Data Protection Policy 2018-07-23T14:22:50+00:00

Personal Data Protection Statement

Wentworth Express GmBH. 2018-05-25

  1. Principle of anonymous data use

In principle, our offers (Bronze, Silver, Gold and Green [in short ‘Faveru Subscriptions’]) can be used without providing personal data. The use of individual services on our website can therefore use different regulations which in this case are explained separately below. The legal basis for data protection can be found in the General Data Protection Regulation (GDPR).

When you access our website, some information, such as IP address, is transferred. You are also providing information about the end device used (computer, smartphone, tablet etc.), the browser used (Internet Explorer, Safari, Firefox etc.), time of visit to the website, the so-called referrer and volume of data transferred.

We cannot use this data to identify an individual user. We only use this information to determine how attractive our offers are and to improve their performance or content, if necessary, and make their design even more appealing to you.

Please bear in mind, however, that in the case of a static IP address, personal identification is possible by RIPE query in individual cases, although we do not perform this. Nevertheless, this website is accessible for both static and dynamic IP addresses assigned.

 

  1. Collection and processing of personal data

We only collect personal data if you provide it to us, for example when you contact us, in particular by registering a H-Crew account, placing an order, requesting information or publishing personal data on or website in comments.

We use the personal data you provide only to the extent that your data is necessary for rendering or processing our services.

We store your data for as long as is necessary to achieve the intended purpose or until you delete your account or for as long as legal retention periods require data to be stored. Your data is subsequently deleted in accordance with legal requirements or processing is restricted.

In the case of use purely for information, i.e. if you do not register or send us information another way, we only collect personal data which your browser transfers to our servers. If you want to view our website, we collect the following data, which we require for technical purposes in order to show you our content and guarantee stability and security (legal basis is a legitimate interest pursuant to Article 6 (1) (f) GDPR).

In the context of the balance of interests in accordance with Article 6 (1) (f) GDPR, we have considered and weighed up our interest in website provision and your interest in data protection compliant processing of your personal data. As the data below is technically required for the provision of our service in order to offer you our website and also guarantee stability and security, in particular protection against misuse, we have reached the conclusion that, with a state-of-the-art oriented data security guarantee, this data can be processed whereby appropriate consideration will be given to your interest in data protection compliant processing.

 

  1. Data Purpose of processing Storage period

 

Operating system used Ensure evaluation by device and optimized display of the website Indefinite

Information about the browser type and version used Evaluation of the browser used to optimize our websites for it Indefinite

IP address Presentation of the website on the respective device

Investigation and prevention of fraud

Date and time of visit Presentation of the website on the respective device

Investigation and prevention of fraud

If applicable, manufacturer and model of the smartphone, tablet or other device Evaluation of device manufacturers and types of mobile end devices for statistical purposes Indefinite

The collection of data for website provision and the storage of data in log files is imperative for website operation. Consequently, users may not object to this.

 

  1. Registering a H-Crew account

Using our login system, you can create a H-Crew account for yourself that you can use to log in to all of our services (Bronze, Silver, Gold and Green). In the process, we use cookies – small files – on your browser in order to identify you. All data that you save to your account is stored at our Faveru Memberpress database.  Our paid services are only accessible if you have set up your H-Crew account. We will request the following data when registering (some of it is required). In addition, you must take note of our Data Protection Statement, as well as accept our General Terms and Conditions of Business and Cancellation Policy.

 

Data Purpose of processing Legal basis of processing Storage period

 

First name Direct address & presentation Performing the contractual relationship: Up to 30 days after deletion of the customer account

Last name Direct address & presentation Performing the contractual relationship: Up to 30 days after deletion of the customer account

Email address Customer account identification Performing the contractual relationship: Up to 30 days after deletion of the customer account

Password Customer account identification Performing the contractual relationship: Up to 30 days after deletion of the customer account

IP address at login Data transfer at registration to web server Performing the contractual relationship Indefinite

 

  1. Cookies and tracking pixels

We use cookies to improve our web service and make your use as easy as possible. Cookies are small text files which are saved on your computer when you visit our website. They facilitate the repeated allocation of your browser. Cookies save information, such as your language settings, duration of the visit to our website or the entries you made there. This means that the required data does not need to be entered again each time the service is used. Moreover, cookies help us to recognize your preferences and adjust our website to your areas of interest.

Most browsers accept cookies automatically. If you want to prevent cookies from being saved, you can select the ‘Accept no cookies’ option in your browser settings. To find out exactly how this works, you can consult your browser manufacturer’s instructions. You can delete cookies that have already been saved on your computer at any time. Please bear in mind, however, that our website service can only be used to a limited extent without cookies.

Moreover, every time our website is loaded, we record how often it is visited and clicked on by using tags on our website, so-called tracking pixels, likewise without any interference and intervention for your computer.

 

  1. Google analytics

We use the Google Analytics service from Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) to analyze our website visitors. Google uses cookies to track the use of the online product or service by users and the information is generally transferred to a Google server in the USA and stored there.

Google will use this information on our behalf to evaluate the use of our online products and services by users, to compile reports on the activities within these online products and services and to provide us with further services associated with the use of these online products and services and the use of the internet. Pseudonymous user profiles can be created from the processed data.We use Google Analytics only with IP anonymization enabled. This means that Google will truncate the IP address of users within Member States of the European Union or in other states that are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. The IP address transmitted by the user’s browser is not merged with other Google data. Users can prevent cookies from being stored by adjusting the settings to their browser software accordingly.

 

The legal basis for the use of this service is Art. 6 paragraph 1 sentence 1 letter f GDPR. Users can prevent the collection of data generated by cookies by downloading and installing the browser plug-in that is available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en. Google is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active)

 

 

  1. Google marketing services

 

All user data will only be processed as pseudonymous data. Google does not store any names or email addresses. All displayed ads are therefore not displayed specifically for a person, but for the owner of the cookie. This information is collected by Google and transmitted to and stored by servers in the USA.One of the Google marketing services we use is the online advertising program Google AdWords. In the case of Google AdWords, each AdWords customer receives a different conversion cookie. Cookies can therefore not be tracked through the apps of AdWords customers. The information collected by the cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers see the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they will not receive any information that personally identifies users.

Google services make use of Google’s Tag Manager. For more information about Google’s use of data for marketing purposes, please see the summary page: https://www.google.com/policies/technologies/ads, Google’s privacy policy is available at https://www.google.com/policies/privacy.

 

The legal basis for the use of this service is Article Art. 6 paragraph 1 sentence 1 letter f GDPR. If you wish to object to interest-based advertising by Google marketing services, you can do so using the settings and opt-out options provided by Google: http://www.google.com/ads/preferences. Google is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

 

  1. Facebook marketing services (Section for later in 2018)

We use the “visitor action pixels” from Facebook Inc. (Menlo Park, California) on our website so that user behavior can be tracked after users have been redirected to the provider’s website by clicking on a Facebook ad. This enables us to measure the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to us, i.e. we do not see the personal data of individual users. However, this data is stored and processed by Facebook, which is why we are informing you, based on our knowledge of the situation. Facebook may link this information to your Facebook account and also use it for its own promotional purposes, in accordance with Facebook’s Data Usage Policy https://www.facebook.com/about/privacy/. You can allow Facebook and its partners to place ads on and off Facebook. A cookie may also be stored on your computer for these purposes. You can object to the collection of your data by Facebook pixel, or to the use of your data for the purpose of displaying Facebook ads by contacting the following address: https://www.facebook.com/settings?tab=ads.

Facebook is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active). The legal basis for this processing is Art. 6 paragraph 1 sentence 1 letter b and f GDPR.

 

  1. Facebook custom audience (Section for later  in 2018)

As part of usage-based online advertising, the Custom Audience product from Facebook (Facebook Custom Audience 1601 S. California Avenue, Palo Alto, CA, 94304) is also used on the website. Generally speaking, a non-reversible and non-personal checksum (hash value) is generated from your usage data which can be sent to Facebook for analysis and marketing purposes. In doing so, a tracking pixel from Facebook is set on our website. This collects information on your activity on the website (such as surfing behavior, subpages visited, etc.). Your IP address is stored and used to direct geographically-based advertising.

You have the option of objecting to targeting by Facebook using the link (https://www.facebook.com/ads/website_custom_audiences). You can also send us an email directly at privacy@Faveru.com.

You can learn more about the purpose and scope of data collection and further processing and utilization of data, as well as privacy settings, using the Facebook’s privacy policy (https://www.facebook.com/policy.php).

 

  1. Quality assurance

 

When using our website and Services, data is collected and stored which is used to generate information using pseudonymous usage profiles for purposes of web analysis. These usage profiles serve to analyze visitor behavior and are evaluated to improve and design our services based on demand. In addition, we measure and analyze technical performance data (e.g. response and load times) and application data (hardware and software used) in order to improve the performance of our products. Cookies are used to do so. These are text files saved on your computer that allow us to analyze how you use our website. The pseudonymous usage profiles are not associated with personal data on the bearer of the pseudonym without the concerned party’s express consent. You can object to future data collection and storage for the purpose of web analysis at any time by deactivating cookies in your browser settings. You can find the individual privacy notices for the providers here:

 

This website uses social plugins from providers:

 

Facebook (Owner: Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA)

Instagram (Owner: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland)

These plugins normally collect your data and transmit it to the server of the respective provider.

After being activated, these plugins also record personal data, such as your IP address, and send this to the server of the respective provider where it is stored. Active social plugins also create a cookie with a unique identifier when accessing the respective website. This allows the provider to create profiles on your usage behavior. This also happens when you are not a member of the social network of the respective provider. If you are a member of the provider’s social network, and if you are logged in to the social network while visiting this website, your data and visit information can be associated with your profile on the social network. We cannot influence the exact scope of the data collected on you by the respective provider. Please refer to the privacy policies of the respective social network providers for more detailed information on the scope, manner, and purpose of data processing, and on your rights and setting options to protect your privacy. These can be found in the table above. They are also available at the following addresses:

 

Facebook: http://www.facebook.com/policy.php

Instagram: https://help.instagram.com/519522125107875?helpref=page_content

 

  1. Transfer of data to third parties

We only pass your personal data on to third parties if:you have given your explicit consent to this,forwarding data is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume you have an overriding legitimate interest in your data not being passed on,in the event that we have a legal obligation to forward data, and this is legally permissible and required for the performance of the contractual relationship with you.

In the case of data transfer outside the European Union, the high European level of data protection essentially does not exist. It may be the case with a transfer that an EU Commission adequacy decision in accordance with Article 45 (1) (3) GDPR is not currently in place. This means the EU Commission has not yet decided that the level of data protection in the respective country corresponds to the level of protection in the European Union based on the GDPR. Consequently, we have put the appropriate guarantees referred to above in place. Potential risks, which cannot be ruled out completely in connection with data transfer, are in particular:your personal data could be processed over and above the intended purpose.

Moreover, there is a possibility that you may not be able to exercise your rights in relation to data protection, for example your right of access, to rectification, erasure or data portability, on a consistent basis and enforce these.

It may also be highly likely that data is processed incorrectly and in quantitative and qualitative terms, the protection of personal data fails to meet the requirements of the GDPR in full.

  1. Personal data breach notification policy contents
  • Introduction: purpose of personal data breach notification policy; approach to personal data breaches.
  • Definitions: definitions (appointed person, data breach).
  • Detection of personal data breaches: technological measures to detect personal data breaches; organisational measures to detect personal data breaches; regular review of measures to detect personal data breaches.
  • Responding to personal data breaches: personnel to notify appointed person upon personal data breach; role of appointed person regarding personal data breaches; cooperation with appointed person; appointed person to determine role of company where personal data breach; steps to be taken when responding to a personal data breach; Company to keep record of response to personal data breach.
  • Notification to supervisory authority: section applies where company is data controller; obligation to notify supervisory authority of personal data breach; procedure for notification of personal data breach to supervisory authority; exception to obligation to notify supervisory authority of personal data breach; additional information to be provided to supervisory authority; changes in facts relating to personal data breach to be notified to supervisory authority.
  • Notification to data controller: section applies where company is data processor; obligation to notify data controller of personal data breach; procedure for notification of personal data breach to data controller; additional information to be provided to data controller.
  • Notification to data subjects: section applies where company is data controller; data subject notifications in consultation with supervisory authority; obligation to notify data subjects of personal data breach; procedure for notification of personal data breach to data subjects; exception to obligation to notify data subjects of personal data breach; discretionary notification of personal data breach to data subjects.
  • Other notifications: notification of personal data breach to other persons.
  • Reviewing and updating this policy: persons responsible for reviewing and updating policy; annual review of policy; ad hoc review of policy; matters to be considered during review of policy.

Schedule 1 (Notification of personal data breach to supervisory authority)

  • Introduction: identification of person giving personal data breach notification.
  • Description of personal data breach: prompt for general description of personal data breach:.
  • Categories of data subject affected: prompt for categories of data subject affected.
  • Number of data subjects affected: number of data subjects affected.
  • Categories of personal data concerned: prompt for categories of personal data concerned.
  • Number of records concerned: prompt for number of records concerned.
  • Likely consequences of breach: prompt for likely consequences of personal data breach.
  • Measures taken to address breach: prompt for measures taken to address breach.
  • Has breach been notified to data subjects?: details of whether data breach notified to data subjects.
  • Late report of breach: Prompt for reasons for late report by controller of personal data breach.
  • Contact details: contact details for personal data breach.

Schedule 2 (Notification of personal data breach to data controller)

  • Introduction: identification of person giving personal data breach notification.
  • Description of personal data breach: prompt for general description of personal data breach:.
  • Categories of data subject affected: prompt for categories of data subject affected.
  • Number of data subjects affected: number of data subjects affected.
  • Categories of personal data concerned: prompt for categories of personal data concerned.
  • Number of records concerned: prompt for number of records concerned.
  • Likely consequences of breach: prompt for likely consequences of personal data breach.
  • Measures taken to address breach: prompt for measures taken to address breach.
  • Contact details: contact details for personal data breach.

Schedule 3 (Notification of personal data breach to data subject)

  • Introduction: identification of person giving personal data breach notification.
  • Description of personal data breach: prompt for general description of personal data breach:.
  • Categories of personal data concerned: prompt for categories of personal data concerned.
  • Likely consequences of breach: prompt for likely consequences of personal data breach.
  • Measures taken to address breach: prompt for measures taken to address breach.
  • Steps to mitigate breach: prompt for steps data subject may take to mitigate personal data breach.
  • Contact details: contact details for personal data breach.
  1. Information on the rights of data subjects

Each data subject has the right of access in accordance with Article 15 GDPR, the right to rectification in accordance with Article 16 GDPR, the right to erasure in accordance with Article 17 GDPR, the right to restriction of processing in accordance with Article 18 GDPR, the right to object in Article 21 GDPR and the right to data portability in Article 20 GDPR. The limitations according to Articles 34 and 35 BDSG apply to the right of access and to the right to erasure.

  1. Information on the option to lodge a complaint

You also have the right to lodge a complaint with the competent data protection authority about our processing of your personal data.

  1. information on withdrawal of consent

You can withdraw your consent with us to process personal data at any time. This also applies to withdrawals of a declaration of consent that were given to us before the General Data Protection Regulation came into effect, i.e. before May 25, 2018. Please note that this withdrawal will only apply prospectively. This does not affect processing that took place prior to a withdrawal.

  1. Right in the event that data is processed for direct marketing purposes

You have the right pursuant to Article 21 (2) GDPR to object to the processing of personal data concerning you. In the event that you object to processing for direct marketing purposes, we will no longer process your personal data for this purpose. Please note that this withdrawal will only apply prospectively. This does not affect processing that took place prior to a withdrawal.

  1. Information on right to object in the case of balance of interests

If we process your personal data based on a balance of interests, you can object to such processing. If you exercise this right to object, please state the reasons why we should not process your data as we have described. If your objection is justified, we will review the situation and either stop or adjust data processing or explain our compelling legitimate reasons for processing to you.

  1. Links to other websites

Our website may contain links to the websites of other providers. Please note that this Data Privacy Statement applies only to the website of Faveru. We have no influence on or control over the compliance of other providers with applicable data protection regulations.

  1. Amendments to the Data Privacy Statement

We reserve the right to amend or adjust this Data Privacy Statement at any time subject to compliance with applicable data protection regulations.