Data Protection Policy of MERCHCOWBOY online shops,
operated by MERCHCOWBOY GmbH & Co. KGFriedrich- Ebert- Strasse 748153 Münster, GermanyPhone: +49 (0)251 239 4899 5Fax: +49 (0)251 239 4899 6Email: firstname.lastname@example.org
(hereinafter referred to as MERCHCOWBOY / MERCHCOWBOY online shops).
Instance responsible within the meaning of the General Data Protection Regulation (GDPR), data protection officer, general data protection
The instance responsible within the meaning of the General Data Protection Regulation (GDPR) is:MERCHCOWBOY GmbH & Co. KGFriedrich- Ebert- Strasse 748153 Münster, GermanyPhone: +49 (0)251 239 4899 5Fax: +49 (0)251 239 4899 6Email: email@example.com
The data protection officer of the instance responsible is::
If you have any questions about the processing of your personal data, if you wish to assert your rights as a data subject (e.g. the right to be informed, correct, block or delete data) or if you wish to withdraw your consent, please contact our data protection officer directly.
The protection of personal data is paramount to us. We comply with data protection law when operating our website and offering the option to order via our website. We would like you to know when we collect, process and use which data as well as your rights regarding the use of your data.
Personal data is information that can be used to establish your identity, including your name, address, postal address, phone number, IP address and email address. Information not associated with your identity (such as the number of website users) is not included. You can generally use our website without disclosing your identity, in other words without entering personal data. This information (such as time and date of access, URL from which you have been referred to our website and which you may access from our website, browser, operating system, internet service provider, IP address) is stored in a log file. The legal basis is Art. 6 (1) lit. f GDPR. The information is stored to ensure the functionality, optimisation and security of our website. It is collected automatically and there is no option to object. The log files are deleted after a maximum period of seven days or modified to an extent that makes it impossible to allocate them. Exceptions apply to the correspondingly marked areas, such as the use of our contact form.
Legal basis in accordance with the General Data Protection Regulation
We are obliged to disclose to you the legal bases for the processing of personal data:
In accordance with Art. 6 (1) lit. a GDPR, we generally may only collect and process your personal data with your consent, unless obtaining prior consent is impossible or the law has stipulated an exception.
We process the personal data collected from you for fulfilling or negotiating our agreement. The legal basis is Art. 6 (1) lit. b GDPR. Further legal bases for the processing of personal data include the fulfilment of our legal obligations in accordance with Art. 6 (1) lit c GDPR and the maintenance of vital interests of yourself or another natural person in accordance with Art. 6 (1) lit d GDPR.
In accordance with Art. 6 (1) lit. f GDPR, we may further process personal data if our company has a justified interest in the event of an obligatory assessment showing that your interests, basic rights and basic freedoms do not outweigh our interests.
We must point out to you that data transfer via the internet carries security risks and the complete protection of the data against third-party access can therefore not be guaranteed. Please ensure that your data and device are protected against unauthorised third-party access by installing and always updating security software.
We store your information on specially protected servers located in Germany. We continuously improve our security measures in line with technical developments. Our website is encrypted with SSL, for instance. Apart from the special cases regulated in this Data Protection Policy, your data is stored, processed and used exclusively for contacting you and for processing any potential contractual relationships. The data can only be accessed by a small number of authorised persons who work on the technical aspects and contents of the order process.
We have marked mandatory information as opposed to voluntary information in our contact form and also refer to our Data Protection Policy. The legal basis for an intended conclusion of agreement is Art. 6 (1) lit. b GDPR. We delete your message and email address if it is obvious that a contractual relationship will not be concluded or has been terminated. You can object to the processing of your personal data at any time by writing to firstname.lastname@example.org. We will delete all of your data as soon as we receive your objection.
We use the Google service reCaptcha. We want to determine if a human or a computer made a specific input in our contact or newsletter form. Google checks by the following data, whether that data is from a human or a bot:
- IP address of the device used;
- the website you visit on which the reCaptcha is embedded;
- the date and duration of the visit;
- the used browser and the operating system;
- the google account when you are logged into;
- mouse movements on the reCaptcha, as well as
- tasks that require you to identify images.
Legal basis for the data processing described is Article 6 (1) (f) General Data Protection Regulation. There is a legitimate interest on our side for this data processing, to ensure the safety website and protect us from automated input (attacks).
Marketing purposes / Newsletter in our shop-in-shop systems
We may only use your information for marketing purposes if you have given your consent for us to do so. In some of our shop-in-shop systems, you have the option to subscribe to a Newsletter from our partners to receive information on the respective artist. If you subscribe to the Newsletter, you will be advised as follows:
“I herewith agree to receive regular interesting offers and news about (artist/band) whose product I have purchased at the email address specified by me. My email address will be forwarded to the band, who are business partners of Merchcowboy and provide us with the products of the artist/band or have engaged us to produce them, for advertising purposes. I may withdraw my consent to use my email address for advertising purposes at any time and with future effect. I can do this by using the “Unsubscribe" link at the end of each Newsletter.”
You must give us separate consent with reference to our Data Protection Policy. You can do this by ticking the notice before subscribing to the Newsletter. Apart from that, you only have to provide your email address. The legal basis for sending the Newsletter is Art. 6 (1) lit. a GDPR. We collect your IP address, date and time of your subscription in compliance with the double-opt-in method. If you have subscribed properly, we will forward your email address on the basis of the consent you have given. You can unsubscribe from this Newsletter at any time at email@example.com, free of charge except the costs incurred for the internet transfer according to the basic tariffs. By doing so, you withdraw your consent and we will delete the email address stated by you. We will also initiate the deletion of the data by the partner who has sent the Newsletter with your consent. A corresponding unsubscribe option is also included in the Newsletter sent by our partner.
Transfer of personal data to third parties
We only use your personal information within MERCHCOWBOY to fulfil and process your order. We do not transfer your data to third parties without your explicit consent. We transfer your data to the dispatcher engaged with delivering your order for the fulfilment of the agreement and insofar as this is necessary for delivering the goods you have ordered. To process payments, we forward the required payment data to the credit institution tasked with processing the payment and any payment service provider potentially engaged by us. We oblige ourselves to transfer data to instances entitled to obtain such information in accordance with legal requirements.
Use of maps and Google Maps
MERCHCOWBOY uses Google Maps within the scope of ticket sales to indicate the event location and to check the address during checkout. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). We use this service due to our justified interests within the meaning of Art. 6 (1) lit. f GDPR to make it easier for you to find the event locations and/or prevent errors during the registration process.
You can read Google’s data protection policy at: https://policies.google.com/privacy?hl=de. You can block advertising at: https://policies.google.com/technologies/ads.
MERCHCOWBOY uses the following fonts:
We use this service due to our justified interests within the meaning of Art. 6 (1) lit. f GDPR to create a visually pleasing and standardised website for you.
- Google Fonts via Google APIs (https://developers.google.com/apis-explorer/#search/fonts/webfonts/v1/). You can read Google’s data protection policy at: https://policies.google.com/privacy?hl=de. When you access our website, your IP address is transferred to Google and the WebFonts are loaded in your browser cache. You can block advertising at: https://policies.google.com/technologies/ads.
- FontAwesome via bootstrapcdn.com (https://fontawesome.com/) Your IP address is also indicated to FontAwesome. You can read their data protection policy here: https://fontawesome.com/privacy.
When accessing our website, a banner is displayed which informs you that we install cookies and technically required cookies. Our banner also contains a link to this Data Protection Policy. The banner discloses essential information about our website.
Usage analysis with Google Analytics, deactivation option, objection option
MERCHCOWBOY uses Google Analytics for analysing the use of its website. This is a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics installs cookies, which are text files that are stored on your computer. The information created by the cookie on your use of this website is usually forwarded to, and stored on, a Google server located in the USA. If IP anonymisation has been activated on this website, Google initially abbreviates your IP address within the member states of the European Union and other contracting member states of the European Economic Area. The full, unabbreviated, IP address is only transferred to a Google server located in the USA and abbreviated there in exceptional circumstances. By order of MERCHCOWBOY, Google uses this information for analysing your use of the website, compiling website activity reports and providing other services related to the use of the website and internet for the website operator. We base our justified interest on Art. 6 (1) lit. f GDPR and the optimisation of our website contents, which is also in the interest of our users. The IP address transferred by your browser within the scope of Google Analytics is not compiled with other Google data. You can easily prevent cookies from being stored by adjusting your browser settings accordingly. However, please be aware that if you do so you may not be able to use all of the functions of this website. You can also prevent Google from receiving and processing the data created by the cookie relating to your use of the website (including your IP address) by downloading and installing the browser plug-in provided by Google at the link below: http://tools.google.com/dlpage/gaoptout?hl=de. Alternatively to the browser plug-in, you can prevent the future collection of your data by Google Analytics on this website by installing an opt-out cookie on your computer: deactivate Google Analytics
General data protection regulations regarding the inclusion of references to our social networks and video platforms used by us.
Please be aware that we are also represented on the social networks Facebook, Instagram, Twitter and the YouTube video platform. You can find these references on our website in the form of the corresponding icons (images).
All icons are only links, not plug-ins. In contrast to a link, a plug-in sends information directly to the server of the respective social network provider and/or video platform as soon as you access our website containing the respective icon. Your bowser only creates a direct link to the servers of the social network provider and/or video platform if you click on the link in the form of the icon on our website, even if you do not have a profile or are not logged there. By linking up, the respective social network operator and/or video platform are sent the information (including disclosure of your IP address) that your browser has accessed the respective page on our website. This information is sent to, and stored on, the server of the respective operator. If you have a profile and are logged in, the respective network operator can directly allocate the visit to our website to your profile and store it. If you wish to prevent the network operator from directly allocating the data collected through our website to your profile, you must log out from the social network before visiting our website. You can fully prevent the loading of plug-ins by installing browser add-ons.
Facebook is operated by Facebook Inc., 1601 Willow Road, Menlo Park, California, 94025, USA (“Facebook”). For further information on the purpose, scope and processing of the data collection and information on the optional privacy settings, please read the data protection policy of Facebook at: https://www.facebook.com/policy.php .
Instagram is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). You can read comprehensive information on the data protection policy of Instagram at: https://help.instagram.com/519522125107875?helpref=page_content.
Twitter is operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA (“Twitter”). For further information on the purpose, scope and processing of the data collection and information on the optional privacy settings, please read the data protection policy of Twitter at: https://twitter.com/privacy?lang=de.
YouTube is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“YouTube”). For information on the purpose, scope and processing of the data collection and information on the optional privacy settings, please read the data protection policy of YouTube at (this link takes you directly to Google’s data protection policy): https://www.google.de/intl/de/policies/privacy/.
Right of affected persons (right to information, correction and limitation, deletion, withdrawal and data transfer, your right regarding automatic decisions, right to objection, information and complain to supervisory authorities).
The General Data Protection Regulation strengthens your right as the affected person regarding the processing of personal data. You may exercise your rights free of charge.
Right to information: In accordance with Art. 15 GDPR, we are obliged to provide you with information about the stored data which relates to your person upon request by you, as long as this information relates to the origin, recipient or category of recipients, purpose and duration of the storage of the data, if applicable whilst stating your criteria.
Right to correction: In accordance with Art. 16 GDPR, your right to correction comprises personal data that we have collected and/or are processing incompletely or incorrectly.
Right to deletion: In accordance with Art. 17 (1) GDPR, you have the right to deletion if personal data has been processed improperly, the purpose for processing the data has ceased to exist, you have withdrawn your consent or objected and there is no further legal basis for processing the data. We are also obliged to inform third parties about the fact that you have requested the deletion of all personal data and copies made thereof. You do not have a right to deletion if we may refer to the fulfilment of our legal claims, a legal obligation, reasons relating to public interests, the execution of public authority transferred to us and the right to freedom of expression.
Right to limitation: In accordance with Art. 18 GDPR, you have the right to limit the processing of your personal data if you request limitation instead of deletion, you require your data for your own legal claims or you dispute the accuracy of the personal data.
Right to withdrawal: In accordance with Art. 7 (3) GDPR, you may withdraw your previously issued declaration of consent at any time and with future effect.
Right to data transfer: In accordance with Art. 20 GDPR, you have the right to data transfer to the effect that you shall receive your personal data in a structured, common and computer-readable format. You further have the right to transfer this data to potential third parties if it is processed on the basis of an automated method or consent has been given or is based on a contractual relationship. Public interest or the execution of public authority may exclude the right to data transfer.
In accordance with Art. 22 GDPR, your right regarding automatic decisions in individual cases, including profiling means that you do not have to suffer a decision based on automatic processing which would have serious consequences for you. Apart from you giving your consent, an exception could exist if the necessity for this decision has been confirmed within the scope of a contractual relationship or if such decision is mandatory by law and at the same time measures have been implemented to provide you with sufficient protection. Art. 9 (1) and (2) lit. a and g GDPR also apply for special categories of personal data.
Right to objection: In accordance with Art. 21 GDPR, you have a right to object to the processing of your personal data if it is processed on the basis of Art. 6 (1) lit. e or f GDPR. You have this right, in particular, to object to direct advertising.
Right to complain to supervisory authorities In accordance with Art. 77 GDPR, you have the right to complain to supervisory authorities if you are of the opinion that the processing of your personal data violates data protection regulations, and particularly the General Data Protection Regulation. In this case, the supervisory authorities will provide you with information in accordance with Art. 78 GDPR. The supervisory authorities in the place where the violation complained about by you has taken place, your place of work, or in the member state of your place of residence shall be responsible for dealing with your complaint. This shall not affect any further rights to appeal.
You can contact us at:MERCHCOWBOY GmbH & Co. KGFriedrich- Ebert- Strasse 748153 Münster, GermanyPhone: +49 (0)251 239 4899 5Fax: +49 (0)251 239 4899 firstname.lastname@example.org
In accordance with Art. 19 GDPR, if you have exercised your rights as an affected person against us, you have the right to information to the effect that we shall notify all of the recipients to whom we have disclosed your personal data about the fact that you have exercised your rights as an affected person.
Duration of data storage, data deletion
We only store your data for as long as permitted by the relevant provisions of the General Data Protection Regulation and as long as it is required for implementing and processing the order through our website and/or we need to be able to contact you to send you the Newsletter. This shall not affect data storage in order to secure our own claims, legal retention periods and potentially related requests to release data. The personal data is deleted or blocked in all other cases.
Applicability and amendments of data protection regulations
MERCHCOWBOY reserves the right to amend the Data Protection Policy on the basis of legal requirements or for the purpose of updating the website.
You can read and print out the current version of the Data protection Policy at any time on our website.
Münster, MERCHCOWBOY, 25 May 2018