DATA SECURITY
I Introduction
We are delighted that you are visiting our website. We respect your privacy. Data protection and data security when using our website are very important to us. In this data privacy policy, we would like to inform you about the extent to which data is collected when using our website and for what purposes we use this data. We also want to inform you about your rights in this regard.
II General Information
Hereinafter, we inform you in accordance with Article 13 of the General Data Protection Regulation (GDPR) about the collection of personal data when using our website. Personal data includes all data that can be personally related to you, such as name, address, email addresses, user behaviour.
The controller pursuant to Article 4 (7) of the GDPR is
CHARMANT GmbH Europe
Zielstattstraße 34
81379 Munich
Germany
Email: info(at)charmant.de
https://www.charmant.com/e/legalnotice
You can reach our data protection officer at:
Bugl & Kollegen Gesellschaft für Datenschutz und Informationssicherheit GmbH
Alexander Bugl
Eifelstr. 55
93057 Regensburg, Germany
Email: kontakt@buglundkollegen.de
III Your rights
If personal data about you is processed as a user, you are considered a data subject in accordance with the GDPR. Data subjects have the following rights against the controller:
- Right of access (Article 15 GDPR)
- Right to rectification and right to erasure of personal data (Articles 16, 17 GDPR)
- Right to restriction of processing (Article 18 GDPR)
- Right to notification regarding rectification or erasure of your personal data or the restriction of its processing (Article 19 GDPR)
- Right to data portability (Article 20 GDPR)
- Right to object (Article 21 GDPR)
- Right to withdraw consent given. The legality of the data processing carried out until consent withdrawal shall not affect the lawfulness of processing based on consent before its withdrawal (Article 7 (3) GDPR)
- Right to lodge a complaint with a supervisory authority (Article 77 GDPR)
Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18
91511 Ansbach, Germany
Email: poststelle@lda.bayern.de
IV Hosting
The hosting services we use (services for the operation and provision of the website) serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, email delivery, security services, and technical maintenance services that we use for the purpose of operating this website.
In this process, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta- and communication data of customers, interested parties, and visitors to this online platform based on our legitimate interests in an efficient and secure provision of this website in accordance with Art. 6 para. 1 lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of a data processing agreement).
V Accessing our website
When using the website for purely informational purposes, i.e., if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security:
- IP address
- Date and time of the request
- Time zone difference with Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Each transferred data volume
- Website from which the request originates
- Browser
- Operating system and its interface
- Language and version of the browser software.
In some cases, we may also use another service provider to display the data privacy policy. An embedding code is used in this process, through which your IP address is transmitted to the aforementioned service provider (preeco GmbH). We process your data for a limited time period based on our legitimate interest to initiate a derivation of personal data in the case of unauthorised access or access attempts to local servers, to properly display the data privacy policy, and to load our deployed fonts from our own server (Art. 6 para. 1 lit. f GDPR).
VI Contacting us
a. Nature and Purpose of Processing
The data you enter in the contact form will be stored for the purpose of individual communication with you. For this, the provision of a valid email address and your name is required. This is necessary for the allocation of the inquiry and the subsequent response. Provision of additional data is optional.
Furthermore, if you contact us via email or phone, we process the contact information you provide to address your inquiry.
b. Legal Basis for Processing
The processing of your personal data is based on a legitimate interest (Art. 6 para. 1 lit. f GDPR). By providing the contact form, we make it easy for your to contact us. The information you provide is stored for the purpose of processing the inquiry and for possible follow-up questions. If you contact us to request a quote, the processing of the provided data is carried out to perform pre-contractual measures (Art. 6 para. 1 lit. b GDPR).
c. Data Categories
Salutation, Title, First Name, Surname, Company, Phone Number, Email Address, Subject, Your Message
d. Recipients
Recipients of the data are internal employees of CHARMANT GmbH Europe and, if applicable, data processors.
e. Data Retention
Data will be deleted no later than 6 months after processing the inquiry. If a contractual relationship is established, we are subject to the statutory retention periods of the German Commercial Code (HGB) and will delete your data after the expiration of these periods.
f. Legal/Contractual Requirement
The provision of your personal data is voluntary. However, we can only process your inquiry if you provide us with your name, email address, and the reason for the inquiry.
g. Third-Country Transfer
Processing does not occur outside the European Union (EU) or the European Economic Area (EEA).
h. Right to Object
You have the right to object to the processing of your personal data at any time. You can inform us of your objection at any time through the contact option provided at the beginning of this data protection policy.
i. Automated Decision-Making and Profiling
As a conscientious company, we refrain from automated decision-making or profiling in this data processing.
VII Use of cookies
In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive in association with the browser you are using, and through which certain information flows to the entity that sets the cookie (in this case – us). They are used to make the overall internet offering more user-friendly and effective. We distinguish between two categories of cookies: (a) essential cookies, without which the functionality of our website would be restricted, and (b) optional cookies for website analysis and marketing purposes. The use of optional cookies is based on your consent (Art. 6 para. 1 lit. a GDPR). In our cookie banner, we describe in detail the optional cookies used on this website.
VIII Consent management Klaro
Which cookie banner do we use?
This website uses Klaro, a technology from KIProtect GmbH, Bismarckstr. 10-12, 10625 Berlin, Germany, to obtain your consent for the storage of certain cookies on your device and to document them in compliance with data protection regulations.
Klaro is used to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6 para. 1 sentence 1 lit. c GDPR.
When you visit our website, the Klaro cookie stores the status of which service is activated or deactivated (this is not personal data).
IX Matomo
a. Nature and Purpose of Processing
This website uses Matomo (formerly Piwik), an open-source software for statistical evaluation of visitor access. The provider of the Matomo software is InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand. Matomo uses cookies, text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of the website is stored on Matomo's servers. The IP address is anonymised immediately after processing and before storage. You have the option to prevent the installation of cookies by changing the settings of your browser software. We would like to point out that, with the appropriate settings, not all functions of this website may be available to you. You can decide whether a unique web analysis cookie may be stored in your browser to enable the website operator to collect and analyse various statistical data. For more information on the privacy settings of Matomo software, please visit the following link: https://matomo.org/docs/privacy/.
b. Legal Basis for Processing
The processing of data is based on the user's consent (Art. 6 para. 1 lit. a GDPR).
c. Data Categories
IP address, timestamp, browser, etc.
d. Recipients
Recipients of the data are internal employees of the marketing department and Matomo as the data processor. We have concluded the corresponding data processing agreement with Matomo for this purpose.
e. Storage Periods
Data is deleted as soon as it is no longer necessary for our recording purposes.
f. Legal / Contractual Requirement
The provision of your personal data is voluntary, solely based on your consent. If you prevent access, this may result in functional restrictions on the website.
g. Third-Country Transfer
The processing takes place outside of the European Union (EU) or the European Economic Area (EEA) because Matomo is based in New Zealand. For New Zealand, the European Commission has issued an adequacy decision pursuant to Art. 45 (3) GDPR.
h. Withdrawal of Consent
You can revoke your consent to the storage of your personal data at any time effective for the future. You can prevent the storage of cookies by adjusting your browser software accordingly; however, we would like to point out that, in this case, you may not be able to use all the functions of this website to their full extent.
i. Automated Decision-Making and Profiling
With the help of the tracking tool Matomo, the behaviour of website visitors can be evaluated, and interests can be analysed. For this purpose, we create a pseudonymous user profile.
X Newsletter
a. Nature and Purpose of Processing
Your data will only be used to deliver the subscribed newsletter to you by email. Providing your name is done to address you personally in the newsletter and, if necessary, to identify you in case you wish to exercise your rights as the data subject. To receive the newsletter, provision of your email address is sufficient. When subscribing to our newsletter, the data you provide is used exclusively for this purpose. Subscribers may also be informed via email about circumstances relevant to the service or registration (e.g., changes to the newsletter offer or technical conditions). For effective registration, we require a valid email address. We use the "double opt-in" option to verify that a registration is actually made by the owner of an e-mail address. For this purpose, we log the subscription to the newsletter, the sending of a confirmation email, and the receipt of the requested response. No further data is collected. The data is used exclusively for newsletter delivery and is not disclosed to third parties.
b. Legal Basis for Processing
Based on your expressly granted consent (Art. 6 para. 1 lit. a GDPR, Art. 7 GDPR in conjunction with § 6 para. 2 TTDSG (Telekommunikation-Telemedien-Datenschutz-Gesetz)), we will regularly send you our newsletter or comparable information by email to your specified email address.
c. Data Categories
Email address, names
d. Recipients
Recipients of the data are internal employees of the marketing department and Brevo as data processor.
e. Storage Periods
The data is processed in this context only as long as the corresponding consent is available. After that, it will be deleted.
f. Legal / Contractual Requirement
The provision of your personal data is voluntary, solely based on your consent. Without your existing consent, unfortunately, we cannot send you our newsletter.
g. Third-Country Transfer
Processing does not take place outside the European Union (EU) or the European Economic Area (EEA).
h. Withdrawal of Consent
You can revoke your consent to the storage of your personal data and its use for newsletter delivery at any time with effect for the future. Each newsletter contains a corresponding link for this purpose. You can also unsubscribe directly on this website or inform us of your withdrawal through the contact information provided in these data privacy policy.
i. Automated Decision-Making and Profiling
As a responsible company, we refrain from automatic decision-making or profiling for this data processing.
XI Social Media Presence
We maintain online presences within social networks to inform users about our services and, if they express interest, to communicate with them directly via these platforms. Currently, we are present on the following networks:
- Facebook: www.facebook.com/charmantgroup
- Instagram: https://www.instagram.com/charmant_eyewear_europe/
- YouTube: https://www.youtube.com/user/CharmantGroupInt
- LinkedIn: https://www.linkedin.com/company/charmant-group
All our social media channels can be accessed by visitors to the website only through an external link. We do not use plugins or other interfaces on our website that the respective networks offer for embedding their offerings on websites.
We have no influence on the collection of data and its further use by social networks. Therefore, we have no knowledge about the extent to which, where and for how long the data is stored, the extent to which the networks comply with existing deletion obligations, what evaluations and links are made with the data, and to whom the data is passed on. We explicitly point out that the user data (e.g., personal information, IP address) is stored and used by the network operators according to their data usage policies and for business purposes.
We process the data of users on social media platforms insofar as users come into contact and communicate with us, for instance, through comments or direct messages.
Legal basis for processing user data is Art. 6 para. 1 lit. b and f GDPR.
- YouTube
You can access the social media networks Facebook and Instagram via external links on our website. All functions in the social media network are offered by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland. The channels are accessible only through an external link. If you are logged into your own Facebook or Instagram profile and visit our social media channel, Facebook can associate your visit with your logged-in profile. If you do not wish to associate your user account with your IP address, please log out of your Facebook or Instagram account before using our website.
For further information on the processing of your data, please refer to the data privacy policy of Facebook: https://facebook.com/privacy/explanation, of YouTube: https://policies.google.com/privacy?hl=en, of LinkedIn: https://www.linkedin.com/legal/privacy-policy? and to our https://facebook.com/privacy/explanation.
XII Facebook Fan Page
CHARMANT GmbH Europe operates an online presence on Facebook, a so-called Facebook fan page. The following additional information on data processing applies to visits to our fan page. Information on Facebook data protection can be found here: https://www.facebook.com/about/privacy/
1. Joint Responsibility, Contact Details, Data Protection Officer: For the operation of our Facebook fan page, we are jointly responsible with Facebook according to Art. 26 GDPR. To this end, we have established an agreement with Facebook determining the obligations regarding data protection. This agreement can be accessed here: https://www.facebook.com/legal/terms/page_controller_addendum. According to this agreement, Facebook is primarily responsible for providing the data subject with information about joint processing and enabling them to exercise their data protection rights. Irrespective of this, we hereby inform you about your visit to our fan page.
Our contact details are:
CHARMANT GmbH Europe
Zielstattstraße 34
81379 Munich
Germany
Email: info(at)charmant.de
You can reach Facebook at:
Meta Platforms Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2
Ireland
You can contact Facebook online here: https://www.facebook.com/legal/terms?ref=pf
Our data protection officer can be reached at:
Bugl & Kollegen Gesellschaft für Datenschutz und Informationssicherheit GmbH
Alexander Bugl
Eifelstraße 55
93057 Regensburg
Germany
Email: kontakt@buglundkollegen.de
You can reach Facebook's data protection officer at: https://www.facebook.com/help/contact/540977946302970
2. Collection and Storage of Personal Data, Nature and Purpose of Use:
a) Data collected by Facebook:
If you are a Facebook user, Facebook collects the data described in the Facebook data policy under "What types of information do we collect?" If you are not a Facebook user, identifiers may still be stored in your browser as so-called tracking cookies, allowing tracking of your user behaviour. Typically, when visiting Facebook, user data is processed by Facebook for market research and advertising purposes. Complex user profiles are created based on user behaviour, including visits to our Fanpage, which Facebook can use to display personalized advertisements to the visitor within and outside of Facebook. For more information, see the Facebook data policy. If you disagree, you can object here (Opt-Out).
b) Data used by us ("Page Insights") and Legal Basis:
Facebook provides us with statistics and usage data, known as "Page Insights," that allow us to analyse the use of our fan page. This enables us to continuously improve our offers on Facebook. We, as operators, do not make decisions regarding the processing of insights data and all other information resulting from Art. 13 GDPR, such as the storage duration of cookies on user devices. Primary responsibility for processing insights data, according to the GDPR, lies with Facebook, and Facebook fulfils all obligations under the GDPR regarding the processing of insights data.
As the page administrator, we have no other way of analysing user behaviour on our fan page and this includes user tracking. It is fundamentally not possible for us to identify the visitor to the fan page based on the page insights. In particular, in accordance with the agreement, we have no right to request Facebook to disclose individual visitor data to us. Identification is only possible for us if we can assign individual profile pictures with "Like" indications for the page; however, this is only possible if our fan page has been marked with "Like" by the respective visitor, and the "Like" indications are set to "public."
Information about what information Facebook uses to create Page Insights can be found here.
The operation of the Facebook fan page and the use of page insights serve our legitimate interest in an effective external presentation and efficient communication with our customers and prospects. This interest justifies the operation of the page both in relation to the legitimate interests of Facebook users and in relation to visitors to our fan page who do not have a Facebook account. Accordingly, the legal basis is Art. 6 para. 1 lit. f) GDPR.
3. Disclosure of Data to Third Parties:
Data collected by Facebook is exchanged and processed throughout the entire Facebook Group. The Facebook Group also includes, for example, Instagram, WhatsApp, and Oculus. Thus, information collected via Facebook is used, for example, to display personalized advertising to the user on Instagram or to use data from WhatsApp to combat spam on Facebook. Information in this regard can be found in the Facebook data policy under "How do the Meta Companies work together?". When processing data by Facebook, it may lead to the transfer of user data outside the European Economic Area (EEA), especially to the United States.
4. Right to Object:
If your personal data is processed based on legitimate interests according to Art. 6 para. 1 lit. f GDPR, you have the right to object to the processing of your personal data according to Art. 21 GDPR, provided there are reasons arising from your particular situation, or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which we will implement without you specifying a particular situation. If you wish to exercise your right of withdrawal or objection, simply send an email to info@charmant.de is sufficient.
5. Data Subject Rights:
You have the right to revoke your consent to us at any time. This results in us not being allowed to continue the data processing based on this consent in the future. Furthermore, you have the right of access to information according to Art. 15 GDPR, the right to rectification according to Art. 16 GDPR, the right to erasure according to Art. 17 GDPR, the right to restriction of processing according to Art. 18 GDPR, and the right to data portability according to Art. 20 GDPR. In addition, there is a right to lodge a complaint with a supervisory authority (Art. 77 GDPR). In principle, you can assert your rights as a data subject against both Facebook and us. As only Facebook has direct access to your user data, you can assert your data subject rights most effectively against Facebook.
XIII Registration on our Website
a. Nature and Purpose of Processing
When registering to use our personalized services, some personal data is collected, such as name, address, contact, and communication data (e.g., phone number and email address). If you are registered with us, you can access content and services that we offer only to registered users. Registered users also have the option of changing or deleting the data provided during registration at any time if needed. We will of course provide you with information about the personal data we have stored about you at any time.
b. Legal Basis of Processing
The processing of data entered during registration is based on the user's consent (Art. 6 para. 1 lit. a GDPR).
c. Data Categories
Customer number, company, salutation, first name, last name, phone number, email address, address.
d. Recipients
Recipients of the data are internal employees of CHARMANT GmbH Europe.
e. Storage Periods
Data is processed in this context only as long as the corresponding consent exists. Thereafter, it will be deleted, provided there are no legal retention obligations to the contrary. To contact us in this regard, please use the contact details provided at the beginning of this data privacy policy.
f. Legal / Contractual Requirement
The provision of your personal data is voluntary, solely based on your consent. Without the provision of your personal data, we cannot grant you access to the content and services we offer.
g. Third-Country Transfer
Processing does not take place outside the European Union (EU) or the European Economic Area (EEA).
h. Withdrawal of Consent
You can revoke your consent to the storage of your personal data at any time with effect for the future. You can inform us of your withdrawal at any time using the contact information provided at the beginning of this data privacy policy.
i. Automated Decision-Making and Profiling
As a responsible company, we refrain from automatic decision-making or profiling in this data processing.