DATA PROTECTION

Supplementary Data Protection Declaration for our website.

The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection provisions is:

Company: ECO Operations GmbH

Street: Kaiser-Friedrich-Promenade 28

Zip Code, City, Country: 61348 Bad Homburg vor der Höhe, Germany

Commercial number: HRB number: 14471

General manager: Timm Huth

Phone number: +49 6172-898360

Mail: datenschutz@group.eco

Our data privacy officer: Timm Huth

Mail: datenschutz@group.eco

Status: 17.04.2023

1. Basic information for working with personal data

This data protection declaration clarifies the way, range and purpose of the processing of personal information within our online offering and the related websites, features and content (following referred to as “online offer” or “website”).

The data protection declaration applies regardless of the domains, systems, platforms, and devices (such as desktop or mobile) on which the online offer is being run. With regard to the terminology used, e.g. we refer to the definitions in Article 4 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of personal data, or their “processing” and repealing Directive 95/46 / EC (GDPR).

In principle, we only collect, process and use personal data of the users only when it´s necessary for the adduction of a functional website or our content and services or for the adduction of our contractual services and / or if the user has given its agreement.

2. Purposes of data processing and legal bases

a) Adduction of contractual services

We process inventory data (e.g., names and addresses and contact details of users) and contract data (e.g., services used, names of contact persons, payment information) to fulfill our contractual obligations and services in accordance with Art. Art. 6 para. 1 lit. b DSGVO.

Users can optionally create a user account, in particular by being able to view their orders. As part of the registration, the required mandatory information will be communicated to the users. The user accounts are not public and can not be indexed by search engines. If users have terminated their user account, their data will be deleted with regard to the user account, unless their retention for commercial or tax reasons pursuant to Art. 6 para. 1 lit. c DSGVO is necessary. It is the responsibility of the users to secure their data upon termination before the end of the contract. We are entitled to irretrievably delete all user data stored during the term of the contract.

As part of the registration and renewed registrations and when using our online services, we save the IP address and the time of the respective user action. The storage takes place in order to safeguard our legitimate interests in accordance with Art. 6 para. 1 lit. f DSGVO. based on our legitimate interests, while protecting the user from misuse and other unauthorized use. A transfer of these data to third parties does not take place, unless it is necessary for the prosecution of our claims or there is a legal obligation in accordance with. Art. 6 para. 1 lit. c DSGVO.

We process usage data (e.g., the visited web pages of our online offer, interest in our products) and content data (e.g., submissions in contact form or user profile) for advertising purposes in a user profile, e.g. to display product instructions for the user on the basis of the services used so far.

b) Contacting

When contacting us (via e-mail), the information provided by the user to process the contact request and its processing acc. Art. 6 para. 1 lit. b DSGVO processed.

The information provided by the users can be stored in our Customer Relationship Management System (“CRM System”) or a comparable system.

c) Comments and Dues

When users leave comments or other posts, their IP addresses are saved for seven days. This allows us to take legal action if necessary, provided a user leaves unlawful content in comments and posts (insults, prohibited political propaganda, etc.) for which we are held responsible. The legal basis for this data collection is Art. 6 para. 1 lit. f. DSGVO (legitimate interest).

d) Collection of access data and logfiles

During your visit to our website, certain data that automatically transmits the device you are using to the server of our website is collected and temporarily saved in a log file until it is automatically deleted. These include the name of the retrieved web page, file, date and time of retrieval, amount of data transferred, message about the successful retrieval, the Internet protocol address (IP address), the website via which the access was made (referrer URL), the Internet service provider as well as the (browser) software and version used and the user’s operating system. This information is not processed to identify you or to draw any other conclusions about you. Rather, we only process this information for administrative purposes, such as ensuring a smooth connection setup and comfortable use of our website, as well as monitoring, evaluating and continuously improving overall system security and stability. The legal basis for this data processing is Article 6 (1) (f) of the GDPR. Our legitimate interest follows from above listed purposes.

Logfile information is stored for security purposes (for example, to investigate abusive or fraudulent activities) for a maximum of seven days and then we´ll delete it. Data whose further retention is required for evidential purposes shall be exempted from the cancellation until final clarification of the incident.

e) Cookies & reach measurement

To improve the usability and security architecture of our website, we use cookies. Cookies are small files that your Internet browser automatically creates and stores when you visit our website. The cookies we use do not harm your devices, do not contain viruses, trojans or other malicious software.

Specifically, we set a cookie (“pll_language”), which stores the last language setting you have made and thus enables the adoption of language settings. The storage period of this cookie is one year. In addition, through our web application, certain temporary cookies are set for the sole purpose of security analysis and defense against malicious attacks on our website. Their storage duration is 30 minutes (“wfvt_ […]”) or 24 hours (“wordfence_verifiedHuman”).

In addition, we use cookies to enable the shopping cart function and remembering keywords.

Most browsers are set by default to automatically accept cookies. However, you can configure your browser so that no or only certain cookies are accepted or a notice appears before a new cookie is created. You can also delete saved cookies manually or automatically at any time in the system settings of the browser. A cookie administration guide usually includes the help feature built into your browser. Please note that not all functions of our website may be available if you deactivate the acceptance of cookies.

In addition, we also use cookies on our website that allow us to analyze the surfing behavior of our users. In this way, data on entered search terms, the frequency of page views and the use of website functions can be stored and transmitted. The use of these analysis cookies is for the purpose of improving the quality of our website and its content. Through the analysis cookies, we learn how the website is used and so we can constantly optimize our online offer.

The data of the users collected in this way are pseudonymized by technical precautions. Therefore, an assignment of the data to the calling user is no longer possible. The data will not be saved together with other personal data of the users.

When accessing our website, users are informed by an info banner about the use of cookies for analysis purposes and referred to this privacy policy. In this context, there is also an indication of how the storage of cookies in the browser settings can be prevented.

The processing of data by means of cookies for the above purposes is based on the legal basis of Article 6 para. 1 lit. f DSGVO, as it is necessary for the protection of our legitimate interests.

You may opt for the use of cookies, which are used for metering and advertising purposes, via the deactivation page of the Network Advertising Initiative (http://optout.networkadvertising.org/) and, in addition, via the US website (http://www.aboutads.info/ choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

f) Affected rights

You have the right:

• to request information about your personal data processed by us in accordance with Article 15 GDPR. In particular, you may request information about the processing purposes; the categories of personal data; the recipients or categories of recipients to whom your information has been disclosed or yet to be disclosed; the planned storage duration; the existence of a right of rectification or erasure, or limitation of processing or of a right to object to such processing, the existence of a right of appeal; the source of personal information, if not collected from you, and the existence of automated decision-making, including profiling, and meaningful information about the logic involved, and its scope and intended impact;

• in accordance with Article 16 of the GDPR, to demand the correction of incorrect personal data or the completion of incomplete personal data stored with us;

• to demand the deletion of your personal data stored by us, in accordance with Article 17 of the GDPR, unless the processing for exercising the right to freedom of expression and information is required; to fulfill a legal obligation, for reasons of public interest in the field of public health; necessary for archival purposes of public interest, for scientific or historical research purposes or for statistical purposes, or for the purposes of asserting, exercising or defending legal claims;

• to demand the restriction of the processing of your personal data in accordance with Article 18 of the GDPR, if the accuracy of the data is disputed by you; the processing is illegal, but you reject its deletion;we no longer need the data, but you need it to assert, exercise or defend legal claims, or you have objected to processing in accordance with Article 21 of the GDPR;

• in accordance with Article 20 of the GDPR, to receive the personal data that you have provided us in a structured, standard and machine-readable format and to transmit this data without any obstruction to another person responsible for us;

 • In accordance with Article 7 (3) GDPR, to revoke your consent given to us at any time. As a result, we no longer continue the data processing based on this consent for the future and

 • pursuant to Article 77 of the GDPR, to a complaint to a supervisory authority, in particular in the Member State of its place of residence, place of work or place of alleged infringement.

g) Right of objection and revocation of consent

According to Art. 21 GDPR, you have the right to object at any time to the processing of personal data concerning you, as far as

• this processing on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. e or f DSGVO, but there are grounds for refraining from their particular situation, or

• for the purpose of direct marketing, but then for the implementation of your opposition on special grounds is not important.

In order to exercise your right of revocation or to revoke any consent given to us, you can send an e-mail to datenschutz@naiked.de

h) Deletion of data

Your personal data collected by us in connection with the use of our website will be deleted or blocked as soon as the purpose of the storage is omitted. It may also be stored if provided for by the European or national legislator in EU regulations, laws or other regulations to which we are subject. Blocking or deletion of the data also takes place when a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for conclusion of a contract or fulfillment of the contract.

i) Preventive measures

We take organizational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of data protection laws are adhered to and in order to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.

The security measures include in particular the encrypted transmission of data between your browser and our server from the time of the registration or the start of the ordering process.

We use the widely used SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser. Whether a single page of our website is encrypted is shown by the closed representation of the key or lock icon in the lower status bar of your browser.

j) Disclosure of data to third parties and third party providers

For certain technical processes of data processing we use the support of external service providers (for example, for programming, maintenance and hosting of the website). Our service providers have been carefully selected and process data only on our behalf and according to our instructions.

Incidentally, a transfer of your personal data to third parties for purposes other than those listed below will not take place.

We only pass on your personal data to third parties insofar as

• You have your consent in accordance with Article 6 paragraph 1 lit. a DSGVO have given, or

• this according to Article 6 para. 1 lit. b DSGVO for the fulfillment of a contract with you or for the implementation of pre-contractual measures, which are required at your request, required and otherwise legally permissible, or

• in accordance with Article 6 para. 1 lit. c DSGVO is a legal obligation, or

• this is required by Article 6 (1) (f) GDPR to safeguard legitimate interests, such as ensuring the economic and effective operation of our business or the pursuit, exercise or defense of rights, and there is no reason to believe that you are a predominantly protected person Interested in not sharing your information.

If we use subcontractors to provide our services, we will take appropriate legal precautions and appropriate technical and organizational measures to protect personal data in accordance with applicable law.

If, within the framework of this Privacy Policy, content, tools or other means are used by other providers (collectively referred to as “third party providers”) and their registered office is located in a third country, it is to be assumed that data will be transferred to the countries of residence of the third party providers. Third countries are countries in which the GDPR is not a directly applicable law, i. E. basically countries outside the EU or the European Economic Area.

k) Changes to the data protection declaration

This data protection declaration is up-to-date and applicable since 25 May 2018. Future changes to our website and offers or regulatory or regulatory requirements may require that this data protection declaration be amended as well. If users consent is required or elements of the data protection declaration contain provisions of the contractual relationship with the users, the changes will only be made with the consent of the users. Users are requested to inform themselves regularly about the content of the data protection declaration.