Data security

Privacy policy and notes on the use of cookies

Fielmann Ventures GmbH takes the protection of your personal data very seriously and complies with the statutory provisions in the General Data Protection Regulation (“GDPR”) and in the current version of the German Federal Data Protection Act (“BDSG”) for the processing of personal data. In the following and in accordance with the GDPR, we would like to inform you of when and for what purposes personal data are processed on our websites.

1. What are personal data?

Pursuant to Art. 4 Para. 1 of the GDPR, ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2. Who is responsible for your data?

Responsibility for processing your personal data on our websites lies with Fielmann Ventures GmbH, Weidestraße 118a, 22083 Hamburg.
info@fielmann-ventures.com

3. Your rights

You can assert the following rights concerning us with regard to the processing of your personal data:

Right of access (Art. 15 GDPR),
Right to rectification (Art. 16 GDPR) and/or erasure including the ‘right to be forgotten’ (Art. 17 GDPR),
Right to restriction of processing (Art. 18 GDPR),
Right to object to the processing (Art. 21 Para. 1 GDPR) and the right to object to processing for direct marketing purposes (Art. 21 Para. 2 GDPR),
Right to data portability (Art. 20 Para. 1 GDPR).

In addition, you shall also be able to lodge a complaint to a supervisory authority for data protection. To the extent that we base the processing of your personal data on the balancing of interests, you shall be able to object to the processing (Art. 21 Para. 1 GDPR). This is the case if the processing is not necessary for the performance of a contract with you, which is outlined by us in the following description. When exercising such an objection, we ask you to provide the reasons why we should not process your personal data, as carried out by us. In the event of your reasoned objection, we shall examine the situation and shall either end or adapt the data processing, or demonstrate our compelling legitimate grounds for continuing the processing. Irrespective of this, you may object at any time and without providing reasons to the processing of your personal data for marketing and data analysis purposes (Art. 21 Para. 2 GDPR).

4. Processing personal data when our websites are accessed

a) Documenting the access
When using the internet services provided by Fielmann Ventures GmbH, certain data are automatically stored on our servers for system administration purposes and for statistical or security purposes, particularly for protection against attacks on our IT infrastructure. Provided the data are personal data as defined in Art. 4 Para. 1 of the GDPR, they shall be processed on the basis of Art. 6 Para. 1 lit. f of the GDPR.

IP address
Accessed page/name of the accessed file
Date and time of the access
Transferred amount of data
Report if the access was successful
The referring site, if access was made via an external link,
and the search term, if access was made via an external search engine
The browser software used for the access (language, version and configuration)
Details on your device’s operating system and interface

The data are only used in anonymized form for evaluating the general user behaviour. These statistical evaluations help us to improve our websites for you and adapt them to your needs. There is no other usage, least of all a link to personal data.
The afore-mentioned documentation data shall be stored on our servers for a standard 7 days and then erased, provided we are not legally obliged to store the data for longer. In such cases, storing data for longer periods shall be based on Art. 6 Para. 1 lit. c of the GDPR.

b) Use of cookies on our websites

What are cookies?

Cookies are small files that are stored on your hard drive and save certain settings and data for exchange with our systems or our service providers’ systems via your web browser. A distinction is made between two different types of cookies. There are so-called session ID cookies, which are erased as soon as you close your browser, and persistent cookies, which are stored on your hard drive for a long time.
You can remove stored cookies in your browser settings and deactivate the future storage of cookies. We would like to point out that not all the features of the websites may be used if the cookies are deactivated.

Our websites use the following cookies:

Our own cookies:

Server cookies
State-save cookies
Long-term cookies

Third-party cookies:

Google Analytics (Analytics)

c) Web analysis

In order to continuously improve and optimise our service, we use the third-party web-tracking and analytics services described below:

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google LL.C., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). The statistics gained allow us to improve our service and make it more interesting for you as a user. This website also uses Google Analytics for a cross-device analysis of visitor flow which is executed via a user ID. If you have a Google user account, you can deactivate the cross-device analysis of your use under the settings “My Data”, “Personal Data”.
The legal basis for using Google Analytics is provided by Art. 6 Para. 1 lit. f of the GDPR. The IP address transferred from your browser through Google Analytics will not be associated with any other data held by Google. We would also like to point out that Google Analytics has been supplemented on this website by the code “_anonymizeIp();”, to ensure an anonymized collection of IP addresses. As a result, IP addresses will be processed in an abbreviated form so that a personal relationship can be excluded. If the data collected about you create a personal relationship, the relationship will be excluded immediately and the personal data will be erased at once.

Only in exceptional cases, the full IP address is sent to and shortened by Google servers in the USA. On behalf of the website provider, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage to the website provider. For the exceptional cases in which personal data are transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Google Analytics uses cookies. The information generated by the cookie about your use of the website will normally be transmitted to and stored by Google on servers in the United States. You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie about your use of the website (including your IP address) to Google and the processing of this data by Google, by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout

You can also prevent the use of Google Analytics by clicking on this link: Deactivate Google Analytics. By doing so, a so-called opt-out cookie will be stored on your hard drive to prevent Google Analytics from processing personal data. Please note that when deleting all cookies on your computer, this opt-out cookie will also be deleted, so you have to reset the opt-out cookie if you wish to continue to prevent this form of data collection. The opt-out cookies are set per browser and computer, and therefore have to be separately activated for every browser, computer or other device.

d) Integration of other third-party services and content

Content is integrated into some of the pages of this online service. The use of third-party online services always implies that the providers of this content get access to the users’ IP address, because without the IP address the content could not be sent to the users’ browsers. The IP address is therefore required to be able to display this content. We strive only to use content from providers that use the IP address solely for the purpose of transferring their content. However, we have no control over third parties storing users’ IP addresses for statistical purposes, for example. We will immediately inform users if we become aware of such behaviour.

Google Maps

This website uses the service provided by Google Maps. This enables us to show you interactive maps directly in the website and offers you a convenient use of the maps feature. By visiting the website, Google receives the information that you have accessed the corresponding sub-site on our website. In addition, the data mentioned in section 3 of this policy will be transferred. This is done regardless of whether Google provides a user account that you have logged into or if no user account exists. If you are logged into Google, your data will be directly assigned to your account. If you do not wish your data to be assigned to your Google profile, you have to log out before the button is activated. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or needs-based website design. Such evaluation is mainly done (even for users not logged in) to place appropriate advertising and to inform other users of the social network about your activities on our website.

You are entitled to the right to object to the generation of these user profiles, although you must address Google to exercise this right. Further information on the purpose and scope of data collection and processing by Google, as well as on your rights in this respect and settings options for protecting your privacy is available at: http://www.google.de/intl/de/policies/privacy

Vimeo

Some pages of this online service integrate videos from the platform Vimeo, operated by Vimeo, Inc., 555 West 18th Street, New York, New York 10011, USA. The company’s privacy policy is available here: https://vimeo.com/privacy/

5. Processing personal data when making contact via the websites

Personal data are always processed on our websites if you enter personal details on one of the provided contact forms. This data and the content in your contact form are forwarded to the respective contact persons who use your data exclusively to process your request within the given purpose (for example, to our customer service for queries regarding our products).
In this case, your personal data are processed in connection with the performance of a contract concluded with you or in order to take steps upon request prior to entering into a contract (Art. 6 Para. 1 lit. b of the GDPR). There is no processing of personal data that goes beyond this. Provided nothing different is stipulated below, your data will be stored until the respective purpose of processing them has been achieved.

6. Will your data be transferred to third parties?

As a rule, personal data are not transferred to third parties. In exceptional cases, the transfer of personal data to third parties is considered if this is necessary for the purpose of answering your enquiry.
Personal data may also be forwarded based on the GDPR, the current version of the German Federal Data Protection Act (BDSG) and, where applicable, other relevant statutory regulations, provided we are legally obliged to do so (Art. 6 Para. 1 lit. c of the GDPR).

7. How are your data secured?

We take technical and organisational measures to protect your data from unauthorised access or loss. Our security measures are continuously improved in line with technological developments.

8. Do you have any further questions?

If you have any further questions on the collection, processing and use of your personal data, please contact datenschutz@fielmann.com or write to us at the address given in section 2.