POLITIQUE DE CONFIDENTIALITÉ
Data protection has a high priority for us. With this data protection declaration we inform you which personal data (hereinafter also "data") are processed by us in relation to our internet presences (hereinafter "web pages") and which rights you are entitled to. The data protection declaration also implements our obligations under § 13 Telemediengesetz (TMG) and Article 13 of Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data, on the free movement of data and on the repeal of Directive 95/46/EC (General Data Protection Regulation, GDPR).
By accessing or using the Service, you are consenting to the collection, use and disclosure of your information in accordance with this Privacy Policy. If you do not consent to the same, please do not access or use the Service.
We may modify this Privacy Policy at any time without any prior notice to you and will post the revised Privacy Policy on the Service. The revised Policy will be effective 180 days from when the revised Policy is posted in the Service and your continued access or use of the Service after such time will constitute your acceptance of the revised Privacy Policy. We therefore recommend that you periodically review this page.
1. Responsible person
Markus Perl
Hermann-Mayrhofer-Str. 3, 94036 Passau, Germany
E-Mail: contact gender-api.com
Our data protection officer, the IITR Datenschutz GmbH, Dr. Sebastian Kraska, can be contacted by email at email@iitr.de.
2. Definitions
The data protection declaration uses the following terms as defined in the General Data Protection Regulation:
- "personal data": any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- "processing" any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- "controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
- "processor" a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
- "recipient" a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
- "third party" a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
- "consent" of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
-
"cross-border processing" either
- processing of personal data which takes place in the context of the activities of establishments in more than one Member State of a controller or processor in the Union where the controller or processor is established in more than one Member State; or
- processing of personal data which takes place in the context of the activities of a single establishment of a controller or processor in the Union but which substantially affects or is likely to substantially affect data subjects in more than one Member State.
3. Type, scope and purpose of processing, legal bases
3.1 Information we collect:
We will collect and process the following personal information about you:
- Customer data (name, gender, work address, e-mail, payment info);
- Content data (data of customers specifying names)
- Usage data (visited websites, access times, location etc.).
- Communication data (device information, IP addresses etc.).
- Contract data (contract text, payments)
3.2 How we collect your information:
We collect/receive information about you in the following manner:
- When a user fills up the registration form or otherwise submits personal information
- Interacts with the website
- From public sources
3.3 How we use your information:
We will use the information that we collect about you for the following purposes:
- Marketing/ Promotional
- Creating user account
- Processing payment
- Support
- Targeted advertising
- Manage customer order
- Manage user account
- Enforce T&C
If we want to use your information for any other purpose, we will ask you for consent and will use your information only on receiving your consent and then, only for the purpose(s) for which grant consent unless we are required to do otherwise by law.
3.4 How we share your information
We will not transfer your personal information to any third party without seeking your consent, except in limited circumstances as described below:
- Ad service
- Analytics
We require such third party’s to use the personal information we transfer to them only for the purpose for which it was transferred and not to retain it for longer than is required for fulfilling the said purpose.
We may also disclose your personal information for the following: (1) to comply with applicable law, regulation, court order or other legal process; (2) to enforce your agreements with us, including this Privacy Policy; or (3) to respond to claims that your use of the Service violates any third-party rights. If the Service or our company is merged or acquired with another company, your information will be one of the assets that is transferred to the new owner.
3.5 Retention of your information
We will retain your personal information with us for 90 days to 4 years after user accounts remain idle or for as long as we need it to fulfill the purposes for which it was collected as detailed in this Privacy Policy. We may need to retain certain information for longer periods such as record-keeping / reporting in accordance with applicable law or for other legitimate reasons like enforcement of legal rights, fraud prevention, etc. Residual anonymous information and aggregate information, neither of which identifies you (directly or indirectly), may be stored indefinitely.
3.6 Your rights
Depending on the law that applies, you may have a right to access and rectify or erase your personal data or receive a copy of your personal data, restrict or object to the active processing of your data, ask us to share (port) your personal information to another entity, withdraw any consent you provided to us to process your data, a right to lodge a complaint with a statutory authority and such other rights as may be relevant under applicable laws. To exercise these rights, you can write to us at info@smyle-face.de. We will respond to your request in accordance with applicable law.
You may opt-out of direct marketing communications or the profiling we carry out for marketing purposes by clicking in the footer of our website on the "Cookie Settings" button and by changing your notification settings in your account.
Do note that if you do not allow us to collect or process the required personal information or withdraw the consent to process the same for the required purposes, you may not be able to access or use the services for which your information was sought.
3.7 The following categories of affected persons exist:
- Visitors to our websites (hereinafter also "users") and other interested parties;
- Customer of services (hereinafter also "customer"); further business partners.
4. Recipients of data, third countries
Data will only be passed on to third parties if this is necessary for the provision of our services. For payment processing, the data required in payment transactions (name, account or credit card data, e-mail address, purchase price) may be forwarded by us to a payment service provider and/or to a credit institution or PayPal commissioned with payment. Other categories of recipients are hosting providers, participants in the merchandise management and financial accounting system, external providers for customer service.
The transfer and disclosure of data to recipients, order processors or third parties shall only take place within the framework of the legal basis (see 2.4 above) or if there is a more extensive legal obligation. Access to data for contractors was granted in strict compliance with Article 28 of the GDPR. Processing of data in a third country (outside the European Union (EU) or European Economic Area (EEA)) shall be carried out in accordance with Articles 44 to 50 of the GDPR. Processing takes place at a level of data protection that corresponds to the GDPR, in particular through guarantees given by contract processors, e.g. on the basis of special contractual obligations (standard contractual clauses).
5. Security
The security of your information is important to us and we will use reasonable security measures to prevent the loss, misuse or unauthorized alteration of your information under our control. However, given the inherent risks, we cannot guarantee absolute security and consequently, we cannot ensure or warrant the security of any information you transmit to us and you do so at your own risk.
6. California Consumer Privacy Act (CCPA)
Under California Civil Code Section 1798.82, Gender-API.com customers who are California residents may request information about the disclosure of your personal information by Gender-API.com to a third party for the third party's direct marketing purposes. Gender-API.com does not sell personal data to any entity. If you would like to request more information, you may contact us here.
7. Cookies
"Cookies" are small files that are stored on the user's computer with different information. They serve to establish the identity of the user and his device as well as to secure information provided by the user during the stay. In addition to temporary cookies ("session cookies", e.g. the contents of a shopping basket), which are deleted after leaving the web pages and closing the browser. Permanent cookies (e.g. last login, viewed websites) are not deleted after leaving the websites. In the case of so-called "Third-Party-Cookies" the cookies do not originate from the person responsible, but from a third party.
You can prevent cookies from being stored on your computer. You have the possibility to select the option in the settings of your browser that cookies are not allowed in general and related to certain pages. You can also delete existing cookies there. As a precaution, it is pointed out that the functions of our websites may be restricted if cookies are deactivated or removed.
Edit cookie settings here8. Newsletter
When registering for the newsletter, your e-mail address will be used for our own advertising purposes (sending e-mails) until you unsubscribe from the newsletter. You can unsubscribe at any time. If necessary, you have expressly given us the following consent and we have recorded the consent. We are obliged to keep the content of the consent available at all times. You can revoke your consent at any time with effect for the future. Repetition of the consent text for the newsletter:
"Subscribe to our developer newsletter for useful tips, news and resources. You may unsubscribe from these communications at any time."
The registration is made by the so-called double opt-in procedure. After registering, you will be asked by e-mail to confirm your subscription to the newsletter. The registration is logged for evidence purposes, in this case usage data (time of registration and confirmation, IP address) is processed. The legal basis for this is your consent in accordance with Article 6 paragraph 1 letter a, Article 7 GDPR in connection with § 7 UWG; logging is based on legal requirements (Article 6 paragraph 1 letter c GDPR) and to protect our legitimate interests (Article 6 paragraph 1 letter f GDPR).
We use the services of Amazon Web Service, Inc. to send the newsletter, for which purpose your email address, usage and communication data will also be processed by this provider. The service provider is employed on the basis of our legitimate interests (Article 6 paragraph 1 letter f GDPR) and an order processing contract (Article 28 paragraph 3 sentence 1 GDPR).
You can revoke your consent to receive the newsletter at any time by clicking the "Unsubscribe" link at the end of the newsletter or by sending us an email about the withdrawal. Even after revocation, email addresses can remain stored for up to three years to protect our legitimate interests in order to be able to prove our consent for the newsletters sent until revocation.
9. Contact form
Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. We do not share this information without your permission. We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1)(a) GDPR. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed. We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.
10. Social Media And Analytics
On the basis of our legitimate interests (operation, improvement of our pages, analysis), we use the following connections to social networks, so-called social plugins (hereinafter "plugins") and so-called tracking pixels,in the sense of Art. 6 para. 1 lit. f. GDPR .
10.1 Facebook Tracking Pixel
To detect your user behavior we use so-called. "Visitors Action pixels." With the conversion we can measure across devices (including mobile phones, tablets and desktop computers) track that perform actions people, after seeing our Facebook advertisements.By creating a Facebook pixel and adding it to our sites where the Conversions are performed (z.B. the purchase confirmation page), we can determine which people perform conversions due to our Facebook advertising.The pixel continues to monitor the actions individuals take after clicking on our ads. Here we can determine on which device our customers have seen the ad and on which devices they have finally completed the conversion. CONSENT for conversion measurement using the Facebook visitor action pixel: With your consent, we use the "visitor action pixel" of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook") on our website. With this Conversion Tool allows us to track your actions after seeing or clicking on a Facebook ad. This is to monitor and analyze the effectiveness of our Facebook ads for statistical purposes and for market research purposes. Although we can only recognize this data in anonymous form, this data is also stored and processed by Facebook. We do not know exactly what Facebook does with these data, but it can be assumed that Facebook can and will connect this data with their Facebook account.So can Facebook use this information for the purpose of advertising, market research and needs-based design of Facebook pages.To this end, Facebook, and its partners use, interest and relationship profiles are created, for.For example, to evaluate your use of our website in relation to the advertisements displayed on Facebook, to inform other Facebook users about your activities on our website, and to provide other services related to the use of Facebook. Cookies can also be stored on your PC for this purpose. The purpose and scope of data collection and the further processing and use of the data by Facebook, as well as your rights and options to protect your privacy, please refer to the privacy policy of Facebook. The Facebook Privacy Policy for more information can be found here.
10.2 Our pages in Social Networks
In addition, we are features in social networks and platforms with our own pages, where we offer information on our company and contact information. When we collect data, this is done to response to inquiries and for further correspondence with users and customers. The processing is based on Article 6(1)(a) and (b) GDPR. Please note the Terms and Conditions and the data guidelines of the respective networks and platforms when accessing them. Operator.
10.3 Google Tag Manager
This website uses Google Tag Manager. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Tag Manager is a solution that allows marketed website tags to be managed using an interface. Google Tag Manager only implements tags. This means that no cookies are used and no personal data collected. Google Tag Manager triggers other tags, which in turn may collect data. Google Tag Manager does not access this information. If recording has been deactivated on domain or cookie level, this setting will remain in place for all tracking tags implemented with Google Tag Manager.
10.4 Google Ads Conversion Tracking (formerly Google AdWords)
Our website uses Google Ads conversion tracking. AdWords is a Online-Advertisingservice developed by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”). A cookie is placed on your computer (“conversion cookie”) if you have reached our website via a Google advertisement. These cookies lose their validity after 30 days and are not used for the personal identification of the users. If the user visits certain pages of this website and the cookie has not expired yet, Google and we can recognize that the user clicked on the ad and was redirected to this page. Every Google Ads customer receives a different cookie. The cookies can not be tracked through the websites of advertisers. The information obtained using the conversion cookie is used to create conversion statistics for AdWords advertisers who have opted for conversion tracking. Adwords customers can see the total number of users who clicked on their ad and were redirected to a website with a conversion tracking tag. However, they do not receive any information that allows users to be identified. For more information about Google AdWords and Google Conversion Tracking, see the Google Privacy Policy: https://www.google.de/policies/privacy/.
10.5 Matomo
Our website uses Matomo (www.matomo.org), an open-source, self-hosted software, to collect usage data for this website. Your IP address will be anonymized immediately after processing and before storage. Matomo stores cookies on your end device, allowing an analysis of the use of our website by you. The data collected this way is stored exclusively on our server. These data are:
- Anonymized IP addresses
- Device information
- The website from which the user has accessed the website (referrer)
- The subpages accessed from the website
- Date and the time spent on the website
- The frequency with which the website is accessed
- The main language of the browser
- User-agent of the browser
Here you can decide whether to allow a unique web analytics cookie to be stored in your browser to collect and analyze statistical data regarding your activity on our website. You can also opt-out of the collection and use of this information at a later time.
10.6 X Conversion Tracking Pixel (Formally Twitter Tracking Pixel)
To detect your user behavior we use so-called. "Visitors Action pixels." With the conversion we can measure across devices (including mobile phones, tablets and desktop computers) track that perform actions people, after seeing our X advertisements. By creating a X pixel and adding it to our sites where the Conversions are performed (z.B. the purchase confirmation page), we can determine which people perform conversions due to our X advertising.The pixel continues to monitor the actions individuals take after clicking on our ads. Here we can determine on which device our customers have seen the ad and on which devices they have finally completed the conversion. CONSENT for conversion measurement using the X visitor action pixel: With your consent, we use the "visitor action pixel" of X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA ("X") on our website. With this Conversion Tool allows us to track your actions after seeing or clicking on a X ad. This is to monitor and analyze the effectiveness of our X ads for statistical purposes and for market research purposes. Although we can only recognize this data in anonymous form, this data is also stored and processed by X. We do not know exactly what X does with these data, but it can be assumed that X can and will connect this data with their X account.So can X use this information for the purpose of advertising, market research and needs-based design of X pages.To this end, X, and its partners use, interest and relationship profiles are created, for.For example, to evaluate your use of our website in relation to the advertisements displayed on X and to provide other services related to the use of X. Cookies can also be stored on your PC for this purpose. The purpose and scope of data collection and the further processing and use of the data by X, as well as your rights and options to protect your privacy, please refer to the privacy policy of X. The X Privacy Policy for more information can be found here.
11. Sever-log-files
The website provider automatically collects and stores information that your browser automatically transmits to us in "server log files". These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
These data will not be combined with data from other sources. The basis for data processing is Art. 6 (1) (f) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.
12. Rights
Depending on the law that applies, you may have a right to access and rectify or erase your personal data or receive a copy of your personal data, restrict or object to the active processing of your data, ask us to share (port) your personal information to another entity, withdraw any consent you provided to us to process your data, a right to lodge a complaint with a statutory authority and such other rights as may be relevant under applicable laws. To exercise these rights, you can write to us at contact@gender-api.com. We will respond to your request in accordance with applicable law.
- You have the right to request information from us about whether and to what extent we process your data.
- If we process your data that is incomplete or incorrect, you can demand the correction or completion of it from us at any time.
- You can request the deletion of your data from us if we process it unlawfully or if the processing disproportionately interferes with your legitimate protection interests. Please note that there may be reasons that prevent immediate deletion, for example, statutory retention obligations. Regardless of your exercise of the right to erasure, we will promptly and completely delete your data as long as no relevant contractual or legal retention obligations oppose it.
- You can demand from us that we provide you with the data you have provided to us in a structured, commonly used, and machine-readable format, and that you can transmit this data to another controller without hindrance from us, provided that: We process this data based on your revocable consent or for the fulfillment of a contract between us, and this processing is carried out by automated means.
- If you believe that we are violating German or European data protection law in processing your data, we ask you to contact us to clarify any questions. Of course, you also have the right to contact the supervisory authority responsible for you, the respective State Office for Data Protection Supervision.
- You can request the restriction of the processing of your data from us if: You dispute the accuracy of the data, for a period allowing us to verify its accuracy; The data processing is unlawful, but you refuse deletion and instead demand a restriction of data usage; We no longer need the data for the intended purpose, but you still need the data to assert or defend legal claims; You have objected to the processing of the data.
- If we process your data based on legitimate interests, you can object to this data processing at any time; this also applies to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the assertion, exercise, or defense of legal claims. You can object to the processing of your data for the purpose of direct advertising at any time without giving reasons.