We, VIPrize GmbH (“VIPrize” or "we"), appreciate your interest in our website and our services offered on our website (together “the Online Service”).
Controller for the processing of your personal data is VIPrize GmbH, Blumenstraße 28, 80331 Munich, Germany. If you have any questions regarding the processing of your personal data and your related rights, we are happy to answer them. Please contact us in writing at the address above or via e-mail to firstname.lastname@example.org
2. USE OF YOUR PERSONAL DATA
2.1 Access data
Each time you access our website, we collect information about you. These access data (so-called log files) include:
• Name of the website,
• File, date and time of retrieval,
• Amount of data transferred,
• The type of browser used and the version of the browser,
• Operating system of your device,
• Your Internet Provider,
• Referrer URL (i.e. the page from which you have accessed our website),
• IMEI of your device (i.e. the ID number of your device),
• The IP address of your device (i.e. a specific combination of numbers used to identify your device connected to the Internet).
Processing this data, in particular the IP address of your device, by us or our hosting provider is necessary in order to enable delivery of the website. For this purpose, the IP address of your device must be stored for the duration of the session. The legal basis for the data processing enabling the use of our website is Art. 6 (1) (f) of the General Data Protection Regulation (“GDPR”), whereby our legitimate interest is the provision of the Online Service.
In addition, we use this data for statistical evaluations for the purposes of securing and optimizing the Online Service. We also reserve the right to subsequently check the log files in case of suspected illegal use of our Online Service. The legal basis for this data processing is Art. 6 (1) (f) GDPR, whereby our legitimate interest is the security of our IT systems, the improvement of the Online Service and the prevention of misuse of the Online Service.
We use so-called session cookies to optimize our website. Cookies are small text files that the websites operated by us send to your browser, which stores them on your device. Cookies are used to store information related to your device and contain, among other things, the name of the domain from which the cookie originates, the "lifespan" of the cookie and a value, usually a unique random number. A session cookie contains a so-called session ID with which various requests from your browser can be assigned to the shared session. These session cookies are deleted after you close your browser.
The use of the aforementioned cookies set by us is necessary in order to make our Online Service available and to be able to optimize it continuously. Data processing in this context is therefore based on Art. 6 (1) (f) GDPR. Our legitimate interest is to provide visitors to our website with a functioning Online Service and to make their visit and use of the website as pleasant and efficient as possible.
To a limited extent, we also use persistent cookies, which remain on your device and enable us to recognize your browser the next time you visit our website. These cookies are stored on your hard drive and are deleted automatically after the specified time. The default storage period of these cookies is up to 90 days. Such persistent cookies enable us to present our Online Service to you in a more user-friendly, effective and secure manner and, for example, to display information on the site that is specifically tailored to your interests.
You can set your browser so that you are informed in advance when cookies are set and can decide case by case whether you exclude the acceptance of cookies for certain cases or in general, or that cookies are completely prevented. You can delete cookies that are already stored on your device at any time, either manually or by using browser functions. We would like to point out, however, that the use of the websites operated by us and the raffles carried out might be only possible to a limited extent without cookies or with only restricted cookies.
We only use the persistent cookies described above with your consent for the purposes described here (Article 6 (1) (a) GDPR).
2.3 Google Analytics services
The IP address transmitted by Google Analytics from your browser is not merged with any other data provided by Google.
You can prevent the storage of cookies by selecting the respective settings in your browser. In this case, however, you might no longer be able to use the full functionality of our website. Furthermore, you can prevent Google from collecting and processing the data generated by the cookies and relating to your use of our website and services (including your IP address) by downloading and installing the browser plug-in available under the following link: Link.
Alternatively, in particular for browsers on mobile devices, you can click on the following link to prevent Google Analytics from collecting data from this website in the future: Deactivate Google Analytics. An opt-out cookie is stored on your device. If you delete cookies, you must therefore click this link again if you wish to continue objecting the data collection by Google.
In connection with our Online Service, we also use the Google Data Studio service provided by Google to create and display reports based on data collected by Google Analytics. Google Data Studio does not process any further data.
The EU Commission has issued an adequacy decision (No. 2016/1250) for any transmission of data to the US, also known as the “EU-US Privacy Shield”. According to this adequacy decision companies that meet certain criteria are deemed to provide an adequate level of protection. These companies are listed in the so-called “Privacy Shield List” or “Privacy Shield List”. Google is one of the companies listed there. The transmission to Google in connection with Google Analytics is based on Art. 45 and 28 GDPR.
We use Google Analytics and Google Studio to analyze the use of our website and services and to continuously improve our website and services in the interest of user-friendliness. The legal basis for the use of Google Analytics is Art. 6 (1) (f) GDPR. Our legitimate interest is the optimization and further development of our website and services to ensure the best possible user comfort.
2.4 Embedding of YouTube videos
We use YouTube content to improve the user experience when visiting the Online Service. The basis for the data collection related to the implementation of YouTube content is therefore Art. 6 (1) (f) GDPR. Our legitimate interest is the optimization of the Online Service and assuring the highest possible user comfort. Transmission to Google and YouTube is based on Art. 45 GDPR. As already explained in the previous section, the EU Commission has issued an adequacy decision regarding the transmission of data to the USA (No. 2016/1250, "EU-US Privacy Shield"). YouTube and Google are companies included in the so-called "Privacy Shield List".
2.5 Social Plug-Ins
2.5.1 Facebook Like Button
We have included so-called social plug-ins ("Plug-Ins") of the social network face-book.com (such as the Facebook Like button) in our websites, which are operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").
We use a two-step procedure to prevent unintentional transmission of data to Face-book (so-called "2-click solution"): A Plug-In must be activated by a first click in order for it to unfold its actual function. Only then you can make a recommendation with an-other click on the Plug-In.
If you activate a Plug-In of Facebook, your device establishes a direct connection with the Facebook servers, which may also be located in the USA. The content of the Plug-In is transmitted directly from Facebook to your device, which integrates it into our Online Service. User profiles can be created from the data processed by Facebook. We have no influence on the extent of the data that Facebook collects with these Plug-Ins.
By activating the Plug-Ins, Facebook receives the information that you have accessed the corresponding page of our Online Service. If you are logged in to Facebook, Face-book can associate the visit with your Facebook account. If you interact with the Plug-Ins, for example by clicking the Like button or posting a comment, the corresponding information is transferred directly from your device to Facebook and stored there. If you do not have a Facebook account, there is still the possibility that Facebook re-ceives and stores your IP address. According to Facebook, only an anonymous IP address is stored with respect to Germany.
If you have a Facebook account and do not want Facebook to collect data about you via our Online Service and link it with your account data stored by Facebook, you must log out of the Facebook account before using our Online Service and delete your cookies. Further settings and the declaration of your objection against the use of your data for advertising purposes can be made within the Facebook profile settings: Link. The settings are platform-independent, i.e. they are adopted for all devices used, such as desktop computers or mobile de-vices. We would like to point out that you can deactivate Plug-Ins in your browser with the help of browser add-ons.
As already explained in the previous sections, the EU Commission has issued an ade-quacy decision (No. 2016/1250, "EU-US Privacy Shield") on data transmission to the USA. Facebook is also one of the companies included in the so-called "Privacy Shield List".
Legal basis for the use of the Plug-Ins is your consent pursuant to Art. 6 (1) (a) GDPR.
2.5.2 Twitter Button
Within our Online Service we use Plug-Ins of the social network Twitter (e.g. the Twit-ter button), offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA ("Twitter").
Here, too, we use the two-step procedure to prevent the unintentional transmission of data to Twitter (so-called "2-click solution"): A Plug-In must be activated with a first click in order for it to unfold its actual function. Only then you can make a recommen-dation with another click.
As already explained in the previous sections, the EU Commission has issued an ade-quacy decision (No. 2016/1250, "EU-US Privacy Shield") for transmission to the USA. Twitter is also one of the companies included in the so-called "Privacy Shield List". Transmission to Twitter in connection with the Plug-Ins is based on your consent pur-suant to Art. 6 (1) (a) GDPR and, with regard to data transmission to the USA, pursu-ant to Art. 45 GDPR.
2.6 Data for the fulfilment of mutual contractual obligations
In order to use our services, including some parts of our Online Service, you must register and create a user account. We collect your chosen user name and e-mail address, other contact information (such as your name, address and telephone number), your bank account details and the payments made for our services. In addition, the IP address of your device is transmitted to us during registration. The provision of this data is not required by law, but is necessary for the performance of the user contract with you.
The collection and processing of the aforementioned data takes place for the purpose of concluding and subsequently fulfilling the user contract, including the payments made by you, on the basis of Art. 6 (1) (b) GDPR.
We work with PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxem-bourg ("PayPal") and micropayment GmbH, Scharnweberstrasse 69, 12587 Berlin, Germany ("micropayment") to process your payments, including the processing of invoices.
The transfer of personal data to PayPal or micropayment is based on Art. 28 GDPR.
The legal basis for data processing regarding the processing of payments is Art. 6 (1) (b) GDPR, as it is necessary for carrying out the user contract concluded with you.
We would like to inform you about our company and our raffles and services through a newsletter to which you can subscribe.
In order to verify that you are the owner of the e-mail address provided during subscription and that you agree to receive the newsletter, we use the so-called double opt-in procedure to obtain your consent. After subscribing for the newsletter, you will receive an e-mail to the e-mail address you provided, in which you will be asked to confirm your registration. This confirmation is necessary so that nobody can register with another person's e-mail address. Only after the confirmation of the registration the newsletters you have subscribed to will be sent. We store the subscription for the newsletter in order to be able to prove the subscription process according to the legal requirements. For this purpose, the IP address and the date of subscription and confirmation are stored. Other data will not be collected. This data will only be processed for the purpose of sending the newsletter and will not be passed on to third parties.
If you no longer wish to receive a newsletter, you can of course unsubscribe from the newsletter at any time. You can object to the use of your e-mail address for advertising purposes at any time without giving reasons. All you have to do is send an informal e-mail to email@example.com or click on the unsubscribe link contained in each newsletter.
The data processing for the purpose of sending the newsletter explained above is carried out on the basis of your consent (Art. 6 (1) (a) GDPR).
You may withdraw your consent to the storage of your e-mail address and its use to send the newsletter at any time in the future. The withdrawal can be made via a unsubscribe link in the newsletters themselves or by sending a message to the contact options listed above.
The newsletter is sent via the "Elastic Email" service, a newsletter mailing platform of the provider Elastic Email Inc., Unit 107, 1208 Wharf Street Victoria, BC V8W 3B9, Canada (hereinafter: "Elastic Email"). Your e-mail address will be sent to Elastic Email and stored on Elastic Email's servers in Canada. Elastic Email uses this information to send the newsletter on our behalf.
We strictly adhere to the requirements of GDPR including the IT and data security require-ments. Elastic Email also strictly complies with these requirements. Furthermore, we have concluded a contract with Elastic Email about commissioned data processing, in which Elastic Email is again committed to protect your personal data and use the data only in accordance with the relevant data protection provisions on our behalf and not disclose them to third parties. The EU Commission has issued an adequacy decision for the transfer of personal data to Canada regarding certain categories of companies (Decision No. 2002/2/EC). Elastic Email falls under the scope of this adequacy decision. The transfer of data to Elastic Email is based on Art. 28 and 45 GDPR.
2.8 Contacting us
When you contact us (e.g. by e-mail), we process the personal data you provide to process your enquiry and in the event that follow-up questions arise. This applies both to the sending of information material and to the answering of individual enquiries.
If the data processing is carried out for conducting pre-contractual steps, which are conduct-ed at your request, or if you already have a contractual relationship with us, the legal basis for this data processing is Art. 6 (1) (b) GDPR.
Otherwise, the data will be stored and used on the basis of Art. 6 (1) (f) GDPR, whereby our legitimate interest is the processing of your request. In particular, it is in our legitimate interest to reply to your e-mail.
3. DISCLOSURE OF PERSONAL DATA
Your personal data will only be disclosed to third parties with your express consent. Exempt from this are only disclosures to our service providers or cooperation partners, which we need to provide the Online Service and which we have commissioned accordingly (e.g. technical service providers). Accordingly, we transmit user data to such service providers and cooperation partners for the purpose of fulfilling the contract in accordance with Art. 6 (1) (b) GDPR.
Insofar we disclose data to service providers or cooperation partners within the scope of our processing, transfer data to them or otherwise grant them access to the data, we, as well as our service providers and partners, strictly comply with the requirements of GDPR. Of course, before passing on your personal data, we ensure that our service providers and cooperation partners have taken the necessary technical and organizational measures to ensure an appropriate level of protection. The scope of the disclosure of data is limited to the minimum required in each case.
We only transmit data to public institutions and authorities entitled to receive such information within the scope of statutory disclosure obligations or if we are obligated by a court decision. In this case, the disclosure of your data is necessary to fulfil a legal obligation we have, in accordance with by Art. 6 (1) (c) GDPR.
4. STORAGE PERIOD AND DELETION OF DATA
Unless specifically stated otherwise, we will only store personal data for as long as necessary to fulfil the purposes for which the data was collected.
The personal data relating to you will be deleted as soon as the purpose of the data pro-cessing no longer applies. If good reasons within the meaning of Art. 17 (3) GDPR do not allow for a deletion, such as statutory storage or safekeeping obligations, the processing of this data will be restricted. In this case, the data will be deleted if the reason for further storage is no longer given, e.g. the legally prescribed storage period expires.
5. YOUR RIGHTS AS DATA SUBJECT
Under applicable law, you have various rights with respect to your personal data. If you wish to exercise these rights, please send your request by e-mail or by post to the address stated in section 1.
Below you can find an overview of your rights.
• You have the right to obtain from us in writing the personal data we have stored about you, the purposes for which it is processed, its origin if we have not collected the data directly from you, which data has been passed on to which recipients or categories of recipients, the duration of the storage period and the rights of data subjects available to you. You can receive a free copy of your data from us. Should you be interested in fur-ther copies, we reserve the right to charge you for the further copies.
• In addition, you have the right to demand the correction of incorrect data, the re-striction of data processing and the deletion of your personal data at any time unless there are justified reasons within the meaning of the statutory provisions to prevent the deletion. In the latter case, you can demand the restriction of the processing of the da-ta stored about you under the legal prerequisites. Insofar personal data which is nec-essary for the provision of services to you is included, the deletion or restriction of the processing of these data can only take place if you no longer use our Online Service, whereby legal storage obligations must also be complied with if applicable.
• You may object to the processing of your personal data at any time for reasons arising from your particular situation, provided that the data processing is based on Art. 6 (1) (f) GDPR, unless we can prove compelling legitimate grounds for a processing which overrides your interests, rights and freedoms, or the processing serves the estab-lishment, exercise or defense of legal claims. If we process your data for the purpose of direct marketing, you may object to the processing at any time.
• If you provide data concerning you and we process this data on the basis of your consent or to fulfil the contract, you may request that we send you this data in a struc-tured, commonly used and machine-readable format, which you can transmit without hindrance to another controller, or we transmit this data to another controller as far as this is technically possible (so-called right to data transfer).
• Any consent to the use of personal data given by you may be freely withdrawn by you at any time with effect for the future.
• You can also lodge a complaint with the supervisory authority if you are of the opinion that data processing by us violates the statutory provisions.
6. LOCATION OF DATA PROCESSING
7. DATA SECURITY
We make every effort to ensure the security of your data within the framework of the applica-ble data protection laws and technical possibilities.
Your personal data will be transmitted encrypted. We use the SSL (Secure Socket Layer) coding system, but point out that data transmission over the Internet (e.g. communication by e-mail) may have security gaps. A complete protection of the data against access by third parties is not possible.
In order to secure your data, we maintain appropriate technical and organizational security measures in accordance with Art. 32 GDPR, which we continually adjust in accordance with the state of the art.
8. NO AUTOMATED DECISION-MAKING
VIPrize does not conduct automated decision-making including profiling in accordance with Art. 22 (1) and (4) GDPR.
9. THIRD PARTY WEBSITES