Data Protection

Liable for collecting, processing and using your personal data according to Art. 4 No. 7 GDPR is

YUNAVA GbR
Birkenweg 66
D-24558 Henstedt-Ulzburg
Germany

If you disagree with us collecting, processing or using your data according to this policy in general or for individual measures, you are able to send your objection to the data controller.

You can save and print this data protection statement at any time.

We use personal data for the purpose of providing this website.

3.1     Hosting

The hosting services we take use of serve the purpose of providing following services: infrastructural and platform service, computing capacity, storage and data base services, security sevices as well as technical maintenance, that we use for operating this website.

In doing so, we or our hosting provider process inventory data, contact data, content data, contractual data, usage data, meta and communication data of customers, interested parties and visitors of this website on the base of our justified interests of providing this website securely and efficiently according to Art. 6(1) Sent. 1 (f) GDPR in conjunction with Art. 28 GDPR.

3.2     Access Data

We collect information about you when you use this website. We automatically collect information about your user behaviour and your interaction with us and register data about your computer or mobile device. We collect, save and use data about every access to our website (so-called server log files). Server log files include:

• Name and URL of the used file
• Date and timestamp of the request
• Transferred data amount
• HTTP response code
• Browser type and version
• Operating System
• Referer URL (the page visited before)
• Websites opened by the user’s system through our websit
• Internet service provider of the user
• IP address and the requested provider

We use this protocol data without assigning it to your person or any other kind of profiling for statistic evaluations for the for the purpose of operating, securing and optimizing this website, for anonymously capturing the amount of visitors on our website (traffic), the amount and kind of usage of our website and services as well as for accounting purposes, for being able to measure the amount of clicks received from cooperation partners. Because of this information, we are able to provide personalized and location based services and to analyze data traffic, find and fix mistakes and optimize our services.

In this lies our legitimate interest according to Art 6(1)(f) GDPR.

We reserve the right to check the protocol data subsequently, if because of concrete indication the legitimate suspicion of an unlawful usage exists. IP addresses are saved for a limited timespan in the log files, if this is required for security purposes or for a service provision or billing of a service, for example if you use one of our services. After cancellation of the order or after the payment is received, we delete the IP address, if it is not needed for security purposes. IP addresses are also saved if we have the concrete suspicion of  a criminal offense connected to usage of our website. We also save the date of your last visit as part of your account (e.g. at registration, login, clicking of links etc.).

3.3     Cookies

We use so-called session cookies for optimizing our website. A session cookie is a small test file, which is sent by the respective servers when visiting a website and is saved on your hard drive. This file as such contains a so-called session ID, which can be used to assign various requests by your browser to the joint session. This way, your computer can be recognized when you visit our website again. These cookies are deleted when you close your browser. They serve the purpose of for example providing the shopping cart function over multiple sites.

We also use persistent cookies in a small measure (likewise small text files saved on your devices), that stay on your device and make it possible for us to recognize your browser the next time you visit. These cookies are saved on your hard drive and deleted automatically after a given period of time. Their lifespan is 1 month to 10 years. This way, we can make our website more user-friendly, effective and secure and for example show information based on your interests on our website.

Our legitimate interest in the usage of cookies according to art. 6(1)(f) GDPR lies in making our website more user-friendly, effective and secure.

In cookies, information such as following is saved:

• Language settings
• Information about the amount of visits to our website and usage of functions of our web presence

With activation of the cookies, an identification number is assigned and an allocation of your personal data to this number is not made. Your name, your IP address or other data, that would make it possible to assign cookies to you, will not be saved in the cookie. Based on the cookie technology, we only receive pseudonymized information, for example about which pages of our website were visited, which products were viewed etc.

You can change the settings in your browser so you are informed prior the placement of cookies and are able to decide in each case, if you disagree with the placement of cookies for single cases or in general, or if you want to disable cookies completely. This can limit the functionality of this website.

3.4     Newsletter

For subscribing to the newsletter, data collected in the subscription process is needed. Subscription to the newsletter is protocoled. After subscribing, you receive a message to the email address you entered, in which we request a confirmation of the subscription (“double opt-in”). This is necessary so that third parties cannot subscribe with your email address.

You can revoke your consent for receiving the newsletter at any time and unsubscribe from the newsletter.

We save your subscription data as long as they are needed for sending the newsletter. The protocol of the subscription and the mail address are saved as long as an interest of evidence of the initially given approval, normally this is the limitation period for civil claims with a maximum of three years.

Legal base for the dispatch of the newsletter is your approval according to art. 6(1)(a) in conjunction with art. 7 GDPR in conjunction with § 7(2)(3) UWG. Legal base for protocoling of the subscription is our legitimate interest in proof of dispatching the newsletter with your approval.

You can always revoke the subscription without any additional costs to the transmission costs in accordance with the basic tariffs. A message in text format to the contact data under paragraph 1 (e.g. email, fax, letter) is sufficient. Of course you find an unsubscribe link in every email.

3.5    Service Recommendations

We will send you service recommendations independently from the newsletter via email. This way, we provide you information about services we offer that you could be interested in based on the services you used previously. We do this according to the legal requirements. You can contradict to this at any time without any additional costs to the transmission costs in accordance with the basic tariffs.  A message in text format to the contact data under paragraph 1 (e.g. email, fax, letter) is sufficient. Of course you find an unsubscribe link in every email.

Legal base for this is the legal permission according to art. 6(1)(f) GDPR in conjunction with § 7(3) UWG.

3.6     Email Contact

When you get in contact with us (e.g. via contact form or email), we process your details for handling your request and for the case of follow-up questions.

If this data processing happens for the implementation of pre-contractual measures that take place on your request, or if you already are our customer for the purpose of implementing the agreement, the legal base for data processing is art. 6(1)(1)(b) GDPR.

More personal data is only processed with your agreement (art. 6(1)(1)(a) GDPR) or if we have a legitimate interest in the processing of your data (art. 6(1)(1)(f) GDPR). A legitimate interest is for example answering your email.

4     Google Analytics

We use Google Analytics, a web analytics service provided by Google In. (“Google”). Google Analytics uses so-called “cookies”, text files that are saved on your computer and make it possible to analyze your website usage. The information about the website usage by the visitors created by the cookie are usually transferred to a server owned by Google in the USA and saved there.

Herein lies our legitimate interest according to art. 6(1)(1)(f) GDPR.

Google has surrendered and certified itself to the Privacy Shield Agreement between the European Union and the USA. Thereby Google commits to comply with European data protection regulations. More information can be found in this following entry:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

We have activated IP anonymization (anonymizeIp). Hereby, your IP address is shortened by Google in European Union member countries or in other contract states of the agreement on the European economic area prior to processing. Only in exceptions is the IP address transferred to a server owned by Google in the USA and shortened there. On our account, Google uses this information to evaluate your usage of our website, compile reports about website activity and to provide other services related to the use of the website and of the internet.

The IP address transferred by your browser within the framework of Google Analytics will not be connected with other Google data. You can disagree with the placement of cookies through a setting in your browser software. You can prevent the saving of cookies through a setting in your internet browser; we notify you that in this case you may not be able to use all functions on this website in their whole extent.

You can also prevent the transmission of the data created by the cookie and of the data concerning your website usage (including your IP address) to Google as well as the processing of this data through Google by downloading and installing the browser plugin accessible under the following link: http://tools.google.com/dlpage/gaoptout

If not stated specifically, we save personal data only as long as it is needed for fulfilling the pursued purposes

In some cases, the legislator requires saving personal data, for example in tax or trade law. In these cases, data is saved by us only for these legal purposes, but not processed in another way and deleted after the statutory minimum.

According to applicable law, you have various rights regarding your personal data. If you want to claim these rights, please send your request via email or post, clearly disclosing your identity, to the address stated in (1).

Following you find an overview of your rights.

6.1     Right of confirmation and information

You have a right of receiving clear information about the processing of your personal data.

In detail:
At any time, you have the right to receive a confirmation about if we process personal data regarding you. Is this the case, you also have the right to receive information free of charge about the personal data regarding you and a copy of this data. Furthermore, you have the right to the following information:

1. purposes of processing;
2. categories of processed data;
3. receivers or categories of receivers that we disclosed personal data for or still do, particularly with receivers in third-party countries or international organizations;
4. if possible, the planned data saving duration, or if not, the criteria for setting this time span;
5. the existence of the right of correction or deletion of personal data regarding you, or of restricting the processing by the data controller, or the right of objection to this processing;
6. the existence of a right to appeal to a supervisory authority;
7. if the personal data is not directly collected from you, all accessible information about the data’s heritage;
8. the existence of automatic decision-making including profiling according to art. 22(1) and 22(4) GDRP and– at least in these cases– meaningful information about the logic involved as well as the scale and desired impact of such a processing for you.

If personal data is transmitted to a third-party country or an international organization, you have the right to be informed about the appropriate guarantees according to art. 46 GDPR connected with the transmission.

6.2     Right of correction

You have the right to require us to correct or in some cases complete the personal data regarding you.

In detail:
You have the right to demand immediate correction of incorrect personal data regarding you. Having regard to the purposes of processing, you have the right to demand completion of incomplete personal data – also accompanied by an explanatory statement.

6.3     Right of deletion (“Right of being forgotten”)

In a number of cases we are required to delete personal data regarding you.

In detail:
According to art. 17(1) GDPR, you have the right to demand us to immediately delete personal data regarding you and we are required to immediately delete personal data if one of the following reasons applies:

1. The personal data is not needed any more for the reasons it was collected for or processed in any other way for.
2. You revoke your consent that legitimates processing according to art. 6(1)(1)(a) GDPR or art. 9(2)(a) GDPR and there is no other legal base for processing.
3. You appeal the processing according to art. 21(1) GDPR and there are no legitimate reasons for processing, or you appeal the processing according to art. 21(2) GDPR.
4. The personal data was processed unlawfully. The deletion of personal data is required for fulfilling a legal obligation under European Union law or member state law, that we are subjected to.
5. The personal data was collected in relation to provided information society services according to art. 8(1) GDPR.

If we have made personal information publicly available and if we are obliged to its deletion according to art. 17(1) GDPR and thus, we take appropriate measure under taking the available technologies and their implementation costs into account, also of technical kind, to inform all data controllers that you require the deletion of all links to this personal data or copies and replications of this personal data.

6.4     Right of limiting the processing

In a number of cases you have the right to demand limiting of the processing of personal data regarding you by us.

In detail:
You have the right to require us to limit processing if one of the following conditions is given:

1. the validity of personal data is denied by you, for a duration that makes it possible for us to check it,
2. the processing is unlawful and you have objected deletion of the personal data and instead demand limiting of the personal data;
3. we do not need the personal data for processing reasons any more, but require it for establishment, exercise or defensee of legal claims, or you have filed an objection against processing according to art. 21(1) GDPR as long at it is not clear yet if our company’s legitimate reasons overweigh yours.

6.5     Right of data portability

You have the right to receive or transmit personal data regarding you in a machine-readable format.

In detail:
You have the right to receive personal data you have provided us in a structured, usual and machine-readable format and you have the right to transmit this data to another data controller without obstruction by us if

1. the processing is based on an agreement according to art. 6(1)(1)(a) GDPR or art. 2(a) GDPR or a contract according to art. 6(1)(1)(b) GDPR and
2. processing happens by means of automated procedures.

For the exercise of your right of data portability according to paragraph 1, you have the right to make us transmit personal data directly to another data controller, if it is technically possible.

6.6     Right of objection

You also have the right to object a lawful data processing by us on compelling legitimate grounds relating to your particular situation and if our legitimate interests do not overweigh.

In detail:
You have the right to, on compelling legitimate grounds relating to your particular situation, object to processing of personal data regarding you which occurs due to art. 6(1)(1)(3) or (f) GDPR; this also applies for profiling on these provisions. We do not process the personal data any more, unless we can provide compelling and legitimate reasons for it which overweigh your interests, rights and freedoms, or if processing is necessary for the establishment, exercise, defense of legal claims or litigation

If personal data is processed for directly advertising, you have the right to object against processing of personal data regarding you for direct advertising at any time; this also applies to profiling, if it is connected with direct advertising.

You have the right to object processing of personal data regarding you for reasons of scientific or historical research purposes or for statistic purposes if it occurs according to art. 89(1) GDPR, unless processing is necessary for fulfilling a task with public interest.

6.7     Automated decision-making including profiling

You have the right to not to be subject to a decision which produces legal effects concerning you or significantly affects you and which is based solely on automated processing of data intended to evaluate certain personal aspects relating to you.

Automated decision-making on the grounds of the obtained data does not occur.

6.8     Right of revocation of consent

You have the right to revoke your consent to personal data processing at any time.

6.9     Right to appeal before a supervisory authority

You have the right to appeal before a supervisory authority, especially in the member state of your residence, your workplace or the place of the suspected infringement if you consider that the processing of your personal data is unlawful

We are striving for your data security within the scope of applicable data protection laws and technical possibilities.

Your personal data is transmitted securely. This applies for orders as well as the customer login. We use the encoding system SSL (Secure Socket Layer), though we point out that data transmission on the internet (for example email communication) may involve security gaps. It is not possible to protect such data completely against access by third parties.

For securing your data, we use technical and organizational measures according to art. 32 GDPR that we continuously adapt to the state of the art.

We cannot guarantee that our web presence is available at given times; disruptions or outages cannot be excluded. The servers used by us are carefully backed up regularly.

In general, we only use your personal data inside our company.

If and as long as we use third parties in within fulfilling of contracts (for example logistic services), these only receive personal data to the extent that is needed for the corresponding service.

For the case of us outsourcing certain parts of data processing (“data processing agreements”), we oblige the data processor by contract to only use personal data in accordance with data protection law requirements and to ensure the protection of the data subject’s rights and freedoms.

A transmission of data to processors or persons outside of the EU does not occur and is not planned, with exception of the case stated in paragraph 4.

On our webseite, plug-ins of various social media networks are integrated. The services are provided by the different companies (“providers”). These providers are:

Facebook is provided by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). An overview of the Facebook plug-in can be found under: https://developers.facebook.com/­docs/plugins

Twitter is provided by Twitter Inc., 1355 Market Str b, Suite 900, San Francisco, CA 94103, USA (“Twitter”). An overview of the Twitter Buttons plug-in can be found under: https://dev.twitter.com/­web/tweet-button

LinkedIn is provided by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (“LinkedIn”). An overview of the LinkedIn plug-in can be found under: https://developer.linkedin.com/­plugins#

Xing is provided by XING SE, Dammtorstraße 30, 20354 Hamburg, Deutschland (“Xing”). An overview of the Xing Share-Button plug-in can be found under: https://www.xing.com/app/share%3Fop%3Ddata_protection

To maximise the security of your visit on our website, these plug-ins are implemented as a “2-click-solution”. This kind of implementation ensures that when visiting a page on our website which includes these plug-ins, you will not directly be connected to the providers’ servers. Only when the plug-in is activated, the browser connects directly to the providers’ servers. The content of the plug-in will then be transmitted to your browser and shown on your screen.

The plug-in tells the provider which page you have visited. When you are logged in with your user account at the respective provider, they can connect information you access with your user account. When using the plug-in’s functions (e.g. clicking the “Like”-button, leaving a comment), this information is also transmitted directly to the provider.

You can find further information about data collection and usage by the provider and your rights and possibilities for securing your privacy in the providers’ data protection policies:

Facebook’s data protection policy: http://www.facebook.com/­policy.php

Twitter’s data protection policy: https://twitter.com/privacy

Google’s data protection policy: https://policies.google.com/privacy

LinkedIn’s data protection policy: https://www.linkedin.com/­legal/Data Protection-policy 

Xing’s data protection policy: https://privacy.xing.com/de/datenschutzerklaerung

If you have any further questions or concerns, please contact our data protection supervisor Mrs. Nanja Hoffmann, Birkenweg 66, D-24558 Henstedt-Ulzburg, (Email: datenschutz@yunava.com)