Responsible for the websites of cadooz is cadooz GmbH, short: cadooz, (hereinafter also we/us). In the following, we would like to inform you comprehensively and in detail, how we protect your privacy and how personal data is processed within the framework of our websites and/or online offers. Personal data will be deleted as soon as possible and will never be used for advertising purposes or passed on without your consent. If the following information is not sufficient or not understandable, please do not hesitate to contact our data protection officer at the contact details listed in section II.
Represented by the managing directors Stefan Grimm, Marc Ehler, Dr. Samareh Khosravi
You can reach our Data Protection Officer:
Personally/confidentially to the data protection officer
1. Purposes and legal bases
The term personal data is defined in the General Data Protection Regulation (GDPR). According to this, personal data is any information relating to an identified or identifiable natural person - i.e., for example, your name, address or telephone number, but also online identifiers such as IP addresses. We collect and use personal data of our users only insofar if this is necessary for the performance and provision of our services and for the provision of our web or online offers (including mobile apps).
If you make use of our offers, we process your personal data based on various legal bases:
We process your personal data to fulfil contractual obligations (Art. 6 (1)(b) GDPR). This includes in particular
In addition, we process your data to protect our legitimate interests (Art. 6 (1)(f) GDPR), i.e.
We process your data on the basis of your consent (Art. 6(1)(a) GDPR) for certain purposes, for example
You can revoke the consent you have given us at any time without having to give us the reasons. The revocation of your consent only takes effect for the future and does not affect the lawfulness of the data processed until the revocation.
2. Recipients of personal data
In order to provide our web and/or online services, we sometimes use service providers who act on our behalf and according to our instructions (processors). These service providers may receive personal data or come into contact with personal data in the course of providing the service and constitute third parties or recipients within the meaning of the GDPR.
In such a case, we shall ensure that our service providers provide sufficient guarantees that appropriate technical and organizational measures are in place and that processing operations are carried out in such a way that they comply with the requirements of the GDPR and ensure the protection of the rights of the data subject (see Art. 28 GDPR).
To the extent that personal data is transferred to third parties and/or recipients outside of commissioned processing, we ensure that this is done exclusively in accordance with the requirements of the GDPR and only if there is a corresponding legal basis.
We use service providers from the following areas:
3. Processing of data in so-called third countries
Your personal data is generally processed within the EU or the European Economic Area ("EEA"). Only in exceptional cases (e.g. in connection with the involvement of service providers for the provision of web analytics services) information may be transferred to so-called "third countries". Third countries are countries outside the EU/EEA in which an adequate level of data protection in accordance with the EU standard cannot be assumed without further ado.
If the information transferred also includes personal data, we will ensure before such transfer that an adequate level of data protection is guaranteed in the respective third country or at the respective recipient in the third country, or that you have given your consent to this, or that another permissible circumstance (e.g. Art. 49 GDPR) exists. An adequate level of data protection can result from a so-called "adequacy decision" of the European Commission or be ensured by using the so-called "EU standard contractual clauses".
4. Data deletion and retention period
Personal data will be deleted or blocked as soon as the purpose of processing ceases to apply. Storage after the purpose of processing has ceased to apply will only take place if this is provided for by the European or national legislator in Union regulations, laws or other provisions to which our company is subject (e.g. to comply with statutory retention obligations and/or if there are legitimate interests in storage, e.g. during the running of limitation periods for the purpose of legal defense against any claims). Data will also be blocked or deleted if a storage period prescribed by the aforementioned provisions expires, unless there is a need to continue storing the data for the conclusion of a contract or for other purposes.
1. Automatic data processing
When you visit a website, certain data is processed automatically, including on our website. When you visit our website, the browser used on your terminal device automatically sends information to the server of our website (so-called server log files). This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automated deletion:
These data are processed by us for the following purposes:
In no case do we use the collected data for identifying you.
Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on the computer or a notice always appears before a new cookie is created. The complete deactivation of cookies may mean that you cannot use all the functions of our website.
Cookies can be divided into different categories: First, we distinguish between "first-party cookies", which are created and set directly by our site, and "third-party cookies", which are set by partner websites.
Furthermore, cookies can be divided into additional types:
These cookies are necessary to ensure basic functions of the website. For example, these cookies are necessary when you add a product to the shopping cart, then continue browsing other pages, and only later click on to pay. These cookies do not delete the shopping cart even if you close your browser window.
Analysis and marketing cookies
These cookies collect information about user behaviour and whether the website visitor receives any error messages. In addition, these cookies are also used to measure the loading time and the behaviour of the website with different browsers. In addition, they provide a better user experience. For example, entered locations, font sizes or form data are stored. We also use these cookies for marketing purposes; the data is used to create the possibility of displaying personalized advertisements tailored to user behaviour and user interest.
|cookieHint||Provides the tool for cookie management||2 month||cadooz.com|
|bscookie||This cookie remembers the two-factor authentication status of a logged-in user.||2 years|
|li_gc||This cookie is used to store the consent of guests to the use of non-mandatory cookies.||2 years|
|lidc||This cookie facilitates the selection of the data center.||24 hours|
|bcookie||This cookie is a browser identifier. This uniquely identifies devices that access LinkedIn in order to detect misuse of the platform.||2 years|
|lang||This cookie remembers the language setting of a user. This ensures that the LinkedIn.com website appears in the language selected by the user.||Session|
|AnalyticsSyncHistory||This cookie is used to store the time of synchronization with the cookie "lms_analytics" for users in the designated countries.||30 days|
|UserMatchHistory||This cookie is used to synchronize the IDs of LinkedIn Ads.||30 days|
|_ga||Contains a randomly generated user ID. This ID allows Google Analytics to recognize returning users on this website and merge data from previous visits.||2 years||Google Analytics|
|_gcl_au||Contains a randomly generated user ID.||90 days||Google Analytics|
|_gat||Certain data is only sent to Google Analytics a maximum of once per minute. The cookie has a lifetime of one minute. As long as it is set, certain data transfers are prevented.||1 minute||Google Analytics|
|_gid||Contains a randomly generated user ID. This ID allows Google Analytics to recognize returning users on this website and merge data from previous visits.||24 hours||Google Analytics|
How to delete cookies?
You decide how and whether you want to allow cookies to be set. Regardless of which service or website the cookies come from, you always have the option to delete, disable or only partially allow cookies. For example, you can block third-party cookies, but allow all other cookies. If you want to check which cookies have been stored in your browsers, if you want to change your cookie settings or delete cookies, you can find this in your browser settings:
Chrome: Delete, enable and manage cookies in Chrome
Safari: Managing cookies and web page data with Safari
Firefox: Delete cookies to remove data that websites have placed on your computer
Internet Explorer: Delete and manage cookies
Microsoft Edge: Delete and manage cookies
Settings via the Cookie-Consent Tool
When you visit our website for the first time, Cookie Hint is displayed as a pop-up window. You can enable or disable the cookies classified by function groups by clicking the corresponding box . Please note that the required cookies (see our description before) are already stored when the website is called up and the relevant box is preset.
For certain services and/or performances provided via our websites and online offers, registration and the setting up of a personal user account are required. As part of the registration and setup of the user account, the following personal data ("mandatory data") will be collected and stored by us. The data will not be passed on to third parties:
At the time of registration, (i) the user's IP address and (ii) the date and time of registration are also stored.
In addition, voluntary information can be provided. This information may include, for example, telephone number, fax number, mobile phone number or company details such as personnel number. Mandatory information that is required for the purpose of registration is indicated in the input mask by an asterisk as a mandatory field. Registration cannot take place without the complete and truthful completion of the mandatory fields. Registration is only completed when you confirm the link contained in an e-mail sent by us after filling out the mandatory fields. Voluntary information may be used for the purpose of improving our services.
In order to optimize our websites and adapt them to the changing habits and technical requirements of our users, we use tools for so-called web analysis. In doing so, we measure, for example, which elements are visited by users, whether the information they are looking for is easy to find, etc. This information only becomes interpretable and meaningful at all when a larger group of users is considered. For this purpose, the collected data is aggregated, i.e. combined into larger units.
For example, we can adapt the design of pages or optimize content if we determine that a relevant proportion of visitors are using new technologies or are having difficulty finding an existing piece of information.
On our web and online offers, we perform the following analyses or use the following web analysis tools:
1. Analysis of log data
Log data is used for analysis purposes exclusively on an anonymous basis; in particular, it is not linked to personal data of the user and/or to an IP address or a cookie. Such an analysis of log data is therefore not subject to the data protection provisions of the GDPR.
2. Google Analytics
If you do not wish to be evaluated by Google Analytics, you can prevent the collection of the data generated by the Google Analytics cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link http://tools.google.com/dlpage/gaoptout?hl=de
As an alternative to the browser plugin, you can click this link to prevent Google Analytics from collecting data on this website in the future. This will place an opt-out cookie on your terminal device. Your browser must therefore generally allow the storage of cookies for this purpose. If you delete your cookies regularly, you will need to click the link again each time you visit this website.
We use Google Analytics to analyze data from AdWords and the Double Click cookie for statistical purposes. If you do not want this, you can deactivate it via the Ads Preferences Manager http://www.google.com/settings/ads/onweb/?hl=de
3. Extended conversions from Google
We use the option of extended conversions from Google Analytics. With the help of this extended tracking option, conversions can be recorded even more precisely and offer us the possibility to optimize and target ads more precisely. A conversion is, for example, the click on a banner or the submission of a contact form. Here, the secure one-way hash algorithm (SHA256) is used before the data is transferred to Google. You can learn more about Google's use of data on advanced conversions on the corresponding help page of Goolge.
4. Google Tag Manager
For further analysis and marketing purposes we use the Google Tag Manager, this belongs to the company Google Ireland Ltd (provider of the service). The Google Tag Manager (GTM) is a tool for our websites to load additional tools. This is done with the help of so-called tags. A tag is a program logic that ensures that their activities on our website are recorded. The tags come from Google internal products, such as Google Ads or Google Analytics, but tags from other companies can also be included via the Google Tag Manager. The Google Tag Manager is a utility service and itself processes personal data only for technically necessary purposes. The Google Tag Manager takes care of loading other components, which in turn may collect data. The Google Tag Manager itself does not access this data. If you do not wish to use the Google Tag Manager tool, you can block it by selecting the "Reject all cookies" option in the Cookie Consent Tool (see IV. 3. "Cookie Management"), or by making a corresponding selection in the function groups of the Cookie Consent Tool.
5. Matomo (PIWIK)
For the analysis of our website usage, we also use the web analysis tool "Matomo" (formerly PIWIK). With Matomo, the usage information generated by the cookie is transferred to our server in Europe and stored for usage analysis purposes. The information generated by the cookie about your use of our website will not be disclosed to third parties. If you do not wish cookies to be used and/or evaluated by Matomo, you can also prevent the cookies used for profiling from being stored by setting your browser software accordingly.
The data processing is carried out on the basis of the legal provisions of Art. 6 para. 1 lit. f (legitimate interest) of the General Data Protection Regulation (DSGVO). Our concern in terms of the DSGVO (legitimate interest) is the optimization of our online offer and our web presence. Since the privacy of our visitors is important to us, the data that may allow a reference to an individual person, such as the IP address, login or device identifiers, are anonymized or pseudonymized as soon as possible. No other use, combination with other data or disclosure to third parties takes place.
You may object to the data processing at any time by clicking this link. The objection will not have any adverse consequences.
You can find more information about data protection at etracker here.
7. Omniture (Adobe Analytics)
You can object to the creation of the pseudonymous usage profiles at any time. You can also prevent the storage of cookies used for profiling by setting your browser software accordingly.
8. Google Remarketing
To protect our website from DDoS (Distributed Denial of Service) attacks and as a web application firewall, we use the services of Imerpva (Imperva Inc., One Curiosity Way, Suite 203 San Mateo, CA 94403).
A web application firewall enables filtering, monitoring and blocking of malicious HTTP traffic to and from a web service. Imperva WAF works as a reverse proxy, all Cadooz web traffic is routed through the Imperva network, allowing Imperva to examine each request to identify and block malicious activity. Imperva identifies malicious requests based on predefined patterns for web application attacks (e.g. XSS, SSRF, XXE, etc.). Imperva Reverse Proxy also includes patterns for detecting personal data and immediately performs real-time data masking. In case of a malicious request, Imperva creates an event that contains the client IP address and allows us to review/analyse the request. This stored IP address is deleted after 10 weeks, or the analysis, remediation and resolution of the security-related event.
Protection against DDOS attacks
A DDoS attack is an attempt to overload an Internet service with data traffic through a large number of targeted requests, so that it is no longer functional. In the event of a DDoS attack on a website, it can no longer be accessed.
The service from Imperva helps us to detect and defend against such attacks on our website. For this purpose, a reverse proxy server is connected upstream of the website to be protected. This accepts requests from the Internet on its behalf, filters out "harmful" requests and forwards only "secure" requests to the website servers. In this context, Imperva processes the IP address of the website visitors in order to evaluate whether the call is an attack. Normally, the data is stored on servers in countries of the European Union. In exceptional cases, data may be stored on servers in the USA. As a user of our website, you naturally have the option of blocking cookies at any time via your browser settings. You can object to any future recording of your user behaviour on our website; if you click on the link below, you will receive instructions on how to disable cookies on your computer: https://www.imperva.com/legal/privacy-policy/
10. LinkedIn Inside Tag
LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To disable the Insight tag on our website ("opt-out") www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
11. Trustpilot reviews
On our web and online offers we also offer the possibility to register for our newsletter.
1. Newsletter registration
If you would like to receive the newsletter offered by us, we require a valid e-mail address from you. In order to be able to check whether you are the owner of the specified e-mail address or whether its owner agrees to receive the newsletter, we send an automated e-mail to the specified e-mail address after the first registration step (so-called double opt-in). Only after confirmation of the newsletter registration via a link in the confirmation e-mail do we include the specified e-mail address in our distribution list. We do not collect any further data beyond the e-mail address and the information for confirming the registration. Your data will be processed exclusively for the purpose of sending the newsletter you have requested.
2. Newsletter dispatch
For the dispatch of our newsletter we use the offer and tools of Inxmail GmbH, Wetzinger Straße 17, 79106 Freiburg. The data you enter for the purpose of receiving the newsletter is processed on Inxmail's servers.
By using the tools of Inxmail, we analyze our sent newsletters and newsletter campaigns. For example, we analyze whether a newsletter message was opened and which contained links therein were clicked. Furthermore, it is analyzed whether certain previously defined actions were performed after opening/clicking. Thus, for example, it can be determined whether you have made a purchase in one of our stores or store-offers of our partners after clicking on links contained in the newsletter. This so-called tracking includes in particular:
We use Inxmail's personalized tracking, in which a recipient's behavior can be directly traced back to the recipient's unique identifier.
The data you provide for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter or after the purpose has ceased to exist. We reserve the right to delete or block e-mail addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest pursuant to Art. 6 (1) lit. f DSGVO. Data that has been stored by us for other purposes remains unaffected by this. If no analysis by Inxmail is desired, the newsletter can be cancelled via a corresponding link contained in each newsletter message. After successful unsubscription from the newsletter distribution list, your email address will be stored by us or the newsletter service provider in a blacklist, if necessary, in order to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data.
3. Use of personal data for advertising and marketing purposes / customer surveys
Your personal data will only be used for advertising and/or marketing purposes and to conduct customer satisfaction surveys if you have given your consent or if there is another legal basis that allows us to conduct advertising and/or marketing without your consent. The legal basis for advertising and/or marketing measures via e-mail for the purpose of direct advertising for our own similar goods or services is Section 7 (3) of the German Unfair Competition Act (UWG); this requires that (i) we have received your e-mail address in connection with the sale of a good or service, (ii) you have not objected to the use of your e-mail address for the purpose of direct advertising, and (iii) we clearly and unambiguously inform you at the time the e-mail address is collected and at each use that you object to such use of your e-mail at any time.
Our website contains a contact form which the user can use to contact us electronically. If the user makes use of this option, the data entered in the input mask will be transmitted to us and stored. These data are:
*Compulsory information that is required for the purpose of contacting you is marked with an asterisk as a mandatory field (also in the entry screen).
At the time of sending the message, the following data is also processed and stored:
Alternatively, it is possible to contact us via the email address provided on our website. In this case, the personal data of the user transmitted with the email will be stored. In no case will the data be passed on to third parties, unless we need to use third parties to process the request.
To prevent fraud, we use the services of Risk.Ident GmbH, Am Sandtorkai 50, 20457 Hamburg, to operate our website.
Risk.Ident collects and processes data with the help of cookies and other tracking technologies to determine the terminal device used by the user and other data about the use of the website. An assignment to a specific user does not take place. Insofar as IP addresses are collected by Risk.Ident, they are immediately encrypted.
The data is stored by Risk.Ident in a fraud prevention database. The database also contains data transmitted by us to Risk.Ident on end devices that have already been used to commit (attempted) fraud. In this respect, too, no allocation to specific users takes place.
As part of an order process on our website, we retrieve a risk assessment of the user's terminal device from the Risk.Ident database. This risk assessment on the probability of a fraud attempt takes into account, among other things, whether the terminal device has dialed in via different service providers, whether the terminal device has a frequently changing geo-reference, how many transactions have been made via the terminal device, and whether a proxy connection is used.
As a data subject, you have the following rights in connection with the processing of your personal data:
If you wish to exercise the aforementioned rights, you can contact us using the contact details provided above. In addition, you also have the right to lodge a complaint with the competent data protection supervisory authority if you consider that the processing of your personal data is not lawful (Art. 77 GDPR).
Decide for yourself which types of cookies and similar technologies we use. For more information about individual cookies and similar technologies, please refer to our Data Privacy Data Privacy Statement.
Essential cookies guarantee functions that enable the intended use of our website. Only cadooz GmbH has access to these cookies (known as “first-party cookies”) and uses them to ensure the navigation of our website or access to secure areas of the website, for example. Your consent is not necessary for the use of essential cookies.
Essential cookies cannot be deactivated via cookie settings. You can always deactivate cookies in general in your browser.
We, and third parties, use analysis cookies in order to better understand the use of our website and to improve our service.
With the aid of these cookies, we can calculate site traffic and the effect of certain pages of our website, as well as
optimize our content, for example.
We also use these cookies to make it easier for you to use our site and also to provide support.