1. Information on the collection of personal data
1.1 Below we inform you about the processing of personal data when using our website. Personal data is any data that relates to you personally, e.g. name, address, email addresses, and user behavior. With this, we aim to inform you about our processing operations and at the same time comply with legal obligations, particularly from the EU General Data Protection Regulation (GDPR).
1.2 The responsible party according to Art. 4 para. 7 GDPR is itemdrop GmbH, Birkenweg 1, 37671 Höxter, team@itemdrop.de (see our imprint [https://itemdrop.de/impressum]) (hereinafter also referred to as "we", "us" or "our").
1.3 If we use commissioned service providers for individual functions of our offer or wish to use your data for advertising purposes, we will always carefully select and monitor these service providers and inform you in detail about the respective processes below. We will also name the established criteria for the retention period.
2. Your rights
2.1 You have the following rights regarding the personal data concerning you:
2.1.1 Right to information,
2.1.2 Right to rectification or deletion,
2.1.3 Right to restriction of processing,
2.1.4 Right to object to processing,
2.1.5 Right to data portability, and
2.1.6 Right to withdraw consent regarding data protection.
2.2 You also have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data by us.
3. Processing of personal data when visiting our website
When using the website for informational purposes, i.e. merely viewing it without registering and without providing us with other information, we process the personal data that your browser transmits to our server. The data described below is technically necessary for us to display our website to you and to ensure stability and security and must therefore be processed by us. The legal basis is Art. 6 para 1 sentence 1 lit. f GDPR:
3.1.1 IP address,
3.1.2 Date and time of the request,
3.1.3 Timezone difference to Greenwich Mean Time (GMT),
3.1.4 Websites accessed from your system via our website,
3.1.5 Access status/HTTP status code,
3.1.6 Amount of data transmitted in each case,
3.1.7 Websites from which your system accesses our website,
3.1.8 Information about the browser type as well as language and version of the browser software, and
3.1.9 Your operating system.
4. Data security
We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or against unauthorized access by third parties, taking into account the state of the art, the implementation costs, and the nature, scope, context, and purpose of the processing as well as the existing risks of a data breach (including their probability and impact) for the data subject. Our security measures are continually improved in accordance with technological development.
5. Objection or withdrawal regarding the processing of your data
5.1 If you have given consent to the processing of your data, you can withdraw it at any time. Such withdrawal affects the legality of the processing of your personal data after you have expressed it to us. The legality of the processing of your data up to the time of your withdrawal remains unaffected.
5.2 If we base the processing of your personal data on a balancing of interests, you can object to the processing. This is the case when the processing is not necessary for the fulfillment of a contract with you, which we will present in each case in the subsequent description of the functions. When exercising such an objection, we ask you to state the reasons why we should not process your personal data as we have done. In case of your objection, we will examine the situation and either stop or adjust the data processing or show you our compelling legitimate reasons for which we continue the processing.
5.3 Of course, you may object to the processing of your personal data for advertising and data analysis purposes at any time. You can exercise your objection to advertising using the contact details provided above.
6. Retention period of your personal data
6.1 We will only retain your personal data for as long as is necessary to fulfill the purposes for which we collected it, including to meet statutory, tax, accounting, or reporting obligations. To determine the appropriate retention period for personal data, we consider the scope, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of personal data, the purposes for which we process your personal data, and whether we can achieve those purposes by other means, as well as applicable legal requirements.
6.2 In some cases, we will anonymize your personal data so that it can no longer be associated with you. In this case, we will use this data without further notification to you.
6.3 If you have questions regarding the storage of your personal data, you can reach us using the above contact details.
7. Additional features and services on our website
7.1 In addition to the purely informational use of our website, we offer various services that you can use if interested and utilize other common features for analyzing or marketing our offerings, which will be introduced in further detail below. For all data processing purposes described here, the aforementioned principles of data processing apply.
7.2 We partially use external service providers for the processing of your data. These are carefully selected by us, are bound by our instructions, and are regularly monitored.
7.3 Furthermore, we may pass your personal data on to third parties if participation in actions, contests, contract conclusions, or similar services are offered by us in collaboration with partners. Depending on the service, your data may also be collected by the partners under their own responsibility. You will receive more detailed information when you provide your data or in the description of the respective offers below.
7.4 If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you about the implications of this fact in the description of the offer.
7.5 If you decide to become a customer with us, the related data processing is explained in detail in the terms of use for our products.
8. Processing of data from your end devices ("Cookie Policy")
8.1 In addition to the data mentioned above, we use technical aids for various functions when you use our website, especially cookies that can be stored on your end device. You have the choice, when visiting our website and at any time later, whether you generally allow the setting of cookies or which individual additional features you wish to select. Changes can be made in your browser settings or via our consent manager. Below, we will first describe cookies from a technical perspective, before we discuss your individual options more closely by describing technically necessary cookies and cookies that you voluntarily opt out of or opt-in for.
8.2 Cookies are text files or information in a database that are stored on your hard drive and assigned to the browser you are using so that the place that sets the cookie can receive certain information. Cookies cannot execute programs or transmit viruses to your computer but are primarily used to make the internet offer faster and more user-friendly. This website uses the following types of cookies, the functionality and legal basis of which we will explain below:
8.2.1 Transient cookies: Such, in particular session cookies, are automatically deleted when the browser is closed or by logging out. They contain a so-called session ID. This allows different requests from your browser to be assigned to the shared session, and your computer can be recognized when you return to our website.
8.2.2 Persistent cookies: These are automatically deleted after a predetermined duration, which is set differently depending on the cookie. In your browser settings, you can view the set cookies and their durations at any time and delete the cookies manually.
8.3 Mandatory functions technically necessary for displaying the website: The technical structure of the website requires us to use techniques, especially cookies. Without these techniques, our website cannot be displayed (fully and correctly) or the support functions may not be enabled. These are basically transient cookies that are deleted after the end of your website visit, at the latest when you close your browser. You cannot opt out of these cookies if you wish to use our website. The individual cookies are visible in the consent manager. The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. f GDPR.
8.4 Optional cookies with your consent: We only set various cookies after your consent, which you can select during your first visit to our website via the so-called cookie consent tool. The functions are only activated if you give your consent, and they may particularly serve to analyze and improve the visits to our website, facilitate your use across different browsers or devices, recognize you during a visit, or display advertisements (possibly also to orient advertisements to interests or measure the effectiveness of ads). The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. a GDPR. The withdrawal of your consent is possible at any time without affecting the legality of the processing until the withdrawal.
9. Conclusion of a contractual relationship
9.1 When you create a customer account on our website, we will ask you to provide the following personal data:
9.1.1 Data that identify you personally, such as name and email address; as well as phone number; academic title. Data that identify your company, such as company name, address like billing and delivery address, contact details (email address, telephone or fax number), if applicable, VAT ID or tax number; information about your payment method; other information.
9.1.2 Other personal data that we are legally obliged or entitled to collect and process and that we need for your authentication, identification, or verification of the data we collect.
9.2 The aforementioned data will be processed for the execution of the contractual relationship. The processing of the data takes place based on Art. 6 para. 1 lit. b GDPR. The retention period is limited to the contractual purpose and, if applicable, to statutory and contractual retention obligations.
10. Use of payment service providers (This only affects you if you become a customer with us and fully utilize our services.)
10.1 For payment processing in our services, we work with payment service providers. In the context of this collaboration, we process certain data to enable you to have a secure and efficient payment process.
10.2 To carry out and manage transactions, we transmit certain data to the payment service provider. This data includes, in particular:
· Authentication details
· Merchant data
· Encrypted payment information
10.3 The data required for payment processing is automatically transmitted to the payment service provider. This transmission serves to carry out transactions and ensure the functionality of our services. The automated transmission only occurs when you wish to make a transaction in our services and not without the active consent of the user.
10.4 The payment service provider transmits to us confirmations about created payment instructions, details on transactions, payment status, and account status, as well as notifications about relevant events in your account. This information is necessary to process the payment and enable the use of our services.
10.5 We ensure that the data transmitted to the payment service provider meets the highest security standards. The payment service provider uses advanced encryption technologies to ensure the security of payment information. However, we are not liable for the degree of encryption of the data processed by the payment service provider.
10.6 The processing of the data is based on Art. 6 para. 1 lit. b GDPR (fulfillment of a contract) as well as Art. 6 para. 1 lit. f GDPR (legitimate interest). Our legitimate interest lies in providing you with a smooth and secure payment transaction.
11. Use of CRM systems - HubSpot
11.1 Scope of processing personal data
We use functions of HubSpot Inc., 2nd Floor, 25 First Street, Cambridge, MA 02141, USA (hereinafter: “HubSpot”). This is an integrated software solution with which we cover various aspects of our online marketing. This includes, among other things: email marketing (newsletters as well as automated mailings, e.g. to provide downloads), social media publishing & reporting, reporting (especially traffic sources, accesses, etc.), contact management (especially user segmentation & CRM), landing pages, and contact forms. HubSpot places a cookie on your computer. As a result, personal data can be stored and evaluated, mainly the user’s activity (especially which pages have been visited and which elements have been clicked), device and browser information (especially the IP address and the operating system), data about the displayed advertisements (especially which ads were shown and whether the user clicked on them) and also data from advertising partners (especially pseudonymized user IDs).
Further information on the processing of data by HubSpot can be found here: https://legal.hubspot.com/de/privacy-policy
11.2 Purpose of data processing
The use of the HubSpot plug-in is solely for the optimization of our marketing.
11.3 Legal basis for the processing of personal data
The legal basis for processing the personal data of users is generally the user’s consent according to Art. 6 para. 1 sentence 1 lit. a GDPR.
11.4 Duration of storage
Your personal information will be stored as long as necessary to fulfill the purposes described in this privacy policy or as required by law, e.g. for tax and accounting purposes.
11.5 Withdrawal and removal options
You have the right to revoke your data protection consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent until the withdrawal.
You can prevent the collection and processing of your personal data by HubSpot by preventing the storage of third-party cookies on your computer, using the “Do Not Track” function of a supporting browser, disabling the execution of script code in your browser, or installing a script blocker like NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com/) in your browser.
Further information on objection and removal options regarding HubSpot can be found at: https://legal.hubspot.com/de/privacy-policy
12. Subscription to our newsletter
12.1 If you have expressly consented in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, we will use your email address to regularly send you our newsletter.
12.2 Your email address will be deleted as soon as it is no longer necessary for achieving the purpose for its collection. Thus, your email address will be stored as long as the newsletter subscription is active.
12.3 You can unsubscribe at any time, for example via a link at the end of a newsletter. Alternatively, you may also send your unsubscribe request at any time via email (preferably with the subject: 'Unsubscribe Newsletter').
13. Contact via email contact form
When you contact us via email or through a contact form, the data you provide (your email address, possibly your name and your telephone number) will be stored by us to answer your questions. The data processing for the purpose of contacting us takes place in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR based on your voluntarily granted consent. The data arising in this context will be deleted if the inquiry is related to a contract after the contract duration periods, otherwise when the storage is no longer necessary, or we restrict processing if there are legal storage obligations.
14. Use of the login
14.1 If you wish to use our services, you must register by providing your email address, a self-chosen password, and your freely selectable username. There is a real-name obligation, and pseudonymous use is not possible. Providing the aforementioned data is mandatory; all further information can be provided voluntarily when using our services. For this service, we use the so-called double-opt-in procedure, i.e. you will receive an email in which you must confirm that you are the holder of the specified email address and wish to receive the notifications. You can unsubscribe from the notifications at any time, e.g. by clicking the link in the email or using the provided contact details. The data you provide and the timestamps of your registration for the service and your IP address will be stored by us until you unsubscribe from the notification service.
14.2 If you use our services, we will store the data necessary for contract fulfillment until you permanently delete your account. Furthermore, we will store the voluntarily provided data for the duration of your use of the services, as long as you do not delete it beforehand. All information can be viewed in the protected customer area, and can be changed upon request in agreement with us. Please note that once provided information cannot be changed independently at will. The legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR.
15. User account
If you interact with our services and products, you have the option to create a user account with us. The creation of a user account is based on your consent. You can revoke your consent and/or delete your user account by contacting us using the above contact details. The revocation or deletion of your account may have negative impacts on your user experience or completely restrict it. The following data will be processed in connection with your account:
· Name and email address (only in your role as a representative of the company and not as a natural person.
· Company data for using our services.
· Other user data that you enter in your role as administrator of our services for your user account, such as other users.
The legal basis for processing this data is Art. 6 para. 1 sentence 1 lit. a GDPR.
16. Currency and changes to this privacy policy
Due to the ongoing development of our website and offers or due to changed legal or regulatory requirements, it may become necessary to change this privacy policy.
