Privacy Policy

Privacy Policy - Data Protection

 

 

  1. Name and address of the controller in charge for data processing

 

Controller in charge for data processing within the meaning of the EU-General Data Protection Regulation (GDPR) and all other relevant data protection laws is:

 

                        Bingo Merch GmbH

                        represented by its managing director Keith Nealy

                        Naumburger Strasse 4

                        12057 Berlin

                        GERMANY

(hereinafter also referred to as: We/us)

 

Tel.:                 +49 (0) 30 447 169 41

E-Mail:                         info@bingomerch.com

Websites:         www.shop.bingomerch.com

                       

 

  1. General information on data processing

 

  1. Scope of processing of personal data

 

We process and use personal data of our users and customers only, if this is allowed under applicable laws or if this is neccessary for the purposes of providing you with functioning websites and services, for the purposes of the performance and fulfillment of purchase contracts that are concluded in our onlineshops as well as for advertising purposes. Personal data are only processed if permitted by law or if you consented in the processing of your personal data.

 

  1. Legal basis for data processing

 

If and to the extent that you have given consent to the processing of your personal data for one or more specific purposes, the legal basis for the processing is Art. 6 (1) lit. a GDPR.

 

If and to the extent that the processing is neccessary for the performance of a contract to which you are party or in order to take steps at the request of you prior to entering a contract, the legal basis for the processing is Art. 6 (1) lit. b GDPR.

 

If and to the extent that processing is neccessary for compliance with a legal obligation to which we are subject, the legal basis for the processing is Art. 6 (1) lit. c GDPR.

 

If and to the extent that processing is neccessary in order to protect the vital interests of you or of another natural person, the legal basis for the processing is Art. 6 (1) lit. d GDPR.

 

If and to the extent processing is neccessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of you which require protection of personal data, in particular where the data subject is a child, the legal basis for the processing is Art. 6 (1) lit. f GDPR.

 

  1. Deletion of data and storage period

 

The duration of the storage of personal data is determined by the respective legal retention period (e.g. commercial and tax retention periods). After expiry of this period, the corresponding data will be routinely deleted, provided they are no longer necessary for the performance or initiation of a contract and/or there is no longer any legitimate interest on our part in the further storage.

 

 

III. Logfiles when visiting our websites

 

(1) When using our websites for information only, i.e. if you do not register or otherwise provide us with information, information are automatically transmitted to us by your browser. We only collect the data that your browser transmits to our server (so-called "server log files"). When you visit our website, we collect the following data as it is technically necessary for us to display the website to you:

 

  • IP address (in anonymised form)
  • Date and time at the moment of access
  • Name and URL of our website
  • Source/reference from which you came to the page

 

We process these data for the purposes of

 

  • providing a stable connection to our website
  • providing a comfortable use of our website
  • analysing system security and stability of our website

 

(2) Data processing is carried out in accordance with Art. 6 (1) lit. f GDPR on the basis of our legitimate interest of the purposes as listed above. The data will not be used to identify you as our user which is not possible anyway, as only anonymised IP addresses are being processed. However, we reserve the right to check the server log files subsequently, if there are any concrete indications of illegal use.

 

 

  1. Online-purchase contracts

 

  1. Description and scope of data processing

 

For the performance and fulfillment of purchase contracts that are being concluded in our online-shops as well as for pre-contractual activities, it is necessary for us to process your personal data. These data are entered by you, transmitted to us and stored by us through the respective online forms. In the context of online purchases the following personal data are being processed:

 

  • First and last name
  • Billing- and delivery address
  • Telephone number (optional)
  • e-mail-address
  • Payment method as requested and payment data
  • Date and time of your order
  • Product data

 

  1. Transfer of personal data for order processing purposes

 

  1. a) Invoicing and billing

 

To process the payments we work together with the following service providers, depending on the payment method you chose:

 

  • Pay Pal
  • Stripe
  • de

 

These service providers support us in the execution of concluded contracts. We will pass on your payment data to one of these service providers within the framework of payment processing and solely for this purpose, if this is necessary for payment handling according to Art. 6 (1) lit. b GDPR. These service providers are obligated to handle your data confidentially and in accordance with applicable data protection laws.

 

  1. b) Shipping

 

For shipping and delivery purposes of the products you have purchased in our online-shops we work together with the following service companies:

 

- DHL

- Deutsche Post AG

 

These service companies are assigned with the shipping of your products. We will pass on your name, delivery address and e-mail-address (solely for messages concerning the shipped item) to one of these companies, if this is necessary for delivering your items and informing you on the delivery according to Art. 6 (1) lit. b GDPR. These service companies are obligated to handle your data confidentially and in accordance with applicable data protection laws.

 

  1. c) Administrative and technical purposes

 

(aa) Shopify

 

In order to provide a functioning infrastructure of our online-shops and to optimise our services we use the technical services of the onlineshop-platform „Shopify“ within our legitimate interests according to Art. 6 (1) lit. f GDPR. Shopify provides us with an e-commerce-software, with which our online-shops are created and administrated. Shopify is certified for the US-European data protection agreement “Privacy Shield”, which guarantees compliance with the data protection level applicable in the EU.

 

According to Shopify your personal data are processed when you visit an online-shop that works with Shopify‘s software in order to optimise services and shopping processes as well as to prevent misuse and fraud of these websites. According to Shopify the following data are processed: name, e-mail-address, shipping address, billing address and IP-address. Further information on the processing of personal data by Shopify can be found here: https://www.shopify.com/legal/privacy

 

Shopify is obligated to handle your data confidentially and in accordance with applicable data protection laws. Shopify processes data within the framework of a data processing commission agreement which clarifies that Shopify may process personal data only for the purposes that are set out herein and only if the processing of personal data is permitted by law.

 

(bb) Billbee

 

In order to provide a functioning infrastructure of our online-shops and to optimise our services we also use the ordermanagement-software „Billbee“ within our legitimate interests according to Art. 6 (1) lit. f GDPR.

 

Billbee processes data within the framework of a data processing commission agreement which clarifies that Billbee may process personal data only for the purposes that are set out herein and only if the processing of personal data is permitted by law.

 

 

  1. Legal basis for data processing and data transfer to third parties

 

The legal basis for data processing and data transfer to third parties as listed herein is Art. 6 (1) lit. b and lit. f GDPR.

 

  1. Purposes of data processing and data transfer

 

The processing and transfer of the personal data mentioned herein is neccessary for the conclusion, fulfillmenet and performance of contracts as well as steps at your request prior to entering into such contracts. For the duly fulfillment of contracts between you and us we rely on the processing of your personal data. Any personal data that are processed and transferred will only be used for the purposes that are set out herein.

 

  1. Duration of storage, Removal and revocation

 

The duration of the storage of personal data is determined by the respective legal retention period (e.g. commercial and tax retention periods). After expiry of this period, the corresponding data will be routinely deleted, provided they are no longer necessary for the performance or initiation of the contract and/or there is no longer any legitimate interest on our part in the further storage.

 

 

  1. Creation of a customer Account

 

  1. Description and scope of data processing

 

You can set up a customer account in our online-shops so that you can easily access your personal data without having these submitted to us each time you are purchasing items in our online-shops. When you create your account you type in your personal data in the respective form and submit these data to us. These personal data will be stored by us:

 

- first name, last name

- address

- telephone number

- e-mail-address

- password (your choice - no access by us)

 

  1. Purposes and legal basis for data procesing

 

The processing of personal data when creating a customer account serves the purpose of entering and performing purchase contracts with you. Legal basis for the processing of personal data is Art. 6 (1) lit. b GDPR.

 

  1. Duration of storage

 

The duration of the storage of personal data is determined by the respective legal retention period (e.g. commercial and tax retention periods). After expiry of this period, the corresponding data will be routinely deleted, provided they are no longer necessary for the performance or initiation of the contract and/or there is no longer any legitimate interest on our part in the further storage.

 

  1. Removal and revocation

 

If you are a registered customer you can cancel your customer account at any time with future effect. When you cancel your customer account we will delete your personal data with future effect, so that it will not be possible for you to use your account for purchases in our online-shops. The processing of personal data for purchase contracts that have been concluded through your customer account remains unaffected by a cancellation of your account, which means that we will continue to process such data, if neccessary for the performance and fulfillment of contracts or if we are obligated to do so by law.

 

You can change or modify your personal data that have been stored for your customer account at any time, if your data are no longer up-to-date.

 

Just contact us, if you wish to cancel or update your account data or simply correct/change your personal data in your password secured account by yourself.

 

 

  1. Cookies and Google Analytics

 

  1. Description and scope of data processing

 

In order to make your visit to our online-shops comfortable and to enable the use of certain functions, we and our service partners use so-called cookies on various pages. These are small text files that are stored on your end device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your terminal and enable us or our partner companies (third-party cookies) to recognise your browser on your next visit (persistent cookies). If cookies are set, they collect and process specific user information such as browser and location data as well as IP address values according to individual requirements. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie.

 

In some cases, cookies are used to simplify the submittal process by saving settings. If personal data are also processed by individual cookies set by us, the processing is carried out in accordance with Art. 6 (1) point b GDPR either for the execution of the contract or in accordance with Art. 6 (1) point f GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit.

 

Cookies help us to save and process the following data:

 

- content of your shopping cart

- log-in information of the user/account settings

- language setting on our websites

 

Please note that you can set your browser in such a way that you are informed about the setting of cookies and you can decide individually about their acceptance or exclude the acceptance of cookies for certain cases or generally. Each browser differs in the way it manages the cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings.

 

When you visit one of our websites you will be informed of the use of cookies by a info banner which contains a link to this Privacy Policy.

 

  1. Google Analytics

 

This Website also uses Google Analytics, a web analysis service of Google Inc. (https://www.google.de/ intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter referred to as "Google"). Google is certified for the US-European data protection agreement “Privacy Shield”, which guarantees compliance with the data protection level applicable in the EU. Google Analytics uses so-called cookies, which are text files stored on your computer, to help the Website analyse how users use the Website. The information generated by the cookies about your use of this Website (including the shortened IP address) is generally transmitted to a Google server in the USA and stored there.

 

This Website uses Google Analytics exclusively with the extension “anonymizeIp()”, which ensures an anonymization of the IP address by shortening it and excludes a direct personal relationship. As a result of the extension, your IP address will previously be shortened by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases, the full IP address will be transmitted to a Google server in the USA and shortened there. In these exceptional cases, processing is carried out in accordance with Art. 6 (1) point f GDPR on the basis of our legitimate interest in the statistical analysis of user behaviour for optimisation and marketing purposes.

 

On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide us with other services relating to website and internet use. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.

 

You may refuse the use of cookies by selecting the appropriate settings on your browser. However, we should point out that in that case you might not be able to use the full functionality of this website. You may permanently refuse Google to collect data generated by cookies regarding the use of the website (including your IP address) and to process them. You can download and install the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout.

More information on how Google Analytics handles user data can be found in Google's privacy policy at: https://support.google.com/analytics/answer/6004245.

 

  1. Legal basis for data processing

 

The legal basis for the processing of personal data in context of the use of cookies and Google Analytics is Art. 6 (1) lit. f GDPR.

 

  1. Purposes of data processing

 

We use cookies and Google Analytics to analyse and optimise our online-shops in a user-friendly way as well as for the following purposes:

 

- Ensuring the security in our online-shops

- Statistic purposes, especially analysing the range of our online-shops

- Optimising our online-services

 

These purposes are legitmate interests to process personal data within the meaning of Art. 6 (1) lit. f GDPR.

 

We do not use personal data generated by cookies and Google Analytics to create identifiable user profiles. Some functions of our websites cannot be provided without the use of cookies. For these functions it is neccessary that your browser is recognised after a web-session.

 

  1. Duration of storage, Removal and revocation

 

Cookies are stored on the computer or mobile device of the user and are transmitted to us by your computer or mobile device. Therefore you have control over the use of cookies. By changing your settings in your internet browser you can block, deactivate or restrict the use of cookies. Cookies that have already been stored can be deleted at any time, even automatically by changing your settings. If cookies are blocked, deactivated or restricted, certain functions of our websites may not be used to the full extent.  

 

 

VII. Newsletter

 

  1. Description and scope of data processing

 

If you subscribe to our free e-mail newsletter, we will send you regular information about our products and services. The only mandatory information for sending the newsletter is your e-mail address. The indication of additional possible data is voluntary and is used to be able to address you personally. We use an opt-in procedure for sending the newsletter. This means that we will not send you an e-mail newsletter, unless you have expressly confirmed to us that you agree to the sending of the newsletter.

 

When you purchase items in our online-shops and you give us your e-mail address and confirm to us that you want to receive news and offers via e-mail, we can use your e-mail address for these purposes. In these cases we will only use your e-mail address to send news and offers to you for similar Bingo Merch products and services.

 

When you register for the newsletter, we store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration so that we can trace any possible misuse of your e-mail address at a later time.

 

  1. Legal basis for data processing

 

By activating the confirmation link of your newsletter subscription, you give us your consent to the use of your personal data in accordance with Art. 6 (1) lit. a GDPR. Legal basis for the use of your e-mail address for advertising mails when you have purchased items in our online-shops is § 7 (3) Gesetz gegen den unlauteren Wettbewerb (UWG).

 

  1. Purposes of data processing

 

The data collected by us when registering for the newsletter will be used exclusively for the purpose of notification by means of the newsletter.

 

  1. Duration of storage

 

After your cancellation, your e-mail address will immediately be deleted from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to use data in excess thereof, which is permitted by law and about which we inform you in this declaration.

 

  1. Removal and revocation

 

You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a message to the e-mail: info@bingomerch.com

 

 

VIII. Contact form in our Onlineshops

 

We provide contact forms on our websites. In the context of contacting us (e.g. via contact form or e-mail), personal data is collected and stored:

 

- name

- e-mail-address

- your inquiry/message/question (formulated individually by you)

 

These data are stored and used exclusively for the purpose of responding to your request or for establishing contact and for the associated technical administration. In this context no personal data are transferred to third parties.

 

(2) The legal basis for processing data is our legitimate interest in responding to your request in accordance with Art. 6 (1) point f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 (1) point b GDPR.

 

(3) Your data will be deleted after final processing of your inquiry; this is the case if it can be inferred from the circumstances that the facts in question have been finally clarified, provided that there are no legal storage obligations to the contrary.

 

 

  1. Social Media

 

You can also visit us on social networks:

 

- Facebook

- Twitter

- Instagram

 

On these social networks we inform users about our products and services. For the processing of personal data on these social networks the terms of service and privacy policy of the companies that are operating these social networks apply. We do not have an influence on the processing of personal data on these social networks. If you use these social networks to get in contact with us we will only use your personal data to communicate with you.

 

 

  1. Rights of the data subject

 

If your personal data are being processed, you are data subject within the meaning of the GDPR and you have the following rights towards the controller of your data:

 

  1. Right of information

 

Pursuant to Art. 15 GDPR you shall have the right to obtain information from the controller as to whether or not personal data concerning you are being processed, and, where that is the case, access to personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom personal data have been or will be disclosed; where possible, the envisaged period for which the personal data will bestored, or, if not possible, the criteria used to determine that period; the existence of the right to request from us rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; the right to lodga a complaint with a supervisory authority; where the personal data are not collected from the data subject, any available information as to their source; the existence of automated decision-making, including profiling as well as - if applicable - meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

 

  1. Right of rectification

 

Pursuant to Art. 16 GDPR you shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you or the right to have incomplete personal data completed.

 

  1. Right of erasure

 

Pursuant to Art. 17 GDPR you shall have the right to obtain from the controller the erasure of personal data concerning you without undue delay, unlessthat processing is neccessary for exercising the right of freedom of expression and information, for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject, for reasons of public interest or for the establishment, exercise or defence of legal claims.

 

  1. Right to restriction of processing

 

Pursuant to Art. 18 GDPR you shall have the right to obtain from the controller restrisction of processing where one of the following applies: the accuracy of the personal data is contested by you for a period enabling the controller to verify the accuracy of the personal data; the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; the controller no longer needs the personal data for the purposes of processing but they are required by you for the establishment, exercise or defence of legal claims; you have objected to processing pursuant to Art. 21 (1) GDPR pending the verification whether the legitimate grounds of the controller override those of you.

 

  1. Right to data portability

 

Pursuant to Art. 20 GDPR you shall have the right to receive the personal data concerning you which you have provided to the controller in a structured, commonly used and machine-readable format and have the right to transmit thoses data to another controller without hindrance from the controller to which the personal data have been provided where the processing is based on consent and is carried out by automated means.

 

  1. Right of withdrawal

 

Pursuant to Art. 7 (3) GDPR you shall have the right to withdraw your consent for the processing of personal data at any time with the consequence that we may not continue with the processing which was based on your consent.

 

  1. Right to lodge a complaint

 

Pursuant to Art. 77 GDPR you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, place of the alleged infringement or controller‘s residence.

 

  1. Right to object

 

Pursuant to Art. 21 GDPR you shall have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Art. 6 (1) GDPR or where personal data are processed for direct marketing purposes in which case your right to object has to be respected by the controller irrespective of grounds relating to your particular situation.

 

Please contact us, if you want to exercise your rights in connection with the processing of your personal data.

 

 

  1. Data security

 

We solely use data transmission services that offer high security standards to protect the transmission of personal data and other confidential information against loss, alteration and misuse. Especially when sensitive data are transmitted, for example the transmission of credit card and other payment information we and our service partners endeavour to comply with high security standards in order to protect your data. If such data are being transmitted we are using encrypted services. You can recognize an encrypted connection by the character string https:// and the lock symbol in your browser line.

 

 

October 2018