COURSES AND TO THE ORTOVOX SAFETY LAB ROCK
For signing on to the ORTOVOX Safety Night Courses and/or ORTOVOX Safety Academy Lab Rock we will need your first and last name as well as your email address. You may freely decide, whether you want to provide this information to us. Without this information we will however not be able to complete your registration.
If you do not want to take part in the ORTOVOX Safety Night Courses and/or the ORTOVOX Safety Lab Rock any more you may sign out at any time and for any reasons. For signing out please sent an e-mail to: info@ortovox.com. Upon signing out from the ORTOVOX Safety Night Courses and/or the ORTOVOX Safety Lab Rock your data will be deleted. Your data may however be stored after this period, if this is required by law.
The data processing described above is carried out in accordance with article 6 (1) lit. b GDPR (processing is necessary for the performance of a contract or prior to entering into a contract).
3.2.5. COMPETITIONS
In order to take part in our competitions, we will need your name and e-mail address. Furthermore, depending on the prize, it may be necessary to provide us with your size, gender and address. We will use this information only to notify you about the prize and to send you your prize, if you have won the competition. You may freely decide, whether you want to provide this information to us. Without providing ORTOVOX with this information you will however not be able to participate in the competition.
The data processing described above is carried out in accordance with article 6 (1) lit. b GDPR and article 6 (1) lit. f GDPR (processing is necessary for the performance of a contract, or in order to take steps prior to entering into a contract, as well as the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data).
3.2.6. ORDERING PROCESS IN THE ORTOVOX ONLINE SHOPs
In order to process your orders in the ORTOVOX Online Shops we will need the following personal data from you: first and last name, address, e-mail-address, telephone number, date of birth as well as your size. You may freely decide, whether you want to provide this information to us. Without this information we will however not be able to deliver your order.
Please note, that we use third party processors for processing the orders in the ORTOVOX Online Shop. We work with heidelpay GmbH in order to provide you with comfortable and practical online payment options.
In order to send your order, we work furthermore with different parcel services, which receive customer data to the extent which is necessary to provide their services.
We give your data to third party processors only upon having an agreement with them (ex. data processing agreement, if such is required by law). Personal data is given only in the scope required for the provision of the services. The service providers are required to comply with all data protection regulations, to keep your personal data confidential and may not use this data for their own business purposes.
The data processing described above is carried out in accordance with article 6 (1) lit. b GDPR (processing is necessary for the performance of an agreement or in order to take steps prior to entering into an agreement).
3.2.7. CHECKING PRODUCT AVAILABILITY
a) Components from OUTTRA
In order to check the local product availability, we use OUTTRRA components from 81 MEDIA GmbH, Ziegelbrennerstr. 5, 73074 Stuttgart. The components use the IP-Address of the user only for the purposes of sending him/her this information. The IP-Address is therefore essential in order to inform about the product availability close to the user.
Upon choosing “by at a local store” the IP-Address of the user at the servers of OUTTRA is anonymized. With the anonymized IP-Address a consultation with a data bank takes place, which allows for a gross localization of the user on the basis of the not-anonymized part of the IP-Address. Thanks to this process, the user will see the local stores, where the products are available.
The legal basis for processing personal data is Art. 6 (1) lit. f) GDPR. Our legitimate interest lies in advertising and sales of our products, as well as in a functionality of our website.
Should checking the product availability be connected with entering a sales agreement, the legal basis for processing personal data is Art. 6 (1) lit. b) GDPR.
According to Art. 21 (1) GDPR you have a right to object for the future, at any time, the processing of personal data based on Article 6(1) lit. f) GDPR.
After ending your browser session, no personal data from the components will be processed by 81 MEDIA GmbH or ORTOVOX.
b) GOOGLE-MAPS
Our website uses Google Maps to display our location and to provide directions. This is a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 (hereinafter: Google).
Through certification according to the EU-US Privacy Shield
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Google guarantees that it will follow the EU's data protection regulations when processing data in the United States.
To enable the display of certain locations on our website, a connection to the Google server in the USA is established whenever our website is accessed.
If you access the Google Maps components integrated into our website, Google will store a cookie on your device via your browser. Your user settings and data are processed to display our location and create a route description. We cannot prevent Google from using servers in the USA.
The legal basis is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in optimizing the functionality of our website.
By connecting to Google in this way, Google can determine from which website your request has been sent and to which IP address the directions are transmitted.
If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your browser. Further details can be found in the section about cookies above.
Further, according to Art. 21 (1) GDPR you have a right to object for the future, at any time, the processing of personal data based on Article 6(1) lit. f) GDPR.
In addition, the use of Google Maps and the information obtained via Google Maps is governed by the Google Terms of Use https://policies.google.com/terms?gl=DE&hl=en and the Terms and Conditions for Google Maps https://www.google.com/intl/de_de/help/terms_maps.html.
Google also offers further information at
https://adssettings.google.com/authenticated
https://policies.google.com/privacy
3.2.8. APPLICANT TRACKING SYSTEM
a) Application via email or post
If you are interested in one of the positions advertised on our website, you can send us an application at any time, either by email to career@ortovox.com or by mail using our contact details.
b) Application via the career portal and applicant tracking system
To efficiently complete the application process, we use a career portal and applicant tracking system provided by Personio GmbH & Co. KG, Rundfunkplatz 4, 80335 Munich, which runs the applicant tracking system as a processor pursuant to Article 4(8) GDPR [German Federal Data Protection Act]. An order processing contract has been concluded with the processor pursuant to Article 28 GDPR, which ensures compliance with data protection regulations. Your data will not be provided to recipients outside of Ortovox. We assure you that the personal data you provide will only be processed for the purposes of completing the application process. We will store your data for 6 months after the end of the application process (acceptance or rejection). The legal basis for processing your personal data in the application documents you send us via email or mail or which you provide to us via the career portal and applicant tracking system is § 26(1) BDSG and Article 6(1)(b) GDPR.
3.2.9. PRODUCT RECALL REGISTRATION
In the event of a product recall, you have the possibility to register via our online form. In such an event, we will need the following personal data: name, e-mail-address, telephone number and address. You may freely decide, whether you want to provide this information to us. Without providing ORTOVOX with this information we will however not be able to carry out the recall for your product. Please note that we may provide your personal data to service partners close to you, in order have optimum handling and settlement of the product recall. Upon settling the product recall and clarifying all its circumstances, your data will be deleted. Your data may however be stored after this period, if this is required by law. The data processing described above is carried out in accordance with article 6 (1) lit. b GDPR and article 6 (1) lit. c GDPR (processing is necessary for the performance of an agreement and processing is necessary for compliance with a legal obligation to which the controller is subject)
3.2.10. CONTACT FORM / CUSTOMER SERVICE
Our website offers you the option of sending us an inquiry and contacting us using the contact form.
Basically, we need your email address and your first and last name to answer your questions. We also ask for your title (optional), country, order number (optional) and a description of the issue. You can also write us a message and add attachments.
It is entirely your choice whether you provide us with this data. However, without this data, we cannot fulfil your request for contact. The purpose of providing your data is to enable us to answer you and assign your inquiry to you. When you use the contact form, your personal data will not be passed on to third parties.
As soon as your inquiry has been concluded and the situation in question has been resolved, the personal data processed as part of the contact form will be deleted. In individual cases and if required by law, your data will continue to be stored.
Please note that we currently use the ticket system provided by Zendesk Inc. for our contact form / customer service. Zendesk Inc. is a processor pursuant to Article 4(8) GDPR. An order processing contract has been concluded with the processor pursuant to Article 28 GDPR, which ensures compliance with data protection regulations.
Data processing for the purpose of making contact as described above is carried out in accordance with Article 6(1)(b) and Art. 6(1)(f) GDPR.
3.2.11. REGISTRATION FOR THE ORTOVOX MEDIA ROOM FOR SPECIAL USERS
On our website we offer special groups of users, like distributors, dealers, press, sport professionals, the possibility to register in our Media Room, in order to have access to certain information regarding ORTOVOX products, as well as photos and videos of ORTOVOX products. For this purpose, we will need your name, email, customer group, telephone number (voluntarily) and address. You may freely decide, whether you want to provide this information to us. Without this information we will however not be able to give you access to our Media Room. If you do not want to have access to the ORTOVOX Media Room any more you may sign out at any time and for any reasons. For signing out please sent an e-mail to: info@ortovox.com. Upon signing out from the ORTOVOX Media Room your data will be deleted. Your data may however be stored after this period, if this is required by law. The data processing described above is carried out in accordance with article 6 (1) lit. b GDPR (processing is necessary for the performance of a contract).
3.2.12. REGISTRATION IN THE ORTOVOX PARTNER SECTION
On our website we offer dealers/partners, who have received from ORTOVOX login data, the possibility to register online, in order to have access to our B2B store. For this purpose, we will need your language, customer number, company name, title and e-mail. You may freely decide, whether you want to provide this information to us. Without this information we will however not be able to check or repair your ORTOVOX product. The data processing described above is carried out in accordance with article 6 (1) lit. b GDPR (processing is necessary for the performance of a contract or prior to entering into a contract).
3.2.13. PRODUCT RATINGS
Our website offers you the option of submitting product ratings and reviews of ORTOVOX products. In this case, we require the following data: first name, country, email address, review and rating. Your email address will not be published with the rating and review.
It is entirely your choice whether you provide us with this data. You cannot submit a rating or review without providing the above mentioned data.
Data processing for the purpose of providing a product rating as described above is carried out in accordance with Article 6(1)(b) and Article 6(1)(f) GDPR.
3.3. LEGAL BASIS
Collecting and processing your personal data takes generally place upon your consent. Should the data processing be based on your consent, the legal basis for this data processing is Article 6 (1) lit. a GDPR. An exception may occur when obtaining a consent is not possible and/or this is permitted by law.
If processing your data is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, the legal basis for this data processing is Article 6 (1) lit. b GDPR.
If processing your personal data is necessary for compliance with a legal obligation to which we as the controller are subject, the legal basis for this data processing is Article 6 (1) lit. c GDPR.
If processing your personal data is necessary for the purposes of legitimate interests pursued by us, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, the legal basis for this data processing is Article 6 (1) lit. f GDPR.
4. COOKIES
Below we describe the processing operations connected with usage of cookies, sessions and logfiles.
4.1. THE USE OF COOKIES, SESSIONS AND LOGFILES
Below we will describe the individual data processing operations regarding the use of cookies, sessions and logfiles.
A cookie is a small text file that is stored in your browser’s cache. Some features of our website cannot be offered without the use of technically necessary cookies. Other cookies allow us to conduct various analyses of your use of our website. For example, this allows us to greet you personally on your next visit, or to show you information that matches your interests in particular. Our contractual partners also use cookies to evaluate user behavior for the purposes of advertising optimization (known as “social targeting”). A session is a single visit that is then stored on our server for a short period. Logfiles are generated by the server and saved by us. They contain automatically maintained logs of all or certain actions or processes on a computer system.
Various types of cookies are used on our website. Their types and functions are clarified below.
Function 1: |
Essential cookies These cookies are required for technical reasons so that you can visit our website and use the functions we offer. This refers to the following applications, for example: The provider’s cookie consent, which saves the user’s consent status. These cookies also contribute to the safe and proper use of the website. |
Function 2: |
Statistics cookies Statistics cookies collect and report anonymous information to help website owners understand how visitors interact with websites. |
Function 3: |
Marketing cookies Marketing cookies (from third parties) make it possible to show you various offers that meet your interests. These cookies can be used to record the user’s web activity over a longer period. These cookies could possibly recognize you on different devices you use. |
Cookies, sessions and logfiles do not contain any security-relevant or personal data (with the exception of your IP address). In addition, these files cannot transmit viruses, spy on files on your computer, or secretly send out emails. Every web server can only read out the cookies that it has set itself.
The following data is automatically recorded by our computer system through cookies when you access our website and is technically necessary (essential):
- your internet address (IP address) / host name;
- agent/browser type and version;
- website from which you are visiting us (referrer URL);
- operating system used;
- website from which you are forwarded to other websites;
- pages accessed on our website;
- date and time that you accessed our website;
- session and session ID.
The data shall not be linked with any other item of your data that we possess.
The legal basis for processing using “technically necessary” cookies is our legitimate interests in the processing of your personal data in accordance with Article 6(1)(f) GDPR.
We need your consent for cookies that are not technically necessary or “third-party cookies” (more about these below). If you have given your consent to the use of cookies based upon information shared by us on the website (“cookie banner”), the legality of their use is also stipulated in Article 6(1)(a) GDPR. You can withdraw this consent for the future at any time by deactivating the cookies in your browser settings.
Session cookies are automatically deleted 24 minutes after you close the browser; all other cookies are automatically deleted after one year. Cookies from partners, e.g. Google, have a maximum term of 24 months.
4.2. PREVENTING THE STORAGE OF COOKIES
You can manage your cookie settings by configuring your browser settings.
Most browsers are set to accept cookies as standard. However, you can configure your browser to accept only specific cookies or no cookies at all. However, please note that you may not be able to use all of the functions of our website if its cookies have been deactivated in your browser. You can also delete cookies that have already been stored in your browser or view the storage period via your browser settings. Furthermore, you can set your browser to notify you before cookies are stored. Because different browsers can differ in the way they function, we ask that you please turn to your browser’s “help” menu for its configuration options.
4.3. TRACKING AND ANALYSIS TOOL
4.3.1. GOOGLE ANALYTICS
Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountainview, CA 94043 USA (“Google”), is used on this website. Google Analytics uses “cookies”, text files stored on your computer that enable analysis of how you use the website.
The cookie-generated information, for example about the time, location and frequency of your use of this website, is usually transmitted to and stored on a Google server in the United States. When using Google Analytics, it cannot be excluded that the cookies placed by Google Analytics could record other personal data in addition to your IP address. Please note that Google may also transfer this information to third parties where required by law or where third parties process this data on behalf of Google.
Google will use the information generated by cookies on our behalf for the purposes of analyzing how you use the website, compiling reports on website activity and providing further services related to website and internet use to us. By its own account, Google will not associate the IP address transmitted from your browser through Google Analytics with any other data held by Google.
It cannot be excluded that the cookies placed by Google Analytics could record other personal data in addition to your IP address. To prevent information about your use being recorded by Google Analytics and being transmitted to Google Analytics, you can download and install a plugin for your browser via the following link: tools.google.com/dlpage/gaoptout?hl=en.
This plugin prevents information about your visit to the website being transmitted to Google Analytics. This plugin does not prevent any other analysis.
By clicking this link, an opt-out cookie will be placed in your browser. This prevents information about your visit to the website being transmitted to Google Analytics. Please note that the opt-out cookie is only valid for this browser and only for this domain. If you delete cookies from your browser, the opt-out cookie will also be deleted. To continue preventing data being recorded by Google Analytics, you must click the link again. The use of the opt-out cookie is also possible as an alternative to the above mentioned plugin when using the browser on your computer.
Please note that you cannot use the above mentioned plugin when visiting our website using the browser on your mobile device (smartphone or tablet).
To guarantee the best possible protection for your personal data, this website uses Google Analytics with the “anonymizeIP” extension code. This code causes the last 8 bit of IP addresses to be deleted and your IP address will thus be anonymized when it is recorded (“IP masking”). If you are in a country that is a member state of the European Union or a contracting party to the Agreement on the European Economic Area, Google will generally truncate and thus anonymize your IP address before transmitting it. Only by way of exception will the full IP address be transmitted to a Google server in the United States and truncated there.
As part of the use of Google Analytics, personal data could be transmitted to countries outside of the EU/EEA, in particular to the USA. The Court of Justice of the European Union regards the USA as a country with an inadequate level of data protection according to EU standards. Due to the lack of an adequacy decision and without the appropriate guarantees, there is a risk in particular that your data could be processed by US authorities for control and monitoring purposes, possibly also without a means of redress. To guarantee adequate protection of your personal data in the case of transmission of personal data to third countries, we have concluded “EU-US standard contractual clauses” with Google. Moreover, we are in constant contact with Google to ensure the protection of your personal data with additional measures where necessary.
The legal basis for the use is your express consent (Article 6(1)(a) GDPR). You can withdraw this consent for the future at any time by deactivating the cookies in your browser settings or via the cookie banner. However, please note that if you do this you may not be able to use all functions of this website to their full extent.
The data retention period in Google Analytics is set to 50 months. The cookies placed by Google Analytics are valid for up to two years.
You can find general information about Google Analytics and data protection at: policies.google.com/
The names of the cookies are: _ga, _gat, _gid.
4.3.2. MATOMO
To tailor our website to your needs, we use the web analytics tool "Matomo". During this process, information about the use of our website is collected and transmitted to our server for analysis and storage. Your IP address is only processed in a shortened form during this process, thereby anonymizing it. If you do not want your usage of our website to be analyzed, you have the right to object to the processing of your data at any time. To do so, an opt-out cookie will be placed in your browser, which does not contain any usage data and causes Matomo not to collect any session data.
4.3.3. HOTJAR
We use Hotjar, a piece of analytics software provided by Hotjar Ltd. (Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta), for marketing purposes.
This software allows us to measure and analyze usage behavior on our website. Using Hotjar’s technology, we get a better understanding of our users’ experiences (e.g. how long users spend on which pages, which links they click, what they like and dislike) and this helps us to adjust our services according to our users’ feedback. Hotjar uses cookies and other technologies to capture data on our users’ behavior and their devices, in particular the device’s IP address (collected and stored during your use of the website in anonymized form only), screen size, device type (Unique Device Identifiers), information about the browser used, location (country only) and the preferred language used to display our website. You can find information about the precise data collected at https://www.hotjar.com/legal/policies/privacy.
Hotjar stores this information on our behalf in a pseudonymized user profile.
The information generated is transferred to the Hotjar servers in Ireland, where it is stored.
During your use of Hotjar, personal data may also be transferred outside the EU/EEA, in particular to the USA. The Court of Justice of the European Union regards the USA as a country with an inadequate level of data protection according to EU standards. Due to the lack of an adequacy decision and without the appropriate guarantees, there is a risk in particular that your data could be processed by US authorities for control and monitoring purposes, possibly also without a means of redress.
You can prevent your data being collected by deactivating Hotjar at https://www.hotjar.com/legal/compliance/opt-out.
The legal basis for its use is your expressly provided consent, Art. 6(1)(a) GDPR. You can withdraw this consent for the future at any time by deactivating the cookies in your browser settings or via the cookie banner. However, please note that if you do this you may not be able to use all functions of this website to their full extent.
Hotjar retains the data it receives for 365 days from the date of capture. After these 365 days have elapsed, the data will be automatically deleted. You can find more information about the data retention period at How long does Hotjar store my data? - Hotjar Documentation.
You can find more information about data protection during data processing by HOTJAR here: https://www.hotjar.com/legal/policies/privacy/."
4.4. GOOGLE REMARKETING
This Website uses the remarketing tools from Google. Google displays ads to users within the Google advertising network who have visited our websites and online services and are interested in a specific offer. The browser of the visitor uses for this purpose so called cookies, i.e. small text files which are saved on his/her computer and allow for being recognized when visiting sites belonging to the Google advertising network. At these sites the visitor will receive advertising ads, which may refer to content which he/she has visited before at websites which use the Google remarking tools. According to Google no futher personal data is being collected. If you however do not wish to have the Google remarketing functions, you can generally deactivate them under: www.google.com/settings/ads . Alternatively, you can deactivate the usage of cookies for interest related advertisements within the advertising network following the instructions under: www.networkadvertising.org/managing/opt_out.asp. For more information regarding Google Remarketing and the Google Privacy Policy, please visit: www.google.com/privacy/ads/ .
4.5. FACEBOOK PIXEL
This Website uses the Facebook Pixel from „Facebook“ (Facebook Inc., 1601 S. California Ave, Palo Alto, California 94304, USA). Facebook displays ads to users who have visited our websites and online services and are interested in a specific offer. Through the Facebook Pixel on our Website a direct connection to the servers of Facebook take place. Facebook uses cookies for this analysis. Facebook receives the information, that you have visited our website and assigns this information to your personal Facebook account. We have no influence on the scope and type of information including your personal data, which is transmitted to Facebook. For more information regarding your rights and possibilities to protect your data, please visit the Facebook Privacy policy at: www.facebook.com/about/privacy/. We alone do not transfer this data to Facebook. For more information please visits: www.facebook.com/policy.php, www.facebook.com/help/186325668085084 .
4.6. SOCIAL PLUGINS (FACEBOOK, GOOGLE+, TWITTER AND YOUTUBE)
On our Website we use social plugins of the social networks “Facebook” (Facebook Inc., 1601 S. California Ave, Palo Alto, California 94304, USA), “Google +” (Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Irland), “Instagram” (Instagram Inc., 1601 Willow Rd Menlo Park CA 94025 USA) and “Twitter” (Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA) and “Youtube” (YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066 USA) These services are offered by the respective companies (“providers”). As part of our online presence, the social plugins are marked by the respective buttons belonging to the service. Based on the data transmitted via the social plugins to the respective service, this can assign certain personal data you to your Facebook, Google+, Twitter and/or Instagram account. In order to increase the protection of your data on our website, the social plugins are integrated on our website by means of the so-called “2-click-Solution”. This ensures that when you call a page of our website that contains such social plug-ins, no automatic connection to the servers is made by the respective providers.
The function of the respective social plug-in is activated in two stages. To activate a social plug-in, you have to click on the link on our website. This activates the social plug-in and your browser connects to the servers of the respective provider. With a second click you can now interact with the social plug-in and, for example, submit your recommendation. If you are already logged in to one of the social networks of the providers, the providers can directly assign the visit to this website to your profile. If you interact with the social plugins by clicking on them, the corresponding information is also transmitted directly to a server of the provider and stored there. The information may also be published to the social network and displayed under your contacts. If you would like to prevent such direct assignment of your data collected via our website to your profile, you must unsubscribe from your account of the respective provider before you visit our web pages.
The scope and purpose of the data collection by the respective service as well as the further processing and use of your data, please refer to the data protection information directly from the website of the service. You will also receive further information about your privacy rights and setting options to protect your privacy.
a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA www.facebook.com/policy.php www.facebook.com/help/186325668085084
b) Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Irland https://www.google.com/policies/privacy/partners/?hl=de
c) Twitter Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA Https://twitter.com/privacy?lang=de
e) Instagram Inc., 1601 Willow Rd Menlo Park CA 94025 USA help.instagram.com/155833707900388
f) Youtube 600 Amphitheater Parkway, Mountain View, California 94043, USA www.youtube.com/t/privacy
4.7. FONTS.COM
This Website uses „fonts.com“, a fonts service from Monotype GmbH, Horexstraße 30, 61352 Bad Homburg („fonts.com“). Every time this Website is accessed, files are uploaded from a “fonts.com” server in order to portray texts in a particular font. In this process, your IP address may be transferred to a “fonts.com” server and stored as part of the usual weblog. Responsibility for further processing this information lies with “fonts.com”; please refer to data protection of “fonts.com” (LINK: www.monotype.com/legal/privacy-policy) for the corresponding conditions and setting options.
4.8. Google reCAPTCHA
In order to ensure sufficient data security when transmitting forms, we use the reCAPTCHA service of the Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, in certain cases. This is particularly to distinguish whether the input is provided by a natural person or abusively by machine and automated processing. The service includes the sending of the IP address and, if necessary, additional data required by Google for the reCAPTCHA service to Google. For this purpose, the different data protection provisions of Google Inc. apply. Further information on Google’s privacy policy can be found at http: //www.google.de/intl/de/privacy or https://www.google.com/intl/de/policies/privacy/
4.9. PREVENTION OF COOKIES
If you object to the use of cookies, sessions and logfiles, you can block or restrict their usage in your browser. However, it cannot be ruled out that in this case you might not be able to use individual functions on our webpages.
Upon closing your browser, the session-cookies are deleted, other cookies after one year. Cookies from our Partners, ex. Google (4.4) are deleted maximally after 24 months. You can deactivate the usage of cookies by Google by means of visiting the deactivating site of Google. Alternatively, you may deactivate the usage of third party cookies by means of visiting the deactivating site of the network initiative.
4.10. LEGAL BASIS
The processing activities described above are necessary for the purposes of legitimate interests pursued by us. The legal basis for this data processing is Article 6 (1) lit. f GDPR.
5. FAN PAGES ON FACEBOOK, INSTAGRAM, YOUTUBE, GOOGLE+, XING AND TWITTER
We operate fan pages on the social media channels: Facebook, Instagram, YouTube, Google+, Xing and Twitter. Operating these fan pages, we are joint controllers within the meaning of Art. 5 Sec. 7 GDPR together with the operators of these networks. If you visit our fan pages, the controllers will process certain personal data. We have agreements with the operators of these networks, which among others regulate the conditions for using these pages. We have integrate separate Data Protection Policies on our fan pages, where you can read more about your personal data.
6. DATA SECURITY AND PRECAUTIONARY MEASURES
We are committed to protecting your privacy and treating your personal data confidential. In order to avoid any manipulation, loss or misuse of your data stored by us, we take extensive technical and organizational security measures that are regularly reviewed and adapted to technological progress. Intensive training of our employees and their obligation to data security ensure that your personal data is treated confidential.
6.1. RESPONSIBILITY OF THE USER
We urge you to also take all possible measures to protect your data while working on the internet. Due to the structure of the internet, it is not possible for us to ensure that third parties, which are not within the scope of our responsibility, adapt identical privacy and security measures. Possibly if personal data is not encrypted or is sent per email it may be seen or read by third parties. Hereto we have no impact. It is the responsibility of the User, to secure his/her data via encryption or by other means.
6.2. ENCRYPTION
We use the SSL (Secure Sockets Layer) to encrypt your data on all Websites which require providing personal data. SSL encryption masks your data before transmitting it to our server, in such a manner that it cannot be reconstructed by third parties. This safeguards the privacy of your personal data.
6.3. TECHNICAL SECURITY MEASURES AT ORTOVOX
Encryption of sensitive data transfer with SSL certificates by GMO GlobalSign Ltd., Springfield House, Sandling Road, Maidstone, ME142LP, Great Britain.
• Server security: a firewall system protects our servers against attacks.
• An internal security system and authorisation concept make sure that your sensitive data are not accessible to our employees unless they have a special authorisation.
7. SERVICE PROVIDERS FOR PROCESSING PERSONAL DATA
We employ service providers, who process personal data on our behalf and only on our instruction. The service providers are required to comply with all data protection regulations and to process data in accordance with our instructions. Our service providers have been carefully selected and receive access to your personal data only to the extent and for the time necessary to carry out their services. Service providers in third countries such as the USA and countries outside the European Economic Area are subject to data protection regulations, which do not protect personal data to same extent as in the European Union. Should we process your personal data in countries, which do not provide such a high level of data privacy as in the European Union, then we will ensure by means of contractual regulations and other instruments that your that your personal data is safe and adequately protected.
8. STORAGE PERIOD
Your data will be stored only for the period of time required by law. Your data will be erased, when you have withdrawn your consent for processing your data or the purposes of processing your data have been obtained or when the processing is no longer legitimate for any legal reasons. Any retention periods required by law shall remain unaffected. During the statutory retention periods your data will not be processed for other purposes.
9. RIGHTS CONCERNED
From the GDPR, the following rights arise for you as an affected person for the processing of your personal data:
9.1. RIGHT OF ACCESS
According to art. 15 GDPR, you can request information about your personal data processed by us. In particular, you may request information on the source of the data, the recipients of this data or categories of recipients, as well as the processing purposes.
9.2. RIGHT OF OBJECTION
If the processing of personal data is based on your consent, you may object to this processing for the future, at any time and without any reason. To do so please send an email to: info@ortovox.com or a letter to: ORTOVOX Sportartikel GmbH, Rotwandweg 5, 82024 Taufkirchen.
9.3. RIGHT TO RECTIFICATION
In accordance with art. 16 GDPR, you can immediately request the rectification of incorrect or the completion of your personal data stored by us.
9.4. RIGHT TO ERASURE OR RESTRICTION
In accordance with art. 17 GDPR, you may request the deletion of your personal data stored by us. The personal data will be deleted within 7 working days from your request. Any retention periods required by law shall remain unaffected. If your data may not be deleted due to retention periods, only a restriction of processing may be applied. Upon deleting your data, no access right may be granted.
9.5. RIGHT TO DATA PORTABILITY
According to art. 20 GDPR, you may request to receive your personal data that you have provided to us in a structured, common, and machine-read format, or you may request the transfer to another responsible person, insofar this is possible to due technical means.
In accordance with art. 7 (3) GDPR, you can revoke your once given consent to us at any time. As a result, we are not allowed to continue the data processing based on this consent for the future. In such an event you may not access our company sight.
9.6. RIGHT TO OBJECT
According to Art. 21 (1) GDPR you have a right to object for the future, at any time, the processing of personal data based on Article 6 (1) lit. (e) and (f) GDPR.
9.7. AUTOMATED INDIVIDUAL DECISION-MAKING, INCLUDING PROFILING
We inform that no automated decision-making, including profiling, as referred to in Article 22 (1) and (4) GDPR is applied
9.8. EXERCISING THE RIGHTS CONCERNED
To exercise the aforementioned rights, please contact us per email at: info@ortovox.com or per mail to: ORTOVOX Sportartikel GmbH, Rotwandweg 5, 82024 Taufkirchen, Germany. Your personal data (possibly your email, name and telephone number) will be processed in order to answer your questions or respond to your concern. This data will be deleted if no longer necessary; in the event of statutory retention periods – the processing may only be limited.
10. COMPLAINT TO A SUPERVISORY AUTHORITY
According to art. 77 GDPR, you have the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of stay, your workplace or our company headquarters.
LAST UPDATED: Mai 2023
Supplement to the data protection declaration
Data protection information for the cooperation between ORTOVOX and Sportco
Sportco takes over the sale and dispatch of the goods we offer. We transmit your personal data to Sportco for the conclusion and implementation of the purchase contract for the goods ordered. We have concluded a data protection contract with Sportco on joint responsibility within the meaning of Art. 26 GDPR.
1. Designation of those jointly responsible
The following are jointly responsible for the processing of your personal data:
ORTOVOX Sportartikel GmbH,
Rotwandweg 5,
D-82024 Taufkirchen
Phone: + 49- (0) 89-666 74 0
Fax: + 49- (0) 89-666 74 20
Email: info@ortovox.com
and
Sportco AG,
Worblentalstrasse 28,
CH-3063 Ittigen,
Phone: +41 (0) 31 925 15 15
Email: info@sportco.ch
2. Responsibility with regard to the processing of personal data
The responsible parties are jointly responsible for your personal data. Your personal data provided on the ORTOVOX website will be transmitted to Sportco by ORTOVOX to the extent necessary for sales and shipping. In addition, Sportco is integrated into some ORTOVOX processes in order to ensure that your order is processed and processed, as well as the handling of complaints.
ORTOVOX assumes the necessary information obligations, e.g. Art. 13 GDPR. The rights of those affected can be asserted against ORTOVOX, e.g. right to information Art. 15 GDPR, right of objection Art. 21 GDPR. In addition, ORTOVOX ensures the technical and organizational measures for data processing.
Regardless of this agreement between those responsible, you can of course also assert your rights under the GDPR directly against Sportco. Your request will be forwarded to us immediately.
3. Legal basis for processing
The processing of your personal data serves the purpose of carrying out pre-contractual measures or the fulfillment of a contract on the basis of Art. 6 Para. 1 lit. b GDPR.
4. Personal data
With regard to the data to be processed, reference is made in particular to Sections 3.2.1., 3.2.2. and 3.2.6. referred to in this data protection declaration.
5. Storage
Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. If the data collected is not used to conclude a contract with you, this is the case for the data collected during the registration process if the registration on our website is canceled or changed.
With regard to data that was collected during the ordering process to fulfill a contract or to carry out pre-contractual measures, this is the case when the data is no longer required for the execution of the contract. Even after the conclusion of the contract, it may be necessary to store personal data of the contractual partner in order to meet contractual or legal obligations, such as those resulting from the limitation periods for warranty claims or from tax retention obligations.
6. Rights of data subjects
You basically have the following rights:
Right to information (Art. 15 GDPR)
Right to correction (Art. 16 GDPR)
Right of objection (Art. 21 GDPR)
Right to deletion (Art. 17 GDPR)
Right to restriction of processing (Art. 18f. GDPR)
Right to data portability (Art. 20 GDPR)
You have the right to revoke your consent at any time with effect for the future without affecting the legality of the processing carried out on the basis of the consent up to the time of revocation.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority.