DATA PROTECTION DECLARATION
The protection of personal data is a top priority for us. At this point, we would like to inform you about which personal data we collect on our website www.kapedefilipina.eu and how we handle it.
1. RESPONSIBLE BODY, SCOPE OF APPLICATION
The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is
Kape de Filipina
Charlottenburger Str. 62,
13086 Berlin, Germany
hereinafter referred to as "Kape de Filipina."
We collect and use personal data as part of the services offered via our platforms. We also create analyses for statistical and market analysis purposes in anonymised form.
Personal data is only collected to the extent technically necessary. Under no circumstances do we sell the data collected or pass it on to third parties for other reasons without your prior consent. The following statement gives you an overview of how we guarantee this protection and what type of data is collected for what purpose.
2. LEGAL BASIS FOR THE COLLECTION OF DATA
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a) GDPR serves as the legal basis.
When processing personal data that is necessary for the fulfilment of a contract to which the data subject is a party, Art. 6 para. 1 lit. b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c) GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d) GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f) GDPR serves as the legal basis for the processing.
At this point, we would like to point out that all data will be deleted by us as soon as it is no longer required to fulfil the purpose for which it was collected. This applies with the exception of data whose storage is required by law.
In the context of data processing that is not carried out by us, we work exclusively with companies that have either adapted their data processing to the rules of the GDPR or are committed to a comparable level of data protection within the framework of agreements such as the EU-US Privacy Shield.
3. SCOPE OF DATA COLLECTION, USE AND STORAGE
3.1 When you visit our website, we already collect usage-related data about your usage process. However, we do not assign this data to you personally. The sole purpose of data collection is to continuously improve and further develop the quality of our services, for which purpose we create anonymised analyses of user behaviour. At the end of your visit to our website, we only store your IP address in anonymised form. Further details on the systems used can be found in the sections on cookies and social media below.
3.2 All customer data required for contract processing (e-mail address, title, name, address, telephone and fax number and bank details), in particular for ordering, invoicing and delivery processing, are collected, stored and used by us in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG) and, if necessary for order processing, transmitted to third parties. This data will not be passed on to third parties with the exception of the transport company entrusted with the order.
Your orders are stored by us. If you lose your order documents, please contact us by e-mail, fax or telephone. We will be happy to send you a copy of your order data by e-mail, provided the order was placed no more than one year ago.
3.3 Each time a file is requested on our website, the following access data is stored by default:
- The page from which the file was requested
- The name of the file
- The date and time of the request the amount of data transferred the access status (file transferred, file not found, etc.)
- A description of the type of web browser used
- The IP address of the requesting computer
- The stored data is analysed exclusively for internal statistical purposes in order to monitor and improve the quality of our services.
4. LOGIN OPTIONS ON OUR WEBSITE
On our website, we offer our customers the opportunity to log in to a specially protected area, the online shop, by providing access data. The data is transmitted to us and stored. The data will not be passed on to third parties. The following data is requested as part of the registration process:
- Email or user name
The following data is also stored at the time of registration:
- IP address of the user
- Date and time of registration
5. CONTACT FORM - REGISTRATION FOR COURSE DATES / APPLICATIONS BY EMAIL / SERVICES
It is possible to contact us on our website in order to obtain information about us or our products.
If a user makes use of one of these options, the data entered in the input mask will be transmitted to us and stored. Depending on the user's enquiry, these data are
- E-mail address
- Telephone number
The following data is also stored at the time the message is sent:
- IP adress
- Date and time of registration
All data collected in this context will be deleted by us immediately as soon as it is no longer required to fulfil the purpose for which it was collected. This applies subject to such data whose storage is required by law.
We use so-called session cookies so that you can place orders on our website and your order is collected in a shopping basket. Session cookies are small units of information that a provider stores in the working memory of the visitor's computer. A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. A cookie also contains information about its origin and the storage period. These cookies cannot store any other data. The session ID is used to compile your orders in your shopping basket.
Other providers use permanent cookies to be able to recognise visitors even after a long time. This information is then stored as a text file on the hard drive of the visitor's computer. In contrast, the session cookies used on our pages are deleted when you end the session. If you close the browser window or call up another page, your shopping basket will be reset. The contents of the shopping basket collected up to that point must be recompiled if you end the session but have not completed the order process. No conclusions can be drawn from the cookies about the personal user behaviour of the customer. We will not associate any of your personal data with the data collected by the cookies without your express consent.
Most browsers accept cookies by default and are set to accept all cookies without asking the user. You can allow or disallow temporary and stored cookies independently of each other in the security settings. If you wish to use our shopping basket function, you should set your browser to accept session cookies. If you deactivate cookies, certain features on our website may not be available to you and some web pages may not be displayed correctly.
7. DATA COLLECTION AND USE WHEN PAYING VIA OUR WEBSITE
If you place chargeable orders via our website, we will also pass on your personal data to the payment processing providers commissioned by us for the purpose of contract fulfilment.
Payment processing is always carried out via PCI-DSS certified security/encryption solutions in order to offer the highest level of data security for your payment.
8. USE OF SOCIAL MEDIA PLUGINS
8.1.1 USE OF FACEBOOK PLUGINS
Our website uses so-called social plugins ("plugins") of the social network Facebook, which is operated by Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). The plugins are labelled with a Facebook logo or the addition "Social plugin from Facebook" or "Facebook Social Plugin". An overview of the Facebook plugins and their appearance can be found here: http://developers.facebook.com/plugins. When you access a page on our website that contains such a plugin, your browser establishes a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to your browser and integrated into the page. Through this integration, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook profile or are not currently logged in to Facebook. This information (including your IP address) is transmitted directly from your browser to a Facebook server in the USA and stored there.
If you are logged in to Facebook, Facebook can directly associate your visit to our website with your Facebook profile. If you interact with the plugins, for example by clicking the "Like" button or leaving a comment, this information is also transmitted directly to a Facebook server and stored there. The information is also published on your Facebook profile and displayed to your Facebook friends.
The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your rights in this regard and setting options to protect your privacy can be found in Facebook's data protection information: http://www.facebook.com/policy.php
If you do not want Facebook to assign the data collected via our website directly to your Facebook profile, you must log out of Facebook before visiting our website. You can also completely prevent the loading of Facebook plugins with add-ons for your browser, e.g. with the "Facebook Blocker" (http://webgraph.com/resources/facebookblocker/).
Plugins from the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA are integrated on our pages. You can recognise the Facebook plugins by the Facebook logo or the "Like" button on our site. You can find an overview of the Facebook plugins here: http://developers.facebook.com/docs/plugins/.
We have chosen a data protection-friendly version of the 2-click solution recommended by data protection experts for integration into our website and would like to draw your attention to the following:
Initially, no data is transferred from you to Facebook, but only when you activate the Like button on our site.
If you do not want Facebook to be able to associate your visit to our pages with your Facebook user account, please log out of your Facebook user account. If you want to completely prevent data transmission to Facebook, do not activate the "Like" button.
8.2 USE OF TWITTER COMPONENTS
Use of Twitter plugins (e.g. "Tweet" button) Our website uses so-called social plugins ("plugins") of the microblogging service Twitter, which is operated by Twitter Inc, 1355 Market St, Suite 900, San Francisco, CA 94103, USA ("Twitter"). The plugins are labelled with a Twitter logo, for example in the form of a blue "Twitter bird". You can find an overview of the Twitter plugins and their appearance here: https://twitter.com/about/resources/buttons
When you access a page on our website that contains such a plugin, your browser establishes a direct connection to the Twitter servers. The content of the plugin is transmitted by Twitter directly to your browser and integrated into the page. Through the integration, Twitter receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Twitter profile or are not currently logged in to Twitter. This information (including your IP address) is transmitted directly from your browser to a Twitter server in the USA and stored there.
If you are logged in to Twitter, Twitter can directly associate your visit to our website with your Twitter account. If you interact with the plugins, for example by clicking the "Tweet" button, the corresponding information is also transmitted directly to a Twitter server and stored there. The information is also published on your Twitter account and displayed to your contacts there. The purpose and scope of the data collection and the further processing and use of the data by Twitter as well as your rights in this regard and setting options to protect your privacy can be found in Twitter's data protection information: https://twitter.com/privacy
If you do not want Twitter to assign the data collected via our website directly to your Twitter account, you must log out of Twitter before visiting our website. You can also completely prevent the Twitter plugins from loading with add-ons for your browser, e.g. with the script blocker "NoScript" (http://noscript.net/).
8.3 USE OF THE YOUTUBE COMPONENTS
On our website, we use components (videos) from YouTube, LLC 901 Cherry Ave, 94066 San Bruno, CA, USA, a company of Google Inc, Amphitheatre Parkway, Mountain View, CA 94043, USA. We use the " - extended data protection mode -" option provided by YouTube. When you access a page that has an embedded video, a connection to the YouTube servers is established and the content is displayed on the website by notifying your browser. According to YouTube, in " - extended data protection mode -" only data is transmitted to the YouTube server, in particular which of our Internet pages you have visited when you watch the video. If you are logged in to YouTube at the same time, this information will be assigned to your YouTube member account. You can prevent this by logging out of your member account before visiting our website.
Further information on data protection from YouTube is provided by Google at the following link: https://www.google.de/intl/de/policies/privacy/
8.4 USE OF INSTAGRAM
Our website uses so-called social plugins ("plugins") from Instagram, which is operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram"). The plugins are labelled with an Instagram logo, for example in the form of an "Instagram camera". You can find an overview of the Instagram plugins and their appearance here: http://blog.instagram.com/post/36222022872/introducing-instagram-badges
When you access a page on our website that contains such a plugin, your browser establishes a direct connection to Instagram's servers. The content of the plugin is transmitted by Instagram directly to your browser and integrated into the page. Through this integration, Instagram receives the information that your browser has accessed the corresponding page of our website, even if you do not have an Instagram profile or are not currently logged in to Instagram. This information (including your IP address) is transmitted directly from your browser to an Instagram server in the USA and stored there. If you are logged in to Instagram, Instagram can directly associate your visit to our website with your Instagram account.
If you interact with the plugins, for example by clicking the "Instagram" button, this information is also transmitted directly to an Instagram server and stored there. The information is also published on your Instagram account and displayed to your contacts there. The purpose and scope of the data collection and the further processing and use of the data by Instagram as well as your rights in this regard and setting options to protect your privacy can be found in Instagram's data protection information: https://help.instagram.com/155833707900388/
If you do not want Instagram to assign the data collected via our website directly to your Instagram account, you must log out of Instagram before visiting our website. You can also completely prevent the Instagram plugins from loading with add-ons for your browser, e.g. with the script blocker "NoScript" (http://noscript.net/).
9. USE OF GOOGLE ANALYTICS
By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
You can object to the collection and storage of data at any time with effect for the future [link to https://tools.google.com/dlpage/gaoptout?hl=de]. In view of the discussion about the use of analysis tools with complete IP addresses, we would like to point out that this website uses Google Analytics with the extension "_anonymizeIp()" and therefore IP addresses are only processed in abbreviated form in order to exclude the possibility of direct personal references.
10. DATA PROCESSING FOR NEWSLETTER DISPATCH
By giving your consent to receive our newsletter, we will send you information and/or offers about our product range at regular intervals, provided you have registered for the newsletter and expressly requested this. You can unsubscribe from the newsletter at any time, either via a link in every newsletter or directly on our website under the "Newsletter" link. You are also welcome to send us an email to email@example.com and we will take care of the cancellation for you.
Kape de Filipina takes all necessary technical and organisational security measures to protect your personal data from loss and misuse. Your data is stored in a secure operating environment that is not accessible to the public.
To protect you as a customer, we use an encrypted connection for online orders. Using SSL (Secure Socket Layer), your personal data is transmitted over the Internet in encrypted form (not visible to third parties). This means you can be sure that your personal data, such as your name and address, will only be transmitted to our server. You can recognise such a secure connection by the lock symbol in the status bar of your web browser or by the URL in the address bar beginning with "https" instead of "http".
12. RIGHTS OF DATA SUBJECTS
If your personal data is processed, you are a "data subject" and you have the following rights vis-à-vis us as the controller:
12.1 RIGHT TO INFORMATION
You have the right to obtain confirmation from us free of charge as to whether we are processing personal data concerning you. If this is the case, you have a right to information about this personal data and to further information, which you can find in Art. 15 GDPR. You can contact us by post or email for this purpose.
12.2 RIGHT TO RECTIFICATION
You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. You also have the right - taking into account the purposes of processing mentioned above - to request the completion of incomplete personal data, including by means of a supplementary declaration. You can contact us by post or email for this purpose.
12.3 RIGHT TO ERASURE
You have the right to demand the immediate erasure of personal data concerning you if one of the requirements of Art. 17 GDPR is met. You can contact us by post or email to exercise this right.
12.4 RIGHT TO RESTRICTION OF PROCESSING
You have the right to demand that we restrict processing if one of the requirements of Art. 18 GDPR is met. You can contact us by post or email to exercise this right.
12.5 RIGHT TO INFORMATION
If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed of these recipients by the controller.
12.6 RIGHT TO DATA PORTABILITY
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format and you have the right to transmit this data to another controller without hindrance from us if the requirements of Art. 20 GDPR are met. You can contact us by post or email for this purpose.
12.7 RIGHT TO OBJECT TO PROCESSING BASED ON OUR LEGITIMATE INTEREST
If, in exceptional cases, we process personal data on the basis of Art. 6(1)(f) GDPR (i.e. for legitimate interests), you have the right to object to the processing of your personal data by us at any time on grounds relating to your particular situation. If we cannot demonstrate compelling legitimate grounds for further processing that override your interests, rights and freedoms, or if we process your data for the purpose of direct marketing, we will no longer process your data (see Art. 21 GDPR). You can contact us by post or email to object. A technical procedure that you use, e.g. clear technical information that your web browser sends us ("do-not-track" message), is also considered an objection in this sense.
12.8 RIGHT TO REVOKE CONSENT GIVEN
You have the right to withdraw your consent to the collection and use of personal data at any time with effect for the future. To do so, you can contact us by post or email. This does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.
12.9 AUTOMATED DECISION-MAKING, INCLUDING PROFILING
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. Unless the decision is necessary for the conclusion or performance of a contract between you and us, it is authorised by Union or Member State law to which we are subject and that law contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or the decision is made with your express consent.
We do not carry out such automated decision-making.
12.10 VOLUNTARY NATURE OF THE PROVISION OF DATA
If the provision of personal data is required by law or contract, we will always point this out when collecting the data. In some cases, the data collected by us is required for the conclusion of a contract, namely if we would otherwise not be able to fulfill our contractual obligation to you or not be able to fulfil it sufficiently. You are under no obligation to provide the personal data. However, failure to provide it may mean that we are unable to perform or offer a service, action, measure or similar requested by you or that it is not possible to conclude a contract with you.
If you would like to exercise one of the rights described above, you are welcome to contact us at:
Patricia Villaseñor Krause
Charlottenburger Str. 62,
c/o eHouse Space GmbH
13086 Berlin, Germany
12.11 RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY
Without prejudice to any other rights, you have the right to lodge a complaint with a data protection supervisory authority at any time, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes data protection law.