Preamble
eKomi Ltd., Berlin, Zimmerstr. 11, 10969 Berlin,Germany, HRB 114654 B (Charlottenburg, Berlin) unless acting as a processor within the scope of eKomi's service, is responsible for the processing of person-related data.
1. Use of the eKomi Websites
In general, the usage of our website does not require providing person-related data. In the case that we do collect personal data (for example name, email address, etc.) on our websites, such data is, as far as possible, always provided on a voluntary basis. The legal basis for processing in the context of consent is Article 6(1)(a) of the EU General Data Protection Regulation (GDPR). Evaluators have the option to request a review link via the certificate page provided by eKomi if they have verifiably not received a review link from their provider and the request is justified in accordance with communication rules; to file a complaint or to ask a question about a review. The transaction must be based on an invoice or other documents. The delivery of the invoice or other documents and related data are voluntary and needed in order to verify the transaction and eligibility to provide a review link. Information that is not relevant for the proof of transaction can be blacked out by the evaluator. The documents provided will be destroyed after verification. It will not be passed on to third parties without express consent. We would like to point out that data transmission via the internet (e.g. communication by e-mail) can have security gaps. The complete protection of data against access by third parties is not possible. It is hereby expressly prohibited for third parties to use the contact data published within the scope of the imprint obligation, for the purpose of sending unsolicited advertising and informational material. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited advertising information being sent, for example by spam mail.
2. Usage of IP Addresses, Browser Settings, Location
When you visit the eKomi website, we register your IP address and browser settings of your computer. The IP address is the numerical address of the computer used to visit our Website. The browser settings may include information about the type of browser you are using, the browser language, and the time zone. We collect this information so that we can trace the computer used in cases of misuse or unlawful actions in connection with visits to or use of our Website or our services. We also use the IP address to determine your approximate location (at city level) so that we know which of our Terms & Conditions apply to your use of our Website or services. The legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR. The information stored in the log files does not allow any direct inference to your person - in particular, we store the IP addresses only in a shortened, anonymized form. The log files are stored for 30 days and archived after subsequent anonymization.
3. Newsletters and notification emails
a. eKomi Customers
We collect the data of our customers who subscribe if they wish to receive our newsletter or wish to receive notifications regarding their account, e.g. the invoices. If you no longer wish to use these offers, you can log in to the customer account and change the settings or contact us at dataprotection@ekomi.de.
b. End Customers of our Customers
Our customers act as clients of eKomi‘s service and are therefore responsible as Data Controllers. The client is responsible according to the EU General Data Protection Regulation (GDPR) for compliance with the data protection regulations. The company is also responsible for:
i. How to address end users,inform them about the possibility to leave star ratings & reviews, and to obtain the necessary consent for being contacted to leave a review;
ii. To review the legal admissibility of the advertisement of specific reviews and ratings (including the way in which they are advertised) with respect to the company and / or its products, in particular under competition and advertising aspects (i.e. under the Drugs and Magic Remedies Act); and
iii. examine the competition, data protection and other legal requirements and obtain the necessary consent form from end users.
EKOMI'S LIABILITY FOR DAMAGES RESULTING FROM BREACH OF THE OBLIGATIONS MENTIONED ABOVE ARE EXCLUDED.
4. Nature and Purpose of the Data Processing
The nature and purpose of the processing of personal data by the processor results from the main contract with our customer. This includes the following activity (s) and purpose (s):
a. Generation of Reviews
b. Moderation of Reviews
c. Marketing services (including SEO optimization) & reputation management (including the provision of certificate pages, seals & awards)
d. Data collection, analysis and processing of the collected data as part of the service
For information on the categories used, please ask our customer / service provider directly. As part of the information requirements, eKomi provides information to authorized parties. Please make an inquiry to: dataprotection@ekomi.com
5. Categories of Affected People
The list below results from eKomi’s main contract with our customers, who act as clients (i.e. data controllers) and may include the following categories:a. Customers
b. Prospects
c. End Customers
d. Employees who have been contacted on behalf of our customers to submit a review
e. Prospects, end customers or employees of our customers, who provide data to submit reviews
For information on the categories used, please ask our customer / service provider directly. As part of the information requirements, eKomi provides information to authorized parties. Please make an inquiry to: dataprotection@ekomi.com
6. Types of Personal Data
The list of personal data types below results from the eKomi main contract with our customers, who act as clients (i.e. data controllers) and may include the following data:
a. Personal data (name, salutation, title / academic degree, date of birth)
b. Contact details (email address, telephone number, address)
c. Contract data (contract details, services, customer number)
d. Employment data
e. Photos
f. Videos
g. Electronic communication data (IP address, accessed website, details of the device used, operating system and browser)
h. Other Details (size, hair color, etc.)
For information on the transmitted personal data, please ask our customer / your service provider directly. As part of the information requirements, eKomi provides information to authorized parties. Please make an inquiry to: dataprotection@ekomi.com
7. Data storage and deletion
Personal data mentioned in a review is stared out by the eKomi Customer Feedback Management Team according to the eKomi communication rules; After this measure, the personal data can only be viewed in our system by administrators and team leaders of the Customer Feedback Management Team and will be deleted from the eKomi systems once the customer's main contract is terminated by eKomi.
Personal data provided by the requester as part of the customer dialogue will be deleted by eKomi from the eKomi system once the account and the customer's main contract is terminated.
Personal data submitted by the requester to the processor as part of a complaint or review link query will be deleted by eKomi upon completion of the case, eKomi will delete personal data from the eKomi systems.
After termination of the customer's main contract, eKomi is obligated to hand over all personal data to the customer, including documents and processing results created in connection with the contractual relationship in order to comply with data protection and data security in accordance with the customer's instructions. This also applies to any data backups at eKomi. This does not apply to data generated in connection with a third-party service commissioned by the customer (such as the Google Feed); these are deleted in accordance with the guidelines of the third-party service provider after termination of the customer's main contract. Data that has become the property of eKomi according to the customer's main contract will not be deleted after the end of the main contract, but kept in accordance with current data protection regulations.
8. Information about Children
Our website is not designed for children. If you learn that a child under 13 years has left personal data, please contact us.
9. Processors and transfer of personal data to regions outside the EU
We use external companies for the maintenance of the technical operation of the website and our services. These companies are personal data processors for whom we are the data protection officer. By agreeing to this policy, you agree that we may also have the data for which you are the data protection officer processed by the same processor.
We have data processing agreements with these processors and they state that they are only allowed to act in accordance with our instructions. By agreeing to this Policy, you authorize us to provide the Order Processors with such instructions for processing the data in accordance with the Policy and for the purposes of the Website.
Processors have taken reasonable technical and organizational measures to ensure that information is not inadvertently or illegally destroyed, lost, damaged, disclosed, misused or otherwise processed by any unauthorized person in violation of data protection laws.
At your request - and possibly for a fee at the hourly rate applicable to the processor of the order at the time - the processor must provide you with information that sufficiently demonstrates that the above technical and organizational security measures have actually been taken.
Some of these processors and third party service providers are located outside the European Union, such as in the United States. You give us your consent to use processors in unsafe third countries, provided that there is a legal framework that governs the transfer of your personal data and ensures adequate protection of such data, for example if the processor is part of the EU-US Privacy Shield.
10. Responsible Data Protection Officer
eKomi confirms that according to GDPR a data protection officer is appointed to monitor compliance with data protection and data security regulations involving the data protection officer. Data Protection Officer of eKomi is currently:
Kathrin Schürmann
Rechtsanwältin
ISiCO Datenschutz GmbH
Am Hamburger Bahnhof 4 │ 10557 Berlin
T: +49 (0)30-213 00 28 50 │ F: +49 (0)30-213 00 28 99
dataprotection@ekomi.de │ www.isico-datenschutz.de
11. Use of Cookies
In order to improve our website user experience and to provide certain functions, we use so-called cookies on some of our pages. These are small text files which are stored on your device and which keep certain settings and data for exchanging with our system via your browser.
Some of the cookies we use are deleted after expiry of the browser session, i.e. after closing your browser. Other cookies remain on your device and enable us to recognize your browser the next time you visit.
Cookies do not contain person-related data and can therefore not be assigned to a certain user. Please be aware that some cookies are already set as soon as you access our website. You can configure your browser in such way that you are informed about the setting up of cookies and decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general. If you do not accept cookies, the functionality of our web site may be limited.
Please observe the following information on the cookies we use and how to update your browser settings.
1. Required Cookies
These cookies are necessary for the operation of our website. They include e.g. cookies which enable you to log on into our customer area or to add something to the shopping cart.The legal basis is Article 6 (1) (1) (b) GDPR.
2. Analytical Cookies – Performance Cookies
These cookies enable us to collect anonymous data about the usage behavior of our visitors. We then evaluate this data in order to improve the functionality of the website and to inform you about interesting offers, for example.The legal basis is Article 6 (1) (1) (f) GDPR, based on our legitimate interest in the needs-based design and continuous optimization of our website.
3. Functional Cookies
These cookies are used for certain functionalities of our website, e.g. in order to offer an improved navigation flow to our website and to show you personalized data and relevant information.The legal basis is Article 6 (1) (1) (f) GDPR, based on our legitimate interest in the needs-based design and continuous optimization of our website.
Cookie settings can be changed in each individual browser.
Each browser (e.g. Internet Explorer ™, Chrome™, Firefox™, Safari™ or Opera™) differs in the way the cookies settings are administered. The administration is described in the help menu of each browser and explains how you can change your cookie settings.
Google Double Click Cookie
As part of the Google Analytics application (see below) this website also uses the so-called DoubleClick cookie, which enables your web browser to be recognized when you visit other websites. The information generated by the cookie about the visit to this website is transferred to a Google server in the US and is stored there. The IP address will be shortened by activating the IP anonymization on this website prior to transmission within the Member States of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the US and will be shortened there. The anonymous IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
Google will use this information for the purpose of compiling reports on the activities on the website and in order to provide other services related to the use of the website. Moreover, Google will possibly transmit this information to third parties to the extent required by law or as far as third parties process this information on behalf of Google. You can deactivate the use of cookies by Google by making the corresponding setting on the Google website. Alternatively, users can also deactivate the use of cookies by third parties by accessing the deactivation page of the network advertisement page. You can also avoid the installation of cookies by the appropriate setting of your browser software. Please note, however, that if you do so you, will possibly not be able to use all functions of this website.
Google Tag Manager
We also use Google Tag Manager for the administration of our usage-based advertising services. The Tool Tag Manager itself is a cookie-free domain and does not collect any person-related data. Rather, the tool triggers other tags that may in turn collect data (see above). If you have deactivated at domain- or cookie level, this will remain for all tracking tags implemented with the Google Tag Manager.
Storage of Personal Data
We store all data that you transmit to us during a demo request (also if the session is interrupted) and also if you wish to subscribe to our services and/or make use of them. For example, you may provide us with your name, address, e-mail address and telephone number when purchasing and/or using our services or when purchasing a product. If you purchase a subscription to our services, subscribe to our newsletter, purchase and/or use services or use customer service or technical support, you may have to complete a form and be prompted to provide personal information such as your name, address, e-mail address and telephone number. This information is stored in our database.
Privacy Statement for the Use of Google +1
Collection and transfer of information: You can use the Google +1 button to publish information worldwide. The Google +1 button allows you and other users to receive personalised content from Google and our partners. Google stores both the information that you have given +1 to a content as well as information about the page that you were viewing when you clicked on +1. Your +1 activities may be displayed as references together with your profile name and your photo in Google services, such as in search results or in your Google profile, or at other places on websites and advertisements on the Internet. Google records information about your +1 activities in order to improve Google services for you and others. To be able to use the Google +1 button, you need a public Google profile that is visible worldwide and contains at least the name chosen for your profile. This name is used in all Google services. In some cases, this name can also replace another name that you have used when sharing content via your Google account. The identity of the Google profile can be shown to users who know your email address or have other identifying information about you. Use of collected data: In addition to the purposes stated above, the information provided by you shall be used according to the applicable Google privacy statement. Google may publish aggregated statistics about the +1 activities of users or will pass these on to users and partners, such as publishers, advertisers or associated websites.
Privacy Statement for the Use of Twitter
Functions of the service Twitter are integrated on our website. These functions are offered by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. When you use Twitter and the “Retweet” function, the websites you visit are associated with your Twitter account and disclosed to other users. Data is also transferred to Twitter. We would like to point out that we as the website provider receive no information about the content on the transferred data or its use by Twitter. More information on this can be found in Twitter’s privacy policy at http://twitter.com/privacy. You can change your data protection settings on Twitter in the account settings at http://twitter.com/account/settings
Privacy Statement for the Use of LinkedIn
On our website you will find plug-ins of the social network LinkedIn, or the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (hereinafter “LinkedIn”). You can recognise the LinkedIn plug-ins by the logo or the “Recommend” button. Please note that the plug-in establishes a connection between your Internet browser and the LinkedIn server when you visit our website. LinkedIn therefore receives information that our website has been visited by your IP address. If you click on the LinkedIn “Recommend” button while you are logged in to your LinkedIn account, you can link content from our website to your LinkedIn profile page. This means that you are allowing LinkedIn to assign your visit to our website to you or your user account. Please note that we do not receive any information about the content of the transferred data or its use by LinkedIn. Details about the collection of data and your legal options as well as settings options can be found on LinkedIn. These details are available under http://www.linkedin.com/static?key=privacy_policy&trk=hb_ft_priv.
Facebook Retargeting
Our website uses social plug-ins of the social network facebook.com, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. The plug-ins are identified with a Facebook logo or with the add-on “Facebook Social Plug-in”. If you access a page on our website that contains such plug-ins, your browser establishes a direct connection with the Facebook servers. The content of the plug-in is transferred from Facebook directly to your browser and integrated by Facebook in the website. By integrating the plug-ins, Facebook receives the information that you have accessed the relevant page on our website. If you are logged in to Facebook, Facebook can assign the visit to your Facebook account. When you interact with the plug-ins, for example the “Like” button or post a comment, this information will be transferred from your browser directly to Facebook and stored there. The purpose and scope of the data collection as well as the further processing and use of the data by Facebook and your associated rights and settings options to protect your privacy can be found in Facebook’s privacy policy. If you do not wish for Facebook to collect data about you from our website, you must log out of Facebook before visiting our website. We have no influence over the scope of the data that Facebook collects using this plug-in and therefore inform our users according to our level of knowledge. The purpose and scope of the data collection as well as the further processing and use of the data by Facebook and the associated rights and settings options to protect your privacy can be found in the Facebook’s privacy policy https://www.facebook.com/about/privacy/.
Usage of Google Analytics for Web Analysis Purposes
With Google Analytics, the IP address is shortened by activating IP anonymization on this website prior to transmission within the member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the US and will be shortened there. The anonymous IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. On behalf of the operator of this website, Google will use the information to evaluate the use of the website, to compile reports on website activity and to provide us with other services relating to website- and internet use.
You may avoid the use of cookies by selecting the appropriate settings of your browser software; however, please note that if you do so, you will possibly not be able to use the full functionality of this website. By downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de You can also prevent Google from collecting the data generated by the cookie which relates to your use of the website (including your IP address) and from processing this data.
As an alternative to the browser plugin, you can click this link to prevent Google Analytics from collecting your data on this website in future. If you do so, an opt-out cookie is stored on your device. If you delete your cookies, you must click the link again.
Sending a Contact Inquiry
We collect person-related data if you submit it on a voluntary basis upon contacting us or registering for our services. We use your data exclusively for offering you the desired information or services, i.e. only the information and data which are absolutely necessary in order to answer your inquiry or process the contractual relationship will be stored and processed.The legal basis is Art. 6 para. 1 lit. b GDPR. The data collected by us when using the contact form will be automatically deleted after complete processing of your request, unless we still need your request for the fulfillment of contractual or legal obligations.
Live-Chat-Tool Intercom
If you use the Live-Chat-Tool to contact us, the data that you voluntarily enter (name, e-mail address and message) will be stored and processed with and by our service provider Intercom Inc. exclusively for the purpose of answering your inquiry and will subsequently be deleted. Intercom Inc. is self-certified under the EU-U.S. and Switzerland-U.S. Privacy Shield. For further information click the following link EU-U.S. and Swiss-U.S. Privacy Shield Policy. Intercom will not use the data you entered for any other purposes
12. Changes to this Policy
We reserve the right to change this policy. If we make essential changes to this policy, we will post them on our website or notify you so that you have the opportunity to review the changes before they become effective. Your continued use of our website following the posting of the changes or notification of any proposed changes to the policy means that you accept them and agree to the updated policy.
13. Further Disclosures
In addition to the above, we will disclose your personal information to the following parties and under the following circumstances:
a. to Third parties, i. a. commissioned providers, consultants and other service providers to enable them to provide services on our behalf,
b. to eKomi subsidiaries and other companies within the eKomi Group,
c. to ensure compliance with applicable laws and to respond to lawsuits and legal action (including, but not limited to, subpoena or court order) or requests from public and governmental authorities;
d. to engage with regulators and government agencies, including u. a. Trading Standards, The Competition and Markets Authority and the Danish Consumer Representative, to cooperate in connection with investigations or complaints,
e. to Third parties in connection with the enforcement of our Terms of Use and Policies,
f. to Third parties to protect our business or that of our affiliates,
g. to Third parties to allow us to avail ourselves of any remedies and to limit any damage we may suffer;
h. to Third parties to investigate alleged or actual improper acts, such as: a. Fraud or misuse of our website, investigate it, prevent it or take action against it,
i. to Third parties in the event of any restructuring, merger, acquisition, sale, joint venture, assignment, transfer or other sale of all or part of our business or assets (including in connection with any bankruptcy or similar litigation).
14. Information for eKomi Applicants
When you apply for a job at eKomi, personal information is collected as part of the application process. The data that you submit to us in the context of your application will be used solely for the purpose of filling the vacancy and examining and processing your application in this context. After completion of the application procedure with regard to the specific job advertised, these data will be blocked for further use and deleted after expiry of the concerning storage obligations; unless you have agreed in writing that we may use the data for future contact. We put i.a. the assessment tool Plum.io (https://plum.io/) for the qualification of the applicants. Plum.io is responsible in this context. Participation in the Assessment Tool is voluntary.
15. Storage Time
As a matter of principle, we store personal data only as long as necessary to fulfill the contractual or legal obligations to which we have collected the data. Thereafter, we delete the data immediately, unless we need the data until the expiration of the statutory limitation period for evidence for civil claims or for statutory storage requirements.
For evidence, we must retain contract information for three years from the end of the year in which the business relationship ends with you. Any claims become statute-barred after the legal limitation period at the earliest at this time.
Even after that, we sometimes have to save your data for accounting reasons. We are obliged to do so because of legal documentation obligations which may arise from the German Commercial Code, the Tax Code, the Banking Act, the Money Laundering Act and the Securities Trading Act. The deadlines for storing documents are two to ten years.
16. Your rights
You have the right to request information about the processing of your personal data by us at any time. As part of the provision of information, we will explain the data processing and provide you with an overview of the data stored about you. If data stored on us should be incorrect or out of date, you have the right to have this information corrected. You may also request the deletion of your data. If deletion is not possible by way of exception due to other regulations, the data will be blocked so that they are only available for this legal purpose. You can also limit the processing of your data, such as: For example, if you believe that the information we hold is incorrect. You also have the right to data portability. D. h. that we will send you a digital copy of the personal data you provide on request.
To exercise your rights as described here, you can always contact the contact details above. This also applies if you wish to receive copies of warranties to demonstrate adequate data protection.
In addition, you have the right to object to data processing, which is based on Art. 6 para. 1 lit. e or f GDPR is based. Finally, you have the right to complain to the Data Protection Inspectorate responsible for us. You can assert this right with a supervisory authority in the Member State of your place of residence, your place of work or the place of the alleged breach. In Berlin, the headquarters of eKomi is the competent supervisory authority: Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin.
17. Right of revocation and opposition
In accordance with Article 7 (2) of the GDPR, you have the right to revoke a consent once given to us at any time. As a result, we will not continue the data processing based on this consent for the future. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
Insofar as we process your data on the basis of legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR, you have the right, in accordance with Art. 21 GDPR, to object to the processing of your data and to give us reasons that arise from your particular situation and that, in your opinion, speak in favor of your legitimate interests. If it concerns a contradiction against the data processing for purposes of the direct advertisement you have a general right of objection, which is implemented also without the indication of reasons of us.
If you would like to exercise your right of revocation or objection, it is sufficient to send an informal message to the above mentioned contact details.