0 Products | 0,00 €
Privacy policy

according to EU-DSGVO

May 2018

 

During your visit on our website, we gather several personal data, especially when you order products or send requests via forms or by e-mail. This Privacy policy describes how your information is gathered, used and shared when you use our website.

 

I. Responsible Person

The Responsible Person according to EU-DSGVO and other national Data Protection Laws and Regulations can be reached at the following address:

Martin Meister e.K.
Eppendorfer Landstrasse 64
20249 Hamburg
Deutschland
Tel.: +49-(0)-40-467 777 55
E-Mail: hamburg@meister-camera.com
Website: www.meister-camera.com

 

II. Data Protection Officer

The Data Protection Officer responsible for matters relating to Privacy and Data Protection is:

Martin Meister
Martin Meister e.K.
Eppendorfer Landstrasse 64
20249 Hamburg
Deutschland
Tel.: +49-(0)-40-467 777 55
E-Mail: hamburg@meister-camera.com
Website: www.meister-camera.com

 

III. General information on data processing

a) Scope of data processing

We collect and process personal data of our users just as far as this is necessary to deliver our website, our content and to provide our services. The processing of personal data regularly only takes place after the user has given consent to the processing, except the case that obtaining consent is not possible or processing is permitted by law.

b) Legal basis of data processing

As far as the user has given consent to the processing of his or her personal data for one or more specific purposes, Art. 6 Par. 1 lit. a EU-DSGVO is the legal basis.

If processing is necessary for the performance of a contract to which the user is party or in order to take steps at the request of the user prior to entering into a contract, Art. 6 Par. 1 lit. b EU-DSGVO is the legal basis.

If processing is necessary for compliance with a legal obligation to which our company is subject, Art. 6 Par. 1 lit. c EU-DSGVO is the legal basis.

If processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the user which require protection of personal data, in particular where the data subject is a child, Art. 6 Par. 1 lit. f EU-DSGVO is the legal basis.

c) Deletion of stored data and duration of storage

Personal data of the data subject will be deleted, as soon as the purpose for storing the data is omitted. Beyond that, data may be stored for compliance with a legal obligation to which our company is subject or the storage of data is necessary for the performance of a contract to which the user is party or in order to take steps at the request of the user prior to entering into a contract.

 

IV. Website Provisioning, Logfiles, Backups

a) Commissioned Data Processing

We work with third party service providers who provide website, application development, hosting, maintenance, and other services to us. These third parties may have access to, or process Personal Data or Client Data as part of providing those services for us. We limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions, and our contracts with them require them to maintain the confidentiality of such information.

The following companies are responsible for Provision, Logging and Maintenance of our website:

(1) another one GmbH, Winterhuder Weg 146, 22085 Hamburg („Agency“)
(2) Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, USA („Host“)

Our website is fed from servers in the EU.

We have a commissioned-processing contract with each provider listed above.

b) Scope of data processing

Host: On every call on our website, the host gathers automatically data from the users computer and stores some of these informations in log files.

The following informations are collected:
(1) Type of the users Browser and its version number
(2) Operating System of the users device
(3) Internet Service Provider of the user
(4) IP-Address of the user
(5) date and time of access (timestamp)
(6) referring website
(7) pages accessed on our website

These data are not stored together with other personal data of the user.

Agency: The Agency develops future features and services on our website and administates our website day-to-day in order to keep it in a safe working state. Furthermore, the Agency conducts daily backups of our website, including databases.

c) Legal basis of data processing

Legal basis for the temporary storage of data by the Host and the processing of data for backup, maintenance and ongoing development of our website is Art. 6 Par. 1 lit. f EU-DSGVO.

d) Purpose of data processing

The temporary storage of the IP-Address by the system is necessary to deliver the website to the users device. The IP-Address of the user needs to be stored for the duration of the current session.

Logging takes place to ensure security for our IT Systems. The data are not evaluated for marketing purposes.

Maintenance and ongoing development of our website ensures state-of-the-art usability and data security.

e) Retention of data, dissent and removal

The data will be deleted, as soon as the purpose for gathering the data is omitted. For the delivery of the website to the users device, this is the case when the respective session expires. Log files and backups are stored for 30 days. This period can be extended for compliance with legal obligations. Gathering and storing data for the provision and security of the website is necessary. The user can’t dissent.

 

V. Usage of Cookies

a) Scope of data processing

Our website uses Cookies. Cookies are small data-packages which are saved by the Browser on the users device. If a user calls a website, a Cookie may be saved on the users device. The Cookie contains a character sequence that allows to identify the Browser on the next call.

Cookies are used to improve the usability of our website. Some features on our website need to identify the Browser as long as the session is active. The following data are saved and processed:
(1) Language Settings
(2) Shopping Cart

Some Cookies on our website enable us to analyze how the site is used. The following data are saved and processed:
(1) Search Terms
(2) Frequence of site calls
(3) Usage of website features

Those Data are anonymized prior to evaluation in order to disable any assignment to a user. The data are stored separately from any other personal data of a user.

When a user calls our website, we provide information about the usage of Cookies for the purpose of analysis (Cookie Banner). We prompt the user for the users consent to gather, store and process personal data for the purpose of analysis. We provide a link to this Data Protection Declaration and refer to d) Retention of data, dissent and removal for more information on how to avoid the storage of Cookies in the Browser Settings.

Regarding the use of third party Cookies for web analysis (Google Analytics) see IX. Google Analytics.

b) Legal basis of data processing

Legal basis for the processing of personal data by using Cookies is Art. 6 Par. 1 lit. a EU-DSGVO.

c) Purpose of data processing

The purpose of using technically required Cookies is to simplify the usage of our website for the user. Some features on our website can’t be provided without the usage of Cookies. Those features need to identify the Browser as long as the session is active.

The following features require Cookies:
(1) Shopping Cart
(2) Language Settings
(3) Recognition of Search Terms

Data gathered by technically required Cookies are not used to generate user profiles.

The purpose of using Analysis-Cookies is to improve our website, content and features. From Analysis-Cookies we learn how our website is used. We learn for example, which browser, operating system and device is used, so we can improve display and usability of our website.

d) Retention of data, dissent and removal

Cookies are saved on the users device, and the informations are sent to us by the users browser. Therefore, the user controls the usage of Cookies. By modifying the Browser Settings, the user can limit or avoid the saving and transmission of Cookie Data. Existing Cookies can be deleted by the user manually or automatically.

If Cookies are disabled for our website, some features won’t be available to the user.

 

VI. Newsletter

a) Scope of data processing

On our website, the user can subscribe for a free Newsletter. During the registration process, the e-mail-address given by the user is transmitted to us. Furthermore, we gather the following data during registration:
(1) IP-Address
(2) Date and Time (timestamp)

During registration, the user gives consent to the processing of the data, and we refer to this Data Protection Declaration. The registration process can’t be completed without the users consent. The users e-mail-address is shared with the data-protection-certified Software Newsletter2Go to send Newsletters to the user. The data are solely used to send Newsletters.

If the user purchases goods or services on our website, the given e-mail-address can be used by us to send Newsletters to the customer. Furthermore, we can use the given post address to send informations about special offers and promotions to the user.

In this case, the e-mail-address or post address is solely used for direct marketing purposes.

b) Legal basis of data processing

Legal basis for processing data after the registration of the user in order to receive Newsletters is Art. 6 Par. 1 lit. a EU-DSGVO.

Legal basis for sending Newsletters due to the purchase of goods or services is § 7 Par. 3 UWG.

c) Purpose of data processing

Gathering the E-Mail-Address of the user serves the purpose of delivering Newsletters.

Gathering additional data during registration serves to avoid misuse of our services or the given e-mail-address.

d) Retention of data, dissent and removal

The data will be deleted, as soon as the purpose for gathering the data is omitted.

The e-mail-address of the user will be stored, as long as the Newsletter subscription is active. Additional data gathered during registration are usually deleted after 7 days.

The user can unsubsribe at any time by clicking the respective link in the Newsletter. Hereby the user revokes the consent for the storage of personal data gathered during registration.

 

VII. Purchase and Registration, Payment, Shipping

a) Scope of data processing

Our website provides the option to register by providing personal data during the check-out process (order). The data entered by the user are will be transmitted and stored when the user sends the form. The data won’t be shared beyond the order process.

The following data are gathered during the check-out process:
(1) First Name, Last Name
(2) Street, City and Country of the billing address
(3) Street, City and Country of an alternative delivery address
(4) E-Mail Address
(5) Phone Number

Furthermore, we gather the following data:
(1) IP-Address
(2) Date and Time (timestamp)

During the check-out process the user gives consent to the processing of the data.

In order to process the order of the user, we share the data with Payment- and Shipping-Providers. We just share the required data for the processing of the order. Additional data, e.g. credit card informations, are not gathered on our website, but by the respective payment service provider. You’ll find more information on storage and processing of personal data gathered by the payment service provider in the respective Data Protection Declaration.

Upon payment via PayPal, we transmit your data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.

Upon payment via Credit Card, we transmit your data to Concardis GmbH, Helfmann-Park 7, 65760 Eschborn, Germany.

Upon payment via Klarna (Sofort), we transmit your data to Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden.

For the shipping of ordered goods, we transmit your data to United Parcel Service Deutschland S.à r.l. & Co. OHG, Görlitzer Straße 1, 41460 Neuss, Germany.

b) Legal basis of data processing

Legal basis for the processing of data is the consent given by the user according to Art. 6 Par. 1 lit. a EU-DSGVO.

Additionally, legal basis for the processing of data is Art. 6 Par. 1 lit. b EU-DSGVO (processing is necessary for the performance of a contract to which the user is party or in order to take steps at the request of the user prior to entering into a contract).

c) Purpose of data processing

Registration, storage and partial sharing of data with service providers is necessary for the performance of a contract to which the user is party or in order to take steps at the request of the user prior to entering into a contract.

d) Retention of data, dissent and removal

The data will be deleted, as soon as the purpose for gathering the data is omitted.

For an order, this is the case if the data are no more needed for the performance of a contract. Beyond this, storage of data may be necessary for compliance with legal obligations.

The user can cancel the registration at any time. Once the order is completed, the user get’s the opportunity to activate an user-account. The submitted activation link expires after 24 hours. If the user activates the user-account, he’ll be prompted to enter a secure password for the account. If the user activates the account, he can change stored data at any time, by logging-in to the account.

If the user doesn’t activate the account, the registration expires automatically. In this case, the user can request to get data rectified. See X. Rights of the data subject for details.

If the data are necessary for the performance of a contract to which the user is party or in order to take steps at the request of the user prior to entering into a contract, deletion ahead of schedule is possible, unless barred by contractual or legal obligations.

 

VIII. Application Forms, Camera Insurance and E-Mail Contact

a) Scope of data processing

Our website provides the following forms or options to contact us electronically:
(1) Financing Application Form
(2) Purchase Application Form (Trade-In)
(3) Camera Insurance during order process

If a user fills in and sends a form, the given data are transmitted and stored. These data are:
(1) First Name, Last Name (Financing, Trade-In, Insurance)
(2) Address, Post Code, City, Country (Financing, Insurance)
(3) E-Mail Address ((Financing, Trade-In, Insurance)
(4) Phone Number (Financing, Insurance)

At the time of submitting the data, additional data is stored:
(1) IP-Address
(2) Date and Time (timestamp)

The users consent for processing the data is requested prior to submission, this Data Protection Declaration is referenced.

In case of a Financing Application, we transmit the data to the CreditPlusBank AG, Augustenstr. 7, 70178 Stuttgart, Germany, in order to conduct the Financing Application.

In case the user requests a Camera Insurance during check-out, we transmit the data to the Allianz AG, Königinstraße28, 80802 München, Germany, to effect a policy for the purchased goods.

Alternatively, the user can contact us through the provided E-Mail-Address. In this case, we store the data of the user submitted in the e-mail. We do not share these data. The data are solely used for the conversation.

If the user submits an Application for Financing or Camera Insurance via E-Mail, apart from the options on our website, we share the data with the respective provider as mentioned above. By sending personal data for the purpose of a Financing Application or Camera Insurance, the user gives consent to the processing and sharing of the data for this purpose.

b) Legal basis of data processing

Legal basis for the processing of data is the consent given by the user according to Art. 6 Par. 1 lit. a EU-DSGVO.

Additionally, legal basis for the processing of data is Art. 6 Par. 1 lit. b EU-DSGVO (processing is necessary for the performance of a contract to which the user is party or in order to take steps at the request of the user prior to entering into a contract).

Legal basis for the processing of data given by E-Mail is Art. 6 Par. 1 lit. f EU-DSGVO. If the E-Mail aims at the closing of a contract, Art. 6 Par. 1 lit. b EU-DSGVO is the legal basis.

c) Purpose of data processing

The processing of the submitted personal data from the respective form or option serves us solely to process the respective request.

d) Retention of data, dissent and removal

The data will be deleted, as soon as the purpose for gathering the data is omitted.

Within the scope of a Financing Application or Camera Insurance Request, data will be deleted as soon as they are no more needed for the performance of a contract.

Beyond this, storage of data may be necessary for compliance with legal obligations. This applies also, if a request is submitted by e-mail, apart from the options on our website.

Personal data, which have been submittted in the scope of an e-mail conversation, will be deleted at the time the conversation is finished. A conversation is considered as finished, when the issue is finally resolved.

The user can revoke the given consent to the processing of personal data at any time, whether the consent has been given by submitting a form or by sending an e-mail (see XI. Rights of the data subject).

In this case, a conversation can’t be continued. All personal data gathered during the contact will be deleted.

 

IX. Google Analytics

a) Scope of data processing

We use Google Analytics, a Web Analysis Service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA („Google“). Google Analytics uses „Cookies“, small data-packages, which are saved on the users device. The informations about the usage of our website (including the anonymized IP of the user) created by the Cookie are submitted to a Google-owned server in the USA. Google will use these informations to evaluate and to report the usage of our website. Google may share these informations with third parties, if this is required by law or if third parties process these data on behalf of Google. Google will not link the IP Address of the user to any other data.

The user controls the usage of Cookies by modifying the Browser Settings (see d) Retention of data, dissent and removal).

b) Legal basis of data processing

Legal basis for the processing of data is Art. 6 Par. 1 lit. f EU-DSGVO.

c) Purpose of data processing

The processing of the data enables us to analyze the usage of our website by the user. We’re able to constantly improve the user experience of our website. The anonymization of the users IP Address takes account for the protection of the users personal data.

d) Retention of data, dissent and removal

The data will be deleted, as soon as the purpose for gathering the data is omitted. In our case, the data will be stored for one year.

Our website uses Google Analytics with the setting „_anonymizeIp()“ in order to avoid assignment to a specific user. An anylysis by using full IP addresses without the consent of the users will not be performed. You can disable Google Analytics-JavaScript (ga.js, analytics.js, dc.js) in your browser to prevent Google Analytics from using your data. You can download the add-on for your browser at tools.google.com/dlpage/gaoptout.

Cookies are stored on the users device. Therefore, the user controls the usage of Cookies. By modifying the Browser Settings, the user can limit or avoid the saving and transmission of Cookie Data. Existing Cookies can be deleted by the user manually or automatically.

If Cookies are disabled for our website, some features won’t be available to the user.

 

X. Google Software and Social Media

On our website, we use various software of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA („Google“). The company Google based in the USA is certified for the us-european Data Protection Agreement „Privacy Shield“, which ensures compliance with the applicable level of data protection in the EU.

Furthermore, we provide a link to the Social Media Platform Facebook. The company Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Irland, is certified for the us-european Data Protection Agreement „Privacy Shield“, which ensures compliance with the applicable level of data protection in the EU.

a) Scope of data processing

While the user uses our website, the browser submits data (including the IP-Address) to a Google Server in the USA, where the data will be processed. If the user has a Google Account and is logged-in to this account, Google will assign these data to the users account.

The same applies to the use of Social-Media-Links, for example, if the user visits our Facebook Profile using the provided link.

b) Legal basis of data processing

Legal basis for submission and processing the users data is Art. 6 Par. 1 lit. f EU-DSGVO.

c) Purpose of data processing

Google reCAPTCHA is utilized to protect against the misuse of forms. Google Maps and Google Fonts are utilized to provide the best possible user experience on our website. Same applies to Social-Media-Links.

d) Retention of data, dissent and removal

The data will be deleted, as soon as the purpose for gathering the data is omitted. For the delivery of the website to the users device, this is the case when the respective session expires.

Informations about gathering and processing of data by Google or Facebook is provided in the Data Protection Declaration of the respective company.

If you don’t agree with the gathering of data in the scope described above:

Google reCAPTCHA, Social-Media-Links: Do not use reCAPTCHA to identify yourself as a user prior to the submission of a form. Do not click on Social-Media-Links.

Google Fonts: Disable the use of web fonts in your browser settings. In this case a local font installed on your device will be used.

Google Maps: As a map will be loaded in the moment you call a site, you have do disable Javascript in your browser before you visit the respective site. Javascript is required to use Google Maps.

 

XI. Rights of the data subject

If your personal data are processed, you are the data subject in terms of EU-DSGVO and you have the following rights towards the Responsible Person:

1. Right of disclosure

You have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the following information:
(1) the purposes of the processing;
(2) the categories of personal data concerned;
(3) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
(4) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
(5) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
(6) the right to lodge a complaint with a supervisory authority;
(7) where the personal data are not collected from the data subject, any available information as to their source;
(8) the existence of automated decision-making, including profiling, referred to in Art. 22 Par. 1 and Par. 4 EU-DSGVO and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to obtain from the controller disclosure where personal data are transferred to a third country or to an international organisation. You have the right to obtain to be informed of the appropriate safeguards pursuant to Art. 46 EU-DSGVO relating to the transfer.

2. Right to rectification

You have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

3. Right to restriction af processing

You have the right to obtain from the controller restriction of processing where one of the following applies:
(1) the accuracy of the personal data is contested by you, for a period enabling the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
(3) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
(4) you have objected to processing pursuant to Art. 21 Par. 1 EU-DSGVO pending the verification whether the legitimate grounds of the controller override those of you.

Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

A data subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction of processing is lifted.

4. Right to erasure

a) You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
(1) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
(2) You withdraw consent on which the processing is based according to Art. 6 Par. 1 lit. a or Art. 9 Par. 2 lit. a EU-DSGVO, and where there is no other legal ground for the processing.
(3) You object to the processing pursuant to Art. 21 Par. 1 EU-DSGVO and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 Par. 2 EU-DSGVO.
(4) the personal data have been unlawfully processed.
(5) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
(6) the personal data have been collected in relation to the offer of information society services referred to in Art. 8 Par. 1 EU-DSGVO.

b) Where the controller has made the personal data public and is obliged pursuant to Art. 17 Par. 1 EU-DSGVO to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

Paragraphs a) and b) shall not apply to the extent that processing is necessary:
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with Art. 9 Par. 2 lit. h and i, as well as Art. 9 Par. 3 EU-DSGVO;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 Par. 1 EU-DSGVO in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
(5) for the establishment, exercise or defence of legal claims.

5. Notification obligation regarding rectification or erasure of personal data or restriction of processing

The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Art. 16, Art. 17 Par. 1 and Art. 18 EU-DSGVO to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about those recipients if the data subject requests it.

6. Right to data portability

You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where
(1) the processing is based on consent pursuant to Art. 6 Par. 1 lit. a EU-DSGVO or Art. 9 Par. 2 lit. a EU-DSGVO or on a contract pursuant to Art. 6 Par. 1 lit. b EU-DSGVO and
(2) the processing is carried out by automated means.

In exercising your right to data portability pursuant to paragraph 1, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible.

The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Art. 17 EU-DSGVO. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 Par. 1 lit. e or f EU-DSGVO including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding 2002/58/EG – you may exercise your right to object by automated means using technical specifications.

8. Right to withdraw your consent

You have the right to withdraw your consent to the processing of personal data at any time. Withdrawing the consent does not affect the legitimacy of the processing up to the time of the withdrawal.

9. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 EU-DSGVO.