Data protection
Thank you for your interest in this privacy policy! This privacy policy describes our practices for collecting, using, protecting and disclosing the personal information we collect from you when you visit our website and use our services.
GENERAL INFORMATION
Which law applies?
As a general rule, we only use your personal data in accordance with applicable data protection laws, in particular the German Federal Data Protection Act (BDSG) and its EU counterpart, the General Data Protection Regulation (GDPR).
What is personal data?
Personal data is all information about personal or factual circumstances that relate to an identified or identifiable natural person. This includes, for example, your name, date of birth, email address, postal address or telephone number as well as online identifiers such as your IP address.
What is processing?
"Processing" means any operation or set of operations which is performed on personal data, whether or not by automatic means. The term is broad and covers practically any handling of data.
Who is responsible for data processing?
The data controller within the meaning of the BDSG and the GDPR is VINN Card, Ferhat Yavuz, Dornheckenweg 5, 63517 Rodenbach, Germany ("VINN Card", "we", "us" or "our"). If you have any questions about this policy or our data protection practices, please contact info@vinncard.com or use our contact form .
What are the legal bases for processing?
In accordance with the BDSG and the GDPR, we must have at least one of the following legal bases to process your personal data:
- Consent - This is the case when we have asked for your explicit consent to process your data for a specific purpose.
- Contract - This is when we process your data to fulfill a contractual agreement we have with you or to respond to your messages, emails, posts, calls, etc.
- Legitimate interests - This is when we rely on our interests as a ground for processing. Generally speaking, this is to provide you with the best products and services in the safest and most appropriate way. Before we rely on any of these legitimate interests, we will of course balance them against your interests and make sure they are compelling enough and will not cause unjustified harm.
- Legal obligation - This is the case when we are legally or otherwise obliged to process the data, for example for archiving purposes or to investigate crimes.
DATA WE COLLECT AUTOMATICALLY
Log data
When you access and use our website, we collect the personal data that your browser automatically transmits to our server. This is technically necessary so that we can display our website and to ensure its stability and security. In this sense, we collect the following data: i) IP address of the requesting computer, ii) date and time of access, iii) name and URL of the file accessed, iv) website from which access was made (referrer URL), v) browser used and, if applicable, the operating system of your computer and the name of your access provider. The legal basis is our legitimate interest.
Cookies
We use so-called cookies on our website. Cookies are pieces of information that are sent from our web server or third-party web servers to your web browser and stored there for later retrieval. Cookies can be small files or other types of information storage. There are different types of cookies: a) Essential cookies. Essential cookies are cookies that provide a correct and user-friendly website; and b) Non-essential cookies. Non-essential cookies are all cookies that do not fall under the definition of essential cookies, such as cookies that are used to analyze your behavior on a website ("analytical" cookies) or cookies that are used to show you advertisements ("advertising cookies").
As set out in the German Telecommunications and Telemedia Data Protection Act ("TTDSG") and the EU Privacy and Electronic Communications Directive ("PECD"), we are required to obtain consent to use non-essential cookies. For more information about the cookies we use, please see our Cookie Policy. The legal basis for the processing is our legitimate interest and your consent.
Cookie consent
Our website uses a cookie consent tool to obtain your consent to the storage of cookies and to document this consent. When you visit our website, the following personal data is transmitted to us: i) your consent(s) or the withdrawal of your consent(s); ii) your IP address; iii) information about your browser; iv) information about your device; v) time of your visit to our website. The basis for the processing is our legitimate interest and your consent.
Economic analysis and market research
For business reasons, we analyze the data we have on web and server traffic patterns, website interactions, browsing behavior, etc. The analytics are for our sole use and are not shared with third parties and are processed using anonymous analytics with aggregated and/or anonymized values. For this purpose, we use Google Analytics (1600 Amphitheatre Parkway Mountain View, CA 94043, US, and Google Ireland Limited Gordon House, Barrow Street, Dublin 4, Ireland), and Shopify Analytics (Shopify International Limited, 150 Elgin Street 8th Floor Ottawa, ON K2P 1L4 Canada). The legal basis is our legitimate interest and your consent. For more information, see our Cookie Policy.
Hosting our website and shop
We use the hosting services of Shopify International Limited , (150 Elgin Street 8th Floor Ottawa, ON K2P 1L4 Canada) to host and display our website and store. Shopify does this on the basis of processing on our behalf and this also means that all data collected on our website and store is processed on Shopify's servers.
Links to other websites
Please note that if you use a link from our website to a third-party website, that third party may also set new cookies that are not covered by this policy. In such cases, we recommend that you read the cookie policy on the third party website itself.
DATA WE COLLECT DIRECTLY
Contact us
When you contact us, we store and process the following data from you: name, email address, telephone number and other personal data that you provide when contacting us. This data is collected and processed solely for the purpose of contacting you and processing your request and is then deleted unless there is a legal obligation to retain it. The legal basis for the processing is the contract and our legitimate interest.
Shop with us
We process your first name, your last name, your email address, your billing and delivery address for the delivery of your VINN Card and the data related to your contract with us in order to process the contractual relationship. The legal basis for the processing is the provision of a contractual service.
When customizing your VINN Card
If you choose to use our web portal and its features to customize your VINN card, we process the data you provide to us (depending on how you customize your VINN card and which features you use). This typically includes personal data such as your name, email address, phone number, a picture, details about your company and address, as well as non-personal data such as links to your social media profiles ("Service Data").
We recognize that you own your Service Data and give you complete control over your Service Data by providing you with the ability to (i) access your Service Data, (ii) share your Service Data through our QR system, and (iii) request the export or deletion of your Service Data.
When we process Service Data, we become your data processor or, in other words, we process the Service Data associated with the use of your Digital Business Card in accordance with your instructions and use it only for the purposes agreed between you and us.
We ensure that our employees' access to your data is only necessary, restricted to specific individuals, and logged and audited. We communicate our privacy and security policies to our employees and strictly enforce privacy and security safeguards.
Some countries may require you to disclose your use of our Services as your data processor in your privacy policy and/or data processing agreement. For this purpose, all Service Data we process will be processed using Shopify and appropriate legal safeguards and technical and organizational measures will be put in place to ensure the protection of your Service Data.
The legal basis for processing your service data is our obligation to perform the contract concluded with you.
Account registration
It is also possible for you to register for an account. For this purpose, you can choose a password together with your email address that will make it easier for you to log in without having to re-enter your data when you make a future purchase or access our other content such as the blog or forum. We will store your data for as long as you have your account with us. The legal basis for the processing is the provision or initiation of a contractual service and your consent.
When you make a purchase
To make a purchase, you must provide a valid payment method (eg credit card). Your payment information will be collected and processed by our authorized payment providers Mollie BV (Keizersgracht 126, 1015 CW Amsterdam, the Netherlands) and PayPal (Europe) (Sarl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg). We do not collect or store credit or debit card numbers ourselves as part of the normal processing of transactions. The legal basis for providing a payment system is the conclusion and execution of the agreement.
Administration, financial accounting, office organization, contact management
We process data in the context of administrative tasks, as well as the organization of our business and compliance with legal obligations, such as archiving. In this context, we process the same data that we process in the context of providing our services, including your donations. The processing bases are our legal obligations and our legitimate interest.
Commercial use of your data
We use your data for marketing purposes within the legally permissible scope, e.g. to make you aware of special promotions and discount offers. In addition, we can make you aware of comparable offers by email, e.g. we can inform you about exclusive sales, special offers or special events. The legal basis for the processing is our legitimate interest.
MARKETING
If you have given us your separate consent to process your data for marketing and advertising purposes, we are entitled to contact you for these purposes via the communication channels for which you have given your consent.
You may give us your consent in a number of ways, for example by ticking a box on a form where we ask for permission to send you marketing information, or sometimes your consent will be implied from your interactions or contractual relationship with us. Where your consent is implied, it is based on you having a reasonable expectation of receiving a marketing communication based on your interactions or contractual relationship with us.
Direct marketing is usually carried out by email but may include other, less traditional or new channels. These forms of contact are managed by us or our appointed service providers. Any direct marketing sent or carried out by us or on our behalf will include a facility for you to unsubscribe or opt-out.
ADVERTISING
We would like to show you interesting advertising outside of our website and use various tools and cookies from third parties for this purpose. These collect and process information about your activities on our website - for example, which products you are interested in or which pages you visit. By knowing what you are looking for and how you use our website, we can tailor our advertising to your needs. This increases the likelihood that you will also see suitable and interesting advertising outside of our website.
We also analyze this data to evaluate the relevance of the advertising and to optimize the advertising for you. Through the tools, your browser regularly establishes a connection to the server of the tool provider when you visit our website. For some tools, we have no direct influence on which data is processed by the providers. The following personal data may be processed by third parties: i) HTTP header information (e.g. IP address, web browser, website URL, date and time); ii) measurement pixel-specific data (e.g. pixel ID and cookie ID); and iii) additional information about visits to our website (e.g. orders placed, products clicked). The legal bases for the processing are our legitimate interest and your consent in case of cookies. For more information, see our Cookie Policy.
SOCIAL MEDIA
Generally
We are present on social media and if you contact or engage with us via social media websites, we and the social media website in question are jointly responsible for the processing of your data and enter into a so-called joint controller agreement. The legal basis is our legitimate interest, your consent or in some cases the initiation of a contract.
When you visit our profiles and interact with us and others
When you visit our social media profiles, we as the operator of the profile process your actions and interactions with our profile (e.g. the content of your messages, inquiries, posts or comments that you send to us or leave on our profile or if you like or share our posts) as well as your publicly visible profile data (e.g. your name and profile picture).
Which personal data from your profile is publicly visible depends on your profile settings, which you can adjust yourself in the settings of your social media account.
Please be careful not to transmit or share any sensitive data or confidential information (e.g. application documents, bank or payment details) via social media platforms; we recommend that you use a more secure transmission method (e.g. email).
PRINCIPLES OF PROCESSING PERSONAL DATA
Storage and retention
If necessary, we process and store your personal data for the duration of our business relationship, which includes, for example, the initiation and processing of a contract.
In addition, we are subject to various retention and documentation obligations, which arise, among other things, from the statutory minimum retention periods under the German Commercial Code (HGB) and the German Fiscal Code (AO). The specified retention and documentation periods vary between two and ten years.
Security
Our website uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data or contact requests that you send to us. In addition, we have taken numerous security measures ("technical and organizational measures"), such as encryption or "need to know" access, to ensure the most comprehensive protection possible for personal data processed via our website.
However, Internet-based data transmissions may always have security vulnerabilities, so absolute protection cannot be guaranteed. And databases or records containing personal information may be breached accidentally or through unlawful intrusion. Once we learn of a data breach, we will notify all affected individuals whose personal information may have been compromised as soon as possible after the breach is discovered.
Special category data
We do not process any special category data unless this is expressly necessary when using our services and there is explicit consent for this service.
Automated decision making
Automated decision-making is a process in which a decision is taken by automated means without human involvement. Automated decision-making, including profiling, does not take place.
Data sale
We do not sell your personal information.
Sharing and Disclosure
We will not share your personal information with third parties unless a) this is necessary to provide our services, including our shipping company Deutsche Post and DHL ( Deutsche Post AG , Charles-de-Gaulle-Str. 20, 53113 Bonn), and b) you have consented to the sharing, c) or if we are legally required to do so, e.g. by a court order, or if this is necessary to support criminal or legal investigations or other legal proceedings or proceedings at home or abroad or to fulfill our legitimate interests.
International transmission
We may share your personal information with other companies when necessary for the purposes described in this Privacy Policy. To ensure adequate protection of your personal information when it is transferred, we have put in place contractual arrangements governing such transfers. We take all reasonable technical and organizational measures to protect the personal information we transfer.
YOUR RIGHTS AND PRIVILEGES
Privacy rights
According to the BDSG and the GDPR you can exercise the following rights:
- Right to information
- Right to rectification
- Right to erasure
- Right to data portability
- Right to object
- Right to withdraw consent
- Right to lodge a complaint with a supervisory authority
- Right not to be subjected to a decision based solely on automated processing.
If you have any questions about the type of personal information we hold about you, or if you wish to exercise any of your rights, please contact us.
Updating your data
If you believe that the data we hold about you is inaccurate or that we are no longer authorized to use it and you wish to request the rectification or erasure of this data or object to its processing, please contact us.
Withdrawal of your consent
You can revoke your consent at any time by contacting us. The legality of the data processing carried out up to the time of revocation remains unaffected by the revocation.
Request for information
If you would like to make a request to access your information, you may notify us in writing. We will respond to your requests for access and rectification as quickly as possible. If we are unable to respond to your request within thirty (30) days, we will tell you why and when we will be able to respond to your request. If we are unable to provide you with personal information or make a correction you have requested, we will tell you why.
Complaint to a supervisory authority
The representative at federal level is the Federal Commissioner for Data Protection and Freedom of Information (BfDI) (www.bfdi.bund.de) and the representative at state level is the Hessian Commissioner for Data Protection and Freedom of Information (HBDI) (www.datenschutz.hessen.de). However, we would like to ask you to contact us first before contacting the BfDI and/or the HBDI.
VALIDITY AND QUESTIONS
This privacy policy was last updated on Wednesday, May 8, 2024, and is the current and effective version. However, please be aware that from time to time, changes in fact or law may require revision of this policy. If you have any questions about this policy or our privacy practices, please contact us.