This Privacy Notice applies to the processing of your data, including your personal data, via the website “kowa-lenses.com”, including all its subdomains and subpages (the Platform). The controller responsible for data processing is Kowa Optimed Deutschland GmbH of Düsseldorf (the Operator). The Operator’s email address is: firstname.lastname@example.org. The complete contact details are listed in the Legal Notice. The Platform is used for informational purposes and to sell goods, in particular camera lenses. You may access the content of this Privacy Notice at any time by visiting the subpage of the same name on the Platform. You may also save or print it using the corresponding function on your internet browser.
I. Preliminary remarks
The operator takes the protection of your data seriously and adheres to the applicable statutory rules of data protection. These laws protect natural persons when personal data are processed. Personal data means any information relating to an identified or identifiable natural person. These data are only processed to the extent necessary for any contract execution or to provide and improve the Platform. Processing for contract execution only takes place if you initiate or conclude a contract with the Operator; in this respect, we would also refer you to the Operator’s T&Cs. Processing for the provision and improvement takes place only where this is indicated below or in a separate agreement, where this is ordered by the authorities or by the courts or otherwise required by law. Data are only processed by the Operator or the data processor on behalf of the Operator in the Member States of the European Union (EU). In particular, the web servers used by the Operator for data processing are located in the EU Member States. As a matter of principle, data are not transmitted to a third country or any international organisation.
II. Data processing
Your data are processed regardless of whether or not these data were provided using a form. Form-dependent data are data you provided using a form on this Platform. Form-independent data are data you provided without using a form when visiting this Platform.
1. Form-dependent processing
The data you have entered in a form on the Platform are processed when the form is utilised, specifically once the form has been submitted. This may include, in particular, data for contacting you, order data, including customer account details, as well as data for the newsletter or a warranty extension. Personal data you send via a form provided for this purpose are always transmitted to the Operator’s server in an encrypted form.
a) Contacting us
If you contact the Operator using a form, the data you provide in the contact form are encrypted and sent to the Operator through the Operator’s server via email. These data may include your request, your name, your email address and other contact details. No further automated processing of your personal data is undertaken in this regard. The data are only used for the purpose of processing your request. Responses are generally sent by email, which is also encrypted, provided your email service provider supports this. The same applies if you contact the Operator by email to an email address stated on the Platform instead of using a contact form. Once your request has been processed and closed, the personal data you provided to the Operator in the contact form or in an email will be erased. This does not apply if these data are still required to execute the contract, if they are required for verification purposes or conflict with statutory retention requirements; however, the processing of your data will be restricted until then.
b) Orders and customer accounts
The Operator provides a newsletter subscription service via email. Should you wish to receive this newsletter, you must provide us with your email address. The Operator also needs additional data to verify that you, as the owner of the email address provided, agree to subscribe to this newsletter. The Operator employs what is known as a double opt-in method (DOI), which means you will receive an email with a unique link to confirm your registration (confirmation link). Only after confirmation will you receive the newsletter. In addition to your email address, the time, date and IP address of the registration and confirmation as well as the confirmation link are stored for the DOI, its verification and to prevent abuse. No additional data are processed in this regard. Data are only processed to be able to offer and send the newsletter. As a rule, your personal data will not be disclosed to third parties. However, the Operator may use an email service provider that processes data on its behalf in accordance with the statutory provisions and the specifications of this Privacy Notice. In this case, such a provider would not be a third party. If you wish to unsubscribe from the newsletter, you can use the corresponding link included in each newsletter or contact the Operator personally to do this, for example through the email address listed at the beginning of this Privacy Notice. Unsubscribing also constitutes a revocation of your consent to the subscription to the newsletter and the data processing required for this. If you unsubscribe from the newsletter or do not complete the DOI within two weeks, your data will be erased unless they are still required to verify a completed DOI or to prevent misuse; however, data processing will be limited. Subscribing to the newsletter is done using an encrypted connection. Newsletters are also sent in an encrypted form, provided your email service provider supports this.
2. Form-independent processing
Data the operator needs for the provision or improvement of the Platform are processed without the use of forms. In particular, these may include cookies, your IP address and statistical data. Even in the case of form-independent processing, personal data are always encrypted where this is technically possible.
b) Web analytics
You can also prevent data collection by Google Analytics by clicking on the link below. In this case, no browser plugin is downloaded and installed. Instead, an opt-out cookie is set, which prevents your data from being collected when you visit the Platform:
c) Access log
To ensure the security and functionality of the Platform (e.g. to defend against attacks), an access log is created on the Operator’s server. This log stores data about access to the Platform. These include data that are transferred to the Platform when your browser connects to it. This includes your IP address, the time and date of access, the address (URL) that was accessed, whether the access was successful, and the volume of data transmitted by the server. Provided your browser transmits the respective data, the previous address (referrer) as well as information about your operating system and browser (e.g. version) will also be stored. You may be able to prevent the transmission of these data by adjusting your browser settings. The log files are erased at regular intervals, at the latest by the end of the next calendar month. If necessary, the log files are statistically analysed prior to erasure. The logged data are stored separately from the other data you leave on the Platform and will not be merged with it. They will not be disclosed to third parties and will not be used for any other purpose. The statistical analysis of the log files does not allow for you to be identified.
d) Social networks
1. Facebook (Facebook Ireland Limited based in Ireland):
2. Twitter (Twitter International Company based in Ireland):
3. Instagram (Facebook Ireland Limited based in Ireland):
e) Embedded content
III. Legal basis
The statutory provisions governing data protection is rooted in the German Federal Data Protection Act (Bundesdatenschutzgesetz [BDSG]) and the German Telemedia Act (Telemediengesetz [TMG]). However, as of 25 May 2018, the EU General Data Protection Regulation (GDPR) will take precedence. If you have expressly consented to the processing of your data, this also constitutes the legal basis for data processing for the purposes for which you have consented (Article 6 Para. 1(a) GDPR). In particular, this may include the subscription to our newsletter. Where processing is necessary for the performance or initiation of a contract, this constitutes the legal basis (Article 6 Para. 1(b) GDPR). This includes contracts, in particular sales contracts, which are concluded via the Platform or are initiated at your request. In addition, the legal basis for data processing is to preserve the legitimate interests of the Operator (Article 6 Para. 1(f) GDPR). This is the economic interest in operating the Platform, in particular the sale of goods via the Platform. No automated decision-making (including profiling) as defined by Art. 22 GDPR takes place.
IV. Your rights
If you are concerned about the processing of your personal data, you have certain rights that you may assert to the data controller according to the data protection regulations. You may contact the Operator at any time to exercise these rights, for example through the email address listed at the beginning of this Privacy Notice. The same applies to other questions about data protection by the Operator. In addition to the Operator, the Operator’s data protection officer is also at your disposal: Attorney Daniel Raimer of Kanzlei Daniel Raimer in Düsseldorf. You can find the data protection officer’s contact details in the Legal Notice.
1. Right of revocation
According to Art. 7 Para. 3 GDPR, you have the right to revoke your consent to data processing at any time. The revocation of consent does not affect the lawfulness of the processing based on consent prior to revocation.
2. Right to object
According to Art. 21 GDPR, you have the right to object at any time to the processing of your personal data. This applies, in particular, to an objection to processing for direct advertising purposes.
3. Right to lodge complaints
Pursuant to Art. 77 GDPR, you are entitled to lodge a complaint with a supervisory authority if you believe your personal data are being processed in violation of the statutory provisions. This right is without prejudice to any other administrative or judicial remedy.
4. Right to information
According to Art. 15 GDPR, you have the right to request information from the Operator. In addition to the information that you can largely already find in this Privacy Notice, this right to information includes, in particular, the right to a copy of your personal data that is the subject of processing. The restrictions stipulated in Sec. 34 BDSG also apply to this right to information.
5. Right to rectification
Pursuant to Art. 16 GDPR, you have the right to request that the Operator immediately rectify incorrect personal data relating to yourself. You also have the right to request the completion of incomplete personal data, including through a supplementary declaration, taking into account the purposes of the processing.
6. Right to erasure
Pursuant to Art. 17 GDPR, you have the right to request that the Operator erase your personal data. If data do not have to be erased according to this provision, you may request that further processing be restricted where appropriate. In addition, the restrictions stipulated in Sec. 35 BDSG also apply to this right to erasure. The right to erasure includes what is known as the right to be forgotten.
7. Right to restriction
Pursuant to Art. 18 GDPR, you have the right to request that the Operator restrict the processing of your personal data. According to this provision, apart from storage, data may essentially no longer be processed.
8. Right to data portability
Pursuant to Art. 20 GDPR, you have the right to data portability with respect to your personal data that you have provided to the Operator. This does not affect your right to erasure.
9. Duty of notification
According to Art. 19 GDPR, the Operator must notify all recipients to whom your personal data have been disclosed of any rectification or erasure of these data, or any restriction to processing unless this proves to be impossible or involves a disproportionate amount of effort. The Operator will inform you of any such recipients at your request.
V. Final remarks
Taking into account the nature, scope, context and purposes of processing as well as the risk to your rights and freedoms, of varying likelihood and severity, the Operator will implement appropriate technical and organisational measures to ensure that data are processed in accordance with the statutory provisions. Only persons mandated by the Operator (employees) who require access to personal data to perform their duties have access to the same, and only to the extent required. The Operator’s employees are trained on data processing in advance and are bound by a duty of confidentiality. Compliance with data protection regulations is regularly reviewed and the measures updated if necessary.