A NEW BRAND, SANDFOX!
Quality products specially produced for outdoor sports and tactical.
Quality products specially produced for outdoor sports and tactical.
Data protection
(Last updated: 1 October 2018)
Part 1: Data protection information regarding our data processing pursuant to Articles (Art.) 13, 14 and 21 of the General Data Protection Regulation (GDPR)
We take data protection seriously: the following aims to provide you with information on how we process your data, and what rights and claims you have in accordance with the data protection regulations. Valid as from 25 May 2018.
The data protection information set out below covers all activities relevant to data protection which are carried out by all members of the SANDFOX Group, as well as services provided for external companies, see companies listed under 1. Personal data is processed by the companies listed under 1 in line with the same principles and methods, meaning that a uniform data protection policy applies.
1. Contact information and controller responsible for data processing
Controller responsible with regard to data protection law
SANDFOX GmbH & Co.
SANDFOX ….
…..
Tel. +49 (0)….
Fax: +49 (0)….
[email protected]
Contact information of our Data Protection Officer:
SANDFOX GmbH & Co.
Data Protection Officer
SANDFOX ….
…..
Tel. +49 (0)….
Fax: +49 (0)….
[email protected]
2. Purposes and the legal basis on which we process your data
We process personal data in accordance with the provisions governing the General Data Protection Regulation (GDPR), the Federal Data Protection Act of Germany (BDSG) and other applicable data protection regulations (see below). The specific data that is actually processed, and how this is done, is mainly geared to the services which have been agreed to or applied for. Further details or additional information in relation to the processing of personal data can be obtained from the respective contracts, forms, declaration of consent and/or other information which has been made available (e.g. as part of using our website or our terms and conditions of business). Furthermore, this information on data protection may be updated from time to time and can be referred to by visiting our website https://www.sandfox-gear.de/data-protection.
2.1 Purposes of fulfilling a contract or steps prior to entering into a contract (Art. 6 Para. 1 b GDPR)
Processing personal data is done for the purpose of performing our contract(s) with you and carrying out your orders, as well as to undertake measures and activities which form part of pre-contractual relations, e.g. with prospective customers. In particular, processing information enables us to deliver our products and related services in accordance with your orders and wishes whilst at the same time providing appropriate services, measures and activities. This includes first and foremost the following: corresponding with you regarding details of the proof of transactions, orders and other agreements, as well as quality assurance by means of corresponding documentation, proceedings as a gesture of goodwill, measures for managing and optimizing business processes as well as fulfilling general duty to take care, managing and controlling affiliated companies (e.g. parent company); statistic evaluations concerning corporate management, recording costs and financial control, reporting, internal and external communication, crisis management, settlement of accounts and tax assessments of company services, risk management, assertion of legal claims and defense regarding legal proceedings; guaranteeing IT security (incl. system or plausibility tests) and general security, of which security for premises and plants, ensuring and awareness of householder’s rights (e.g. by means of entry checks); guaranteeing integrity, authenticity and availability of data, prevention and investigation of offences; checks by supervisory boards or monitoring bodies (e.g. audits).
2.2 Purposes of legitimate interests by ourselves or third parties (Art. 6 Para. 1 f GDPR)
In addition to fulfilling the actual contract (or pre-contract), we also process your data in cases where it is necessary in order to protect our legitimate interests, and those of third parties, particularly for the following purposes:
2.3 Purposes where you have given your consent (Art. 6 Para. 1 a GDPR)
Processing your personal data for specific purposes (e.g. using your email address for marketing purposes) is possible once you have given your consent. You are normally able to revoke this at any time. This also applies to revoking declarations of consent which you confirmed to us prior to the GDPR coming into effect on 25 May 2018. We will let you know about the consequences of revoking consent or not giving consent in a separate text concerning consent.
Revoking consent generally applies to the future. Any processing that was conducted prior to revoking consent is not affected by the regulation and remains lawful.
2.4 Purposes regarding fulfilment of legal obligations (Art. 6 Para. 1 c GDPR) or which are carried out in the public interest (Art. 6 Abs. 1 e GDPR)
Like everyone involved in business, we, too, are subject to a whole host of legal obligations. These are, first and foremost, legal requirements (e.g. trade and tax laws), but also, where applicable, regulatory and official obligations (e.g. court verdicts). For purposes of processing, this involves, where applicable, checking identity and age, prevention of fraud and money laundering, preventing, fighting and investigating the finance of terrorism and offences where assets are in danger, comparisons with European and international anti-terror lists, complying with monitoring and reporting of fiscal obligations, as well as archiving data for data protection purposes and data security, plus checks by tax authorities and other authorities. Furthermore, the disclosure of personal data can be required during the course of official/judicial measures for purposes of taking of evidence, persecution or enforcement of claims according to civil law.
3. The data categories processed by us insofar as we did not receive them directly from you, and their origin
Where this is necessary for rendering our services, we process personal data received permissibly from other companies or other third parties (e.g. credit agencies, directory publishers). Further, we process personal data taken permissibly from publicly accessible sources (e.g. telephone directories, commercial registers and register of associations, register of residents, records of debtors, land registers, press, internet and other media) or otherwise received or purchased and which we have permission to process.
Relevant personal data categories may include, in particular:
4. Recipients or categories of recipients of your data
Internal controllers or organizational units within the companies belonging to the SANDFOX Group (referred to in section 1) receive your data, which they require in order to fulfil our contractual and legal obligations, or as part of processing and implementing our justified interest. Your data is only passed on to external sites,
We will not pass on your data to any third parties. Where we commission service providers as part of processing an order, your data is subject to the same security standards there as it is when stored with us. In all other cases, the recipients of data may only use this data for the purposes for which it has been transferred.
5. Length of time that your data may be stored
We will process and store your data for the duration of our business. This also includes the initiation of a contract (pre-contractual legal relationship) and the execution of a contract.
Furthermore, we are subject to various legal obligations in terms of retention and documenting, which stem from, e.g. the German Commercial Code (HGB) and the tax code (AO). The deadlines given in the respective tax code for storing and documenting data are up to ten years beyond the end of the business or legal relationship.
Further, special legal provisions require a longer retention term such as, e.g. retaining means of evidence as part of the legal provisions governing statute of limitations. In accordance with Sections 195 et seq. of the German Civil Code (BGB), the normal statute of limitations is three years; however, statutes of limitations of up to 30 years can also be applied.
If data is no longer required for fulfilling contractual or legal obligations and rights, this shall be deleted on a regular basis, unless the further processing of this data – limited in terms of time – is required in order to meet the purposes of a prominent justified interest listed under 2.2. Such a prevailing justified interest is the case if, for example, deleting is not possible or is only possible as a result of a disproportionate amount of effort due to the special nature of storing the data, and processing for other purposes by means of technical and organisational measures has been ruled out.
6. Processing your data in a third country or through an international organization
Transferring data to sites in states outside of the European Union (EU) or the European Economic Area (EEA) (so-called third countries) occurs if it should become necessary in order to execute an order/contract from or with you, if it is legally prescribed (e.g. duty to report according to tax law), if there is a justified interest by ourselves or on the part of a third party, or if you have given your consent.
Here, the processing of your data in a third country may also occur in conjunction with engaging with service providers in the context of processing orders. Insofar as the EU Commission has not agreed a resolution with the country in question regarding a reasonable level of data security, we guarantee that corresponding contracts exist in line with data protection requirements of the EU, meaning that your rights and liberties are protected and guaranteed to a reasonable extent. Detailed information is available upon request. Information on suitable or appropriate guarantees and regarding the possibility to get a copy from them, can be requested from the company data protection officer.
7. Your data protection rights
You can assert your data protection rights against us under certain circumstances
Your application concerning the exertion of your rights should, wherever possible, be in writing and sent to the address above, or directly to our data protection officer.
8. Extent of your obligations to make your personal data available to us
You are only required to make data available which is needed in order to start and carry out a business relationship or regarding a pre-contractual relationship with us, or data which is necessary in line with legal provisions. We will not normally be in a position to conclude or carry out a contract without this information. This may refer to data subsequently required as part of the business relationship. Where we have requested data from you beyond the above, we will point out separately that these details are given on a voluntary basis.
9. Existence of an automated decision on a case-by-case basis (including profiling)
We do not use a purely automated individual decision-making process in line with the provisions governing Article 22 GDPR. Insofar as we introduce this type of process on a case-by-case basis in the future, we will let you know about it separately if this is legally prescribed.
Under certain circumstances, we sometimes process your personal data with the aim of evaluating specific personal aspects (profiling). In order to provide tailored information and advice about our products, we also apply evaluation tools where necessary. This results in a range of products, communication and advertising which is more tailored to your needs, including market research and opinion surveys.
These types of procedures can also be used to assess your credit rating and creditworthiness, and for the purposes of fighting against money laundering and fraud. So-called “score values” are used to assess your creditworthiness and credit rating. Scoring employs a mathematical process which calculates the probability of a customer being able to keep up with payment obligations as set out in the contract. Consequently, these scores help us to assess creditworthiness and take decisions on contracts, and are incorporated in our risk management. The calculation is based on a recognised, tried-and-tested mathematical and statistical process and weighs up your data, especially income, expenditure, and current liabilities, job, employer, term of employment, experiences resulting from previous business relations, repayment of previous loans in line with the contract terms as well as information obtained from credit agencies.
Details concerning nationality as well as special categories of personal data are not processed in this respect as per Art. 9 GDPR.
Information concerning your right to object Art. 21 GDDP
Your objection is not subject to any formal requirements and should be sent to
SANDFOX Ausrüstung für Draussen GmbH & Co. KGaA
SANDFOX Kreisel 1
D-65510 Idstein/Ts
Our data protection statement, as well as information on how we process our data in accordance with Articles (Art.) 13, 14 and 21 GDPR may change from time to time. Any amendments will be published on this page. Older versions are available in our archive for you to consult.
Data protection information last updated: 15.05.2018
Part 2: data protection statement for our website
This website and all internet-based services and applications (hereafter “website”) are the responsibility of SANDFOX Retail GmbH, a limited company with registered offices at SANDFOX-….., and established according to German law and registered in the Commercial Register of the local court of Wiesbaden under HRB 24710. (Hereinafter “we”, “us”, or “SANDFOX”).
Your privacy is important to us at SANDFOX and we strictly comply with the regulations set by the German Data Protection Act, as well as relevant international data protection regulations.
The following data protection statement gives you an overview of the ways in which we use your personal data and the ways we protect it when you use our website.
1. Collection, processing and use of personal data
In some cases, you will be asked to provide your data directly to us, for example when setting up a customer account, filling out a form, as part of the ordering process or for service requests.
In these cases, we will use and process your data in the following ways depending on the circumstances:
2. Cookies and Re-targeting Technology
We use technology to optimize and improve the online experience of our website. For this reason, your data is sometimes recorded by us or by one of our partners through the interaction between your computer and our website. Such information could include (but is not limited to):
2.1 Cookies
On our website, we use data packages (small text files) called cookies. These cookies allow us to collect data about, for example, the navigation paths, number of visitors to our website or hits per page. We also record this information with the aim of making our websites even more user-friendly, effective and secure. Cookies are also used where necessary for the navigation and functionality of our website (e.g. cookies which save the current shopping basket status beyond the log-out process).
The vast majority of cookies are so-called session cookies, which are automatically deleted when the website is closed.
If you do not wish cookies used on our website to be stored on your computer, then you may need to change your browser settings to either block cookies in general or to accept or reject them on a case-by-case basis. Please note that blocking cookies may affect the functionality of the website.
2.2 RE-TARGETING TECHNOLOGY
Retargeting in online marketing is the process by which a visitor to a website is tagged and subsequently targeted with adverts on other websites. Cookies which last 90 days are also used for this purpose.
As with website tracking, data is also collected in pseudonymous form here. If you have questions about retargeting, please contact SANDFOX via the following partners:
For more information, please click here.
3. Data storage
We will only store data received and collected in the Member States of the European Union. We will take all reasonable technical and organizational precautions to protect your data from unauthorized use or unlawful publishing, deletion, loss or unlawful changes.
4. Social Plug-Ins
Our website uses so-called social plug-ins (“plug-ins”) from the following social network providers (“Providers”).
When you are using a website with a plug-in from one of the aforementioned providers, your internet browser is automatically linked with the server of the respective provider. The content of the plug-in is directly transferred by the provider to your internet browser, which integrates the data onto the website.
By integrating plug-ins, the provider sees which websites you have visited. When you are logged into the website of the provider, the provider can follow your visit to our website and associate it with your account. When you interact with the plug-in, e.g. by clicking the “like” button or adding comments, your internet browser sends the relevant information directly to the provider, who then stores it.
If you do not wish the provider to capture your data during your visit to our website, you should log out of the providers’ websites before your visit.
For all further information regarding collection and use of data as well as your option rights regarding the protection of your data, please consult the privacy policies of the respective providers (see above).
5. Tag management and web-analytics
5.1 Dynamic 1001
The Dynamic Tracking System is used for measuring the performance of the SANDFOX Online Shop’s different advertising channels. It is provided by our technical and statistical service provider Dynamic 1001 GmbH.
Data from your browser is collected for statistical analysis when you visit the website https://www.sandfox-gear.de. Such data will be forwarded to Dynamic 1001 GmbH as technical and statistical service provider.
The collection of data is carried out via a pixel that is embedded in the web shop page. Common information such as the operating system, browser used, the related advertisements, referrer and the IP address are anonymously saved through contact with the dynamic servers. IP addresses are only used for internal reference but will not be forwarded to other third parties.
When you place an order, only data such as order number, customer number, shopping basket and the order value are transferred to Dynamic 1001 GmbH so that they can pass on the correct commission to the advertising partner. Cookies are used for data collection. Cookies are small text files which are saved on your computer. Cookies include an identifying mark generated by the Dynamic Tracking System. Cookies cannot damage your computer and do not contain any viruses.
You can activate or deactivate cookies yourself in your browser settings.
If you wish to object to the storage of your anonymized visitor data, so that you will not be tracked in the future, you can raise your objection here.
5.2 Google analytics
On our website we use ‘Google Analytics’, an analysis tool provided by Google Inc. (“Google”) for the analysis of websites. Google Analytics uses Cookies to analyze your website use. Cookies are small text files which are saved on your computer. The information about your visit to our website which is collected via cookies (including your IP address, which is anonymized before saving using the anonymizeIp() method so that it can no longer be associated with a connection) is transferred to a Google server in the USA and saved there.
If IP anonymization has been activated for the website, only a shortened version of IP addresses from Member States of the European Union or the European Economic Area is transmitted to Google in the USA. Only in specific cases will the complete IP address be transferred to the Google server in the USA and shortened there.
On behalf of those responsible for this website, Google uses the information to analyze your use of our website, create reports about the use of the website for the website owners and to carry out other services connected to the use of the internet and this website. The IP address generated by your internet browser, which is an integral element of Google Analytics, is not mixed with other data held by Google.
You can prevent cookies being saved by changing the relevant settings in your internet browser. Please note, however, that the full use of our website may be limited in this case. You can also prevent data generated by the use of website cookies (including your IP address) being collected and processed by Google by downloading and installing the browser plug-in below. You can find the link here: https://tools.google.com/dlpage/gaoptout?hl=de
As an alternative to the browser add-on or within browsers on mobile devices, click this link to prevent the collection of data by Google Analytics on this website in future (the opt-out only works in the browser and for this domain). This saves an opt-out cookie to your device. If you delete the cookies in your browser you will need to click this link again:
Google Analytics Opt-Out
5.3 Adobe Analytics
On our website, we also have the possibility of using “Adobe Analytics“ technology – a statistical web analysis service from Adobe Systems GmbH, Georg-Bauchle-Ring 58, 80992 Munich, Germany. This technology collects statistical data about visits to our website for optimizing our website and improving our services. The data collected is passed on exclusively to Adobe Systems GmbH. The Adobe technology also uses cookies, i.e. text files, which are saved to your computer to analyze your website use. As your IP address is anonymized before it is passed onto Adobe Systems GmbH, it is not possible to identify an individual user. The Adobe technology works with session cookies. Session cookies are deleted at the end of your internet browsing session. Besides blocking the cookies on your internet browser, you can prevent Adobe cookies collecting data about your use of our website (including your IP address) by installing an opt-out cookie. You can find the link here. If you delete the cookies in your browser you will need to click this link again:
Adobe Analytics Opt-Out
Further information on data protection from Adobe Systems GmbH can be found at:
https://www.adobe.com/de/privacy/policy.html
If you have any questions regarding data collected by Adobe Analytics, then please contact us at [email protected].
5.4 Web-Shop System
Anonymized data of your visit to our web shop is recorded in order to optimize and personalize your user experience (such as e.g. product suggestions). You can click here if you do not wish this to be done.
5.5 Google ReCaptcha
We integrate this function in order to recognize bots, e.g. when entering information into our online forms (“ReCaptcha”) provided by Google LLC 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
You can find the Google privacy policy here:
https://www.google.com/policies/privacy/
You can opt out using the following link:
https://adssettings.google.com/authenticated
6. Newsletter
We use the so-called Double-Opt-In process with regard to your electronic newsletter registration. This means, that following your registration, you will receive an e-mail in which we ask for your registration confirmation. If you do not respond to this e-mail within 72 hours, we will delete your data automatically.
In addition to your e-mail address and any further data provided by you in connection with the registration, we store your IP address as well as the time of your registration and, in case of electronic registration, your registration confirmation. We store such data for documentation purposes and to be in the position to clarify any potential misuse of your personal data. We process your data for the purposes of sending the newsletter to you (in accordance with Art. 6 I S.1 lit. A GDPR).
If you wish to object to continuing receipt of our newsletter the easiest way to do so is to click the de-registration link included in every newsletter. Of course, you can also send us an email to [email protected] or a letter to the contact address included in the imprint.
Our newsletter includes so called web-beacons and tracking pixels respectively. These are small picture files, which are stored on our website. If you open the newsletter and download the pictures, we combine your registration data with the individual identification number of the newsletter. This combination allows us to evaluate your user behavior including the use of our website. Such tracking is not possible if you deactivate the picture download in your e-mail software (and refrain from manually downloading the pictures), which may result in the newsletter not being displayed in full or not being fully functional.
The data obtained from the tracking will be stored for a period of one year following your de-registration and will be deleted automatically afterwards. You may request a deletion of your tracking data at any time by email to [email protected] or letter to the contact address included in the imprint.
Last updated: 01.10.2018