DATA PRIVACY INFORMATION
In the following you will find a detailed explanation of how we collect personal data when our website is used. Personal data refers to data that is personal to you, such as your name, address, e-mail addresses and behaviour as a user.
The Data Controller responsible according to Art. 4 (7) EU General Data Protection Regulation (GDPR) is:
THOMAS SABO GmbH & Co. KG
Silberstraße 1
91207 Lauf
Germany
Phone: +49 (0)91 23-97 15 0
FAX: +49 (0)91 23-97 15 20
e-mail info@thomassabo.com
Our data protection officer can be reached at:
THOMAS SABO GmbH & Co. KG
Privacy
Silberstraße 1
91207 Lauf
Germany
Phone: +49 (0)91 23-97 15 0
FAX: +49 (0)91 23-97 15 20
e-mail datenschutz@thomassabo.com
SECURITY
This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data or sensitive content, such as orders or enquiries to the data controller. You can recognise an encrypted connection by the "https://" and padlock icon in your browser bar.
LEGAL BASES
In accordance with Art. 13 GDPR, we inform you here about the legal bases for the data processing we perform. The following applies unless the legal basis is explicitly stated below in the Privacy Policy: The legal basis for obtaining consent is formed by Art. 6 (1)(a) and Art. 7 GDPR. The legal basis for processing in order to fulfil our services and implement contractual measures is formed by Art. 6 (1) (b) GDPR. The legal basis for processing in order to fulfil our legal obligations is formed by Art. 6 (1) (c) GDPR and the legal basis for safeguarding our legitimate interests is formed by Art. 6 (1) (f) GDPR.
THE COLLECTION OF PERSONAL DATA WHEN VISITING OUR WEBSITE
If you merely use our website for informative reasons, i.e. you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. When you what to view our website, we collect the following information as a technical requirement for us to be able to display our website to you and guarantee stability and security (legal basis formed by Art. 6. (1) (1) (f) GDPR:
- IP address
- Date and time of access
- Time zone difference to Greenwich Mean Time (GMT)
- Content of your request (specific page)
- Access status/HTTP status code
- Volume of data transferred in each case
- Website from where the request came
- Browser
- Operating system and its interface
- Language and version of the browser software
In addition to the aforementioned data, cookies are stored on your computer. Cookies are small text files that are stored on your computer specific to the browser you are using and provide the party setting the cookie (in this case, us) with certain information. Cookies cannot run programs or transmit viruses to your computer. We use cookies to make our offering more user-friendly and effective as a whole.
Temporary, session or transient cookies are cookies which are deleted after a user leaves the online offering and closes their browser. Permanent or persistent are cookies that remain stored on the user's computer even after the browser is closed. This allows the login status to be saved, for instance, for when the user revisits the websites after a period of several days. Likewise, the interests of users can be stored in a cookie of this type, which is then used, for instance, to measure reach or for marketing purposes.
We use both temporary and permanent cookies so that we can identify you on subsequent visits if you have an account with us. Otherwise you would have to log in again every time you visit our website.
You can configure your browser settings based on your preferences and, for example, refuse to accept third-party cookies (from providers other than the party responsible for operating the website) or all cookies in general. We would like to point out that eventually you may not be able to use all the features of this website as a result.
ADDITIONAL FUNCTIONS AND OFFERINGS ON OUR WEBSITE
In addition to the purely informational use of our website, we offer various services that you can use if you are interested. This usually means that you will have to provide additional details about yourself which we use to provide the relevant service and to which the aforementioned data processing principles apply.
If we use contracted service providers for individual functions of our offering or would like to use your data for advertising purposes, we will inform you in detail below about the respective processes.
Some of our applications use what is referred to as geolocation, i.e. the assignment of a user process to the call location. This takes place exclusively on the basis of the anonymised IP address and only up to geographical level. In no way can conclusions be drawn about a user's actual place of residence from the geographical information obtained in this way.
Establishing Contact
When establishing contact with us (e.g. over our contact form, by e-mail, telephone or social media), the information you provide is processed exclusively for the purpose of processing the contact request. The legal basis for processing the data is our legitimate interest in answering your enquiry in accordance with Art. 6 (1) (f) GDPR.
Your data will be deleted once we have finally processed your enquiry. This will be the case if it can be inferred from the circumstances that the matter in question has been finally clarified, provided that no statutory retention requirements stand in conflict.
Using our web shop
If you would like to place an order in our webshop, we need your master and communication data for us to able to process your order. By master data we mean your name, address and date of birth. We need your date of birth to ensure that you are over 18 years and to distinguish between duplicate names. By communication data, we mean your e-mail address and, if provided voluntarily, your telephone number. We will only use your telephone number for queries from our Customer Service Dept. when processing the contract and not for marketing purposes. Processing here is based on Art. 6 (1) (1) (b) GDPR (contract fulfilment). If you place an order in our online shop, the collection of your e-mail address is legally necessary in order to be able to send you an electronic order confirmation and is therefore required in accordance with Art. 6 (1) (1) (c) GDPR.
We process the data you provide in order to process your order. To do so we may pass on your payment data to our payment service providers. The legal basis for this is formed by Art. 6 (1) (1) (b) GDPR.
We can also process the data you provide in order to inform you about other interesting products from our range or to send you e-mails containing technical details.
You also have the option to create a password-protected customer account on a voluntary basis through which we can save your data for future purchases. When you create an account under "My Account", the data you provide is stored revocably. You can manage and change your data yourself here and also view your order history.
Commercial and tax law requirements oblige us to store your address, payment and order data for a period of 10 years. However, we restrict processing after a period of two years. That means that your data will only be used in order to comply with legal obligations.
In order to prevent unauthorised access to your personal data by third parties, in particular financial data, the order process is encrypted using TLS technology.
Newsletter and news services
With your consent and independent of a contract settlement, you can subscribe to our newsletter which informs you about current and interesting offers at our company.
We use the double Opt-in procedure for subscribing to our newsletter. This means that after you subscribe, we send an e-mail to the e-mail address your provide and ask you to confirm that you wish to receive the newsletter. If we do not receive confirmation of your subscription within 48 hours, your information is automatically deleted. We also store your IP addresses and the times when you subscribed and confirmed your subscription. The purpose of this procedure is to prove that you subscribed and, if necessary, to clarify any possible misuse of your personal data.
The only requirement for sending the newsletter is an indication of your e-mail address. and, in order to be able to address you personally, your first and surname as well. The use of a real name is not compulsory and pseudonymous use is possible. Once you have confirmed your subscription, we save the data you provide for the purpose of sending you the newsletter. The legal basis is formed by Art. 6 (1) (1) (a) GDPR.
You can revoke your consent to receiving the newsletter at any time and unsubscribe from the newsletter. You can declare this by clicking on the link provided in each newsletter you receive, by sending an e-mail to datenschutz@thomassabo.com or by sending a message to the contact details provided in the Legal Notice.
To send the newsletter, THOMAS SABO uses the Salesforce Marketing Cloud service, which is operated by Salesforce.com Inc, Salesforce Tower @ 415 Mission Street, 3rd Floor, San Francisco, California, CA 94105, USA.
In order to make our newsletter even more interesting for you in the future, we use standard market technologies such as cookies or tracking pixels in our newsletter. We evaluate the clicks you make in newsletters using what are referred to tracking pixels, i.e. invisible image files and also personalised links and embedded links (link wrapping). They are assigned to your e-mail address and are linked to their own ID so that clicks in the newsletter can be clearly assigned to you. The user profile is used to tailor the offering and our services to your interests. The legal basis for this is formed by Art. 6 (1) (1) (a) GDPR. We take your cookie settings into account.
We also use certain data (e.g. gender, postcode, VIP status) to segment or personalise our newsletter accordingly. The legal basis for this is our legitimate interest according to Art. 6 (1) (1) (f) GDPR.
Competitions
If you participate in a competition we run, we will process your data insofar as it is necessary for staging the competition. If required, we will obtain separate consent from you for the additional processing of your data within the framework of the competition.
The data collected for the purpose of participation will be deleted after the competition has ended, unless you have consented to its further processing.
The legal basis for processing personal data here is Art. 6 (I) (a) (separate consent) and Art. 6 (I) (b) EU GDPR.
Job Applications
You can apply online for a position of employment at THOMAS SABO over our application portal. Your online application is forwarded directly to our HR department over an encrypted connection and is treated confidentially in all cases. We will only use your details to process your application and will not disclose them to third parties outside the Group.
Please refer to the Privacy Policy of our application portal for further information on data processing as a part of the application process. If you have applied for a specific position and it has already been filled or if we consider you equally or even more suitable for another position, we will be more than happy to forward your application within the company. Please let us know if you do not agree to this. Your personal data will be deleted immediately after the application process has been completed, or after a maximum of 6 months, unless you have given us your express consent to store your data for longer.
Please note that we only offer the applicant portal for the purpose of job applications. If you choose to apply to us by e-mail nevertheless, we explicitly point out that e-mail attachments are not encrypted.
You can, of course, also send in your application by post.
parcelLab
When we ship goods, we use the service provider parcelLab to send shipping notifications to our customers and provide them with the shipping status and tracking number of their shipment. The personal data required for the shipment information (name, address, order number, etc.) is forwarded to parcelLab for this purpose therefore. Please refer to the Privacy Policy from by parcelLab for more information: https://parcellab.com/privacy-policy/
USING OUR MOBILE APP
In addition to our online offering, we provide you with a mobile app that you can download to your mobile device.
When downloading the mobile app, the necessary information is transferred to the App Store, i.e. in particular your user name, e-mail address and customer number for your account, download time, payment information and the individual device code. We have no influence over the collection of this data and we are not responsible for its collection. We only process the data if it is required for downloading the mobile app to your mobile device. Beyond that, we do not store the data. Please also note the data privacy statement from the app store operator in this context:
- For the iOS App Store: Apple Inc., One Infinite Loop, Cupertino, CA 95014, USA, available at https://www.apple.com/uk/legal/privacy/en-ww/ and
- for the Google Play Store: Google LCC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, available at https://www.google.de/intl/en/policies/privacy/.
When you use our app, in addition to the aforementioned data which is collected when you visit our website, the following information is transferred over your mobile device and temporarily stored in a log file:
- End device type and operating system used
- Pages/screens called up within the app
- IP address of the computer requesting access
- Date and time of the server request
Such storage in what are known as server log files is necessary for technical reasons and to safeguard the security of the system. This data is evaluated anonymously for statistical purposes and also to improve the quality of our app. We neither allocate this data to a specific or identifiable natural person nor is it carried out on our behalf by third parties. This data is not used as an aid to create personal user profiles.
Our offering also includes what are known as location-based services, via which we provide you with special services tailored to your respective location. However, you can only use these features once you have agreed that we can collect your location data by GPS over a pop-up as well as your IP address in anonymised form for the purpose of providing the service. You can allow or disable the function in the app settings or your operating system at any time by deactivating the function under "Settings" on your device. Your location will only be transmitted to us if, when using the app, you make use of features which we can only offer you if we know your location.
In order to continuously improve and optimise our offering, we use what are known as tracking technologies for our app. We use the services of Google Firebase for this purpose.
Google Firebase is a service from Google LCC., 1600 Amphitheatre Parkway , Mountain View, CA 94043, USA ("Google"). Google Firebase uses tracking technologies that facilitate our analysis of how you use our website. Google Firebase collects information about your use of our app and transfers it to Google and stores it there. Google uses this information to evaluate how you use our app and to provide us with other app-related services.
For more information about Google Firebase and privacy, please go to https://www.google.de/intl/en/policies/privacy/ and https://firebase.google.com/.
You also have the option to receive push messages over our app.
Push messages are messages that are displayed on your mobile device's start screen. We will send you push notifications in the following cases, unless you have disabled them in the settings on your mobile device:
We use the technology from Google Firebase to send you push messages or what are known as in-app messages (messages that are only displayed to you in the app). A pseudonymised push reference is assigned to your mobile device. This serves as the destination for the push messages and in-app messages and we use it to be able to display push messages or in-app messages to you on your mobile device.
You will only receive push messages if you enable them on our app when you first run it or at a later date. You can enable and disable push notifications at any time.
TO WHAT EXTENT DO WE DISCLOSE PERSONAL DATA TO THIRD PARTIES
We disclose your data to third parties if we are obliged to do so compulsorily due to legal provisions or legal processes (e.g. a request from an investigating authority) or if you have expressly consented to a transfer to third parties.
Insofar as we disclose personal data from you in all other cases, we do so exclusively to service providers or partner companies that support us in processing orders, providing customers with information and/or providing services based on instructions (commissioned data processing pursuant to Art. 28 GDPR). These concern, for example, web hosts, delivery service providers, payment service providers, fraud management providers and credit rating agencies. These companies are obliged to comply with data protection regulations for their part. Particularly strict data protection requirements apply to commissioned data processing pursuant to Art. 28 GDPR. In particular, such companies may only use the data to fulfil the tasks they have been commissioned with on our behalf.
Insofar as we process data in a third country (i.e. outside the European Union (EU) or European Economic Area (EEA)), or within the context of use by third-party services or the disclosure or transfer of data to third parties, it only takes place if it is required to fulfil our (pre-)contractual obligations, subject to your consent, subject to a legal obligation or our legitimate interests. Subject to legal or contractual permissions, we only process or have data processed in a third country when the special conditions of Art. 44 et seq GDPR exist. This means, for example, that processing takes place on the basis of special guarantees, such as the officially recognised level of data protection or compliance with officially recognised special contractual obligations (what are known as 'standard contractual clauses').
Below is a list of data recipients that process your personal data:
Criteo – Criteo SA, USA – Online Display Advertisement
Die Post – Schweizerische Post AG, Switzerland – Product Delivery
DHL – DHL Paket GmbH, Germany – Product Delivery
Direct Link Worldwide GmbH – Product Delivery for PostNord
Facebook – Facebook Ireland Limited, Ireland – Social Media Platform
Facebook Remarketing/Retargeting – Facebook Ireland Limited, Ireland – Personalised Advertisement
General Logistics Systems – Germany GmbH & Co. OHG
Google Ads – Google Ireland Limited, Ireland – Advertisement
Google Analytics – Google Ireland Limited, Ireland – Analytics
Google Firebase – Google LCC, USA – Analytics
Google Maps – Google LCC USA – Mapping Service
Google Play Store – Google LCC, USA – App Store Platform
Google reCAPTCHA – Google LCC, USA – Captcha Service
GÜLL GmbH, Germany – Product Delivery for Post AT and Die Post
Ingenico – Ingenico ePayments, Netherlands – Payment Service Provider
Intrum – Intrum Justitia GmbH, Germany – Credit Management Service
iOS App Store – Apple Inc., USA – App Store Platform
Instagram – Facebook Ireland Limited, Ireland – Social Media Platform
Klarna – Klarna Bank AB, Sweden – Payment Service Provider
LinkedIn – LinkedIn Ireland Unlimited Company, Ireland – Social Media Platform
Loqate Capture – GB Group Plc, GB – e-mail Validation
Microsoft Advertising – Microsoft Corporation, USA – Conversion Tracking
Movable Ink – Movable Inc New York, USA – Newsletter personalisation
parcelLab – parcelLab GmbH, Germany – Shipping Status Communication
PayPal – PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg – Payment Service Provider
Pinterest – Pinterest Inc., USA – Social Media Platform
PowerReviews – PowerReviews, Inc., USA – Rating Analytics Provider
Post AT – Österreichische Post Aktiengesellschaft, Austria – Product Delivery
PostNord – PostNord AB, Sweden, Finland and Denmark – Product Delivery
Salesforce Commerce Cloud – Salesforce.com Inc., USA – Website Hosting
Salesforce Marketing Cloud – Salesforce.com Inc., USA – Newsletter & SMS Marketing
Trbo – trbo GmbH, Germany, Onsite Personalization
Tealium AudienceStream – Tealium Inc., USA – Customer Data Platform
Tealium Tag Manager – Tealium Inc., USA – Tag Management
Twitter – Twitter Inc., USA – Social Media Platform
UPS – United Parcel Service Deutschland S.à.r.l. & Co. OHG, Germany – Product Delivery
Xing – New Work SE, Germany – Social Media Platform
YouTube – Google LCC, USA – Social Media Platform
This list is subject to change if required.
CONSENT TO COOKIES
We use cookies to be able to track your activities anonymously and, based on this, provide you with an optimal experience on our website and deliver personalised advertising. THOMAS SABO can disclose this data to third parties, such as advertising partners like Google, Facebook or Instagram. Please note that the settings you make may affect whether the features of the website are available in full.
We have integrated the consent management tool "consentmanager" (www.consentmanager.net) from consentmanager AB (Håltgelvågen 1b, 72348 Västerås, Sweden, mail@consentmanager.net) on our website to obtain consent for data processing and use of cookies or comparable functions. With the help of "consentmanager" you have the possibility to give your consent for certain functionalities of our website, e.g. for the purpose of integrating external elements, integrating streaming content, statistical analysis, measurement and personalized advertising. With the help of “consentmanager” you can grant or reject your consent for all functions or give your consent for individual purposes or individual functions. The settings you have made can also be changed afterwards. The purpose of integrating “consentmanager” is to let the users of our website decide about the above-mentioned things and, as part of the further use of our website, to offer the option of changing settings that have already been made. By using “consentmanager”, personal data and information from the end devices used, such as the IP address, are processed by consentmanager. In addition, the processed information may also be stored on your device.
The legal basis for processing is Art. 6 Para. 1 S. 1 lit. c) in conjunction with Art. 6 para. 3 sentence 1 lit. a) in conjunction with Art. 7 para. 1 GDPR and, in the alternative, lit. f). By processing the data, consentmanager helps us (according to GDPR this is the responsible party) to fulfill our legal obligations (e.g. obligation to provide evidence). Our legitimate interests in processing lie in the storage of user settings and preferences with regard to the use of cookies and other functionalities. "Consentmanager" stores your data as long as your user settings are active. After two years after making the user settings, the consent will be asked again. The user settings made are then saved again for this period.
You can object to the processing. You have the right to object to reasons arising from your particular situation. To object, please send an e-mail to mail@consentmanager.net.
CLOUD SERVICES
We use software services over the internet and running on servers from their providers ("cloud services", also referred to as "software as a service") for the following purposes: Document storage and management, calendar management, emailing, spreadsheets and presentations, sharing documents, content and information involving specific recipients or publishing web pages, forms or other content and information, and chatting and participating in audio and video conferences.
In this context, personal data can be processed and stored on the providers' servers insofar as it forms part of the communication processes with us or we otherwise process it as set out in the context of this privacy policy. In particular, this data can include master data and user contact details, transaction data, contracts and other processes and their content. The cloud service providers also process user data and metadata, which they use for security purposes and service optimisation.
If we use cloud services to make forms or other documents and content available to other users or publicly accessible websites, said providers may store cookies on user devices for the web analytics purposes or to remember users' settings (e.g. in the case of media control).
If we ask for consent to use cloud services, the legal basis for processing is consent (Art. 6 (1) (1) (a) GDPR). Furthermore, their use form a component of our (pre-)contractual services, provided that the use of the cloud services has been agreed in this context (Art. 6 (1) (1) (b) GDPR). Apart from that, user data is processed on the basis of our legitimate interests (i.e. our interest in an efficient and secure administrative processes and office organisation) (Art. 6 (1) (1) (f) GDPR).
Services and service providers deployed:
- Salesforce Commerce Cloud
- Salesforce Marketing Cloud
- Salesforce Service Cloud
WEB ANALYTICS/TRACKING
THOMAS SABO regularly analyses user behaviour in order to optimise their website.
Using what is referred to as the web tracking method, we evaluate, for example, how often our websites are visited and which content the user finds particularly valuable. Anonymised data is collected and stored and user profiles created from this data using pseudonyms for this purpose. Technically speaking, we use cookies that make it possible to recognise a web browser.
The tracking and associated analysis is performed
- To safeguard the security of our website and hence your data (legal basis: Art. 6 (1) (f) GDPR)
- To provide our service and hence fulfil our contractual obligations (legal basis: Art. 6 (1) (b) GDPR)
- To make the success of advertising campaigns measurable and to optimise the display of advertising (legal basis: Art. 6 (1) (f) GDPR.
- Calculation of statistical parameters concerning the use of our offerings (legal basis: Art. 6 (1) (f) GDPR.
You can object to your data being tracked and used for analytical evaluations at any time by configuring your browser settings based on your preferences and, for example, refusing to accept third-party cookies (from providers other than the party responsible for operating the website) or all cookies in general. or you can follow the recommendations for the individual services used.
This website uses Tag Management System (TMS), a service from Tealium Inc., 11095 Torreyana Road, San Diego, CA 92121, USA (Tealium), to dynamically adapt parts of the website. A cookie called utag_main is created to enable this functionality. The TMS is required for providing the service and therefore cannot be disabled.
Google Analytics
Google Analytics is a web analysis service of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”), which in this respect acts as our order processor (Article 28 GDPR).
Google Analytics uses cookies, which enable an analysis to be made for statistical purposes of your use of this website. The behaviour and features of the browser (page views, clicks on links, applications, settings of the browser) are constantly measured. Entries made by you in forms or other concrete content cannot be captured. We will use this information to compile reports on the use of the website, which serve the purpose of audience measurement and also enable personalised advertisements.
If you own a Google account and have activated “personalised advertising” or logged into our website with your customer account, we analyse your use of this website with Google Analytics cross-device tracking. In this way, for example, it is possible to record whether an action has been taken on another end device (tablet) in response to an advertisement on a laptop. In the same way, advertisements can be shown on a device if you have previously shown interest in them on another device. The reports we produce (including cross-device) contain only compiled data and do not contain any data about individual users.
In the Google account “personalised advertising” can be deactivated at any time.
If you have a Google account and have activated the “web and app activities” function, you can also see the use of this website in aggregated form to get the option of managing your data yourself.
The information produced by your use of this website can also be transferred to a Google server in the US and stored there. However, as part of the IP anonymisation activated for this website, your IP address is shortened by Google before storage. The information sent can no longer be allocated to an individual person via the IP address.
To guarantee the privacy level when processing data in third countries (especially the US) our service provider, Google Ireland Ltd., has agreed with its subcontractors (especially Google LLC) standard contractual clauses, which are based on Module 3 of the European Commission adopted on 4/6/2021 for the transfer of personal data in third countries (https://business.safety.google/adsprocessorterms/sccs/eu-p2p-intra-group/).
The data processed and linked to cookies by Google Analytics are automatically deleted after a maximum of 50 months.
The legal basis for the data processing is your consent pursuant to point a Article 6(1) GDPR and Section 25 (1) Telecommunications Telemedia Data Protection Act (TTDSG).
Tealium AudienceStream
We use Tealium AudienceStream, a service from Tealium Inc., 11095 Torreyana Road, San Diego, CA 92121, USA, which collects and stores data on our website, from which user profiles can be created using pseudonyms.
The following including other information is collected for this purpose:
- User/click behaviour (pages visited, products purchased, services used, etc.)
- Time measurements (time and duration of the website visit, etc.)
- Device properties (resolution, operating system, browser version, etc.)
- Interests (product, service, service interests, etc.)
In order to improve your user experience, we combine the data collected from all devices which you are logged in on.
We use this information to adapt parts of our website to your needs and by doing so automate your use of the website in real time as required.
The pseudonymised user profiles are not merged with personal data concerning the bearer of the pseudonym without separately declared consent being granted. The IP address transmitted by your browser is not merged with the user profiles either.
Cookies or similar technologies for mobile devices are used to create the user profiles. The information generated by the cookie about your use of the website is stored exclusively in Germany.
Remove the check mark to object to data collection by Tealium AudienceStream. |
ONLINE ADVERTISING
Retargeting is the term used to describe a process in which visitors to a website are identified in order to target them with specific messages on other websites. This method loads measurement pixels onto Internet pages, which in turn are stored in cookies.
The information collected and shared over what are known as third-party cookies is anonymous and not personally identifiable. It contains neither your address, telephone number or e-mail address. The cookies are small text files which are stored on your computer.
This technology used is also referred to as "usage-based online advertising" or "online behavioural advertising" (OBA). You can read more about this technology here: Usage-based online advertising:
Processing here takes place based on our legitimate interest in the optimal marketing of our website in accordance with Art. 6 (1) (f) GDPR.
You can find out how to turn off or prevent the use of this technology used by Google and other service providers here: Managing your preferences.
The service providers named there have committed to complying with this procedure.
In order to optimise our marketing activities, we use the Marketing Cloud from Salesforce.com, Inc, Salesforce Tower @ 415 Mission Street, 3rd Floor, San Francisco, USA. In this context, data from you (activity data outgoing from e-mails through our online channels, e.g. data on the page accessed, the page history, the device used, the approximate location and data for pseudonymised identification of the user profile) is collected, stored and used in order to adapt our offering (products, website, newsletter) to you. Since Salesforce is an international company with headquarters in the USA, it cannot be ruled out that your data will be transferred to the USA. By using our website, you consent to the use of your data in this way.
You can, of course, object to the collection, storage and use of your data in the Salesforce Marketing Cloud at any time for the future.
Google Ads/Remarketing and DoubleClickOur website uses Google Ads Remarketing, which we use to advertise this website in Google search results and on third-party websites. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). For this purpose, Google places a cookie in the browser on your end device, which automatically enables interest-based advertising with the help of a pseudonymous cookie ID and based on the pages you have visited. Processing here takes place based on our legitimate interest in the optimal marketing of our website in accordance with Art. 6 (1) (f) GDPR.
Any further data processing will only take place if you have given Google permission to link your Internet and app browser history to your Google account and to use information from your Google account to personalise advertisements which you view on the Internet. In this case, if you are logged in to Google when you visit a page on our website, Google will use your data in combination with Google Analytics data to collate and define target group lists for cross-device remarketing. Google temporarily links your personal data with Google Analytics data for this purpose in order to form target groups.
In addition, when DoubleClick is used, cookie IDs are used to record what are known as conversions that relate to ad enquiries. This is the case, for example, when a user sees a DoubleClick ad and visits the advertiser's website later using the same browser and buys something there. Google states that DoubleClick cookies do not contain any personal information. The marketing tools used cause your browser to automatically establish a direct connection to the Google server. We have no control over the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: By embedding DoubleClick, Google receives information that you have called up the corresponding part of our website or clicked on one of our advertisements. As soon as you are registered with a Google service, Google can associate your visit with your account. Even if you are not registered with Google or are not logged in, the provider may still will obtain and store your IP address.
You can permanently disable cookies being set for advertising preferences by downloading and installing the browser plug-in available from the following link: https://www.google.com/settings/ads/onweb/
Alternatively, you can obtain information about setting cookies from the Digital Advertising Alliance at https://www.aboutads.info and make settings for this. Finally can set your browser to inform you when cookies are being set. You can also decide whether you wish to accept them individually and whether you wish to prevent the acceptance of cookies in certain cases or in general. If you choose to disallow cookies, it may limit your ability to use our website in full. You can view additional information and the privacy policies concerning advertising and Google here: https://www.google.com/policies/technologies/ads/
Microsoft Advertising (formerly Bing Ads)
This website uses conversion tracking technology "Microsoft Advertising" from Microsoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). In doing so Microsoft Advertising sets a cookie on your computer if you arrived at our Website over a Microsoft Advertising advertisement. Cookies are small text files which are stored on your computer system. These cookies lose their validity after 180 days and are not used for personal identification. If the user visits certain pages on this website and the cookie has not yet expired, both Microsoft and the website site operator can recognise that the user clicked on the ad and was redirected to this page (conversion page). If personal data is processed in this context, it takes place in accordance with Art. 6 (1) (f) GDPR due to our legitimate interest in effective marketing.
The information collected using the conversion cookie is used to compile conversion statistics, i.e. to record how many users reach a conversion page after clicking on an advertisement. We are informed of the total number of users who clicked on our ad through this and were redirected to a conversion tracking tag page. We do not receive any information that personally identifies users however. If you do not want to participate in tracking, you can opt-out by simply disabling the Microsoft Advertising Conversion Tracking cookie under User Preferences in your browser. Doing so stops you being included in the conversion tracking statistics. Alternatively, you can check whether Microsoft advertising cookies are set in your browser and disable them on the opt-out page for EU consumers at https://www.youronlinechoices.com/uk/your-ad-choices/ You can find more information about the Microsoft Advertising privacy statement at the following URL: https://privacy.microsoft.com/dede/privacystatement
Criteo (Criteo SA)
This website collects, stores and evaluates information about the surfing behaviour of website visitors in pseudonymised form using technology from Criteo SA, 32 Rue Blanche, 75009 Paris, France ("Criteo"), using "cookie" text files, on the basis of our legitimate interest in displaying personalised advertising in accordance with Art. 6 (1) (f) GDPR. Criteo uses an algorithm to analyse surfing behaviour and can then display targeted product recommendations in the form of personalised advertising banners on other websites (what are known as publishers). In no case can the data collected be used to personally identify visitors to this website. Any further use or disclosure to third parties does not take place. You can obtain the following opt-out cookie in order to object to the collection of data and the creation of pseudonymised user profiles for the future: Criteo Discharge (https://www.criteo.com/de/privacy/) More information on the technology of Criteo can be found in the privacy policy of Criteo: https://www.criteo.com/en/privacy/
Facebook Remarketing / Retargeting (Custom Audiences)We use "Facebook Pixel" on our website from Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook"). This serves the purpose of presenting interest-based advertisements to visitors to our website when they visit the social media network Facebook. A Facebook pixel has been implemented on our website for this purpose. A direct connection to the Facebook servers is established over this pixel when you visit our website. Doing so transmits to the Facebook server that you have visited our website and Facebook assigns this information to your personal Facebook user account. We would like to point out that, as the provider of this website, we have no knowledge or information about how Facebook uses this data. For more information about how Facebook collects and uses this data, as well as your rights in this regard and options for protecting your privacy, please refer to the Facebook Privacy Policy at https://www.facebook.com/about/privacy/. We ourselves do not disclose customer data to Facebook.
Remove the check mark to object to interest-based advertising on Facebook. |
Movable Ink
Service provider: Movable Inc., 5 Bryant Park, 9th Floor, NYC, NY 10018 (USA)
Data protection information: https://movableink.com/privacy-policy
Purposes of data processing and their legal basis:
Personalisation in the newsletter: We use a technology from Movable Inc. on our website that Movable Inc. uses to process information about your activities and behaviour on our website and in the newsletter. In doing so, your usage data in the newsletter is merged with other data that we can assign to you personally. With the help of a user ID, we are able to link visits from your device to your email address. This enables us to provide you with relevant and personalised product recommendations in the newsletter. We also reserve the right to send you newsletter content that is targeted to you based on customer segments. Movable Ink uses a cookie to obtain information about your device (e.g. your IP address), your surfing behaviour, your clicking behaviour and your email address. Movable Ink uses the data on its own responsibility for statistical analysis purposes and on our behalf to provide individual product recommendations and to measure reach.
Legal basis: Your consent in accordance with Art. 6 (1) point a GDPR and Art. 25 (1) TTDSG.
Data processing locations: EU/EEA, USA, UK
Movable Inc. is DPF-certified. The data processing in the USA and the UK is therefore based on the adequacy resolutions of the EU Commission.
Storage duration or criteria for determining the storage duration: Deletion after purpose has been achieved
Rights of revocation and/or objection: Revocation and objection with effect for the future possible via the Consent Manager on our data protection page.
PRODUCT EVALUATION
Using PowerReviews to capture and process product reviews
Your satisfaction is important to us, so we would like to know if you are happy with the products you have purchased. To this end, we transmit details on your person (including, without limitation, your e-mail address, the goods you purchased and the order date) to PowerReviews (PowerReviews, Inc., 1 North Dearborn Street Suite 810, Chicago, IL, 60602, USA) in order to send you an e-mail which invites you to review your product purchase(s) no later than a month after your purchase. We process this data in order to protect our legitimate interest in providing our customers with an excellent service, and to optimise the products and services we offer (legal basis: Art. 6 (1) (1) (f) GDPR. The same applies when you submit a product review on our website directly. This is important so that we can inform you about the status of your review. For more information on the PowerReviews Privacy Policy, please visit https://www.powerreviews.com/privacy-policy/.
Objecting to PowerReviews product review e-mails
If you have already received an e-mail asking you to review the product you purchased, you can opt-out of receiving it in future by clicking on the "Cancel" or "Unsubscribe" button/link at any object in each e-mail that asks you to submit a product review.
ONSITE PERSONALISATION
Personalised information and offering from trbo GmbH, Leopoldstr. 41, 80802 Munich (http://www.trbo.com/)
We want to design our website in the best possible way and in order to do so we work with external service providers whose tracking tools we use to manage and improve our online services, in particular to measure the use of our online services and the effectiveness of our online advertising. This helps us to understand which pages are particularly attractive to the users of our services, which products our customers are most interested in and which individual offerings we should make to our website users.
The data collected and used in this context is only ever stored under a pseudonym (e.g. a random identification number) and is not merged with personal data about you (e.g. name, address, etc.) Where external service providers have access to the data, this is takes place exclusively on our behalf and under our control.
In technically terms, the tracking tools used use what are known as "cookies" and "web beacons" to collect the following information: Which pages are visited when, how often and in what order, which products are searched for, which links or offerings are clicked on and which orders are placed:
If you do not want us to collect and use information about how you use of our website in this way, you can object to this by clicking on the following link (what is known as "opt-out"): https://track2.trbo.com/optout.php?redirect=thomassabo.com
You can set a corresponding opt-out cookie to this end, which does not contain any data suitable for tracking, but merely facilitates the recognition of your objection to data collection so that it is no longer takes place.
EMBEDDED FUNCTIONS AND CONTENT
We embed functional and content elements into our online offering which are obtained from the servers belonging to their respective providers (hereinafter referred to as "third-party providers"). For example, this can comprise graphics, videos or city maps (hereinafter uniformly referred to as "content").
This embedding always presupposes that the third-party providers of this content process the IP addresses of users, since they would not be able to send their content to users' browsers without the IP address. This means the IP address is needed to display this content or functions. We make every attempt to use the type of content where the supplier only uses the IP address to deliver the content. Third parties may also use what are known as pixel tags (invisible graphics, also referred to as 'web beacons') for statistical or marketing purposes. These 'pixel tags' can be used to analyse information, such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may include, but not limited to, technical information about the browser and operating system, referring websites, time of the visit and other information regarding the use of our online offering.
If we ask users for their consent to use third parties, the legal basis for processing data is consent (Art. 6 (1) (1) (a) GDPR). Apart from that, user data is processed on the basis of our legitimate interests (i.e. our interest in efficient, economic and recipient-friendly services) (Art. 6 (1) (1) (f) GDPR). In this context, we would like to draw your attention to the information on the use of cookies in this Privacy Policy.
Google Maps
We embed the maps from the “Google Maps” service provided by Google. The data to be processed may include IP addresses and location data in particular, which however is not collected without your consent (usually by making the appropriate device settings: the service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://cloud.google.com/maps-platform; privacy policy: https://policies.google.com/privacy; opt-out): opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=en, settings for displaying advertisements: https://adssettings.google.com/authenticated
reCAPTCHA
We embed the "reCAPTCHA" function in order to be able to recognise whether entries (e.g. in online forms) are made by people and not by automatically operating machines (what are known as "bots"). The data processed may include IP addresses, information on the operating systems, devices or browsers used, language settings, location, mouse movements, keystrokes, time spent on websites, previously visited websites, interactions with reCAPTCHA on other websites, possibly cookies and the results of manual recognition processes (e.g. answering questions asked or selecting objects in pictures). The service is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://www.google.com/recaptcha/; privacy policy: https://policies.google.com/privacy; opt-out: opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=en, settings for displaying advertisements: https://adssettings.google.com/authenticated
THE USE OF SOCIAL PLUGINS
We maintain an online presence on social networks and platforms in order to communicate with customers, prospective customers, interested parties and users who are active there and to inform them about our services. When accessing these networks and platforms, the terms and conditions and data privacy statements of the respective operators apply.
When you visit our website, no personal data is initially disclosed to the plug-in providers. You can identify the plug-in provider from the marking on the box above the initial letter or the logo. We open up the chance for you to communicate directly with the plug-in provider over the button. The plug-in provider only receives information about you accessing the corresponding website online offering if you click on the marked field and by doing so activate it. With Facebook and Xing, according to statements by the respective providers in Germany, the IP address is anonymised immediately after collection. By activating the plug-in, your personal data is transferred to the respective plug-in provider and stored there. Since the plug-in provider collects data by specifically using cookies, we recommend that you delete all cookies over the security settings in your browser.
We have no control over the data collected and the data processing operations, nor are we aware of the full extent of the data collection, the purposes of processing and the storage periods. We also have no information concerning the deletion of the data collected by the plug-in provider.
The plug-in provider saves the data collected about you as a user profile and uses it for advertising, market research and/or the needs-based design of their website. Such an evaluation is in particular carried out (also for users who are not logged in) for showing needs-based advertising and to inform other users of the social network about the activities you undertake on our website. You have a right object to the creation of these user profiles, and should contact the respective plug-in provider to exercise your right if you wish to do so. We offer you the chance over the plug-ins to interact with the social networks and other users so that we can improve our offering and make it more interesting for you as a user. The legal basis for using the plug-ins is formed by Art. 6 (1) (1) (f) GDPR.
The data is disclosed regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider, the data we collect is directly assigned to your account with the plug-in provider. If you press the activated button and link the page, for example, the plug-in provider also saves this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social media network, in particular before activating the button, since doing so allows you to avoid being assigned to your profile with the plug-in provider.
Further information about the purpose and scope of data collection and the processing of data by the plug-in provider can found in the privacy policies from said providers as given below. The privacy policy also contains further information about your rights in this relation and setting options for protecting your privacy.
The addresses of the respective plug-in providers and URL of their data protection information:
We use the following plug-ins and apps on our website:
Facebook
The plug-in and app we use are from facebook.com, which is operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook") You can find the link to the Facebook privacy policy here: https://www.facebook.com/about/privacy/
Twitter
The plug-in we use is from Twitter, which is operated by Twitter Inc, 795 Folsom St, Suite 600, San Francisco, CA 94107, USA ("Twitter"). You can find the link to the Twitter privacy policy here: https://twitter.com/privacy
Pinterest
The plug-in we use is from Pinterest, which is operated by Pinterest Inc., 635 High Street, Palo Alto, CA, USA ("Pinterest"). You can find the link to the Pinterest privacy policy here: https://about.pinterest.com/privacy
YouTube
The plug-in we use is from YouTube, which is operated by Google LCC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("YouTube"). You can find the link to the YouTube privacy policy here: https://www.google.com/intl/de/policies/privacy/
Instagram
The plug-in we use is from Instagram, which is operated by Facebook Ireland Limited, 4 Grand Square, Dublin 2, Ireland ("Instagram") You can find the link to the Instagram privacy policy here: https://instagram.com/about/legal/privacy/#
OUR FANPAGES
We maintain fan pages on several social media platforms. We provide information about our company on these platforms and customers, interested parties and users who are active there can communicate with us directly.
User data is usually also processed for market research and advertising purposes. For example, user profiles can be created from the user behaviour and the interests of the users that result from this. In turn the user profiles can be used, for instance, to place advertisements on and outside the platforms, which presumably correspond to the interests of the users. Cookies are usually stored on users' computers for these purposes, which store the behaviour and interests of the users. What is more, data may also be stored in the user profiles irrespective of the devices the users use (especially if they are members of the respective platforms and are logged in to them).
As a rule, profiles are created there from the users' behaviour and data, which is primarily used to place advertisements on and outside the platforms that correspond to their presumed interests. This takes place by setting cookies on the devices used or independently of them if the users are members of the respective platforms and logged in to them. The legal basis for this form of data collection is formed by Art. 6 (1) (f) GDPR. Our legitimate interest lies in optimising our service with regard to effective communication and information as well as marketing our offerings. If the respective platform providers ask users for explicit active consent to data processing, the legal basis for this is formed by Art. 6 (1) (a) and Art. 7 GDPR.
When using the platforms, the integration of external tracking services may, in individual cases, result in data being transferred to recipients outside the European Union, which can result in risks for the user, especially with regard to the enforcement of users' rights.
For a detailed description of the respective processing instanced and options available for objecting (opt-out), please refer to the information from the providers linked below.
- Facebook (Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland) - Privacy policy: https://www.facebook.com/about/privacy/, Opt-out: https://www.facebook.com/settings?tab =ads and http://www.youronlinechoices.com.
- Google/YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) – Privacy policy: https://policies.google.com/privacy Opt-out: https://adssettings.google.com/authenticated.
- Instagram (Facebook Ireland Limited, 4 Grand Canal Square. Dublin 2, Ireland) – Privacy policy/Opt-out: http://instagram.com/about/legal/privacy.
- Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) – Privacy policy: https://twitter.com/de/privacy, Opt-out: https://twitter.com/personalization.
- Pinterest (Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA) – Privacy policy/Opt-out: https://about.pinterest.com/de/privacy-policy.
- LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland) - Privacy policy https://www.linkedin.com/legal/privacy-policy, Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
- Xing (New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany) – Privacy policy/Opt-out: https://privacy.xing.com/en/your-privacy.
In the case of requests for information and the assertion of user rights, we would like to point out that these can most effectively be made directly to the platform providers. Only these have access to the data from users and can take appropriate measures and provide information. You are welcome to contact us, of course, if you still require any further assistance.
YOUR RIGHTS
You are entitled to receive information about personal data that concerns you. You can contact datenschutz@thomassabo.com for information about this at any time. (Art. 15 GDPR)
In the even that you make a request for information other than in writing, please understand that we may ask you to prove that you are the person who you claim to be.
Insofar as you are legally entitled to do so, you also have the right to have your data corrected or deleted, or have its processing restricted. (Art. 16, Art. 17 and Art. 18 GDPR)
You also have the right to object to its processing in accordance with the legal requirements. The same applies to a right to data portability. (Art. 21 GDPR)
If we process your personal data based on consent, you are entitled to revoke the consent at any time for the future without affecting the legality of any processing performed based on the consent given up to the time of revocation. (Art. 7 (3) GDPR)
You have the right to request to receive the relevant data you have provided us with in accordance with Art. 20 GDPR and request that it is transferred to others.
You have the right to appeal to a data protection supervisory authority concerning our processing of your personal data. (Art. 77 GDPR)
DELETION OF DATA
The data we process is deleted or limited in its processing pursuant to Art. 17 et seq. GDPR. Unless explicitly stated in this Privacy Policy, the data we store is deleted as soon as it is no longer required for its purpose and its deletion does not contravene any statutory storage obligations. Processing will be restricted if the data is not deleted because it is required for other and legitimate purposes. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that has to be retained for business or tax reasons.
LINKS TO EXTERNAL WEBSITES
The THOMAS SABO website and this Privacy Policy contain links to external websites over whose content THOMAS SABO has no influence. For this reason, THOMAS SABO cannot accept any liability for the content, quality, nature or reliability of said external websites. Setting a link does not signify any support or approval for the information or services offered on the respective pages. The respective provider or operator of any linked website is the sole party responsible for its contents.
AMENDMENT OF THIS DATA PROTECTION STATEMENT
We reserve the right to change or amend this Privacy Policy as necessary. We will publish the change here. You should therefore visit this website regularly to find out about the current status of this Privacy Policy.
Last updated: 07/10/2024