Privacy policy
This Privacy Notice applies to the processing of your data, including your personal data, via the website “kowaoptic.com”, including all its subdomains and subpages (the Platform). The controller responsible for data processing is Kowa Optimed Deutschland GmbH of Düsseldorf (the Operator). The Operator’s email address is: scope@kowaoptimed.com. The complete contact details are listed in the Legal Notice. The Platform is used for informational purposes and to sell goods, in particular binoculars, spotting scopes and other optical accessories for sporting optics products and cameras. You may access the content of this Privacy Notice at any time by visiting the subpage of the same name on the Platform. You may also save or print it using the corresponding function on your internet browser.
I. Preliminary remarks
The operator takes the protection of your data seriously and adheres to the applicable statutory rules of data protection. These laws protect natural persons when personal data are processed. Personal data means any information relating to an identified or identifiable natural person. These data are only processed to the extent necessary for any contract execution or to provide and improve the Platform. Processing for contract execution only takes place if you initiate or conclude a contract with the Operator; in this respect, we would also refer you to the Operator’s T&Cs. Processing for the provision and improvement takes place only where this is indicated below or in a separate agreement, where this is ordered by the authorities or by the courts or otherwise required by law. Data are only processed by the Operator or the data processor on behalf of the Operator in the Member States of the European Union (EU). In particular, the web servers used by the Operator for data processing are located in the EU Member States. As a matter of principle, data are not transmitted to a third country or any international organisation.
II. Data processing
Your data are processed regardless of whether or not these data were provided using a form. Form-dependent data are data you provided using a form on this Platform. Form-independent data are data you provided without using a form when visiting this Platform.
1. Form-dependent processing
The data you have entered in a form on the Platform are processed when the form is utilised, specifically once the form has been submitted. This may include, in particular, data for contacting you, order data, including customer account details, as well as data for the newsletter or a warranty extension. Personal data you send via a form provided for this purpose are always transmitted to the Operator’s server in an encrypted form.
a) Contacting us
If you contact the Operator using a form, the data you provide in the contact form are encrypted and sent to the Operator through the Operator’s server via email. These data may include your request, your name, your email address and other contact details. No further automated processing of your personal data is undertaken in this regard. The data are only used for the purpose of processing your request. Responses are generally sent by email, which is also encrypted, provided your email service provider supports this. The same applies if you contact the Operator by email to an email address stated on the Platform instead of using a contact form. Once your request has been processed and closed, the personal data you provided to the Operator in the contact form or in an email will be erased. This does not apply if these data are still required to execute the contract, if they are required for verification purposes or conflict with statutory retention requirements; however, the processing of your data will be restricted until then.
b) Orders and customer accounts
The data you enter in the forms when ordering (the ordering process) are transmitted in an encrypted form to the Operator’s server and stored in a database. These include order data such as your name, address, email address and other contact details, the type and quantity of items ordered and their price. The data are only used for the purpose of processing your order. During the ordering process, you can also set up a customer account on the Platform. In this respect, in addition to your order data, a username with a password (access credentials) and, where appropriate, information later stored by you in your customer account via the forms will be stored. The stored data can be viewed at any time via your customer account and, if necessary, rectified or completed using the forms available in the account settings. You may, of course, also contact the Operator personally to do this, for example through the email address listed at the beginning of this Privacy Notice. The same applies to the erasure of your customer account and your order data. If you have not set up a customer account, your order data will be erased as soon as they are no longer required to execute the contract, are no longer required for verification purposes and are no longer subject to statutory retention requirements. If you have set up a customer account, your order data will only be erased when you close your customer account. Where data no longer need to be processed automatically, processing is then restricted. In order to ship your items, your name and address may be forwarded to a postal or parcel service provider. In addition, your payment details (e.g. bank details) may be forwarded to a payment service provider (e.g. financial institution) to process payment. As a rule, these service providers are subject to postal or bank secrecy, and any electronic transmission of your data is encrypted. When processing payments via PayPal, the privacy policy of PayPal (Europe) S.a.r.l. et Cie, S.C.A. of Luxembourg applies. You can access this via the following link: https://www.paypal.com/en/webapps/mpp/ua/privacy-full
c) Newsletter
The Operator provides a newsletter subscription service via email. Should you wish to receive this newsletter, you must provide us with your email address. The Operator also needs additional data to verify that you, as the owner of the email address provided, agree to subscribe to this newsletter. The Operator employs what is known as a double opt-in method (DOI), which means you will receive an email with a unique link to confirm your registration (confirmation link). Only after confirmation will you receive the newsletter. In addition to your email address, the time, date and IP address of the registration and confirmation as well as the confirmation link are stored for the DOI, its verification and to prevent abuse. No additional data are processed in this regard. Data are only processed to be able to offer and send the newsletter. As a rule, your personal data will not be disclosed to third parties. However, the Operator may use an email service provider that processes data on its behalf in accordance with the statutory provisions and the specifications of this Privacy Notice. In this case, such a provider would not be a third party. If you wish to unsubscribe from the newsletter, you can use the corresponding link included in each newsletter or contact the Operator personally to do this, for example through the email address listed at the beginning of this Privacy Notice. Unsubscribing also constitutes a revocation of your consent to the subscription to the newsletter and the data processing required for this. If you unsubscribe from the newsletter or do not complete the DOI within two weeks, your data will be erased unless they are still required to verify a completed DOI or to prevent misuse; however, data processing will be limited. Subscribing to the newsletter is done using an encrypted connection. Newsletters are also sent in an encrypted form, provided your email service provider supports this.
2. Form-independent processing
Data the operator needs for the provision or improvement of the Platform are processed without the use of forms. In particular, these may include cookies, your IP address and statistical data. Even in the case of form-independent processing, personal data are always encrypted where this is technically possible.
a) Cookies
This Platform uses cookies. These are small text files or simple database entries stored locally by your browser. The data in the cookies can only be read by the Platform that saved them. Cookies are used to make websites more user-friendly and secure. Cookies are only stored or read via an encrypted connection. To do so, the Platform uses what are known as session cookies, in particular to recognise a login to a customer account. These cookies ensure that only you can access the data stored in your customer account after logging in. For this purpose, a session ID is stored in the cookie. After logging off or at the end of your visit to the Platform, for example when you close your browser, the cookie with the ID will be erased. In addition, the Platform uses cookies so that you can store products in a virtual shopping cart before placing an order. This cookie, which allows only you to access your shopping cart, is not a session cookie. This means that the cookie will not be erased after the end of your visit to the Platform. This will allow you to access your shopping cart when you visit the Platform again. However, the cookie, and therefore your shopping cart, will be erased if you do not visit the Platform for a month. Until then, the data relating to your shopping cart will only be processed automatically when you revisit the Platform. These data are not processed for other purposes or shared with third parties. The cookies used by the Platform do not harm your device (e.g. computer/tablet) and do not contain viruses. You can prevent the use of cookies by selecting the appropriate settings on your browser. Please note that this may result in your being unable to make full use of some of the Platform’s functions. The same applies to the erasure of stored cookies.
b) Web analytics
Subject to your consent, the Platform may integrate a web analytics service. This may be the analysis service of Google (Google Analytics) and the service of Microsoft (Webmaster Tools). In the case of Google Analytics, the data is processed by Google Ireland Limited, with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland. In the case of Webmaster Tools, the data processing is carried out by Microsoft Ireland Operations Limited with registered office at One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. The services use cookies to analyse the use of the platform. The information generated may be transmitted to Google or Microsoft servers in the USA. However, the operator has activated IP anonymisation for this platform. Before being transmitted to the USA, your IP address is therefore generally still shortened in the EU or in other contracting states of the European Economic Area (EEA). The transmission is encrypted. The service processes the information in order to evaluate user behaviour on the platform on behalf of the operator, to compile statistics on platform usage and to provide the operator with further services in this context. The information is not merged with other personal data that you provide on the platform. The statistical analysis of the operator also does not allow any other identification of your person. Insofar as the data is transferred by Google or Microsoft to affiliated companies in the USA, these companies are certified under the EU-U.S. Data Privacy Framework, for which the European Commission has determined the existence of an adequate level of data protection. In addition, the operator has agreed the standard data protection clauses of the European Commission with Google to ensure an adequate level of data protection.
The information is only stored temporarily. The cookie and thus the reference to your use of the platform will be deleted again no later than 90 days after your last visit.
You can revoke your consent to the integration of the advertising analysis services at any time using the corresponding button in the footer at the bottom of this page.
After revocation, the respective service will no longer be integrated when you use the platform. You can, of course, give your consent again at any time. The operator also uses a cookie to document the consent given. The granting of consent is voluntary. You can prevent the storage of cookies or delete stored cookies via the settings of your browser.
Regardless of the use of this platform, you can prevent the collection of data by Google Analytics and the further processing of this data by installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de
In addition, we refer to the data protection declarations of Google and Microsoft, which you can access via the following links: https://policies.google.com/privacy?hl=en
https://about.ads.microsoft.com/en-gb/policies/legal-privacy-and-security
c) Advertising analytics
Subject to your consent, the platform may integrate an advertising analysis service that measures the effectiveness of advertising measures. The granting of consent is voluntary. Depending on the provider through which the advertising is delivered, the service may be Google's Ads Tracking (Google Ads) or Microsoft's Conversion Tracking (Bing Ads). In the case of tracking for Google Ads, the data is processed by Google Ireland Limited with its registered office in Gordon House, Barrow Street, Dublin 4, Ireland. In the case of tracking for Bing Ads, the data processing is carried out by Microsoft Ireland Operations Limited with registered office at One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. For measurement purposes, the advertising analysis services use cookies. The information generated may be transmitted to Google or Microsoft servers in the USA. However, the operator has activated IP anonymisation for this platform. Before being transmitted to the USA, your IP address is therefore generally still shortened in the EU or the EEA.
The transmission is encrypted. The service processes the information to analyse on behalf of the operator which advertisements lead to orders on the platform. The information is not merged with other personal data that you provide on the platform. Insofar as the data is transferred by Google or Microsoft to affiliated companies in the USA, these companies are certified under the EU-U.S. Data Privacy Framework, for which the European Commission has determined the existence of an adequate level of data protection. In addition, the operator has agreed the standard data protection clauses of the European Commission with Google to ensure an adequate level of data protection.
The information is only stored temporarily. The cookie and thus the reference to your terminal device will be deleted again no later than 90 days after your last visit to the platform. The statistical analysis of the information does not allow your person to be identified.
You can revoke your consent to the integration of the advertising analysis services at any time by clicking the corresponding button (...) in the footer at the bottom of this page.
After revocation, the respective service will no longer be integrated when you use the platform. You can, of course, give your consent again at any time. The operator also uses a cookie to document the consent given. You can prevent the storage of cookies or delete stored cookies via the settings of your browser. In addition, reference is made to the data protection declarations of Google and Microsoft, which you can access via the following links:
https://policies.google.com/privacy?hl=en
https://about.ads.microsoft.com/en-gb/policies/legal-privacy-and-security
d) Access log
To ensure the security and functionality of the Platform (e.g. to defend against attacks), an access log is created on the Operator’s server. This log stores data about access to the Platform. These include data that are transferred to the Platform when your browser connects to it. This includes your IP address, the time and date of access, the address (URL) that was accessed, whether the access was successful, and the volume of data transmitted by the server. Provided your browser transmits the respective data, the previous address (referrer) as well as information about your operating system and browser (e.g. version) will also be stored. You may be able to prevent the transmission of these data by adjusting your browser settings. The log files are erased at regular intervals, at the latest by the end of the next calendar month. If necessary, the log files are statistically analysed prior to erasure. The logged data are stored separately from the other data you leave on the Platform and will not be merged with it. They will not be disclosed to third parties and will not be used for any other purpose. The statistical analysis of the log files does not allow for you to be identified.
e) Social networks
The Platform enables the placement of links to social networks operated by third parties. This is done to enable you to share (e.g. “Share”/”Retweet”) or “like” the Platform or articles on it on the respective network. However, these links are only provided once you have clicked the button for the respective network on the Platform. Because of the processing of personal data undertaken by social networks over which the Operator has no influence, we would refer you to the privacy policy of the respective responsible provider:
1. Facebook (Facebook Ireland Limited based in Ireland):
https://www.facebook.com/privacy/explanation
2. Twitter (Twitter International Company based in Ireland):
https://twitter.com/en/privacy
3. Instagram (Facebook Ireland Limited based in Ireland):
https://help.instagram.com/519522125107875
f) Embedded content
The Platform sometimes embeds content from YouTube (online videos) and Google Maps (interactive maps). This content is not provided through the operator’s servers, but through the servers of Google Ireland Limited from Dublin, (“Google”). When displaying and using this embedded content, your IP address is transmitted to Google. This is because your browser is unable to retrieve the embedded content without transmitting your IP address. In addition, your browser may transmit additional data to Google (such as your location when using the respective function). The operator has no control over this. The same applies to cookies that Google may set to make content more user-friendly and secure. These cookies cannot be read by the Operator. For more information about data processing by Google and your rights with respect to Google Analytics, see Google’s Privacy Policy: https://policies.google.com/privacy?hl=gb
III. Legal basis
The statutory provisions governing data protection is rooted in the German Federal Data Protection Act (Bundesdatenschutzgesetz [BDSG]) and the German Telemedia Act (Telemediengesetz [TMG]). However, as of 25 May 2018, the EU General Data Protection Regulation (GDPR) will take precedence. If you have expressly consented to the processing of your data, this also constitutes the legal basis for data processing for the purposes for which you have consented (Article 6 Para. 1(a) GDPR). In particular, this may include the subscription to our newsletter. Where processing is necessary for the performance or initiation of a contract, this constitutes the legal basis (Article 6 Para. 1(b) GDPR). This includes contracts, in particular sales contracts, which are concluded via the Platform or are initiated at your request. In addition, the legal basis for data processing is to preserve the legitimate interests of the Operator (Article 6 Para. 1(f) GDPR). This is the economic interest in operating the Platform, in particular the sale of goods via the Platform. No automated decision-making (including profiling) as defined by Art. 22 GDPR takes place.
IV. Your rights
If you are concerned about the processing of your personal data, you have certain rights that you may assert to the data controller according to the data protection regulations. You may contact the Operator at any time to exercise these rights, for example through the email address listed at the beginning of this Privacy Notice. The same applies to other questions about data protection by the Operator. In addition to the Operator, the Operator’s data protection officer is also at your disposal: Attorney Daniel Raimer of Kanzlei Daniel Raimer in Düsseldorf. You can find the data protection officer’s contact details in the Legal Notice.
1. Right of revocation
According to Art. 7 Para. 3 GDPR, you have the right to revoke your consent to data processing at any time. The revocation of consent does not affect the lawfulness of the processing based on consent prior to revocation.
2. Right to object
According to Art. 21 GDPR, you have the right to object at any time to the processing of your personal data. This applies, in particular, to an objection to processing for direct advertising purposes.
3. Right to lodge complaints
Pursuant to Art. 77 GDPR, you are entitled to lodge a complaint with a supervisory authority if you believe your personal data are being processed in violation of the statutory provisions. This right is without prejudice to any other administrative or judicial remedy.
4. Right to information
According to Art. 15 GDPR, you have the right to request information from the Operator. In addition to the information that you can largely already find in this Privacy Notice, this right to information includes, in particular, the right to a copy of your personal data that is the subject of processing. The restrictions stipulated in Sec. 34 BDSG also apply to this right to information.
5. Right to rectification
Pursuant to Art. 16 GDPR, you have the right to request that the Operator immediately rectify incorrect personal data relating to yourself. You also have the right to request the completion of incomplete personal data, including through a supplementary declaration, taking into account the purposes of the processing.
6. Right to erasure
Pursuant to Art. 17 GDPR, you have the right to request that the Operator erase your personal data. If data do not have to be erased according to this provision, you may request that further processing be restricted where appropriate. In addition, the restrictions stipulated in Sec. 35 BDSG also apply to this right to erasure. The right to erasure includes what is known as the right to be forgotten.
7. Right to restriction
Pursuant to Art. 18 GDPR, you have the right to request that the Operator restrict the processing of your personal data. According to this provision, apart from storage, data may essentially no longer be processed.
8. Right to data portability
Pursuant to Art. 20 GDPR, you have the right to data portability with respect to your personal data that you have provided to the Operator. This does not affect your right to erasure.
9. Duty of notification
According to Art. 19 GDPR, the Operator must notify all recipients to whom your personal data have been disclosed of any rectification or erasure of these data, or any restriction to processing unless this proves to be impossible or involves a disproportionate amount of effort. The Operator will inform you of any such recipients at your request.
V. Final remarks
Taking into account the nature, scope, context and purposes of processing as well as the risk to your rights and freedoms, of varying likelihood and severity, the Operator will implement appropriate technical and organisational measures to ensure that data are processed in accordance with the statutory provisions. Only persons mandated by the Operator (employees) who require access to personal data to perform their duties have access to the same, and only to the extent required. The Operator’s employees are trained on data processing in advance and are bound by a duty of confidentiality. Compliance with data protection regulations is regularly reviewed and the measures updated if necessary.