Privacy

 

I. Preamble

 

Responsible for the websites of cadooz is cadooz GmbH, short: cadooz, (hereinafter also we/us). In the following, we would like to inform you comprehensively and in detail, how we protect your privacy and how personal data is processed within the framework of our websites and/or online offers. Personal data will be deleted as soon as possible and will never be used for advertising purposes or passed on without your consent. If the following information is not sufficient or not understandable, please do not hesitate to contact our data protection officer at the contact details listed in section II.

 

II. Controller/Data Protection Officer

 

Controller

cadooz GmbH
Osterbekstraße 90b
22083 Hamburg
Represented by the managing directors Stefan Grimm, Marc Ehler, Desmond Acosta
E-Mail: business@cadooz.de

You can reach our Data Protection Officer:

cadooz GmbH
Personally/confidentially to the data protection officer
Osterbekstraße 90b22083 Hamburg
E-Mail: datenschutz@cadooz.de

 

III. General principles/information

 

1. Purposes and legal bases

The term personal data is defined in the General Data Protection Regulation (GDPR). According to this, personal data is any information relating to an identified or identifiable natural person - i.e., for example, your name, address or telephone number, but also online identifiers such as IP addresses. We collect and use personal data of our users only insofar if this is necessary for the performance and provision of our services and for the provision of our web or online offers (including mobile apps).

If you make use of our offers, we process your personal data based on various legal bases:

We process your personal data to fulfil contractual obligations (Art. 6 (1)(b) GDPR). This includes in particular

  • the handling of orders,
  • to manage your user account,
  • for contacting you as far as it concerns relevant information about your order with us or if you direct inquiries to us.

In addition, we process your data to protect our legitimate interests (Art. 6 (1)(f) GDPR), i.e.

  • for the purpose of compiling statistics to improve our products and services,
  • for purposes of preventing, investigating and reporting criminal offenses, e.g. fraud, credit card misuse or identity deception,
  • to assert legal claims or
  • for advertising purposes, unless you have objected to the use of your data.

We process your data on the basis of your consent (Art. 6(1)(a) GDPR) for certain purposes, for example

  • for personalized use of the website and for personalized offers as well as optimization of the web offer
  • for the purpose of compiling statistics to improve products and services
  • for analytical purposes in order to optimize our offer for you
  • to the newsletter dispatch and customer survey

You can revoke the consent you have given us at any time without having to give us the reasons. The revocation of your consent only takes effect for the future and does not affect the lawfulness of the data processed until the revocation.

2. Recipients of personal data

In order to provide our web and/or online services, we sometimes use service providers who act on our behalf and according to our instructions (processors). These service providers may receive personal data or come into contact with personal data in the course of providing the service and constitute third parties or recipients within the meaning of the GDPR.
In such a case, we shall ensure that our service providers provide sufficient guarantees that appropriate technical and organizational measures are in place and that processing operations are carried out in such a way that they comply with the requirements of the GDPR and ensure the protection of the rights of the data subject (see Art. 28 GDPR).
To the extent that personal data is transferred to third parties and/or recipients outside of commissioned processing, we ensure that this is done exclusively in accordance with the requirements of the GDPR and only if there is a corresponding legal basis.
We use service providers from the following areas:

  • IT service provider (e.g. maintenance service provider, hosting service provider)
  • Service provider for file and data destruction
  • Printing services
  • Advice and consulting, auditors
  • Service provider for marketing or sales
  • Logistics service provider

3. Processing of data in so-called third countries

Your personal data is generally processed within the EU or the European Economic Area ("EEA"). Only in exceptional cases (e.g. in connection with the involvement of service providers for the provision of web analytics services) information may be transferred to so-called "third countries". Third countries are countries outside the EU/EEA in which an adequate level of data protection in accordance with the EU standard cannot be assumed without further ado.

If the information transferred also includes personal data, we will ensure before such transfer that an adequate level of data protection is guaranteed in the respective third country or at the respective recipient in the third country, or that you have given your consent to this, or that another permissible circumstance (e.g. Art. 49 GDPR) exists. An adequate level of data protection can result from a so-called "adequacy decision" of the European Commission or be ensured by using the so-called "EU standard contractual clauses".

4. Data deletion and retention period

Personal data will be deleted or blocked as soon as the purpose of processing ceases to apply. Storage after the purpose of processing has ceased to apply will only take place if this is provided for by the European or national legislator in Union regulations, laws or other provisions to which our company is subject (e.g. to comply with statutory retention obligations and/or if there are legitimate interests in storage, e.g. during the running of limitation periods for the purpose of legal defense against any claims). Data will also be blocked or deleted if a storage period prescribed by the aforementioned provisions expires, unless there is a need to continue storing the data for the conclusion of a contract or for other purposes.

IV. Data processing in connection with our website

 

1. Automatic data processing

When you visit a website, certain data is processed automatically, including on our website. When you visit our website, the browser used on your terminal device automatically sends information to the server of our website (so-called server log files). This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automated deletion:

  • IP address of the requesting computer (in anonymized form),
  • date and time of access,
  • name and URL of the retrieved file,
  • website from which the access is made (referrer URL),
  • the browser used and, if applicable, the operating system of your computer, smartphone, etc., as well as the name of your access provider,
  • location (country).

These data are processed by us for the following purposes:

  • Ensuring a smooth connection of the website,
  • ensuring a comfortable use of our website,
  • evaluation of system security and stability,
  • determination of the correct price (including taxes) as well as
  • for other administrative purposes.

In no case do we use the collected data for identifying you.

2. Cookies

In addition, we use cookies when you visit our website. These are small files that are automatically created by your browser and stored on your end device (desktop PC, laptop, tablet, smartphone or similar) when you visit our website. Cookies do not cause any damage to your terminal device, do not contain viruses, trojan horse viruses or other malware. The cookie stores information that is related to the specific terminal device used. This does not mean, however, that we thereby gain direct knowledge of your identity. The stored information may include, for example, any login status on a website or the shopping cart.

Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on the computer or a notice always appears before a new cookie is created. The complete deactivation of cookies may mean that you cannot use all the functions of our website.

Cookies can be divided into different categories: First, we distinguish between "first-party cookies", which are created and set directly by our site, and "third-party cookies", which are set by partner websites.

Furthermore, cookies can be divided into additional types:

Necessary cookies
These cookies are necessary to ensure basic functions of the website. For example, these cookies are necessary when you add a product to the shopping cart, then continue browsing other pages, and only later click on to pay. These cookies do not delete the shopping cart even if you close your browser window.

Analysis and marketing cookies
These cookies collect information about user behaviour and whether the website visitor receives any error messages. In addition, these cookies are also used to measure the loading time and the behaviour of the website with different browsers. In addition, they provide a better user experience. For example, entered locations, font sizes or form data are stored. We also use these cookies for marketing purposes; the data is used to create the possibility of displaying personalized advertisements tailored to user behaviour and user interest.

Cookie Description Storage duration Origin
Necessary
cookieHint Provides the tool for cookie management 2 month cadooz.com
Marketing
bscookie This cookie remembers the two-factor authentication status of a logged-in user. 2 years LinkedIn
li_gc This cookie is used to store the consent of guests to the use of non-mandatory cookies. 2 years LinkedIn
lidc This cookie facilitates the selection of the data center. 24 hours LinkedIn
bcookie This cookie is a browser identifier. This uniquely identifies devices that access LinkedIn in order to detect misuse of the platform. 2 years LinkedIn
lang This cookie remembers the language setting of a user. This ensures that the LinkedIn.com website appears in the language selected by the user. Session LinkedIn
AnalyticsSyncHistory This cookie is used to store the time of synchronization with the cookie "lms_analytics" for users in the designated countries. 30 days LinkedIn
UserMatchHistory This cookie is used to synchronize the IDs of LinkedIn Ads. 30 days LinkedIn
Analysis
_ga Contains a randomly generated user ID. This ID allows Google Analytics to recognize returning users on this website and merge data from previous visits. 2 years Google Analytics
_gcl_au Contains a randomly generated user ID. 90 days Google Analytics
_gat Certain data is only sent to Google Analytics a maximum of once per minute. The cookie has a lifetime of one minute. As long as it is set, certain data transfers are prevented. 1 minute Google Analytics
_gid Contains a randomly generated user ID. This ID allows Google Analytics to recognize returning users on this website and merge data from previous visits. 24 hours Google Analytics

 

How to delete cookies?
You decide how and whether you want to allow cookies to be set. Regardless of which service or website the cookies come from, you always have the option to delete, disable or only partially allow cookies. For example, you can block third-party cookies, but allow all other cookies. If you want to check which cookies have been stored in your browsers, if you want to change your cookie settings or delete cookies, you can find this in your browser settings:

Chrome: Delete, enable and manage cookies in Chrome
Safari: Managing cookies and web page data with Safari
Firefox: Delete cookies to remove data that websites have placed on your computer
Internet Explorer: Delete and manage cookies
Microsoft Edge: Delete and manage cookies

3. Cookie-Management

Cookie-Consent-Tool
To enable you to control the use of cookies, an extension is installed on the website that provides a cookie consent tool. The extension "Cookie Hint", by Medienwerft - Agentur für digitale Medien und Kommunikation GmbH, Wendenstraße 130, 20537 Hamburg, shows you information organized by functional groups and explains the purpose of the cookie functional groups. For the use of the extension Cookie Hint the storage of a cookie is technically necessary

Settings via the Cookie-Consent Tool
When you visit our website for the first time, Cookie Hint is displayed as a pop-up window. You can enable or disable the cookies classified by function groups by clicking the corresponding box . Please note that the required cookies (see our description before) are already stored when the website is called up and the relevant box is preset.

 

V. Registration / Setting up a user account

 

For certain services and/or performances provided via our websites and online offers, registration and the setting up of a personal user account are required. As part of the registration and setup of the user account, the following personal data ("mandatory data") will be collected and stored by us. The data will not be passed on to third parties:

  • Username
  • Password
  • Business e-mail address of the user
  • First name, last name, title
  • Company (as far as relevant)
  • Adress
  • State, province and city of the company

At the time of registration, (i) the user's IP address and (ii) the date and time of registration are also stored.

In addition, voluntary information can be provided. This information may include, for example, telephone number, fax number, mobile phone number or company details such as personnel number. Mandatory information that is required for the purpose of registration is indicated in the input mask by an asterisk as a mandatory field. Registration cannot take place without the complete and truthful completion of the mandatory fields. Registration is only completed when you confirm the link contained in an e-mail sent by us after filling out the mandatory fields. Voluntary information may be used for the purpose of improving our services.

 

VI. Web analytics/marketing/website security

 

In order to optimize our websites and adapt them to the changing habits and technical requirements of our users, we use tools for so-called web analysis. In doing so, we measure, for example, which elements are visited by users, whether the information they are looking for is easy to find, etc. This information only becomes interpretable and meaningful at all when a larger group of users is considered. For this purpose, the collected data is aggregated, i.e. combined into larger units.

For example, we can adapt the design of pages or optimize content if we determine that a relevant proportion of visitors are using new technologies or are having difficulty finding an existing piece of information.

On our web and online offers, we perform the following analyses or use the following web analysis tools:

1. Analysis of log data

Log data is used for analysis purposes exclusively on an anonymous basis; in particular, it is not linked to personal data of the user and/or to an IP address or a cookie. Such an analysis of log data is therefore not subject to the data protection provisions of the GDPR.

2. Google Analytics

For the analysis of website usage, we use the web analytics service "Google Analytics" provided by Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; "Google"). Google Analytics uses cookies, which allow an analysis of the use of the website by our customers on a pseudonymous and/or anonymous basis.

The information generated by the cookie about your website use will be transmitted to and stored by Google on servers in the United States. However, due to the activation of IP anonymization on this website, your IP address will be shortened by Google within the Member States of the European Union or in other contracting states to the Agreement on the European Economic Area before transmission. Only in exceptional cases will the full IP address be transmitted to a Google server in the US and shortened there. Google uses the aforementioned information to evaluate the use of the website on our behalf, to compile reports on website activity and to provide other services to the website operator in connection with website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

If you do not wish to be evaluated by Google Analytics, you can prevent the collection of the data generated by the Google Analytics cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link http://tools.google.com/dlpage/gaoptout?hl=de

As an alternative to the browser plugin, you can click this link to prevent Google Analytics from collecting data on this website in the future. This will place an opt-out cookie on your terminal device. Your browser must therefore generally allow the storage of cookies for this purpose. If you delete your cookies regularly, you will need to click the link again each time you visit this website.

We use Google Analytics to analyze data from AdWords and the Double Click cookie for statistical purposes. If you do not want this, you can deactivate it via the Ads Preferences Manager http://www.google.com/settings/ads/onweb/?hl=de

3. Google Tag Manager

For further analysis and marketing purposes we use the Google Tag Manager, this belongs to the company Google Ireland Ltd (provider of the service). The Google Tag Manager (GTM) is a tool for our websites to load additional tools. This is done with the help of so-called tags. A tag is a program logic that ensures that their activities on our website are recorded. The tags come from Google internal products, such as Google Ads or Google Analytics, but tags from other companies can also be included via the Google Tag Manager. The Google Tag Manager is a utility service and itself processes personal data only for technically necessary purposes. The Google Tag Manager takes care of loading other components, which in turn may collect data. The Google Tag Manager itself does not access this data. If you do not wish to use the Google Tag Manager tool, you can block it by selecting the "Reject all cookies" option in the Cookie Consent Tool (see IV. 3. "Cookie Management"), or by making a corresponding selection in the function groups of the Cookie Consent Tool.

For more information about Google Tag Manager, see Google's privacy policy.

4. Matomo (PIWIK)

For the analysis of our website usage, we also use the web analysis tool "Matomo" (formerly PIWIK). With Matomo, the usage information generated by the cookie is transferred to our server in Europe and stored for usage analysis purposes. The information generated by the cookie about your use of our website will not be disclosed to third parties. If you do not wish cookies to be used and/or evaluated by Matomo, you can also prevent the cookies used for profiling from being stored by setting your browser software accordingly.

5. Omniture (Adobe Analytics)

In order to tailor our website to your needs, we create pseudonymous usage profiles using Adobe Analytics (Omniture). Adobe Analytics (Omniture) uses cookies, which are text files placed on your computer, to help the website analyze how users use the site (see Use of cookies above). The information generated by the cookie about your use of this website is usually transmitted to and stored by Adobe on servers in the United States. Since we have activated IP anonymization on this website, the server setting we have made ensures that the IP address is anonymized before geolocation. In doing so, the last octet of the IP address is replaced by zeros. Before storing the information generated by the cookie, the IP address is replaced with individual generic IP addresses. Adobe will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage.

You can object to the creation of the pseudonymous usage profiles at any time. You can also prevent the storage of cookies used for profiling by setting your browser software accordingly.

6. Google Remarketing

We use the remarketing technology of Google Inc. (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; "Google"). Through this technology, users who have already visited our websites and/or our online services and were interested in the offer are addressed again through targeted advertising on the pages of the Google Partner Network. The insertion of the advertising takes place through the use of cookies. With the help of the cookies, user behaviour when visiting the website can be analysed and subsequently used for targeted product recommendations and interest-based advertising.

If you do not wish to receive interest-based advertising, you can disable Google's use of cookies for these purposes by visiting the https://www.google.de/settings/ads/onweb#display_optout page. Alternatively, users can disable the use of third-party cookies by visiting the Network Advertising Initiative opt-out page http://www.networkadvertising.org/managing/opt_out.asp

7. Imperva

To protect our website from DDoS (Distributed Denial of Service) attacks and as a web application firewall, we use the services of Imerpva (Imperva Inc., One Curiosity Way, Suite 203 San Mateo, CA 94403).

Web-Application-Firewall
A web application firewall enables filtering, monitoring and blocking of malicious HTTP traffic to and from a web service. Imperva WAF works as a reverse proxy, all Cadooz web traffic is routed through the Imperva network, allowing Imperva to examine each request to identify and block malicious activity. Imperva identifies malicious requests based on predefined patterns for web application attacks (e.g. XSS, SSRF, XXE, etc.). Imperva Reverse Proxy also includes patterns for detecting personal data and immediately performs real-time data masking. In case of a malicious request, Imperva creates an event that contains the client IP address and allows us to review/analyse the request. This stored IP address is deleted after 10 weeks, or the analysis, remediation and resolution of the security-related event.

Protection against DDOS attacks
A DDoS attack is an attempt to overload an Internet service with data traffic through a large number of targeted requests, so that it is no longer functional. In the event of a DDoS attack on a website, it can no longer be accessed.

The service from Imperva helps us to detect and defend against such attacks on our website. For this purpose, a reverse proxy server is connected upstream of the website to be protected. This accepts requests from the Internet on its behalf, filters out "harmful" requests and forwards only "secure" requests to the website servers. In this context, Imperva processes the IP address of the website visitors in order to evaluate whether the call is an attack. Normally, the data is stored on servers in countries of the European Union. In exceptional cases, data may be stored on servers in the USA. As a user of our website, you naturally have the option of blocking cookies at any time via your browser settings. You can object to any future recording of your user behaviour on our website; if you click on the link below, you will receive instructions on how to disable cookies on your computer: https://www.imperva.com/legal/privacy-policy/

8. LinkedIn Inside Tag

We use the conversion tool "LinkedIn Insight Tag" of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. A cookie is created in your web browser by this tool, which enables the collection of the following data, among others: IP address, device and browser properties, and page events (e.g. page views). This data is encrypted, anonymized within seven days, and the anonymized data is deleted within 90 days. LinkedIn does not share any personal data with cadooz GmbH, but offers anonymized reports on the website target group and display performance. In addition, LinkedIn offers the possibility of retargeting via the Insight Tag. We can use this data to display targeted advertising outside our website without identifying you as a website visitor. For more information on data protection at LinkedIn, please refer to the LinkedIn privacy policy www.linkedin.com/legal/privacy-policy

LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To disable the Insight tag on our website ("opt-out") www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

 

VII. Newsletter

 

On our web and online offers we also offer the possibility to register for our newsletter.

1. Newsletter registration

If you would like to receive the newsletter offered by us, we require a valid e-mail address from you. In order to be able to check whether you are the owner of the specified e-mail address or whether its owner agrees to receive the newsletter, we send an automated e-mail to the specified e-mail address after the first registration step (so-called double opt-in). Only after confirmation of the newsletter registration via a link in the confirmation e-mail do we include the specified e-mail address in our distribution list. We do not collect any further data beyond the e-mail address and the information for confirming the registration. Your data will be processed exclusively for the purpose of sending the newsletter you have requested.

2. Newsletter dispatch

For the dispatch of our newsletter we use the offer and tools of Inxmail GmbH, Wetzinger Straße 17, 79106 Freiburg. The data you enter for the purpose of receiving the newsletter is processed on Inxmail's servers.

By using the tools of Inxmail, we analyze our sent newsletters and newsletter campaigns. For example, we analyze whether a newsletter message was opened and which contained links therein were clicked. Furthermore, it is analyzed whether certain previously defined actions were performed after opening/clicking. Thus, for example, it can be determined whether you have made a purchase in one of our stores or store-offers of our partners after clicking on links contained in the newsletter. This so-called tracking includes in particular:

  • The opening of a mailing
  • Clicking on text and image links
  • Downloading images in an e-mail program

Personalized tracking
We use Inxmail's personalized tracking, in which a recipient's behavior can be directly traced back to the recipient's unique identifier.

Storage period
The data you provide for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter or after the purpose has ceased to exist. We reserve the right to delete or block e-mail addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest pursuant to Art. 6 (1) lit. f DSGVO. Data that has been stored by us for other purposes remains unaffected by this. If no analysis by Inxmail is desired, the newsletter can be cancelled via a corresponding link contained in each newsletter message. After successful unsubscription from the newsletter distribution list, your email address will be stored by us or the newsletter service provider in a blacklist, if necessary, in order to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data.

You can find the privacy policy of Inxmail at: https://www.inxmail.com/data-conditions

3. Use of personal data for advertising and marketing purposes / customer surveys

Your personal data will only be used for advertising and/or marketing purposes and to conduct customer satisfaction surveys if you have given your consent or if there is another legal basis that allows us to conduct advertising and/or marketing without your consent. The legal basis for advertising and/or marketing measures via e-mail for the purpose of direct advertising for our own similar goods or services is Section 7 (3) of the German Unfair Competition Act (UWG); this requires that (i) we have received your e-mail address in connection with the sale of a good or service, (ii) you have not objected to the use of your e-mail address for the purpose of direct advertising, and (iii) we clearly and unambiguously inform you at the time the e-mail address is collected and at each use that you object to such use of your e-mail at any time.

 

VIII. Contact form and e-mail contact

 

Our website contains a contact form which the user can use to contact us electronically. If the user makes use of this option, the data entered in the input mask will be transmitted to us and stored. These data are:

  • company*
  • first name*
  • last name*
  • query type
  • order or serial number
  • phone number
  • E-Mail*
  • field for messages*
  • postcode*
  • country

*Compulsory information that is required for the purpose of contacting you is marked with an asterisk as a mandatory field (also in the entry screen).

At the time of sending the message, the following data is also processed and stored:

  • the IP address of the user
  • date and time of dispatch

Alternatively, it is possible to contact us via the email address provided on our website. In this case, the personal data of the user transmitted with the email will be stored. In no case will the data be passed on to third parties, unless we need to use third parties to process the request.

 

IX. Fraud prevention

 

To prevent fraud, we use the services of Risk.Ident GmbH, Am Sandtorkai 50, 20457 Hamburg, to operate our website.

Risk.Ident collects and processes data with the help of cookies and other tracking technologies to determine the terminal device used by the user and other data about the use of the website. An assignment to a specific user does not take place. Insofar as IP addresses are collected by Risk.Ident, they are immediately encrypted.

The data is stored by Risk.Ident in a fraud prevention database. The database also contains data transmitted by us to Risk.Ident on end devices that have already been used to commit (attempted) fraud. In this respect, too, no allocation to specific users takes place.

As part of an order process on our website, we retrieve a risk assessment of the user's terminal device from the Risk.Ident database. This risk assessment on the probability of a fraud attempt takes into account, among other things, whether the terminal device has dialed in via different service providers, whether the terminal device has a frequently changing geo-reference, how many transactions have been made via the terminal device, and whether a proxy connection is used.

 

X. Data subject rights

 

As a data subject, you have the following rights in connection with the processing of your personal data:

  • information about your personal data (Art. 15 GDPR);
  • correction of your incorrect personal data (Art. 16 GDPR);
  • deletion of your personal data (Art. 17 GDPR);
  • restriction of the processing of your personal data (Art. 18 GDPR);
  • object to the processing of your personal data (Art. 21 GDPR);
  • revocation at any time of your consent once given, with the consequence that we may no longer continue the data processing based on this consent for the future (Art. 7 (3) GDPR);
  • right to data portability with regard to your personal data (Art. 20 GDPR).

If you wish to exercise the aforementioned rights, you can contact us using the contact details provided above. In addition, you also have the right to lodge a complaint with the competent data protection supervisory authority if you consider that the processing of your personal data is not lawful (Art. 77 GDPR).

 

XI. Status/Changes to this Privacy Policy

 

This privacy policy is current as of April 2022.

Due to the further development of our website and offers, it may become necessary to change this privacy policy. You can access the current privacy policy at any time on the website at https://www.cadooz.com/datenschutz/