INTRODUCTION AND
TERMS
1.
Introduction
We process personal data
when operating our website www.gokishop.eu (hereinafter
referred to as
"website"). This data will be treated confidentially and
processed in
accordance with the applicable laws - in particular the
General Data Protection
Regulation(GDPR) and the Federal Data Protection Act
(BDSG). With our data protection
regulations we want to inform you which personal data we
collect from you, for
which purposes and on which legal basis we use it and,
where applicable, with
whom we share it. Furthermore, we will explain to you
which rights you are
entitled to in order to protect and enforce your data
protection.
2.
Terms
Our data protection regulations contain technical terms that
are new in
the GDPR and the BDSG. For your better understanding we
would like to explain
these terms in simple words in advance:
2.1
Personal data
"Personal data" “Personal data” is all
information relating to an identified or identifiable
person (Art. 4 Par. 1 of
the GDPR). Details of an identified person could be their
name or e-mail
address.However, data can also be described as personal
if, despite the fact
that a person’s identity cannot be deduced directly from
the data, their
identity can nonetheless be deduced by combining the data
with other
information. A person could, for example, be identified
via their address or
bank details, date of birth, username, IP address or
location details. The key
point is that any information that can be used in any way
to identify a person
can be described as personal data.
2.2
Processing
Under Art. 4 Par. 2 of the GDPR, “processing” describes any
process applied
to personal data. This especially includes the collection,
capture,
administration, classification, recording, amendment,
printing, making
available, use, disclosure, sharing, dissemination,
provision, comparison,
linking, restriction, erasure or destruction of personal
data.
data
controller and data protection officer
3.
Data controller
Responsible for the data
processing is:
Company:
Gollnest &
Kiesel GmbH & Co KG ("we")
Legal
representative:
Gollnest
& Kiesel Verwaltungsgesellschaft mbH these represented
by
Gerhard Gollnest and Fritz-Rüdiger Kiesel
(Managing
Directors)
Address:
Main street 13
-16, 21514 Güster
Phone:
+49 (0)4158 / 88 22 - 0
Fax:
+ 49 (0)4158 / 88 22 - 22
E-mail:
info@goki.eu
4.
Data protection officer
We have appointed an external data protection officer for our
company.
You can reach him at:
Name:
Reinher Karl
Address:
HABEWI
GmbH & Co KG, Palmaille 96, 22767
Hamburg
Phone:
040/ 18189800
Fax:
040/
181898099
E-mail:
datenschutz@habewi.de
Processing
parameters
5.
Processing frame: website
Within the
framework of the website
with the URL www.gokishop.eu, we process the personal data
of you listed in
detail in sections 6-12 below. We only process data of
yours that you actively
provide on our website (e.g. by filling out forms) or that
you automatically
provide when using our services.
Your
data will be processed exclusively by us and will not be
sold, lent or passed
on to third parties. If we use the help of external
service providers to
process your personal data, this is done within the
framework of so-called
order processing, in which we as the data cotroller are
authorized to give
instructions to our contractor. For the operation of our
website we use
external service providers for hosting, as well as for
maintenance, care and
further development. Should further external service providers be used for individual processing operations listed in sections 6-12, they will be named there.
We do, in general, not
transfer any data to any third countries and this is not
planned for the future
either. Any exemptions from this principle will be
explained in the types of
processing activities listed below.
The
PROCESSING Activities In detail
6.
Provision of the website and server
log files
6.1
Description of the processing
Whenever you access the website, we automatically collect
information
that your browser sends to our server. This information is
also stored in the
so-called log files of our system. These
are the
following data:
·
your
IP address
·
the browser software you use, as well as its version and
language
·
the
operating system
you use
·
the website from which you have reached our website
(so-called referrer)
·
the date and time of your visit to our website
The temporary storage of your IP address by the system is
necessary in
order to deliver our website to the end device of a user.
For this purpose, the
user's IP address must remain stored for the duration of
the session. However,
your IP address is not recorded in our log files.
6.2
Purpose
Your data are processed in order to enable the website to be
accessed and
to ensure its stability and security. Furthermore, the
processing serves the statistical evaluation and
improvement of
our online service.
6.3
Legal
basis
The processing is
necessary in order to safeguard the overriding legitimate
interests of the
controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose stated in item 6.2.
6.4
Storage duration
The data will be deleted as soon as they are no longer
necessary for the
purpose for which they were collected. In the case of the
collection of data
for the provision of the website, this is the case when
your session ends.
7.
Registration and profile
7.1
Description
of
the processing
Individual functions and offers on our website are only
available to you
as a registered user. By registering, you conclude a free
user contract with
us. By registering, you will receive your own user account
on our website. The
registration takes place by filling out the registration
form on http://www.gokishop.eu/html/de/createAccount.html and sending it to us
electronically. To register, you must provide your title,
first name, surname,
distribution channel, street postcode, city, country and
e-mail address.
Further information on company and contact data is
voluntary. By clicking the
button "Send registration" you send us the form.
As a registered user, you can shop on our website faster and
more
conveniently by entering your billing and shipping
addresses, as well as your
preferred method of payment, in your user profile. This
means that you do not
have to re-enter your personal data for subsequent
(further) purchases.
7.2
Purpose
The processing is done in order to provide you with the
functions of our
website for registered users.
7.3
Legal
basis
The processing is
necessary for the conclusion and fulfilment of the
contract of use (Art. 6
para. 1 lit. b GDPR). Without
providing
your personal data within the scope of registration, we
cannot provide our
contractually owed services.
7.4
Storage
duration
The data will be automatically deleted by us upon termination
of your
contract of use. You can end the user contract yourself by
informing us by
e-mail to info@goki.eu or by post that you no
longer wish to be a registered user of our website. We
will then delete your user account immediately.
8.
Purchasing
8.1
Description of the
processing
You can buy toys on our website as a registered user. Within
the scope of
your order we process personal data from you. The
mandatory fields marked with
an asterisk "*" in our online shop must be filled in by
you.
Otherwise it is not possible for us to conclude a purchase
contract with you
and send you the desired goods. All other details are
voluntary. When shopping
on our website, you can also choose one of the offered
payment methods (credit
card, purchase on account, direct debit and prepayment) to
settle the purchase
price. When completing your order, the data required for
payment will be passed
on to the respective payment service provider. If you shop
on our website as a
registered user, you can enter your billing and delivery
addresses as well as
your preferred payment method in your user profile for a
faster and more
convenient ordering process. In addition, there are
numerous overviews and
status requests for your purchases available to you.
8.2
Purpose
The processing is carried out for the conclusion and
processing of sales
contracts.
8.3
Legal
basis
The processing is
necessary for the conclusion and performance of sales
contracts (Art. 6 para. 1 lit. b GDPR).
8.4
Storage duration
We are obliged by commercial and tax law to store your
address, payment and
order data for a period of ten years. However, after two
years we will restrict
the processing of your data. This means that your data
will then only be stored
separately to comply with the statutory retention periods
and will be deleted
immediately after these periods have expired.
8.5
Recipient
To process your payment, personal data will be forwarded to
one of the
external payment service providers listed below and
selected by you in the
course of your purchase:
·
Credit card, direct
debit: BS
PAYONE GmbH, Lyoner Straße 9, 60528 Frankfurt am Main,
Germany
9.
Contact
form and contact by e-mail
9.1
Description
of
the processing
We have provided a contact form on our website for making
contact. In
this form you are asked to enter your e-mail address, your
name and a message
to us. When you click the "Submit" button, the data will
be
transferred to us using SSL encryption (see section
security measures below).
The contact form can only be transmitted if you accept our
data protection
regulations by clicking the corresponding checkbox. You
can also contact us
using the e-mail addresses provided on the website. In
this case, the personal
data transmitted with the e-mail will be processed by us.
9.2
Purpose
By providing a contact form on our website, we want to offer
you a convenient
way to contact us. The data transmitted with and in the
contact form or your
e-mail are used exclusively for the purpose of processing
and answering your
request.
9.3
Legal
basis
The processing is
necessary in order to safeguard the overriding legitimate
interests of the
controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose stated in item 9.2. If the
e-mail contact is aimed at the conclusion or fulfilment
of a contract, the data
processing is carried out for the purpose of fulfilling
the contract
(Art. 6 para. 1
lit. b GDPR).
9.4
Storage duration
The data will be deleted by us as soon as they are no longer
necessary
for the purpose of their collection. This is usually the
case when the
respective communication with you has ended. The
communication is terminated
when it is clear from the circumstances that your request
has been finally
clarified. If legal retention periods
prevent erasure, the data will be deleted immediately
after the legal retention
period has expired.
10.
Cookies
10.1
Description of the processing
Our website uses cookies. Cookies are small text files that
are stored on
your end device when a website is visited. Cookies contain
information that
enables the recognition of an end device and, if
applicable, certain functions
of a website. In most cases we only use so-called "session
cookies".
These are automatically deleted when you end your internet
session and close
the browser. Other cookies remain stored on your end
device for a longer period
of time and enable partner companies to recognize your
browser or computer
(persistent cookies). Depending on the cookie, in the case
of persistent
cookies these are automatically deleted depending on the
preset storage period.
10.2
Purpose
We use cookies to make our website more user-friendly and to
offer the
functions described in section 10.1. We work together with
advertising
partners, among others, who help us to make our website as
interesting as
possible for you. For this purpose, cookies from third
parties, our partner
companies, may also be stored on your hard drive on our
website. If we allow
third parties to use such cookies, we will inform you in
the following sections
about the information collected in this way.
10.3
Legal basis
Cookies, which are necessary for the
electronic
communication process or for the provision of certain
functions you require
(e.g. shopping basket function), are stored on the basis
of Art. 6 Para. 1 lit.
f GDPR. The website operator has a legitimate interest in
the storage of
cookies for the technically error-free and optimised
provision of his services.
Insofar as other cookies (e.g. cookies for analysing your
surfing behaviour)
are stored, these are treated separately in this data
protection declaration.
10.4
Storage duration
Cookies are automatically deleted at the end of a session or
when the
specified storage period expires. Since cookies are stored
on your terminal
device, you as a user also have full control over the use
of cookies. By
changing the settings in your Internet browser, you can
deactivate or restrict
the transmission of cookies.
In the following we have put together the links that will
lead you to instructions
on how to change the settings for the most common
browsers. For further
information please refer to the Support Menu of your
browser:
Internet
Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Chrome: http://support.google.com/chrome/bin/answer.py?hl=delrm=ennswer=95647
Safari: https://support.apple.com/kb/ph21411?locale=de_DE
Opera: http://help.opera.com/Windows/10.20/de/cookies.html
Already stored cookies can be deleted at any time. This can
also be done
automatically. If cookies are deactivated for our website,
individual functions
of our website cannot be used or can only be used to a
limited extent.
11.
Newsletter
11.1
Description
of
the
processing
We send out a newsletter at irregular intervals. With the
newsletter we
inform you about our offers and services around toys. You
will only receive our
newsletter if you actively subscribe to our mailing list.
You can subscribe to
it by filling out and sending a newsletter registration
form on our website or
by placing an order in our online shop.
To subscribe to the newsletter, you only need to enter your
e-mail
address. All other details (such as your first name and
surname) are voluntary
and are used solely to personalise the e-mails.
We use the so-called double opt-in procedure for the
execution and
verification of newsletter registrations. A registration
takes place in several
steps. First you register for the newsletter on our
website. You will then
receive an e-mail from us to the e-mail address you have
entered. With this
e-mail we ask you to confirm that you have actually
subscribed to the
newsletter and wish to receive it. A confirmation is made
by clicking on a
confirmation link in the e-mail. Only after a successful
confirmation will we
add you to our newsletter distribution list and send you
e-mails in the future.
Within the scope of the double opt-in procedure, we save
the date, time and
your IP address both during registration and confirmation.
If you purchase goods or services on our website and enter
your e-mail
address, we may use this address to send you a newsletter
for existing
customers. In such a case, the newsletter will only be
used to send direct
advertising for our own similar goods or services.
11.2
Purpose
The processing is done in order to offer the newsletter
function and to
be able to send newsletter e-mails to subscribers and
existing customers. The
collection and storage of date, time and IP addresses
during newsletter registration
serves the documentation of granted consent and protection
against the misuse
of e-mail addresses.
11.3
Legal
basis
In the case of our existing customer newsletter, processing
is carried
out on the basis of Art. 6 Para. 1 letter f GDPR in order
to safeguard the
predominant interests of the person responsible. Our
legitimate interest lies
in direct advertising to existing customers. This is
permissible within the
framework of § 7 para. 3 UWG, which we observe.
11.4
Storage period
and revocation of
consent
We process your personal data for the duration of your
newsletter
subscription. You can cancel your subscription to our
newsletter at any time by
revoking your consent. A simple declaration by e-mail to info@goki.eu or by post is sufficient.
It is also possible to unsubscribe from the newsletter by
clicking on the
unsubscribe link in each newsletter e-mail. With the
revocation of your
consent, no more newsletters will be sent to you and your
personal data will be
removed from our active mailing list. To enforce your
revocation, we will add
your e-mail address to our so-called black list in a
restricted manner. In this
way we can ensure that you will not receive any
newsletters from us in the
future and that your e-mail address will not be misused by
third parties.
11.5
Recipient and transfer to third countries
For the administration of our newsletter distribution list
and for
sending the e-mails we use the services of the newsletter
provider Mailchimp.
This takes place in the context of an order processing. Mailchimp is an offer of The Rocket
Science
Group, LLC, 512 Means Street, Suite 404 Atlanta, GA 30318,
USA (in the
following called "Mailchimp"). With your newsletter
registration the
data given during the registration process is transferred
to Mailchimp and
processed on Mailchimp servers in the USA. Mailchimp is subject to the EU-US Privacy
Shield.
Further information about the EU-US-Privacy-Shield can be
found at
https://www.privacyshield.gov/EU-US-Framework. For more information about Mailchimp's privacy
policy,
please refer to the service provider's privacy policy at http://mailchimp.com/legal/privacy/
12.
YouTube videos
12.1
Description of the processing
Our website uses services from "YouTube" a video platform
operated by YouTube LLC, 901 Cherry Avenue, San Bruno, CA
94066, USA
(hereinafter referred to as "YouTube"). YouTube is
represented by
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA
94043, USA. We use
YouTube by embedding individual videos from the platform
on our website as
so-called iFrames so that they can be played directly on
our website. The
videos are embedded in the "extended data protection mode"
offered on
YouTube, i.e. h. No personal data will be transferred
from you to Google as
long as you do not play the videos. Only when a video is
played will data be
transferred to Google, over which we have no influence. If
you play an embedded
video on a subpage of our website, Google is informed
which subpage you have
visited and which video you have viewed. If necessary,
your IP address is also
transmitted to Google. If you are logged in as YouTube or
Google user, Google
will assign this information to your user account. Google
stores your data as
user profiles and uses them for advertising purposes, for
market research
and/or for the design of Google websites according to your
needs. You have a
right of objection to the creation of these user profiles,
and to exercise this
right you must contact Google directly. You can find
further information on
data protection at Google at
http://www.google.com/intl/de-DE/policies/privacy/.
12.2
Purpose
The processing is done to be able to show you videos on our
website.
12.3
Legal
basis
The processing is
necessary in order to safeguard the overriding legitimate
interests of the
controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose specified in Section 16.2.
12.4
Recipient and transfer to third countries
By integrating YouTube, personal data may be transmitted to YouTube LLC or Google. Google also processes your personal data in the USA and has
submitted
to the EU-US Privacy Shield. Further information on the
EU-US Privacy Shield
can be found at
https://www.privacyshield.gov/EU-US-Framework.
Prize game
13.
Conducting the prize games
13.1
Description of the processing
We occasionally run prize games. In doing so, we process data
from you
that you actively provide (e.g. by publishing on social
media platforms or by sending
a direct message to us).
Participation in our prize games is voluntary. Participation
in a prize
game results in a prize game contract between you and us,
which is free of
charge for you. Within the framework of the fulfilment of
the contract - namely
to determine the winners and to send the prizes - we
collect personal data from
you. After the closing date for entries, we will determine
the winners by lot
from all entries.
13.2
CONSENT - WITHDRAWAL OF CONSENT
Every participant in one of the competitions we offer agrees
by entering
this competition in accordance with Art. 6 Par. 1 letter
a GDPR that Goki or
companies of the Goki Group (e.g. Spot Versandhaus GmbH)
will send him
advertising messages about Goki products by post or
e-mail until the participant
revokes this consent. You can withdraw your consent at
any time, without giving
reasons, with effect for the future. The withdrawal must
be addressed to:
Gollnest & Kiesel GmbH & Co KG, Data Protection,
Hauptstraße 13-16,
21514 Güster; or by e-mail to: info@goki.eu, subject:
data protection.
13.3
Purpose
The processing is carried out for the purpose of carrying out
and processing
a prize game and for sending advertising messages.
13.4
Legal basis
The processing is necessary for the conclusion and fulfilment
of the prize
game contract (Art. 6 para. 1 lit. b GDPR). The legal
basis for your consent is
Art. 6 para. 1 lit. a GDPR.
13.5
Storage duration
The data will be deleted as soon as they are no longer
necessary for the
purpose for which they were collected. The personal data
of the participants
(first name, surname, address, e-mail address) provided in
the context of the
competition, as well as further communication with the winners, will be deleted as soon as they object to the
use for
advertising purposes.
13.6
Recipient
and transfer to third countries
Goki will
not disclose your personal data to third parties unless
you are a winner of the
respective prize game. The winner's last name and first
name or social media
profile name may be published on the social media
platforms we use. Your other
interaction is stored by the provider of the social media
platform, e.g. in the
case of Facebook or Instagram by Facebook (Facebook Inc.
(Facebook), 1601 S
California Ave, Palo Mo, California 94304, USA). Please
also note that your
interactions with our social media profiles are public and
can be viewed by
other Internet users. The social media platforms we use
also process your
personal data in the USA. In each case, they have
submitted to the EU-US
Privacy Shield. Further information on the EU-US Privacy
Shield can be found at
https://www.privacyshield.gov/EU-US-Framework.
SECURITY
MEASURES
14.
Security measures
In order to protect your personal data from unauthorised
access, we have
provided our website with an SSL or TLS certificate. SSL
stands for
"Secure-Sockets-Layer" and TLS for "Transport Layer
Security" and encrypts the communication of data between a
website and
your device. You can identify the active SSL or TLS
encryption by a small
padlock logo, which is displayed on the far left in the
address line of the
browser.
your
rights
15.
Rights of data subjects
With regard to the data
processing by our company described above, you are
entitled to the following
data subject rights:
15.1
Information (Art. 15 GDPR)
You have the right to
ask us to confirm whether we are processing personal data
concerning you. If
this is the case, you have the right, under the conditions
set out in Art. 15
of the GDPR, to access this personal data and the other
information listed in
Art. 15 GDPR.
15.2
Rectification
(Art.
16 GDPR)
You have
the right to obtain from us without undue delay the
rectification of inaccurate
personal data concerning you and, where applicable, to
have incomplete personal
data completed, including by means of providing a
supplementary statement.
15.3
Erasure (Art. 17 GDPR)
You have the right to
obtain from us the erasure of your personal data without
undue delay, and we
shall have the obligation to erase your personal data
without undue delay where
one of the following grounds under Art. 17 of the GDPR
applies (e.g. if your
data is no longer required for the purpose for which we
were using it).
15.4
Restriction of
data
processing (Art. 18 GDPR)
You have the right to
ask us to restrict processing if one of the conditions
listed in Art. 18 GDPR
is met, e.g. if you dispute the accuracy of your personal
data, the data
processing will be restricted for the period of time that
allows us to verify
the accuracy of your data.
15.5
Data
portability
(Art. 20 GDPR)
You have the right,
subject to the conditions set out in Art. 20 GDPR, to
request the surrender of
data concerning you in a structured, common and
machine-readable format.
15.6
Withdrawal of consents (Art. 7 para. 3 GDPR)
You have the right to
withdraw your previously provided consent for data
processing. The withdrawal
will take effect from the time you request it (i.e. it
will have future effect
but no retrospective affect).
15.7
Complaint (Art. 77 GDPR)
If you believe that the
processing of your personal data is in breach of the GDPR,
you can complain to
a supervisory authority. You can submit your complaint to
a supervisory
authority in the EU member state where you are habitually
resident or work, or
where the alleged breach took place.
15.8
Prohibition of
automated
decisions/profiling (Art. 22 GDPR)
Decisions that have legal consequences for
you or
that could have a significant detrimental affect on you
must not be based
solely on the automated processing of personal data,
including profiling. We do
not apply any such processing or profiling to your
personal data.
15.9
Objection (Art. 21 GDPR)
Where
we
process your personal data on the basis of Art. 6 Par.
1f of the GDPR in
pursuit of our overriding legitimate interests, you have
the right subject to
Art. 21 of the GDPR to object, provided your objection
is based on grounds
relating to your specific situation. Once you have
objected, we will no longer
process your personal data unless we demonstrate
compelling legitimate grounds
for the processing which override your interests, rights
and freedoms or for
the establishment, exercise or defense of legal claims.
Regardless of the
aforementioned restrictions, and regardless of whether
any special
circumstances apply, you have the right to object at any
time to the processing
of your personal data for direct marketing purposes.
Status:
April
2020
|