The requirements of the EU General Data Protection Regulation apply throughout Europe. We would like to inform you about the processing of personal data carried out by our company in accordance with this regulation (compare Articles 13 and 14 DSGVO). If you have any questions or comments about this data protection declaration, you can send them at any time to the email address given under I. 2.
I. GENERAL NOTES.
- scope of application
Data processing by Goncalves Mclaren Sandhöfer Hop Shuttle GbR can essentially be divided into two categories:
For the purpose of contract processing, all data required for the execution of a contract with Goncalves Mclaren Sandhöfer Hop Shuttle GbR are processed. If external service providers are also involved in the processing of the contract, your data will be passed on to them to the extent necessary in each case.
When you call up the Goncalves Mclaren Sandhöfer Hop Shuttle GbR website/application, various information is exchanged between your terminal device and our server. This may also involve personal data. The information collected in this way is used, among other things, to optimize our website or to display content and advertising in the browser of your end device.
This data protection declaration applies to the following offers:
our online offer available at www.hopshuttle.com
whenever otherwise referred to this privacy statement from one of our offers (e.g. websites, subdomains, mobile applications, web services or integrations in third-party sites), regardless of the way you access or use it.
All of these offerings are also collectively referred to as “Services”.
- responsible party
The data controller – the party that determines the purposes and means of the processing of personal data – in connection with the Services is.
Goncalves McLaren Sandhöfer Hop Shuttle GbR
- data security
We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk.
The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access to, entry into, disclosure of, assurance of availability of and segregation of the data. Furthermore, we have established procedures to ensure the exercise of data subjects’ rights, deletion of data, and response to data compromise. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and through data protection-friendly default settings.
II. DATA PROCESSING IN DETAIL
1 General information on data processing
Unless otherwise specified, the following applies to all processing operations described below:
a. No obligation to provide
There is neither a contractual nor a legal obligation to provide personal data. You are under no obligation to provide data.
b. Consequences of not providing the data
In the case of required data (data that is marked as mandatory when it is entered), failure to provide it will mean that the service in question cannot be provided. Otherwise, failure to provide the data may mean that our services cannot be provided in the same form and quality.
In various cases, you have the option of also giving us your consent (where applicable for part of the data) to further processing in connection with the processing described below. In this case, we will inform you separately in connection with the submission of the respective declaration of consent about all modalities and the scope of the consent and about the purposes we pursue with these processing operations.
d. Transfer of personal data to third countries
If we transfer data to third countries, i.e. countries outside the European Union, then the transfer takes place exclusively in compliance with the legally regulated permissibility requirements.
The admissibility requirements are regulated by Art. 44 -49 DSGVO.
e. Hosting with external service providers
Our data processing is carried out to a large extent using so-called hosting service providers, who provide us with storage space and processing capacity in their data centers and also process personal data on our behalf according to our instructions.
f. Transmission to government authorities
We transfer personal data to state authorities (including law enforcement authorities) if this is necessary for the fulfillment of a legal obligation to which we are subject (legal basis: Art. 6 para. 1 c) DSGVO) or if it is necessary for the assertion, exercise or defense of legal claims (legal basis Art. 6 para. 1 f) DSGVO).
g. Storage period
We do not store your data longer than we need it for the respective processing purposes. If the data are no longer required for the fulfillment of contractual or legal obligations, they are regularly deleted, unless their temporary storage is still necessary. Reasons for this may include, for example, the following:
The fulfillment of retention obligations under commercial and tax law.
The preservation of evidence for legal disputes within the framework of the statutory limitation provisions.
It is also possible for us to continue to store your data with us if you have given your express consent for this or if the data is anonymized or sufficiently pseudonymized.
h. Data categories
Account data: Login/user ID and password
Personal master data: Title, salutation/gender, first name, last name, date of birth.
Address data: street, house number, address extensions if applicable, postal code, city, country
Contact data: Telephone number(s), fax number(s), e-mail address(es)
Registration data: Information about the service through which you have registered; timing and technical information about registration, confirmation and deregistration; data provided by you when registering.
Order Data: Products ordered, prices, payment and delivery information.
Payment data: Account data, credit card data, data on other payment services
Access data: Date and time of the visit to our service; the page from which the accessing system arrived at our site; pages accessed during use; session identification data (session ID); also the following information of the accessing computer system: Internet Protocol address (IP address) used, browser type and version, device type, operating system and similar technical information.
- accessing the website/application
Here we describe how we process your personal data when you call up our services. In particular, we point out that the transmission of access data to external content providers (see under b.) is unavoidable due to the technical functioning of information transmission on the Internet.
a. Information on processing
The following data is collected:
Access data for the purpose of proper connection establishment of our service, the presentation of content, the security of data and business processes, as well as for the detection and prevention of attacks on our site based on unusual activities and error diagnosis. The access data is stored for seven days. The legal basis for this processing of personal data is Art. 6 para. 1 f) DSGVO.
b. Recipients of personal data
The legal basis for the transfer of personal data is order processing pursuant to Art. 28 DSGVO.
Recipient category: web hosting service provider
Data concerned: Access data
- customer account / order processing
We process the data of our customers in the context of ordering processes in our online store to enable them to select and order the selected products and services, as well as their payment and delivery, or execution.
a. Information on processing
The following data is collected and processed to ensure a provision of the contractual service in the context of the operation of the online store, billing, delivery. Furthermore, to process customer inquiries and user complaints, customer loyalty and improve our service:
Personal master data
Contents of the inquiries or contact
The legal basis for this processing of personal data is Art. 6 para. 1 a), b), f) DSGVO.
After registration, the user will be sent an e-mail to activate the customer account. Within the framework of the customer account, the orders placed can be called up, a profile for the evaluation of products can be created (optional upload of a profile photo) and the account data can optionally be completed with billing and delivery addresses. For the processing of the order and the payment, the following data are compulsorily collected: First and last name, postal address, e-mail address.
In the context of registration and renewed registrations as well as use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user’s protection against misuse and other unauthorized use. In principle, this data is not passed on to third parties, unless it is necessary for the pursuit of our legal claims as a legitimate interest or there is a legal obligation to do so.
The deletion takes place after the expiry of legal warranty and other contractual rights or obligations (e.g., payment claims or performance obligations from contracts with customers); in the case of storage due to legal archiving obligations, the deletion takes place after their expiry.
Payments are made exclusively to the clearing account of Goncalves Mclaren Sandhöfer Hop Shuttle GbR. For the processing of payments, we pass on the necessary payment data to the credit institution commissioned with the payment and, if applicable, payment and billing service providers commissioned by us or to the payment service selected by you in the ordering process.
b. Recipients of personal data
External payment service providers
We use external payment service providers through whose platforms users and we can make payment transactions. Payments are processed via the following service providers:
On our website, we offer, among other things, payment via PayPal and the associated payment methods. The provider of these payment services is PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, Luxembourg.
If you select payment via PayPal, the payment data you enter will be transmitted to PayPal. The transmission of your data to PayPal is based on Art. 6 para. 1 lit. a DSGVO (consent) and Art. 6 para. 1 lit. b DSGVO (processing for the performance of a contract). The transmission of the data is for the purpose of payment processing and fraud prevention. The personal data exchanged between PayPal and the controller may be transferred by PayPal to credit reporting agencies. The purpose of this transmission is to check identity and creditworthiness. PayPal may disclose the personal data to affiliated companies and service providers or subcontractors insofar as this is necessary to fulfill contractual obligations or the data is to be processed on behalf.
You have the option to revoke your consent to data processing at any time. A revocation does not affect the validity of past data processing operations. All data required for payment processing are used exclusively for the execution of payments and are transmitted via the “SSL” procedure. PayPal is certified according to PCI DSS.
If you purchase from a merchant via Hop Shuttle, we transmit the data necessary for processing the order to this merchant. We never transmit data about payment methods to merchants. All merchants are contractually obligated to use the data only for processing the order and not for other purposes, especially advertising.
The legal basis for this processing of personal data is Art. 6 para. 1 b), f) DSGVO.
You can sign up for our newsletters on our site. In the newsletters we will inform you about our offers, latest news and services of Hop Shuttle.
We require a valid email address to deliver the newsletters. By subscribing to our newsletters, you agree to receive them and to the procedures described. For sending the newsletters, we use the so-called double opt-in procedure, i.e. we will only send you a newsletter by e-mail if you have previously expressly confirmed that you want us to activate the newsletter service. We will then send you a notification e-mail and ask you to confirm that you wish to receive our newsletters by clicking on a link contained in this e-mail.
The sending of the newsletters and the associated performance measurement are based on the consent of the recipients pursuant to Art. 6 para. 1 a)., Art. 7 DSGVO in conjunction with § 7 para. 2 No. 3 UWG or, if consent is not required, on the basis of our legitimate interests in direct marketing pursuant to Art. 6 para. 1 f) DSGVO in conjunction with. § Section 7 (3) UWG.
The logging of the registration process is based on our legitimate interests pursuant to Art. 6 para. 1 f.) DSGVO.
You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time. At the same time, your consent to their dispatch via our e-mail service provider and the statistical analyses will expire. You will find a link to cancel the newsletter at the end of each newsletter or send us an e-mail to: email@example.com.
Sending information about similar products
If we receive your e-mail address in connection with the sale of a product or service and you have not objected to this, we reserve the right to regularly send you e-mail offers on similar products to those you have already purchased from our range. You can object to this use of your e-mail address at any time by sending a message to the contact option described, without incurring any costs other than the transmission costs according to the prime rates.
In the following, we describe how your personal data is processed using tracking technologies to analyze and optimize our services and for advertising purposes.
You can make specific consent settings under Consent Settings / Cookies.
The description of the tracking methods also includes information on how you can prevent or object to the data processing. Please note that the so-called “opt-out”, i.e. the refusal of processing, is usually stored via cookies. If you use our services via a new terminal device or in a different browser, or if you have deleted the cookies set by your browser, you will have to declare the opt-out again.
If you wish to opt out of interest-based advertising, you can also visit the website www.youronlinechoices.com/de, click on “Preference Management” and follow the instructions to opt out of the use of data for interest-based advertising by the service providers listed there, either entirely or individually. You will still receive advertising, but it will not be interest-based.
The tracking methods presented process personal data only in pseudonymous form. A connection with a concrete, identified natural person, i.e. a combination of the data with information about the bearer of the pseudonym, does not take place.
a. Purpose of the processing
The analysis of user behavior by means of tracking helps us to check the effectiveness of our services, to optimize them and adapt them to the needs of users, and to correct errors. It also serves to statistically determine characteristic values about the use of our services (reach, intensity of use, users’ surfing behavior) – based on uniform standard procedures – and thus to obtain values that are comparable across the market.
Tracking to measure the success of content and advertising campaigns serves to optimize our content and ads for the future and to enable marketers, advertisers and content providers to also optimize their content and ads accordingly. Tracking to optimize the playout of content and display of advertising has the purpose of showing users content and advertising tailored to their interests and relevant to them, to increase the success of the content and advertising and thereby also the (advertising) revenues.
b. Legal basis of processing
In the case of services that make the behavior of data subjects on the Internet traceable and in the case of the creation of user profiles, it is necessary to obtain informed consent as defined by the GDPR.
c. The tracking methods used in detail
Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with other services related to the use of this online offer and the Internet. In doing so, pseudonymous usage profiles of the users can be created from the processed data.
We only use Google Analytics with IP anonymization activated. This means that the IP address of users is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
The IP address transmitted by the user’s browser is not merged with other data from Google. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent the collection of the data generated by the cookie and related to their use of the online offer to Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
Google Tag Manager
Google Tag Manager is a solution that allows us to manage so-called website tags via an interface (and thus, for example, integrate Google Analytics as well as other Google marketing services into our online offer). The Tag Manager itself (which implements the tags) does not process any personal data of the users. With regard to the processing of users’ personal data, please refer to the following information on Google services. Usage guidelines: https://www.google.com/intl/de/tagmanager/use-policy.html.
You can opt out of the collection and use of information for online advertising directed at target groups at the following link: https://www.facebook.com/ads/website_custom_audiences.
Online presence in social media
We maintain online presences within social networks and platforms in order to be able to communicate with customers, interested parties and users active there and to inform them about our services there.
We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce users’ rights. With regard to U.S. providers that are certified under the Privacy Shield, we point out that they thereby undertake to comply with the data protection standards of the EU.
Furthermore, user data is usually processed for market research and advertising purposes. For example, usage profiles can be created from the usage behavior and resulting interests of the users. The usage profiles can in turn be used, for example, to place advertisements within and outside the platforms that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users’ computers, in which the usage behavior and interests of the users are stored. Furthermore, data may also be stored in the usage profiles regardless of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).
The processing of the users’ personal data is based on our legitimate interests in effectively informing users and communicating with users pursuant to Art. 6 para. 1 lit. f. DSGVO. If the users are asked by the respective providers of the platforms for consent to the aforementioned data processing, the legal basis of the processing is Art. 6 para. 1 lit. a., Art. 7 DSGVO.
For a detailed description of the respective processing and the opt-out options, please refer to the information of the providers linked below.
Also in the case of requests for information and the assertion of user rights, we point out that these can be asserted most effectively with the providers. Only the providers have access to the users’ data and can take appropriate measures and provide information directly. If you still need help, you can contact us.
The legal basis for this data processing is Art. 6 para. 1 b) DSGVO. In this processing, our cooperation with Facebook is based on a joint responsibility agreement pursuant to Art. 26 DSGVO, which can be found at this URL: https://www.facebook.com/legal/terms/page_controller_addendum.
Exception: If you provide us with personal data such as your name, email address or similar data via the communication channels provided by Facebook, for example to answer an inquiry, we also process this inquiry in our systems. This data is stored until the purpose of the request / communication is fulfilled and then deleted. Legal retention periods remain unaffected by this.
In addition to Facebook, recipients of your data may also be service providers that we use to ensure a quick and efficient response to your inquiries.
Plugins of the social network Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA (“Instagram”) are integrated on our website. You can recognize the Instagram plugin by the “Instagram – Button” on our page.
(Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland).
Privacy Shield: https://www.privacyshield.gov.
III. DATA SUBJECT RIGHTS
- right of objection
If we process your personal data for the purpose of direct marketing, you have the right to object at any time with future effect to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is associated with such direct marketing.
You also have the right to object at any time with future effect to the processing of personal data concerning you which is carried out pursuant to Art. 6 (1) e) or f) DSGVO on grounds relating to your particular situation; this also applies to profiling based on these provisions.
You can exercise the right of objection free of charge.
You can reach us via the contact details listed under I.2.
- right to information
You have the right to know whether personal data concerning you are processed by us, which personal data these are, if any, as well as further information according to Art. 15 DSGVO. If you would like to receive information about your personal data, please contact us at the e-mail address: firstname.lastname@example.org.
- right of rectification
You have the right to request that we correct any inaccurate personal data concerning you without undue delay (Art. 16 DSGVO). Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data – also by means of a supplementary declaration.
- right to erasure (“right to be forgotten”).
You have the right to demand that we delete personal data concerning you without undue delay, provided that one of the reasons set out in Article 17(1) of the GDPR applies and the processing is not necessary for one of the purposes regulated in Article 17(3) of the GDPR.
- right to restriction of processing
You are entitled to request a restriction in the processing of your personal data if one of the conditions regulated in Art. 18 (1) a) to d) DSGVO is met.
- right to data portability
You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. Furthermore, you have the right to transfer this data to another responsible party without hindrance from us or to obtain that a direct transfer is made by us, if this is technically possible. This shall always apply if the basis of the data processing is consent or a contract and the data is processed automatically. Accordingly, this does not apply to data held in paper form only.
- right of revocation in case of consent
If the processing is based on your consent, you have the right to revoke your consent at any time. The lawfulness of the processing carried out on the basis of the consent until the revocation is not affected by this.
- right of complaint
You have a right of appeal to a supervisory authority.
Status: January 2020