(Applicable as of April 25, 2018)
Thank you for your interest in our website “Oh April” (www.oh-april.com). The protection of your privacy is very important to us. The transparent and legally compliant collection, processing and use of your personal data (e.g. name, address, e-mail addresses, user behaviour) is therefore a matter of importance to us. Therefore, we would like to inform you in detail about how we handle your data.
1. Controller and Contact Details
The controller is responsible for the collection, processing and use of your personal data within the meaning of the GDPR. The controller is
CARMA Concept GmbH
Antwerpener Straße 42
Managing directors authorized to represent the company:
If you wish to object to the collection, processing or use of your data by us in accordance with these data protection provisions, either in whole or in respect of individual measures, you may send your objection by letter or e-mail to the aforementioned contact details. In addition, you can of course also obtain information about the data stored by us free of charge at any time using the contact details (please also see Section 7).
When you contact us, the data you provide will be stored by us in order to answer your questions. We delete the data accruing in this context after the storage is no longer necessary or restrict the processing if there are legal obligations to retain data.
2. Collection, Storage and Use of Personal Data
2.1 When visiting our website
When you visit our website www.oh-april.com, information is automatically sent to our website server by the browser used on your end device. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automated deletion:
- IP address of the requesting computer,
- Date and time of access,
- Name and URL of the retrieved file,
- Website from which the access is made (referrer URL),
- Browser used and, if applicable, the operating system of your computer as well as the name of your access provider.
The aforementioned data will be processed by us for the following purposes:
- Ensuring a smooth connection to the website,
- Ensuring a comfortable use of our website,
- Evaluation of system security and stability, and
- For other administrative purposes.
The log files contain IP addresses or other data that allows an assignment to a user. This could be the case, for example, if the link to the website from which the user accesses the internet site or the link to the website to which the user goes contains personal data.
The legal basis for the data processing is Art. 6 Para. 1 Sent. 1 lit. f GDPR. Our legitimate interest arises from the data collection purposes listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person.
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. When data is collected for the provision of the website, the data will be deleted when the respective session has ended.
When data is stored in log files, the data will be deleted after seven days at the latest. Storage beyond this is possible. In this case, the IP addresses of the users are deleted or anonymized, so that an assignment of the data to a specific user is no longer possible.
2.2 When using further functions and offers of our website
In addition to purely informational use, we offer various services that you can use if you are interested. For this purpose, you will usually have to provide further personal data, which we use to provide the respective service.
a) Registration for our newsletter
If you have expressly consented in accordance with Art. 6 Para. 1 Sent. 1 lit. a GDPR (we use the double-opt-in procedure for registration to our newsletter), we will use your e-mail address to send you our newsletter regularly and pass it on to hypelab GbR ( Imprint Hypelab GbR ) so that they can also send you their newsletter. To receive the newsletter, it is sufficient to provide an e-mail address.
Unsubscribing is possible at any time, for example via a link at the end of each newsletter. Alternatively, you are welcome to send your unsubscribe request (for one or both newsletters) at any time to email@example.com by e-mail.
We may also share your email address with third parties to the extent necessary to send the newsletter. The legal basis for this is Art. 6 Para. 1 Sent. 1 lit. a GDPR.
b) Use of our shop
If you would like to place an order in our web shop “Oh April“, it is necessary for the conclusion of the contract that you provide your personal data, which we need for the processing of your order. Mandatory information that is required for the processing of contracts is marked separately. Any other information is given voluntarily. We process the data you provide for the purpose of processing your order. For this purpose, we may also pass on your payment data to third parties (such as transport carriers, logistics companies, banks, payment providers), insofar as this is necessary for order and order processing.
Finally, we need your e-mail address so that we can confirm receipt of your order and communicate with you, in particular to send you technical information in connection with your order. The legal basis for this is also Art. 6 Para. 1 Sent. 1 lit. b GDPR.
We are obliged by commercial and tax law to store your address, payment and order data for a period of 10 years.
2.3 Disclosure to third parties
Insofar as we use external service providers for the processing of your data, these have been carefully selected and commissioned by us. We have concluded data processing agreements with them so that they are also bound by our instructions in accordance with Section 28 of the German Data Protection Regulation (FDPR) and are regularly monitored by us.
As a general rule, we will only share your personal information with third parties if:
- You have given your explicit consent in accordance with Art. 6 Para. 1 Sent. 1 lit. a GDPR,
- The disclosure is done according to Art. 6 Para. 1 Sent. 1 lit. f GDPR and is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data,
- In the event that there is a legal obligation for the disclosure pursuant to Art. 6 Para. 1 Sent. 1 lit. c GDPR, and
- This is legally permissible and necessary according to Art. 6 Para. 1 Sent. 1 lit. b GDPR for the processing of contractual relationships with you.
3. Cookies/html storage objects
Information is stored in the cookie that is related to the specific end device used. This does not mean, however, that we thereby gain direct knowledge of your identity.
In addition, we also use temporary cookies (persistent cookies) to optimise user-friendliness, which are stored on your end device for a certain fixed period of time. If you visit our site again to use our services, it is automatically recognized that you have already been with us and which entries and settings you have made so that you do not have to enter them again.
Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. Nonetheless, completely disabling cookies may prevent you from using all the features of our website.
Furthermore, only pseudonymous data is stored in the cookies we use. When the cookie is activated, it is assigned an identification number and your personal data is not assigned to this identification number. Your name, IP address or similar data that would enable the cookie to be assigned to you are not stored in the cookie. On the basis of cookie technology, we only receive pseudonymised information, for example about which pages of our shop have been visited, which products have been viewed, etc. This information is not passed on to third parties.
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 Para. 1 lit. f GDPR.
Furthermore, we use HTML5 storage objects, which are stored on your end device. These objects store the required data regardless of the browser you are using and have no automatic expiration date. You can prevent the use of HTML5 storage objects by setting your browser to private mode. We also recommend that you manually delete your browser history on a regular basis.
The use of HTML5 storage objects serves to make the use of our offer more pleasant for you. The legal basis for the use of these is Art. 6 Para. 1 Sent. 1 lit. f GDPR.
4. Analytical tools
The tracking measures listed below and used by us are carried out on the basis of Art. 6 Para. 1 Sent. 1 lit. f GDPR. With the tracking measures we use, we want to ensure that our website is designed to meet the needs of our customers and that it is continuously optimized. Furthermore, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These interests are to be regarded as legitimate within the meaning of the aforementioned provision.
The respective data processing purposes and data categories can be found in the corresponding tracking tools.
The legal basis for the processing of personal data using cookies for analytical purposes is Art. 6 Para. 1 lit. a GDPR if the user has given the user’s consent in this regard.
4.1 Google Analytics
For the purpose of demand-oriented design and continuous optimization of our pages, we use Google Analytics, a web analysis service of Google LLC (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter “Google”). In this context, pseudonymised user profiles are created and cookies are used (see Section 4). The information generated by the cookie about your use of this website, such as
- Browser type/version,
- Operating system used,
- Referrer URL (the previously visited page),
- Host name of the accessing computer (IP address),
- Time of server request,
is transferred to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activity, to provide other services associated with the use of the website and the internet for the purposes of market research, and to bring the design of these internet pages in line with requirements. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymized so that an assignment is not possible (IP masking).
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).
As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent the collection of data by Google Analytics by clicking on this link. An opt-out cookie will be set to prevent future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.
Further information on data protection in connection with Google Analytics can be found, for example, under the Google Analytics help section here (https://support.google.com/analytics/answer/6004245?hl=de).
4.2 Google Adwords Conversion Tracking
In order to statistically record the use of our website and to evaluate it for the purpose of optimizing our website for you, we also use Google Conversion Tracking. Google Adwords will set a cookie (see Section 3) on your computer if you have accessed our website via a Google ad.
These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of the Adwords client's website and the cookie has not yet expired, Google and the client can recognize that the user clicked on the ad and was redirected to that page.
Each Adwords client receives a different cookie. Cookies can therefore not be tracked through the websites of Adwords clients. The information collected using the conversion cookie is used to generate conversion statistics for Adwords clients who have opted in to conversion tracking. Adwords clients learn the total number of users who clicked on their ads and were redirected to pages tagged with a conversion tracking tag. However, they do not receive any information with which users can be personally identified.
5. Facebook Remarketing
On our website we use the Remarketing function “Custom Audiences” of Facebook Inc. This feature is used to present interest-based advertisements (“Facebook Ads”) to visitors of our website while visiting the social network Facebook. For this purpose, the Remarketing tag of Facebook has been implemented on our website. This tag establishes a direct connection to the Facebook servers when you visit the website. In doing so, it is transmitted to the Facebook server that you have visited our website and Facebook assigns this information to your personal Facebook user account.
6. Google AdSense
Our website uses the online advertising service Google AdSense, through which you can be presented with advertising tailored to your interests. We do this in the interest of showing you advertising that may be of interest to you, in order to make our website more interesting for you. For this purpose, statistical information about you is collected and processed by our advertising partners. These advertisements are recognizable by the reference “Google Ads” in the respective advertisement.
By visiting our website, Google receives the information that you have accessed our website. For this purpose, Google uses a web beacon to set a cookie on your computer. The data transmitted is the data referred to in Section 2.1. We have no control over the data collected, nor are we aware of the full extent of the data collection and storage period. Your data will be transferred to the USA and evaluated there. If you are logged in with your Google account, your data can be directly assigned to it. If you do not wish to be associated with your Google profile, you must log out. It is possible that this data will be passed on to third parties and authorities contracted by Google.
The legal basis for the processing of your data is Art. 6 Para. 1 Sent. 1 lit. a GDPR.
This website does not serve third-party ads through Google AdSense.
You can also prevent the installation of cookies from Google AdSense in various ways: a) by adjusting your browser software settings accordingly, in particular the suppression of third-party cookies will prevent you from receiving ads from third-party providers; b) by deactivating Google's interest-based ads via the link http://www.google.de/ads/preferences, whereby this setting will be deleted when you delete your cookies; c) by deactivating the interest-based ads of providers that are part of the self-regulatory campaign “About Ads” via the link http://www.aboutads.info/choices, whereby this setting will be deleted when you delete your cookies; d) by permanently deactivating them in your browser, such as Firefox, Internet Explorer or Google Chrome under the link http://www.google.com/settings/ads/plugin. We would like to point out that in this case you may not be able to use all of the functions of this offer to their full extent.
a) Facebook and Instagram
Our websites contain plugins of the social network Facebook (Facebook Inc., 1601 Willow Road, Menlo Park, California, 94025, USA). This plugin displays, for example, the Facebook logo. The following link gives you an overview of all plugins of the social network Facebook: http://developers.facebook.com/docs/plugins/ .
As soon as you visit our site, a direct connection between your browser and the Facebook server is established with the help of these plugins. That is: Facebook learns that our website has been accessed from your IP address. If you click on a Facebook button while logged into your Facebook account, you can, for example, link your Facebook profile to our pages. However, Facebook can also determine that you (as a known Facebook user) have visited our pages. We expressly point out that we do not know which data is transmitted to Facebook in detail and how Facebook uses this data. If you do not want Facebook to be able to associate your user account with the use of our website, you should log out of your Facebook account while on our site.
So-called social plugins (“plugins”) from Instagram are used on our website. Instagram
is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). The plugins are marked with an Instagram logo, for example in the form of an “Instagram camera”. You can find an overview of Instagram plugins and their appearances here:
When you access a page of our website that contains such a plugin, your browser establishes a direct connection to the servers of Instagram. The content of the plugin is transmitted by Instagram directly to your browser and integrated into the page. Through this integration, Instagram receives information that your browser has called up the corresponding page of our website, even if you do not have an Instagram profile or are not currently logged in to Instagram. This information (including your IP address) is transmitted from your browser directly to a server of Instagram in the USA and stored there.
If you are logged in to Instagram, Instagram can directly assign your visit to our website to your Instagram account. If you interact with the plugins, for example by clicking the “Instagram” button, this information is also transmitted directly to an Instagram server and stored there. The information will also be published on your Instagram account, where it will be shown to your contacts.
If you do not want Instagram to directly assign the data collected via our website to your Instagram account, you must log out of Instagram before visiting our website. You can also completely prevent the loading of Instagram plugins using add-ons for your browser, e.g. with the script blocker “NoScript” (http://noscript.net/).
Our website uses so-called social plugins (“plugins”) of the social network Pinterest, which is operated by Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, USA (“Pinterest”). These plugins are recognizable, for example, by buttons with the sign “Pin it” on a white or red background. You can find an overview of the Pinterest plugins and their appearances here: https://developers.pinterest.com/docs/getting-started/introduction/
When you access a page of our website that contains such a plugin, your browser establishes a direct connection to the servers of Pinterest. The content of the plugin is transmitted by Pinterest directly to your browser and integrated into the page. Through this integration, Pinterest receives the information that your browser has called up the corresponding page of our website, even if you do not have a profile on Pinterest or are not currently logged in to Pinterest.
This information (including your IP address) is transmitted from your browser directly to a Pinterest server in the USA and stored there.
If you are logged in to Pinterest, Pinterest can directly assign your visit to our website to your Pinterest profile. If you interact with the plugins, for example by clicking the “Pin it” button, the corresponding information is also transmitted directly to a Pinterest server and stored there. The information will also be published on Pinterest and shown to your contacts there.
If you do not want Pinterest to assign the data collected via our website directly to your profile on Pinterest, you must log out of Pinterest before visiting our website. You can also completely prevent the loading of Pinterest plugins using add-ons for your browser, e.g. with the script blocker “NoScript” (http://noscript.net/).
7. Data Subject Rights
You have the right:
- In accordance with Art. 15 GDPR to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
- In accordance with Art. 16 GDPR to demand the immediate correction of incorrect personal data or the immediate completion of your personal data stored by us;
- In accordance with Art. 17 GDPR to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
- In accordance with Art. 18 GDPR to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it to assert, exercise or defend legal claims or you have objected to the processing in accordance with Art. 21 GDPR;
- In accordance with Art. 20 GDPR to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer of it to another controller;
- In accordance with Art. 7 Para. 3 GDPR to revoke your consent at any time. This has the consequence that we may no longer continue the data processing, which was based on this consent, for the future; and
- In accordance with Art. 77 GDPR to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.
8. Right of Objection and Revocation
If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 Para. 1 Sent. 1 lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are grounds for doing so that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which is implemented by us without specifying a particular situation.
If we process your personal data on the basis of consent given by you pursuant to Art. 6 Para. 1 Sent. 1 lit. a GDPR, you may revoke this in accordance with Art. 7 Para. 3 GDPR at any time with effect from the time of revocation.
If you would like to make use of your right of revocation or objection, it is sufficient to send an e-mail to: firstname.lastname@example.org
9. Data Security
We use the SSL process (Secure Socket Layer) within the website visit in connection with the highest encryption level supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we will use 128-bit v3 technology instead. You can see whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.
We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction and against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
Through the further development of our website and offers on it or due to the