Data Protection Policy

1. Name and contact data of the data controller and also the company data protection officer

This Data Protection Policy covers data processing by:
Data Controller:

jovoto GmbH (hereinafter referred to as: „Jovoto“),
Lobeckstraße 30-35,
10969 Berlin

Phone. +49(0)30 – 60 98 86 95 – 0
Fax: +49(0)30 – 60 98 86 95 – 9
E-Mail: contact@jovoto.com  

The data protection officer of Jovoto can be reached under the aforementioned address as well as under the following E-Mail-Address

E-Mail: datenschutz@jovoto.com.

 

2. Collection and storage of personal data and also nature and purpose and their use

a) When visiting the website

When you access our website www.jovoto.com, the browser on your end device automatically sends information to our website server. When you do so, we only record the IP address of the requesting computer, however the last octet (8 bits) will be truncated and the IP address replaced by a generic IP address. This information is temporarily saved in a log file. The following information is collected without any action on your part and deleted automatically after four weeks:

• IP address of the querying computer,
• date and time of the access,
• name and URL of the accessed file,
• website from which the access was made (referrer URL),
• browser type and version and also further information sent by the browser (such as your computer’s operating system, the name of your access provider, geographical origin, language setting etc.).

We process these data for the following purposes:

• ensuring trouble-free connection to the website,
• ensuring comfortable use of our website,
• evaluating system security and stability and also
• for further administrative purposes.

The legal grounds for the data processing is Art. 6 Subs. 1 Sentence 1 lit. f General Data Protection Regulation (GDPR). Our legitimate interest follows from the above purposes for the data collection. Under no circumstances do we use the collected data for the purpose of drawing any conclusions about your person.

In addition, we also use cookies and analytics services during visits to our website. Further explanations can be found under sections 4 and 5 of this Data Protection Policy.

b) When setting up a user account

You can set up a password-protected user account with us in which we save your personal data. This is in order to provide you with the greatest possible comfort through easier, faster and more personal experiences on our website.

If you would like to set up a password-protected user account with us, we need the following information from you:

• a valid email address,
• a user name.

In addition, you have to enter a password of your choice. Together with your email address this provides access to your user account. In your user account you may view and change the data referring to you and stored with us at any time.

The data are processed upon your query and under Art. 6 Subs. 1 Sentence 1 lit. b GDPR are required for the stated purposes of fulfilling the contract and pre-contractual measures.

After your user account is deleted, your personal data are automatically deleted, unless we are obliged to longer storage under Article 6 Subs. 1 Sentence 1 lit. c GDPR due to tax- and commercial-law retention and documentation duties or you have consented to a prolonged period under Art. 6 Subs. 1 Sentence 1 lit. a GDPR.

c) When registering for our newsletter

In so far as you have declared express consent under Art. 6 Subs. 1 Sentence 1 lit. a GDPR, we will use your email address to regularly send you our personalised email-newsletter. Providing an email address is sufficient for receiving the newsletter.

Unsubscription is possible at any time, e.g. via a link at the end of every newsletter.  

Alternatively, you may unsubscribe at any time by sending an email to contact@jovoto.com.

If you would like to sign up for the newsletter, we will ask to provide the following information:

• a valid email address,
• your given name,
• possibly your last name,
• possibly your phone-number,
• possibly your company´s name,
• possibly your country,
• possibly an Information in how did you find out about us.

We send our newsletter via the service of

MailChimp of The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA (“MailChimp”).

The email addresses of our newsletter recipients are stored on our behalf on the servers of MailChimp which are located in the United States of America.

MailChimp uses this information to send and evaluate the newsletters on our behalf. We entered into a data processing agreement with MailChimp. By this agreement, MailChimp assures that it processes the data in accordance with the General Data Protection Regulation and assures the protection of the data subject’s rights.

MailChimp assures that personal data is fully protected against unauthorized access. MailChimp itself does not use the data of our newsletter recipients to contact them or pass on data to third parties. As a US-based company, MailChimp complies with the privacy policy of the US Privacy Shield and is registered with the U.S. Department of Commerce’s US Privacy Shield Program.

MailChimp also provides statistical analysis of usage data via cookies such as determining if a newsletter has been opened, when it was opened and which links are clicked. The evaluations also serve to identify the reading habits of users and allow us to adapt our content or to send different content according to the interests of our users.

The data processing of these voluntarily given information is based on our legitimate interests under Art. 6 Subs. 1 Sentence 1 lit. f GDPR. Our legitimate interest follows from the above purposes for the data collection.

d) When using our contact form

You may get in touch with us via a form available in the website contact information. This requires providing a valid email address, your given name and surname, your company´s name, your country and an information on how you became aware of us.

In addition, you may voluntarily describe your company´s challenge.

The data for the purpose of contacting us are processed under Art. 6 Subs. 1 Sentence 1 lit. f GDPR on the basis of our legitimate interests.

The personal data we collected for using the contact form will be automatically deleted after your query has been dealt with.

 

3. Transfer of data to third parties

Your personal data will not be transferred to third parties for purposes other than those specified below.

a) For execution of the contract

Insofar as permitted by law and in accordance with Art. 6 Para. 1 sentence 1 lit. b DSGVO is required for the settlement of the contractual relationship with you, your personal data will be passed on to third parties. This includes, in particular, the transfer to shipping companies for the purpose of delivering goods ordered by you or to payment service providers or credit institutions in order to carry out the payment process.

The transferred data may be used by the third party solely for the purpose of their disclosure.

b) For other purposes

Apart from that we will only transfer your personal data to third parties, if:

• you have expressly given your consent pursuant to Art. 6 Para. 1 S. 1 lit. a GDPR;
• in cases where transfer of your data is necessary for compliance with a legal obligation pursuant to 6 Para. 1 S. 1 lit. c GDPR;
• this is necessary for the protection of the Controller’s legitimate interests or those of a third party (Art. 6 Para. 1 lit. f GDPR). The data processing is necessary in particular for the establishment, exercise or defence of legal claims and where there seems to be no reason to assume that you have an overriding and legitimate interest in preventing the transfer of your data.

c) For processing your requests via the contact form

If you make use of our customer helpdesk via our website your data entered into the contact form are transferred to Zendesk Inc., 1019 Market St, San Francisco, CA 94103 USA („Zendesk“).

Zendesk uses this information to answer your requests on our behalf. This is based on our Data Processing Agreement with Zendesk. By this Agreement, Zendesk as-sures to protect your rights to your personal data and that the use of the data by Zendesk is in accordance with the GDPR.

Zendesk assures that your personal data is fully protected against unauthorized access. Zendesk will not use your data to contact you for its own purposes or to for transferring them to third parties.

As a US-based company, Zendesk complies with the privacy policy of the US Privacy Shield and is registered with the U.S. Department of Commerce’s US Privacy Shield Program.

 

4. Cookies

We use cookies on our website. These are small files that your browser automatically creates and saves on your end device (laptop, tablet, smartphone or suchlike when you visit our website. Cookies do not cause any harm to your computer and do not contain any viruses, trojans or other malware.

The cookie stores information which arises in conjunction with the specifically used end device. This does not mean, however, that this gives us direct knowledge of your identity.

Cookies are used on the one hand so that we can make the use of our offerings more pleasant for you. Therefore, we use session cookies to recognise that you have already visited individual pages our website, you have already logged on in your user account or for displaying the shopping cart. These are automatically deleted after you leave our website.

In addition, we use temporary cookies saved on your end device for a certain defined period to optimise user friendliness. If you visit our website again to use our services, it is automatically recognised that you were already here before and which entries and settings you made so that you do not have to repeat them.

On the other hand, we use cookies to compile statistics on the use of our website and to evaluate the optimisation of our offerings for you (see section 5). These cookies enable us to automatically recognise that you were here before the next time you visit our website. These cookies are automatically deleted after a defined period of time.

The data processed by cookies are required for the stated purposes to protect our legitimate interests and also of third parties under Art. 6 Subs. 1 Sentence 1 lit. f GDPR.

Most browsers accept cookies automatically. You can configure your browser, however, so that no cookies are saved on your computer or a message always appears before a new cookie is created. Complete deactivation of cookies can, however, lead to you not being able to use all the functions of our website.

 

5. Analytical tools

If you consent to the use of tracking technologies, you also consent to the transfer of your personal data to the USA. The USA is an insecure third country in which there is no level of data protection comparable to EU standards. In the case of certain providers, such as Amazon AWS and Google Analytics, no other guarantees are offered to compensate for this deficit. There is therefore a risk that the transfer of data may result in state authorities accessing your personal data without you being entitled to effective legal protection.

The following tracking and targeting measures which we use are carried out on the basis of Art. 6 Subs. 1 Sentence 1 lit. f GDPR.

With the deployed tracking measures we want to ensure an appropriate design and continuous optimisation of our website. On the other hand, we use tracking measures to compile statistics on the use of our website and to evaluate the optimisation of our offerings for you.

Via the deployed targeting measures we want to ensure that you only see advertising tailored to your actual or presumed interests on your end devices.

These interests are to be considered as justified within the meaning of the aforementioned regulation.

The pertinent data processing purposes and data categories can be found in the corresponding tracking and targeting tools.

a) Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter “Google”) for the purpose of creating a website experience tailored to users’ needs and continuing optimisation of our website. In this context, pseudonymised user profiles are created and cookies (see point Fehler! Verweisquelle konnte nicht gefunden werden.) are used. The information generated through the use of cookies about your usage of this website such as

• web browser type / version,
• operating system used,
• referrer URL (the previously visited website),
• host name of the accessing computer (IP address),
• time of server request,

are transmitted to and stored on a server belonging to Google in the USA. Google is subject to the EU-US Privacy Shield so that an adequate level of data privacy is ensured.

The information will be used for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage for the purposes of market research and ensuring an internet experience tailored to users’ needs. Furthermore, this information may be transferred to third parties to the extent that this may be legally required or those third parties process these data on our behalf. Under no circumstances will your IP address be associated with any other data held by Google. The IP addresses will be anonymised so that attribution is not possible (IP masking).

You can block the installation of cookies by selecting the appropriate settings in your web browser software; however, please note that if you do so, you may not be able to use the full functionality of this website.

You can also block the collection of the data generated by the cookie and relating to your usage of our website (including your IP address) and the processing of such data by Google by downloading and installing a web browser add-on.

As an alternative to the web browser add-on, in particular for web browsers installed on mobile end devices, you can also block tracking by Google Analytics. An opt-out cookie is created which prevents the tracking of your data when you visit this website in the future. The opt-out cookie applies only to the web browser you are using and only to this website and will be stored on your end device. If you delete the cookies on this web browser, you will have to set another opt-out cookie.

More information on data privacy in relation to Google Analytics can be found on the Google Analytics Help page.

b) Heap

This website uses technologies from Heap Inc. (116 Natoma Street, 3rd Floor, San Francisco, CA 94105, United States) to collect and analyse information on the surfing behaviour of website visitors in anonymised form to improve our services. This is done by means of cookies (see section 4). Under no circumstances will the collected data be used to personally identify visitors of this website. The collected data will be used solely to improve our website services. There will be no other use or transfer to third parties.

Further information about the Heap technology can be found in the Heap data protection policy.

c) Drift

This website uses technologies from Drift.com, Inc. (3 Copley Place, Suite 7000, Boston, MA 02116 855-266-1567) to capture the information of website visitors and then direct these leads to the correct team members. Under no circumstances will the collected data be used to personally identify visitors of this website. The collected data will be used solely to improve our website services. There will be no other use or transfer to third parties.

As a US-based company, Drift complies with the privacy policy of the US Privacy Shield and is registered with the U.S. Department of Commerce’s US Privacy Shield Program.

Further information about the Drift technology can be found in the Drift data protection policy.

d) Google Tag-Manager

We use the Google Tag Manager, a web service of Google LLC., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”) on our website. The application makes the services such as Google Analytics technically more efficient to implement.

The tags used here are small code elements on the website, which among other things serve to be able to measure traffic and visitor behavior more easily and, in combination with other analyse services, make it easier to test and optimize the website. The Google Tag Manager manages and integrates technical features or IDs (=tags) for the analysis services used, such as tracking codes.

The Tag Manager tool itself (which implements the tags) is a domain without cookies. The tool triggers other tags, which may collect data. Google Tag Manager does not access this data. If disabled at the domain or cookie level, it will remain in effect for all tracking tags implemented with Google Tag Manager.

For more information about Google Tag Manager, see the terms of use for this product.

e) Double Click

On our website, cookies are used to collect and evaluate information for the optimization of advertising. We use the targeting technology Double Click of the Google LLC.,1600 Amphitheater Parkway, Mountain View, CA 94043, USA.

These technology enable us to target you with individual interest-based advertising. The cookies used, for example, provide information about which of our products you are interested in. On the basis of the information, we can also display offers on the part of third parties that are specifically oriented towards your interests, as they result from your previous user behavior. The collection and evaluation of your user behavior is exclusively pseudonymous and does not enable us to identify you. In particular, the information is not merged with personally identifiable information about you.

Google is governed by the EU-US Privacy Shield, which guarantees an appropriate level of privacy.

The cookie will be automatically deleted after 30 days.

You can also set preferences for showing interest-based advertising through the Google Ads Settings Manager.

For more information and privacy policy regarding advertising and Google, please refer to the Google Privacy Policy and Terms of Use.

 

6. Social media plug-ins

a) Facebook

Facebook social plug-ins are used on our Internet sites to make the Online Shop a more personal experience, using the “LIKE” or “SHARE” buttons. This is a service offered by the American company Facebook Inc. (1601 Willow Rd, Menlo Park, CA 94025, USA).

When you call up a page of our web site that includes such a plug-in, your browser creates an automatic connection with the Facebook servers. The content of the plug-in is transmitted by Facebook directly to your browser and embedded from there into the website.

By connecting the plug-in, Facebook receives information that your browser has called up the corresponding page of our web presence, even if you do not have a Facebook account or are not at present logged in to Facebook. This information (including your IP address) is transmitted direct from your browser to a server of Facebook in the USA and stored there.

If you are logged in on Facebook, Facebook is able to match your visit to our website directly with your Facebook account. When you interact with the plug-ins, for instance by using the “LIKE” or “SHARE” buttons, the relevant information is then likewise sent direct to a Facebook server and stored there. The information is moreover published on Facebook and displayed to your Facebook friends.

Facebook may use this information for advertising and market research purposes and to make the Facebook pages more user-friendly. To this end, usage, interests and relationships profiles are created by Facebook, in order for instance to evaluate your use of our website with regard to the advertisements displayed to you on Facebook, to inform other Facebook users about your activities on our website and to provide further services related to your use of Facebook.

If you do not wish Facebook to match the data collected via our web presence to your Facebook account, you must log out of Facebook before visiting our website.

To find out more about the purpose and scope of data collection and further processing and use of data by Facebook as well as your rights in this regard and how you can configure your account to protect your privacy, please refer to the Facebook data Use Policy.

b) Twitter

Plug-ins by the short message network Twitter Inc., 1355 Market St, Suite 900, San Francisco CA 94103, USA are integrated into our Internet sites. You can identify the Twitter plug-ins (tweet button) from the Twitter logo on our website. You can find an overview of information on the tweet button. When you call up a page of our web presence containing such a plug-in, a direct connection is created between your browser and the Twitter server. Twitter is thus informed that you have visited our site with your IP address. If you click on the Twitter tweet button while you are logged in to your Twitter account, you can link the content of our pages to your Twitter profile, which means that Twitter can match your visit to our website to your user account. We would point out that we, as the provider of the pages, have no knowledge of the content of the data transmitted or how it is used by Twitter. You can find out more information on this here.

If you do not wish Twitter to assign your visit to our website to your account, you should please log out of your Twitter user account.

To find out more about the purpose and scope of data collection and further processing and use of data by Twitter, please refer to the Twitter data Use Policy.

c) LinkedIn

Our website integrates plugins from LinkedIn LinkedIn Unlimited Company Network, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn”). The LinkedIn plugins are identified by the white “in” on a blue background.

When you visit a page on our website, you will not be connected to LinkedIn’s servers. If you click on the appropriate button, they will be redirected to a LinkedIn website. On this you can share our content by clicking again. We have no control over the processing of personal data on third-party websites.

This information is sent from your browser directly to a LinkedIn server in the United States and stored there. LinkedIn complies with the privacy policy of the US Privacy Shield and is registered with the U.S. Department of Commerce’s US Privacy Shield Program.

By visiting the LinkedIn website, LinkedIn receives the information that you have visited its page with your IP address and other log data. This log data includes browser type, operating system, information about the previously visited website and the pages you visited, location, your wireless service provider, device information (including device ID and application ID), search terms, and cookie information. In addition, LinkedIn uses tracking and targeting tools to optimize the site and tailor it to users’ needs.

If you click the LinkedIn button while logged in to your LinkedIn account, you can link the contents of our pages to your LinkedIn profile. This allows LinkedIn to associate the content of our pages with your user account.

For more information, see the LinkedIn privacy statement.

d) Instagram

Our website also uses so-called social plugins (“plugins”) operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”).

The plugins are marked with an Instagram logo, for example in the form of an “Instagram camera”.

When you visit a page of our website that contains such a plugin, your browser connects directly to Instagram’s servers. The content of the plugin is transmitted by Instagram directly to your browser and integrated into the page. Through this integration, Instagram receives the information that your browser has accessed the corresponding page of our website, even if you do not have an Instagram profile or are currently not logged in to Instagram.

This information (including your IP address) is sent from your browser directly to an Instagram server in the US and stored there. If you’re logged in to Instagram, Instagram can instantly associate your visit to our website with your Instagram account. If you interact with the plugins, for example, press the “Instagram” button, this information is also transmitted directly to an Instagram server and stored there.

The information will also be posted on your Instagram account and displayed there to your contacts.

If you do not want Instagram to directly map the data collected through our website to your Instagram account, you’ll need to log out of Instagram before visiting our website.

For more information, see the privacy policy of Instagram.

e) Pinterest

Our websites use the social plugin of Pinterest, operated by the US based Pinterest, Inc., (808 Brannan St, San Francisco, CA 94103, USA).

When you call up a page of our web presence which includes such a browser button, your browser creates an automatic connection with Pinterest’s servers. The content of the button is transmitted by Pinterest direct to your browser and from there it is embedded in the website.

By embedding the plugin Pinterest collects information, that your browser called up the corresponding website, even if you do not have a pinterest  account or you are currently not logged in. This information (including your IP-adress) will be transferred by your browser directly to a Pinterest server in the U.S. where it will be stored.

If you are logged in with your Pinterest Account and you click on the „Pin it“-button, Pinterest will collect the information that you called up the corresponding website and may link your visit to your Pinterest account. If you do not agree with this, you may have to log out of Pinterest before.

To find out more about the purpose and scope of data collection and further processing and use of data by Pinterest as well as your rights in this regard and how you can configure your account to protect your privacy, please refer to the Pinterest data privacy information.

 

7. Data subject rights

You have the right:

• pursuant to Art. 15 GDPR to demand information about your personal data we process. In particular, you can demand information about the purposes of the processing, the category of the personal data, the categories of recipients to whom your data were or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction or revocation of processing, the existence a right to lodge a complaint, the origin of your data, in so far as not collected by us, and also about the existence of automated decision-making including profiling and where appropriate meaningful information about to details thereof;
• pursuant to Art. 16 GDPR to demand immediate rectification of inaccurate or completion of your personal data saved with us;
• pursuant to Art. 17 GDPR to demand deletion of your personal data saved with us, in so far as the processing is not required for exercising the right of freedom of expression and information, to comply with a legal obligation, for reasons of public interest or to establish, exercise or defend legal claims;
• pursuant to Art. 18 GDPR to demand restriction of processing of your personal data, in so far as you contest the accuracy of the data, the processing is unlawful but you oppose deletion and we no longer need the data but you do to establish, exercise or defend legal claims or you have objected to processing pursuant to Art. 21 GDPR;
• pursuant to Art. 20 GDPR to receive your personal data you have provided us in a structured, commonly used and machine-readable format or to demand transmission to another controller;
• pursuant to Art. 7 Subs. 3 GDPR to withdraw your consent to us at any time. This means that we may no longer continue processing the data based on that consent for the future and
• pursuant to Art. 77 GDPR to lodge a complaint to a supervisory authority. As a rule, you can contact the supervisory authority for your habitual residence or place of work or our registered offices.

 

8. Right to object

In so far as your personal data are processed on the basis of legitimate interests pursuant to Art. 6 Subs. 1 Sentence 1 lit. f GDPR, you have the right, pursuant to Art. 21 GDPR, to object to the processing of your personal data, in so far as there are grounds arising from your particular situation or it relates to objection to direct advertising. In the latter case, you have a general right to object which we shall heed without the stating of a particular situation.

If you want to exercise your right to object, simply send an email to datenschutz@jovoto.com.

 

9. Data Security

All the data you personally transfer will be sent encrypted with the customary and secure SSL standard (Secure Socket Layer). SSL is a secure and proven standard, which is also used for online banking, for example. You can recognise a secure SSL connection inter alia by the “s” appended to the http (i.e. https://..) in the address bar of your browser or by the lock symbol at the bottom of your browser.

We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continually monitored and improved to reflect technological developments.

 

10. Actuality of and changes to this Data Protection Policy

This Data Protection Policy is the latest version and was last amended as of May 2018.

The further development of our website and offers on it or changes in statutory or public-authority requirements many render it necessary to amend this Data Protection Policy. The latest version of Data Protection Policy can be downloaded and printed out at any time from the website under: https://www.jovoto.com/legal/privacy/.