Privacy Policy

Privacy Policy

Status: June 2021

As edding International GmbH and operator of the www.eddingexpo.com website, we take the protection of your data very seriously. In the following, we would like to inform you of the extent and the purpose for which we collect and process your personal data on our website www.eddingexpo.com (hereinafter referred to as “Website”).

1.           General; Definitions

Our Privacy Policy is based on the terms used in the General Data Protection Regulation (GDPR). In this Privacy Policy we use the following terms, among others:

Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (see Art. 4 No. 1 GDPR).

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (see Art. 4 No. 2 GDPR).

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data (see Art. 4 No. 7 half-sentence 1 GDPR).

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller (see Art. 4 No. 8 GDPR).

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data (see Art.. 4 No. 10 GDPR).

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her (see Art. 4 No. 11 GDPR).

 

2.           Responsibility and Contact

The controller who processes personal data within the meaning of the GDPR is:

edding international GmbH (hereinafter referred to as “edding”, “we”, “us”)

Bookkoppel 7,
22926 Ahrensburg

Tel.: 04102 8080
online@edding.de

With this Privacy Policy, we comply with our obligation to inform you about the scope and purposes of processing your personal data in accordance with Art. 12 – 14 GDPR.

If you would like to review and update your personal data or have any questions about data protection on our platform, please contact us at any time via our e-mail address online@edding.de or by post at the above address.

You can reach our data protection officer

via e-mail: datenschutzedding.de

 

3.           Processing of your Personal Data

The scope and the nature of processing of your personal data differs depending on whether you contact us via our platform, use our (interactive) functionalities offered on the Website or only wish to use our Website for information purposes. With regard to the data processing described below, you can assert your rights as a data subject (see section 7) at any time. 

  • Collection through your Active Collaboration

In connection with the use of this platform, we collect and store your personal data when you provide it to us, e.g. during registration. It is always your free decision whether you provide us with your personal data for the relevant purposes.

  • Inquiries via E-Mail

If you send us an e-mail, your e-mail address and any personal content contained in the message will be stored by us (legal basis is Art. 6 No. 1 f) GDPR). We do this only to be able to process your request. We will delete the data in question after the intended processing purpose has been achieved. Also with regard to this data processing, you can assert your rights as a data subject (see section 7) at any time, in particular you can object to the corresponding data processing.

  • Entry in a Competition

Occasionally, competitions will be held on the Website and on Instagram for a certain period. When competitions are held, edding will process personal data relating to entrants in order to carry out the competition. This includes in particular the following data:

When entering via Instagram

  • User name;
  • Entry to the competition (the painting created and uploaded via Instagram and the respective hashtag);
  • In case you win (and you provide us with these information after you received a winning notification): Name and Surname as well as your address.
  • Information about the acceptance of the “Terms and Conditions” and the “Usage Right Request”.

When entering via direct upload on our Website:

  • Your Display Name
  • Image Description
  • E-Mail-Address
  • Entry to the competition (the painting created and uploaded on our Website)
  • In case, you win (and you provide us with this information after you received a winning notification): Name and Surname as well as your address.
  • Information about the acceptance of the “Terms and Conditions” and the “Usage Right Request”.

The personal data will be stored, processed and used for the purpose of carrying out and handling the respective competition. This includes, in particular, the evaluation of the entry to the competition, checking whether the Terms and Conditions are being adhered to, notification of the winner and delivery. The legal basis for the processing is Art. 6 No. 1 b) GDPR.

If necessary, your data may be passed on to shipping service providers in compliance with applicable data protection laws.

Insofar as the winner or winners are announced on the Website by presenting the painting on our Website or Instagram while mentioning your User Name/ Display Name, this is done on the basis of the concluded Usage Right Request and therefore in accordance with Art. 6 No. 1 b) GDPR.

  • Collection without your Collaboration

We record and use personal data, which is generated automatically when you visit our Website to provide our services.

3.2.1    Logfiles and (session) cookies

If you visit our Website, our servers will record your personal data temporarily in logfiles as follows:

  • Your computer’s IP address
  • The client’s file request (filename and URL)
  • http status code
  • The website you are visiting us from

We process your personal data based on our legitimate interest in discovering abuse (spam, viruses etc.) and detecting and correcting problems (legal basis is Art. 6 (1) f) GDPR).

At a number of points, our Website also uses ‘cookies’ to make our product more user-friendly and effective. Cookies are little text files which aim to put our Website on your computer and/or other Internet-capable devices like tablets or smartphones. If your browser settings accept cookies, your browser will add this text in a little file.

The cookies we use are necessary for our Website to work and perform unless this Privacy Policy says otherwise. There are two different kinds of cookies, which sites may use, ‘session cookies’ and ‘persistent cookies’. Session cookies are temporary, staying on your device until you leave our Website again, while persistent cookies remain on your device or until you delete them manually, even once you leave. (How long a cookie remains on your device depends on how long its ‘lifetime’ is.) This includes such things as cookies, which enable you to register for the protected area of our Website. We use the information in the cookies we need solely to offer you the services and functions you want.

Cookies themselves do not damage your computer, and do not contain any viruses. You can set your browser so these cookies cannot be saved in the first place or are deleted when your Internet session ends, but please remember in that case you may not be able to use everything our Website can do.

3.2.2    Matomo

Our Website uses Matomo, a web analysis service of InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, to analyse user behaviour so we can improve our Website constantly. We can use the statistics this obtains to improve our offer and design it so it is more interesting to you as a user. Legal basis for the use of Matomo is Art. 6 (1) f) GDPR.

Matomo sets cookies in your local browser: the information they collect is saved solely on our server in Germany as follows:

  • One byte (the last three digits) of the calling user’s system
  • The website being called
  • The website from which the user got to the website called (referrer)
  • The subsites called from the website you called
  • How long you stay on our website (dwell time)
  • How often you call.

This Website uses Matomo via a ‘privacy manager’ plug-in which abbreviates IP addresses before processing them any further so they cannot be traced to any individual. We do not combine the IP address Matomo sends us from your browser with any other data we collect.

We run our web analysis software on our own servers and do not transfer any use data on to any third parties except when using our technical support (e.g. in the course of software updates).

You can prevent cookies being used for web analysis purposes by switching off the tracking in the form below. Matomo also observes the ‘Do not track’ setting which many modern browsers can do globally.

Matomo is an open-source software supported by many developers from different countries and with different technical backgrounds. To find out more about Matomo, visit www.matomo.org.

You have an option to prevent what you do here being analysed. This protects your privacy, but it means we cannot learn from what you do and make our Website more user-friendly for you and other users.

Matomo Web Analytics is currently recording you visiting this Website. Untick this box to opt out.

3.2.3      Google Tracking and Marketing Tools

Our Website uses tracking and marketing tools by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (‘Google’).

If you are normally resident in the European Economic Area or Switzerland, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is the controller for your data.

If you consented expressly to the data processing described in sections 3.2.3.1 – 3.2.3.3 (Art. 6 (1) a) GDPR), Google will generate the information its services require using cookies. This data is normally sent to one of Google’s servers in the USA and saved there. To guarantee an EU-equivalent level of data protection, we have concluded EU standard contract clauses with Google EU (Art. 46 (2) c) GDPR) under which Google agrees to comply with European data protection standards.

There are a number of ways you can stop cookies being used, as follows:

  • By setting your browser software accordingly: in particular, suppressing third party cookies means you will not receive any third party ads. But please note you may not then be able to use all the functionalities we offer in full;
  • By installing the plug-in Google provides at https://www.google.com/settings/ads/plugin;
  • By deactivating the interest-related ads of providers who belong to the About Ads campaign via http://www.aboutads.info/choices. This setting will then be deleted when you delete your cookies.

To find out more about data protection when using Google Analytics, go to https://support.google.com/analytics/answer/2838718?hl=de&ref_topic=6010376. To find out more about protecting your data when using Google services, you can also visit:

https://www.google.com/analytics/terms/de.html

https://policies.google.com/?hl=de

3.2.3.1   Google Analytics

We use Google Analytics on our Website. Google Analytics saves cookies in your web browser for two years since you last visited and records the data below amongst others when you visit our Website, sends it to one of Google’s servers in the USA and saves it there:

  • Browser type/version
  • The operating system you are using
  • Referrer URL (last site you visited)
  • Accessing computer’s host name (IP address)
  • Time server request made
  • Achieving ‘website targets’ (e.g. contact requests)
  • What you do on sites (e.g. clicks, scrolling and dwell time)
  • Roughly where you are (city, state)
  • Technical information like browsers, Internet providers, terminal and screen resolution
  • Where you came from (i.e. via what website and/or ad you came to us).

Google does not merge the IP address your browser sent with any other data, however. We have also extended Google Analytics on this Website to include the code ‘anonymiseIP’. This guarantees your IP address will be marked. Only in exceptional cases, will the full IP be sent to one of Google’s servers in the USA and abbreviated there.

The cookies Google Analytics uses also contains a randomly generated user ID by which you can be recognised when you visit Websites in future. The information the cookies generate is saved along with the randomly generated user ID, which makes it possible to analyse pseudo user profiles. This user-related data is deleted automatically after 14 months. Other data remains saved in aggregated form indefinitely.

Google uses the information obtained by using cookies to analyse how you use our Website, compile Website activity reports and provide us with Website usage and Internet-related services, so we can improve our offer and design it to be more interesting for you as the user. We also get information on how our site is working, such as detecting navigation problems.

Google may also use the information obtained for its own purposes, which is why we do not use Google’s services on our Website unless you consent to this when processing your personal data (legal basis is Art. 6 (1) a) GDPR). Once you have given your consent, of course, you can withdraw it anytime as stated in section 3.2.3 going forward. You are also given an opt-out cookie here, which you can install to prevent Google recording data, which is particularly helpful in case the deactivation add-on does not work, and/or on mobile devices. If you use different browsers/peripherals to use our Website, you must repeat these steps with all the browsers and devices you use.

To find out more about data protection when using Google Analytics, go to https://support.google.com/analytics/answer/2838718?hl=de&ref_topic=6010376. To find out more about protecting your data when using Google services, you can also visit:

https://www.google.com/analytics/terms/de.html

https://policies.google.com/?hl=de

 

3.2.3.2   Google Ads Conversion

We use Google Ads Conversion to use ads (‘Google Ad’) to draw attention to our attractive offers on external Websites. We use ad campaign data to see how successful individual ad campaigns are. This is because we have an interest in showing you ads you will find interesting, designing our Website to make it more interesting for you and calculate fair ad costs.

Google provides these ad resources via so-called ‘ad servers’. For this, we use ad server cookies to measure certain success parameters such as  fading in ads or clicks by users. If you reach our Website via a Google ad, Google Ads saves a cookie on your device. These cookies are normally valid for 180 days and should not be used to identify you personally. This cookie is generally used to save analyses:

  • Unique cookie ID
  • Number of ad impressions per placement (frequency)
  • Last impression (relevant to post-view conversions) and
  • Optout information (flag showing user does not want to be contacted any more)

Google uses these cookies to recognise your browser. If you visit certain pages on an Ads customer’s website and the cookie saved on your computer has not run out, Google and we can recognise that you have clicked on the ad and been forwarded to this page. Each Ads client is assigned a different cookie, so cookies cannot be traced via Ads clients’ websites.

We do not collect or process any personal data in these ads ourselves. Google merely provides us with statistical analyses, which we can use to see which of the ads we use is particularly effective. We do not get any other data from using Ads, and cannot identify users from this information in particular.

If you have consented to the data being processed as described (Art. 6 (1) a) GDPR), your browser will make a direct connection with Google’s server based on the marketing tools used. We have no control over how much data Google collects using this tool or how it is then used, and we can therefore only tell you what we ourselves know: incorporating Ads Conversion tells Google you have called up the part of our Internet presence concerned or clicked on one of our ads. If you have registered with a Google service, Google can attribute the visit to your account. Even if you are not registered with Google and/or have not logged in, Google may record and store your IP address.

3.2.4      Google Tag Manager

This Website uses Google Tag Manager, a solution we can use to manage website tags via an interface. The tool itself (which implements the tags) is a cookie-less domain and does not record any personal data. The tool serves to trigger other tags, such as (cf. Google Analytics section 3.2.3 below) which record data themselves in some cases. Google Tag Manager does not access this data. If you deactivate at domain or cookie level, these continue for all tracking tags implemented using Google Tag Manager.

3.2.5    Facebook Pixel

To continue analysing and optimising our offer and operate it economically, we also use Facebook Pixel by social network Facebook which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (‘Facebook’).

To ensure we protect our data to EU level, we have concluded EU standard contract clauses with Facebook (Art. 46 (2) c) GDPR) whereby Facebook agrees to meet European data protection rules.

Facebook Pixel is tied to our Website indirectly via Facebook and can save a cookie on your device provided you have consented to this expressly (Art. 6 (1) a) GDPR). If you then log into Facebook or visit Facebook while you are logged in, visiting our online offer is noted in your profile. Data collected about you is anonymous as far as we are concerned, we cannot tell who you are; but Facebook saves and processes this data, so it can be linked to the user profile concerned and Facebook can use it for its own market research and advertising purposes. If we send Facebook data for comparison purposes, this will be encrypted locally on the browser and only then sent to Facebook via a secure https connection. The only reason we do this is comparing with the data Facebook encrypts.

Using the Facebook Pixel, Facebook can also select visitors to our Website as its target group for ads (‘Facebook Ads’): so we set the Facebook Pixel settings so they show only the Facebook Ads we send to Facebook users who have also shown an interest in our online offer or show certain features, such as being interested in certain subjects or products according to the websites they have visited, which we send to Facebook (‘custom audiences’). We also use the Facebook pixel to ensure our Facebook Ads reflect what users could be interested in and are not annoying. We can also use the Facebook Pixel to check how effective Facebook ads are for statistical and market research purposes by seeing whether users visit our Website after clicking on a Facebook ad  (‘conversion’).

We also use the add-on ‘extended comparison’ function when using the Facebook Pixel, sending encrypted data creating target groups (‘custom audiences’ or ‘lookalike audiences’).

We only use the Facebook Pixel on our Website if you consent to your personal data being processed in this way (Art. 6 (1) a) GDPR). You can of course withdraw extended consent going forward at any time: if you withdraw it, your data can still be processed lawfully until you do so.

To find out more about how Facebook collects and uses data, what your rights are here and how you can protect your privacy, see Facebook’s data protection notices at https://www.facebook.com/about/privacy/.

Alternatively, you can disable the Custom Audiences remarketing function at https://www.facebook.com/settings/?tab=ads#_=. (You need to be registered with Facebook to be able to do this.)

To set what kinds of ads can be shown you in Facebook, you can call up the page Facebook created and follow the instructions on setting use-based advertising there.  These settings are platform-neutral: that is, they are used for all hardware such as desktop computers or mobile devices. You can also object to using cookies which serve to measure range and are used for advertising purposes via the network advertising initiative’s deactivation page, US website aboutads.info or European website youronlinechoices.com.

3.2.6    Squarelovin

For displaying your Instagram content on our website and for the organization of usage rights, we use the user-generated content management tool “Squarelovin” from our partner, Anchor Media GmbH, Budapester Str. 47, 20359 Hamburg (“Squarelovin”).

Via Squarelovin, it is possible for us to display content selected by us that has been published by users on the social media platform (so-called user-generated content) on our website. We will review, select and store your user-generated content (e.g. photos with the mention or hashtag of our company) in Squarelovin after you have confirmed our usage right request. An integration of this user-generated content on our website then takes place from Squarelovin’s servers. We might display the selected content in galleries, on product pages or elsewhere on our website. Squarelovin uses cookies for analysis and statistical purposes when integrating the content, provided you have given your express consent to this. A transmission of data of visitors to our website to Instagram is not associated with the integration of Squarelovin. For more information on data protection at Squarelovin, please visit https://squarelovin.com/privacy/. Information on obtaining the rights of use and on the use of user-generated content can be found at [please insert link].

The processing, i.e. the integration of user-generated Squarelovin content, is based on the agreement for the use of user-generated content (Art. 6 (1) b) GDPR). The use of Squarelovin is based on our overriding legitimate interest (Art. 6 (1) f) GDPR) to use a professional service provider for the implementation and presentation of the content. With regard to the cookies delivered by Squarelovin for analysis and statistical purposes, the processing is based on consent pursuant to Art. 6 (1) a) GDPR. We obtain your consent via our cookie consent tool. Such consent is voluntary and can be revoked at any time with effect for the future.

We will delete the relevant data once the purpose has ceased to exist. With regard to this data processing, you can also assert your data subject rights at any time (see section 5), in particular object to the corresponding data processing.

  1. Transfer of Data to Third Parties

We need to share some data with third parties in strict compliance with data protection laws in addition to the data shared relating to tools and features used on our platform.

  • Transfer to External Service Providers

During the content and technical support and design of our online presence, it may be necessary for external service providers (especially IT service providers) to get access to personal data.

In this case, your personal data will be processed according to our instructions and on the basis of a data processing agreement in accordance with Art. 28 GDPR. With this agreement, the service provider guarantees us that the service provision is in accordance with applicable data protection law. The involvement of professional providers of corresponding services is expressly provided for by law and serves our legitimate interest in professionalizing our services for you and offering them in an economically reasonable way (legal basis: Art. 6 No.  f) GDPR). We remain responsible for the protection of your personal data.

  • Transfer due to Legal Obligation

We reserve the right to disclose your personal data if we are legally obliged to do so or if we are requested to do so by authorities or law enforcement agencies. We do not pass on any other data to third parties.

5.           Place of Data Processing and Data Security 

The processing of your data takes place mainly in Germany. Your data will only be transferred to a country outside the European Union or the European Economic Area if an adequate level of protection has been established for this country in accordance with Art. 45 No. 3 GDPR or if the controller or processor has provided appropriate safeguards in accordance with Art. 46 No. 2 GDPR. In order to protect your data from unauthorized access and misuse, we have taken extensive, state-of-the-art technical and organizational security measures in accordance with European data protection law (Art. 32 GDPR) and, in the case of a data processor being in place; have concluded an agreement in accordance with Art. 28 GDPR.

6.           Erasure and Blocking of Personal Data

We process and store personal data of the data subject only for the period of time required to achieve the processing purpose or, if required by law, until a relevant storage period has expired. If the processing purpose ceases to apply or if a legally prescribed storage period expires, the personal data will be blocked or deleted in accordance with the legal provisions, unless the data subject has given us permission to store and further process the data.

7.           Rights of the Data Subject 

Right of access: You can request access to information free of charge at any time about the scope, origin and recipients of the processed data as well as the purpose of the processing (Art. 15 GDPR). If you would like to claim your right of information, you can contact an edding employee or the data protection officer at any time.

Right to data portability: You can receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format (Art. 20 GDPR), where (1) processing is based on consent pursuant to Art. 6 No. 1 a) GDPR or Art. 9 No. 2 a) GDPR or on a contract pursuant to Art. 6 No. 1 b) GDPR; and (2) the processing is carried out by automated means.

Right to rectification: Any data subject concerned by the processing of personal data has the right to obtain the rectification without delay of inaccurate personal data concerning him (Art. 16 GDPR). Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed.

Right to erasure (‘right to be forgotten’): Any data subject concerned by the processing of personal data has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay where one of the following grounds applies and the processing is not necessary (Art. 17 GDPR): (1) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed. (2) The data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing. (3) The data subject objects to the processing and there are no overriding legitimate grounds for the processing. (4) The personal data have been unlawfully processed. (5) Personal data have to be erased for compliance with a legal obligation.

Right to object: Any data subject concerned by the processing of personal data has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her (Art. 21 GDPR).

In the event of an objection, we will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or unless the processing serves to assert, exercise or defense of  legal claims. Where we process personal data for the purpose of direct marketing, the data subject shall have the right to object, at any time, to the processing of personal data for the purpose of such marketing.

Right to withdraw a consent to processing of personal data: Any data subject concerned by the processing of personal data has the right to withdraw a consent to processing of personal data at any time (Art. 7 No. 3 GDPR).

Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation (Art. 77 GDPR).

In the event of a request, we shall examine the matter and, insofar as no other legal regulations oppose the request, comply with it. We will inform the data subject about the result.

For the enforcement of your data subject rights it is not necessary to comply with special formalities, please contact us e.g. by e-mail to online@edding.de/ datenschutz@edding.de or by mail to the above mentioned address.

8.           Update and Changes

We may change or update parts of this Privacy Policy without prior notice to you. Please check the Privacy Policy before you use our services in order to be up to date with any changes or updates.