Data Protection Notice for the website www.einhell.bg
Einhell Bulgaria OOD (hereinafter referred to as „the company‟) thanks you for visiting our website and for your interest in our company. Protecting your data is important to us. You provide your data on a voluntary basis. The company processes this information in accordance with the provisions of the European General Data Protection Regulation.
1. Responsible Entity
The entity responsible for processing your data is Einhell Germany AG. Exceptions in this regard are described in this data protection notice.
Our contact information is as follows:
Einhell Bulgaria OOD
Blvd."Tzar Osvoboditel" No.331
9000 Varna, Bulgaria
E-Mail: [email protected]
Contact information for the Data Protection Office is available under No. 21 below.
2. Personal Data
Personal data is specific information relating to the personal or factual circumstances of a particular or identifiable person. This includes information such as your IP address and browser settings, form of salutation, correct name, address, email address, phone number, date of birth and information about your Einhell products. In addition, as part of our services we also provide you with access protected by user name and password. As part of this process, we store your user name and password, and where necessary your sex. Personal information that cannot be directly associated with your true identity -- such as, for example, your favourite websites or the number of users on a site -- is not considered personal information.
Additionally we process the connection and identifing data for your web browser to present the appropriate content to you.
3. Processing Personal Information
We process and store various types of temporary data any time you visit the company's website. This includes connection data from the computer accessing the website, the webpage(s)/file(s) you select as well as the data and length of time you visit the website. We also ascertain identification data for the browser and the operating system you use as well as the website used to visit us. Personal information such as salutation, your name, address, where applicable your company, your date of birth, phone number or email address and information about your Einhell products are only collected if you provide it voluntarily as part of registration, a survey, a contest, in concluding a contract or when requesting information.
4. Specified use and dissemination of personal data
The company uses the personal data you provide for the purpose of the technical administration of the website, in providing services, for customer management, to make improvements to the website, for product-related surveys and for marketing purposes only to the extent required for each repective purpose.
5. Legal basis for data processing
The legal basis for the processing of your personal data depends on the purpose underlying the processing.
5.1 Technical administration of the website
The legal basis for the processing of personal data for the purpose specified above is Art. 6(1) lit. b of the General Data Protection Regulation (GDPR), provided a contractual relationship exists with you. Where no contractual relationship exists between the company and you, the legal basis for data processing is Art. 6(1) lit. f GDPR. A transfer of personal data (see figure 2) is necessary in order to establish a connection to the website and to display website content.
5.2 Provision of services
The legal basis for the processing of personal data for the purpose specified above is Art. 6(1) lit. b GDPR. We provide our services as part of fulfilling contractual obligations. We are unable to fufil or perform the contract with you if we are unable to process personal data.
The following services are available on our website www.einhell.bg (June 2016) for which we store personal data:
- Customer Login
- Newsletter
- product warranty on Einhell products
- battery warranty
- brushless warranty
- Product reviews (by Bazaarvoice Inc.; see figgure 5.12)
5.3 Google Tag Manager
Our website uses Google Tag Manager, a service provided for persons from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and for all other persons by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
The Tag Manager is used to manage the tools and external services we use on our website and allows the use of so-called tags. A tag is a code element that is stored in the source code of the website, for example to control which page or service elements and tools are activated and loaded in which order. The tool triggers other tags, which in turn may collect data and which are further explained in this privacy policy. Some of the data is processed on a Google server in the USA.
We have concluded a data processing agreement with Google Ireland Limited for the use of Google Tag Manager. In the event that personal data is transferred from Google Ireland Limited to the USA, Google Ireland Limited and Google LLC have concluded standard contractual clauses (Implementing Decision (EU) 2021/914, Module 3) pursuant to Art. 46(2)(c) GDPR. In addition, we also obtain your explicit consent for the transfer of your data to third countries in accordance with Art. 49(1)(a) GDPR.
Google’s Data Privacy Policy as it relates to this tool can be found here: https://www.google.com/analytics/terms/tag-manager/.
5.4 Google Analytics 4
If you have given your consent, this website uses Google Analytics 4, a web analytics service provided by Google LLC. The responsible party for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
Scope of processing
Google Analytics 4 uses cookies that enable an analysis of your use of our websites. The information collected by means of the cookies about your use of this website is generally transferred to a Google server in the USA and stored there.
Google Analytics 4 has IP address anonymization enabled by default. Due to IP anonymization, your IP address will be shortened by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser as part of Google Analytics 4 will not be merged with other Google data.
During your website visit, your user behavior is recorded in the form of "events". Events can be:
- Page views
- First visit to the website
- Start of session
- Your "click path", interaction with the website
- Scrolls (whenever a user scrolls to the bottom of the page (90%))
- Clicks on external links
- Internal search queries
- Interaction with videos
- File downloads
- Seen / clicked ads
- Language settings
- Purchase of products (if function is available on the website)
Also recorded:
- Your approximate location (region)
- Technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
- Your internet service provider
- The referrer URL (via which website/advertising medium you came to this website)
Purposes of processing
On behalf of the operator of this website, Google will use this information to evaluate your pseudonymous use of the website and to compile reports on website activity. The reports provided by Google Analytics 4 serve to analyse the performance of our website and the success of our marketing campaigns.
Recipients
Recipients of the data are/may be:
- Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (as processor under Art. 28 GDPR)
- Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
- Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
It cannot be ruled out that US authorities may access the data stored by Google.
Third country transfer
Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.
Duration of storage
The data sent by us and linked to cookies are automatically deleted after 14 months. The deletion of data whose retention period has been reached occurs automatically once a month.
Legal basis
The legal basis for this data processing is your consent pursuant to Art.6 para.1 p.1 lit. a GDPR.
Revocation
You can revoke your consent at any time with effect for the future by accessing the cookie settings (privacy button at the bottom left of the page) and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.
In addition, you can prevent the collection of data generated by the cookie and related to your use of the website to Google and the processing of this data by Google, by
- downloading and installing the browser add-on to disable Google Analytics 4. This will install an opt-out cookie on your device. This prevents the collection by Google Analytics 4 for this website and for this browser in the future, as long as the cookie remains installed in your browser.
- disabling Google Analytics 4 by via the following link: Disable Google Analytics 4. This will set an opt-out cookie on your device. This prevents the collection by Google Analytics 4 for this website and for this browser in the future, as long as the cookie remains installed in your browser.
For more information on Google Analytics 4 terms of use and Google's privacy policy, please visit https://marketingplatform.google.com/about/analytics/terms/us/ or https://policies.google.com/?hl=en.
5.5 Facebook pixel and Facebook remarketing
Owing to our legitimate interest in the analysis, optimisation and economic operation of our webite, the site employs the so-called "Facebook pixel“ from the social network Facebook, operated by Facebook Inc. (1601 S. California Ave - Palo Alto - CA 94304 - USA) or, in the event your are resident in the EU, Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland) (“Facebook”).
With the aid of the Facebook pixel, Facebook is able to identify visitors to our website as a target group for presentation of ads, so-called "Facebook ads". We use Facebook pixel accordingly in order to show the Facebook-delivered ads only to those users who have demonstated an interest in our internet services or who exhibit the speicific characteristics that we communicate to Facebook (also referred to as "pixel events" and which contain, for example, user email addresses). In other words, by using the Facebook pixel, we seek to ensure that our Facebook ads reflect the potential interests of our users and are not simply an annoyance. With the aid of the Facebook pixel we are also better able to track the effectiveness of Facebook advertisements for statistical and marketing purposes by seeing whether users were directed to our website after clicking on a Facebook ad.
Facebook immediately incorporates the Facebook pixel when our website is accessed and can store a cookie, i.e. a small file, on your device. If you then log into Facebook or visit Facebook while logged in, your visit to our website is noted in your profile. The data collected on you remains anonymous to us, it therefore provide us no indication as to the identity of the user. However, the data is stored and processed by Facebook, so that it is possible to make a connection to the respective user profile. Insofar as we transmit data to Facebook for cross-checking purposes, this data is encrypted locally on your browser and only then sent to Facebook via a secured https connection. This occurs solely for the purpose of reconciling data likewise encrypted by Facebook.
Insofar as we transmit data to Facebook for cross-checking purposes, this data is encrypted locally on your browser and only then sent to Facebook via a secured https connection. This occurs solely for the purpose of reconciling data likewise encrypted by Facebook.
The processing of data by Facebook occurs within the scope of Facebook's data utilisation guidelines. General information on the display of Facebook ads can be found in Facebook's data utilisation guidelines: www.facebook.com/policy.php. You can find special information and details on Facebook pixel and how it operates in Facebook's Help section: www.facebook.com/business/help/651294705016616.
You can object to collection of data by Facebook pixel and its use in presenting Facebook ads. To do so, refer to the followng webpage created by Facebook and follow the directions there regarding the preferences for user-based advertisement: www.facebook.com/settings, or declare your objection via the US webpage: www.aboutads.com/choices or the EU webpage: www.youronlinechoices.com/uk/your-ad-choices/ erklären. The preferences are platform-independent, meaning, they are adopted by all devices, whether desktop computer or mobile devices.
5.6 Youtube-Videos
We embed YouTube videos on some of our websites. The provider of the corresponsing plug-ins is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a site with the YouTube plug-in, a connection to the servers at YouTube is established. YouTube is thereby notified of which sites you visit. If you are logged into your YouTube account, YouTube can associate your surfing history to you personally. You can prevent this by logging out of your YouTube account.
If a YouTube video is launched, the provider uses cookies to collect information on user interactions.
If you have deactivated the storage of cookies for the Google ad program, then you need not be concerned about this type of cookie when viewing YouTube videos. However, YouTube also collects non-personal user information in other cookies. If you wish to prevent this, you must block cookies from being saved to your browser.
You can find additional information on data privacy at "Youtube“ in the provider's data protection notice at: www.google.de/intl/de/policies/privacy/
5.7 Google Maps
This website uses Google Maps API in order to visually display geographic information. When using Google Maps, Google collects, processes and utilises data on use of the map function by users. You can obtain further information on data processing by Google in Google's data protection notice. There you can also make changes to your personal data privacy settings in the data protection centre.
5.8 Use of script libraries (Google webfonts)
We use script libraries and font libraries on this website, such as, for example, Google Webfonts, in order to display our content correctly and in a graphically appealing manner on all browsers (https://www.google.com/webfonts/). Google Webfonts are used to avoid repeat downloads to your browser's cache. If the browser does not support Google Webfonts or blocks access, the content will be displayed in standard font.
Accessing script libraries or font libraries automatically establishes a connection to the provider of the library. It is theoretically possible -- though it is currently unclear whether and for what purpose -- providers collect data on these libraries..
You can find the data privacy guielines for the library provider Google here: www.google.com/policies/privacy/
5.9 Issuu
Our website uses a JavaScript code to embed a Flash application (Flash plug-in) from Issuu Inc., 131 Lytton Ave, Palo Alto, CA 94301, USA (hereafter: Issuu). This enables print publications to be called up as e-paper.
Issuu uses cookies that allow an analysis of your use of the website. It will then raise and store personal information such as the IP address and information about the time and duration of use. The transfer takes place if you have activated JavaScript in your browser. For more information on Issuu's Terms of Use and Privacy, please visit https://issuu.com/legal/privacy.
If the Do-Not-Track feature is activated in the browser, no external Issuu plug-ins will be loaded without approval, only the reference to this option will be displayed.
5.10 Cloudflare
Our pages use features from Cloudflare. The provider is Cloudflare, Inc. 665 3rd St. #200, San Francisco, CA 94107, USA.
Cloudflare provides a globally distributed content delivery network with DNS. The technical transfer of information between your browser and our website is routed via the Cloudflare network. Cloudflare is thus able to analyse the data traffic between users and our websites; for example, to speed up the loading time of our pages or to detect and ward off attacks on our services.
In addition, Cloudflare may store cookies on your computer for optimisation and analysis. This safeguards our legitimate interests in the security, performance and reliability of our advertising offer in accordance with Art. 6(1)(f) GDPR. We have concluded a corresponding contract processing agreement with Cloudflare on the basis of the GDPR. The data is generally processed in Germany or other states in the European Union. Insofar as processing is carried out in third countries in certain cases, processing is only carried out if the adequacy of the level of data protection in the third country has been asserted by the EU Commission in accordance with Article 45 GDPR, on the basis of the EU standard contractual clauses or if an adequate level of data protection is ensured by the data recipient in another way. Cloudflare collects statistical data about your visit to this website. Access data includes:
- IP address
- Date and time of the request
- Content of the request (specific page)
- Access status/HTTP status code
- Amount of data transferred in each case
- Website from which the request comes
- Browser, operating system and its interface, language and version of the browser software
Cloudflare uses the log data for statistical evaluations for the purpose of operation, security and optimisation of the offer. You can find information about the data collected there and about security and data protection at Cloudflare here.
5.11 Friendly Captcha
Einhell uses the "Friendly Captcha" service to prevent fraudulent activity and to protect you as an end user from becoming a potential victim of cybercrime.
The Friendly Captcha services provides a JavaScript element that is integrated into the source code of the website / webshop. The inclusion of the JavaScript element loads software in the background that provides crypto puzzles. Your device solves this crypto puzzle automatically, and you do not have to solve any arithmetic problems or picture puzzles.
The solution of the crypto puzzle is used to track whether the website / webshop is being used fraudulently or through automated machine processing, e.g. using bots, and to confirm the visitors are real people. The service is used in forms (contact forms, prize draw forms, registration and login forms, etc.) and in the order process.
To provide the service, Friendly Captcha stores the following data:
- the User Agent, Origin and Referer request headers.
- The puzzle itself, which contains information about the Friendly Captcha account and the identifier of the website to which the puzzle relates.
- The version of the Friendly Captcha service being used.
- Timestamp (Date / Time) that the puzzle was requested and solved.
Friendly Catch stores an anonymised counter for each IP address to enable dynamic scaling of the puzzle complexity in the edge network, in order to detect malicious/automated use and minimise the banning of real people. The IP addresses are anonymised by one-way hashing, and thus are not personally identifiable. The use of Friendly Captcha does not involve the storage of personal data such as your name, email address, online profile, etc.
No cookies are set when using Friendly Captcha.
Provider of the service:
Friendly Captcha GmbH, Wörthsee, Deutschland
You can find further information about Friendly Captcha's data protection policy here. Friendlycaptcha.com - Privacy policy for end users
In accordance with article 6, section 1(f) of the General Data Protection Regulation (GDPR), Einhell Germany AG and its subsidiaries have a legitimate interest in the use of Friendly Captcha, as the service helps to prevent potentially fraudulent activity on our website / webshop which could put Einhell infrastructure at risk.
5.12 Bazaarvoice
The IT-partner Bazaarvoice provides the functionalities for product reviews on the Einhell website.
The services around the topic of product evaluations (reviews and ratings) are also looked after in the system by the company, Bazaarvoice. In addition, customer-specific emails are sent when the Service 2 + 1 warranty extension is used or when the Bazaarvoice interface is used. Therefore we ask for your expicit agreement before sending this one-time eMails to you. In case you accepted this we submit the following information to Bazaarvoice:
- Firstname
- Lastname
- UserID (generated hash value)
- Mailaddress
- Registered Product
- Timestamp of registration
- Language settings for mailing
The Bazaarvoice data protection guidelines can be found at https://www.bazaarvoice.com/legal/privacy-policy/.
5.13 Matomo (self-hosted)
Description of Service
This is an open source web analytics service. Matomo is providing the technology. However, Matomo is not processing any data as the data is not being transferred to Matomo due to the self-hosting solution. Self-hosting means that Einhell hosts the web analytics service Matomo on its own servers and thus has sole sovereignty over the analytics data.
Data Purposes
This list represents the purposes of the data collection and processing.
- Analytics
- Event tracking
Technologies Used
We use Matomo without any tracking cookies - instead we rely on cookieless tracking. Cookieless tracking is an alternative form of tracking that uses methods such as counting unique IP addresses or browser fingerprinting to identify users instead of cookies.
Data Collected
This list represents all (personal) data that is collected by or through the use of this service.
- Time of users previous visit
- Screen resolution
- Files clicked or downloaded
- Links to outside domain clicked
- Page speed
- Page URL
- Number of users visits
- Anonymized user IP
- User agent
- Browser information
- Time zone
- Time of users first visit
- Date and time of visit
- Page title
- Referrer URL
- Usage data
- Device information
- Geographic location
- Anonymized order ID
We use IP anonymization for the analysis with Matomo. In this case, your IP address is shortened before analysis so that it can no longer be clearly assigned to you. The same applies to the order ID, which is also anonymized when the shopping functionality is available on the website.
Legal Basis
In the following the required legal basis for the processing of data is listed.
- Art. 6 para. 1 s. 1 lit. f GDPR
- §25 para. 2 no. 2 TTDSG
Location of Processing
This is the primary location where the collected data is being processed. If the data is also processed in other countries, you are informed separately.
- European Union
Deactivate Matomo
If you do not agree to the storage and use of your data, you can deactivate the data processing here. In this case, an opt-out cookie will be stored in your browser, which prevents Matomo from storing usage data. If you delete your cookies, this will have the effect that the Matomo opt-out cookie will also be deleted. The opt-out must then be reactivated when you visit our site again.
6. Transfer of data
Your personal data is not transferred to third parties, unless required for the purpose of concluding a contract or you have explicitly given your consent. When providing services, it may, for example, be necessary for us to forward your address and order information to your wholesale partner, service partner. If we use external service providers, they are carefully selected and are obligated to comply with all data protection provisions as per Art. 28 GDPR (see figure 5).
7. Use of cookies
Our website uses cookies. Cookies are small text files, which are saved in a user’s internet browser or by the user’s internet browser on their computer system. When a user calls up a website, a cookie may be saved on the user’s operating system. This cookie contains a characteristic character string, which allows the browser to be clearly identified when the website is called up again. We use cookies to make our offering more user-friendly, effective and secure. Cookies also allow our systems to recognize your browser after a page change and to offer you services. Some functions of our website cannot be offered without the use of cookies. These services require the browser to be recognized again after a page change.
Cookies will be stored on your computer. You therefore have full control over the use of cookies. By choosing corresponding technical settings in your internet browser, you can prevent the storage of cookies and transmission of the data they contain. Cookies which have already been saved may be deleted at any time. We would, however, like to point out that this may prevent you from making full use of all the functions of this website.
Using the links below, you can find out how to manage cookies (or deactivate them, among other things) in major browsers:
- Chrome Browser: https://support.google.com/accounts/answer/61416?hl=en
- Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
- Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
- Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac
Processing is carried out on the basis of § 15 (3) TMG (Telemedia Act) as well as art. 6 (1) lit. f GDPR due to our justified interest in the purposes above. The data collected in this way is pseudonymised using technological measures. It is therefore not possible to connect the data to your person. The data will not be stored together with other personal data pertaining to you.
You can adjust your cookie settings at any time and revoke any previously conceded consents.
You can see a list of the external cookies used when visiting the website in section 5.
8. Contact form
When you contact us by email or contact form, the information you provide is stored for the purpose of processing your query as well as for potential follow-up questions.
9. Newsletter
If you choose to receive the newsletter offered through the website, we ask that you provide us an email address as well as information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter (double opt-out procedure). In order to personalise the newsletter, we store personal data, such as salutation, first name, last name and email address. We then use this data in sending the requested information and to document your consent. The consent granted to store data, email address and to use it in sending the newsletter may be withdrawn with future effect at any time, either via the link in the newsletter, your Einhell user account or by submitting it in writing to Einhell Germany AG, Wiesenweg 22, 94435 Landau / Isar, Germany, [email protected]. In managing and distributing our newsletter we employ the services of CleverReach GmbH & Co. KG (Muehlenstr. 43 - 26180 Rastede - Germany). To be able to do the newsletter service properly we submit the stated personal data to CleverReach.
10. Data Security
Our employees and service providers we employ are obligated to maintain confidentiality and to abide by the provisions of applicable data privacy law. The company undertakes appropriate technical and organisational security measures to protect your personal data from loss, alteration, destruction and against access by unauthorised persons and unauthorised dissemination. Our security measures are updated in accordance with technical advancements.
To protect the security of your data during transmission, we use current state-of-the-art encryption processes.
11. Data Retention Period
We generally retain your data for as long as it is needed to provide for use of our website and the services associated with it or for as long as we have a legitimate interest in its continued retention (e.g. following fulfilment of contract, we may still have a legitimate interest in marketing by post). Deletion of data occurs following expiry of statutory or contractual retention periods (e.g. retention periods specified by tax and commercial law). Data not subject to retention periods are deleted once they are no longer needed to fulfill the specified purpose.
12. User Rights
As website user, you are entitled to certain rights. To exercise your rights, please refer to the information in the section on contacts. Please make sure, however, that we are able to clearly identify who you are.
13. Right to obtain information, make corrections and delete data
Pursuant to the General Data Protection Regulation, you may at any time upon request and at no cost receive written information on which data we have stored about you (e.g. name, address). Furthermore, you have the right to correct or delete this data, if statutory requirements have been met. Exempted from this right to delete are, for example, data on business processes that are subject to statutory retention periods.
14. Right to restrict data processing
You have the right to restrict the processing of your personal data.
15. Right to Object
In addition, you have the right to object to the processing of data by us. We will then cease processing your data, except where -- pursuant to statutory provisions -- we can demonstrate compelling legimate grounds for continued procesing that outweight your rights.
16. Right to Data Transferability
Furthermore, upon request we pledge to provide for the transferability of personal data you provide by making this data available in a commonplace and machine-readable data format.
17. Withdrawal of Consent
You may at any time and with future effect withdraw consent to the processing of personal data that you granted us for one or more specific purposes. This does not affect the lawfulness of processing that occured prior to your withdrawal of consent.
18. Automated processing of personal data
Processing of your personal data soley by automated means occurs only if necessary for concluding or fulfilling a contract and if it does not involve any legal or like effect on you.
19. Modification of our data protection provisions
We retain the right to periodically modify this data protection notice so that it meets current legal requirements or in order to implement changes to our services in the data protection notice (e.g. when introducing new services). This data protection notice will then apply to any subsequent visit to the website.
20. Lodging complaints with regulatory authorities
You have the right to direct any complaints about the processing of your personal data to the relevant regulatory authority. You may contact either the data privacy office with jurisdiction at your place of residence or state or the data privacy office with jurisdiction over us. This is the:
Комисията за защита на личните данни(State Office for Data Protection Monitoring)
София 1592, бул. Проф. Цветан Лазаров № 2
21. Contact
Any suggestions, complaints or questions you may have as regards the processing of your personal data may be directed to our data protection officer. We recommend you send confidential information only via postal mail.
Айнхел България ООД
Айнхел България ООД
бул. Цар Освободител 331
9000 Варна
България
Имейл: [email protected]
Телефон: +359 52 739 038