2. Further information about the data controller
2.1 The data controller who is responsible for the processing of your personal data is Kapten & Son GmbH, Agrippinawerft 28, 50678 Cologne, Germany. If you have any general questions, you can either contact us by telephone on +49 221 292 56494 or by our Contact Customer Care. Further information is also available on our website at www.kapten-son.com.
2.2 If you have questions about data protection or how to exercise your rights according to data protection law (see section 9), please contact our Data Protection Officer by sending a letter to the above address or by emailing [email protected].
3. We process your personal data during the following activities
3.1 Visiting our website without signing in
If you visit our website without signing in, registering or filling in any other input boxes on the website, we will process your personal data as follows:
3.1.1 For the purpose of providing our website, we process the name of the website that has been accessed, the data that has been retrieved, the date and time of the access, the volume of data that has been transmitted, a report about the successful access, the type and version of the browser, the user's operating system, the referrer URL (the site that had been visited beforehand) and the IP address of all visitors to the website. This processing is technically necessary in order to facilitate the use of our website (Art. 6(1)(b) GDPR). When your visit to our website has ended, this data will be deleted unless individual pieces of information continue to be processed for the reasons given below.
3.1.2 We process the IP addresses and [categories of data] of all visitors to our webpages to identify and prevent attacks targeted at our website and the technical infrastructure (e.g. hacking and denial-of-service attacks). This processing is used to comply with our legal obligation to take safeguarding measures (Art. 6(1)(c) GDPR). The data is deleted seven (7) days after your visit to our website has ended, unless an attempted attack has been identified. If your connection has been identified as the source of an attempted attack, the data will continue to be processed to complete the technical overhaul and for prosecution purposes, if applicable.
3.2 Visiting our website and registering
3.2.1 You can register on our website by creating a user account. When you register, you will be able to conclude your orders on our website more quickly and more easily, store a number of shipping addresses, and view and track orders. As part of the registration, we process your first and last names, your email address and a password of your own choice. This processing is used in the performance of, and for compliance with the user agreement (Art. 6(1)(b) GDPR). We will continue to hold your data while your user account remains active. You can delete your customer account yourself. The data will also be deleted unless we are legally required to retain it.
3.2.2 We also use the provided e-mail address to send you a reminder about products that have been in your shopping cart for a period of at least 1 hour.
3.3 Ordering through our online shop
3.3.1 When an order is placed in our online shop, we collect the following data from the person who placed the order: name, address, date of birth, telephone number, gender and email address. We need this data so that we can process the purchase agreement, dispatch the goods, generate an invoice and manage the guarantees and the returns. We need to process this data to fulfil the purchase agreement concluded via our online shop (Art. 6(1)(b) GDPR). We will delete this data as soon as we no longer need it for the above purposes and provided that we are no longer legally required to retain it. In the latter case, we will not actually delete your data, but we will block it to prevent any further processing.
3.3.2 We process your payment details to settle payments when you have used our website to purchase a product. We will forward your payment details to a third party (e.g. to a credit card provider if you are paying by credit card), depending on the method of payment you have selected. The following payment methods can be selected when placing an order:
b) If you choose to use Amazon Pay as a payment method, we will first pass your payment details on to Amazon Payments Europe s.c.a., followed by Amazon EU SARL, Amazon Services Europe SARL and Amazon Media EU SARL within the context of settling the payment. These three (subsequently referred to as “Amazon Payments”) are all based at 5, Rue Plaetis L 2338 Luxembourg. Amazon Payments reserves the right to perform a credit check. Amazon Payments uses the credit check results relating to the statistical probability of non-payment so that it can decide whether or not to provide the respective payment method. The credit check may include probability values (scores). When scores influence the results of a credit check, these are based on a scientifically recognised mathematical and statistical procedure. The calculation of scores is based on address data, among other things. In addition, Amazon Payments is entitled to disclose your data to unnamed third parties (banks, e-service providers and service partners as well as auditors, analytics services, credit reference agencies, marketing partners, cloud service providers, retargeting providers and affiliated companies) among others. This data needs to be processed for the performance of, and compliance with the contract (Art. 6(1)(b) GDPR). Further information about data protection regulations and the credit reference agencies used, among other things, is available in the Amazon Payments Privacy Notice at: https://pay.amazon.com/uk/help/201751600
3.3.3 Sharing data with third parties within the context of processing an order
When processing an order, we use services provided by a number of different partners so that the order can be handled correctly and we can provide you with advertisements for other interesting products. To accomplish this, we work with the following partners:
b) We use Fiege Mega Center Logistik GmbH as our logistics service provider. Fiege Mega Center Logistik GmbH performs logistics services on our behalf. To this end, we forward Fiege Mega Center Logistik GmbH your name, and the recipient's address, your email address, telephone number, customer reference number, the name of the invoice recipient and the invoice address. Fiege Mega Center Logistik GmbH is contractually obliged to use this information solely for the purpose described above and in accordance with our instructions.
3.3.4 Advertising supplements with the order
We use Adnymics so that we can send you flyers about other Kapten & Son products that will be of interest to you. We forward Adnymics data that will indicate which products you have viewed on our website so that we can find out what you are interested in. This processing is necessary in order to protect our overriding legitimate interest (Art. 6(1)(f) GDPR) in being able to offer you targeted advertising about other products that may be of interest to you. The data that has been processed in this regard will be deleted when the purpose has been achieved. Adnymics is contractually obliged to use this information solely for the purpose described above and in accordance with our instructions.
3.4 Back in stock notification
If one of our products is no longer in stock, you can set up a reminder for this product. We have provided a text box where you can enter your email address for this purpose on the product page. As soon as the specific product is available again, we will send an email with the relevant information to the email address you have provided. This data needs to be processed for the performance of, and compliance with the contract (Art. 6(1)(b) GDPR). After the reminder email has been sent, your email address will be deleted.
a) We store cookies that are essential for technical purposes on the website visitor’s device so that we can provide our website and personalise our website display. These cookies hold the following data: An identifier that acts as an identifying feature so that the user’s various related enquiries can be recognised, and categories of the website that have been retrieved, the language settings and the contents of the shopping cart can be attributed to a session. This processing is technically necessary in order to facilitate the use of our website (Art. 6(1)(b) GDPR). All cookies are enabled, blocked or deleted (e.g. when you close the web browser) according to the settings stored in your web browser. If cookies are deactivated for our website, you may not be able to use all features of their website to their full extent.
b) The following third-party cookies have been set on our website so that we can tailor our online offers to your interests. Our objective is that you will only receive advertisements about products that you are actually interested in.
bb) We use Bing Ads to optimise our promotional activities and to broadcast our advertisements. Bing Ads is a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft”). If a Microsoft Bing Ad redirects you to our website, a cookie is set on your device so that you can use this service. This enables Microsoft and us to see that someone has clicked on an advertisement and has been redirected to our website and reached a predefined destination page (“conversion site”). We can then find out how many users in total have clicked on this Bing Ad and been redirected to our website. Microsoft processes information generated by the cookie to create a pseudonymised user profile. These user profiles are used to analyse visitor behaviour and stream advertisements. This data processing is necessary in order to protect our overriding legitimate interest (Art. 6(1)(f) GDPR) in optimising the advertising on our website for the benefit of users. These cookies are deleted according to the settings stored in your web browser (e.g. when you close the web browser). A cookie is set on the basis of the relevant browser settings. You can also prevent Microsoft from collecting and processing the data generated by the cookie relating to your use of the website by using the following link to state that you object: http://choice.microsoft.com/opt-out. Further information about data protection and the cookies used by Microsoft and Bing Ads is available on the Microsoft website at https://privacy.microsoft.com/en-gb/privacystatement
cc) We use Criteo Dynamic Retargeting technology so that we can ensure that only personalised advertising is played to the visitors to our website. Using this technology means we can store anonymised information in cookies on the website visitor’s device. This is information about the surfing behaviour of visitors to our website while they are on our website. Criteo GmbH then analyses the recorded surfing behaviour and can subsequently display targeted product recommendations as personalised advertising banners on websites (known as publishers) that the user accesses after visiting our website. This data processing is necessary in order to protect our overriding legitimate interest (Art. 6(1)(f) GDPR) in only showing our website visitors advertisements for products that would be of interest to the user. These cookies are deleted according to the settings stored in your web browser (e.g. when you close the web browser). You can prevent the Criteo service from storing and using information by clicking on the following link (https://www.criteo.com/privacy/) and switching the opt-out setting to “ON”. If you select “ON”, a new cookie (opt-out cookie) will be set in your browser. This cookie notifies the Criteo service that data about your user behaviour may no longer be collected and processed. You have the option of enabling this function again by switching the setting to “OFF”. Please note that you will need to adjust this setting for each browser that you use. If all cookies are deleted in your browser, this will also affect the opt-out cookie.
dd) We use the “Google AdWords” online advertising program, which in turn uses conversion tracking, so that we can analyse the effectiveness of advertising. When a user clicks on an advertisement delivered by Google, the conversion tracking cookie is set and transmitted to Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. These cookies expire after 30 days and are not used for personal identification. If the user visits particular pages on this website and the cookie has not yet expired, we and Google can see that the user has clicked on the advertisement and was redirected to this page. Every Google AdWords customer receives a different cookie. This means cookies cannot be tracked across the websites of AdWords customers. The information obtained with the help of the conversion cookie is used to compile conversion statistics for AdWords customers who have opted to use conversion tracking. Customers find out the total number of users who have clicked on their advertisement and been redirected to a page containing a conversion tracking tag. Customers do not, however, receive any information that can be used to personally identify users. The processing is necessary in order to protect our overriding legitimate interest (Art. 6(1)(f) GDPR) in being able to calculate the reach of our advertising and measure its cost-effectiveness so that the advertising is as targeted as possible. The transfer of data to the United States of America is based on an adequacy decision taken by the EU Commission (Art. 45 GDPR) because the recipient participates in the “EU-US Privacy Shield” scheme. The cookies are deleted after 30 days unless your web browser has been set differently so that they are deleted at an earlier stage.
ff) We use the AWIN performance advertising network on our website. This service is provided by AWIN AG, Eichhornstrasse 3, 10785 Berlin, Germany (“AWIN”). As part of the tracking service, AWIN documents transactions (e.g. involving leads and sales) by storing cookies on the devices of users who visit or use its customers’ websites or other online services (e.g. registering for a newsletter). These cookies are used solely so that the success of advertising material can be tracked correctly and can be accounted for accordingly within the context of the network. AWIN does not collect, process or use personal data in this respect. The cookie only collects information indicating when a device is used to click on specific advertising materials. An individual number sequence is stored in the AWIN tracking cookies but this cannot be attributed to the individual user. It is used to document the partner program of an advertiser, the publisher and the time of the user's action (click or view). In this process, AWIN also collects information about the device used to carry out the transaction – e.g. the operating system and the browser used. This data processing is necessary in order to protect our overriding legitimate interest (Art. 6(1)(f) GDPR) in optimising the advertising on our website for the benefit of users. The cookies are deleted according to the settings stored in your web browser (e.g. when you close the web browser). You will find further information about how AWIN processes data at: https://www.awin.com/gb/legal
gg) If you go to More tools/Internet options in the relevant browser, you can disable the storage of cookies, limit these to specific websites or set your browser so that you are notified as soon as a cookie is sent. Please note, however, that this is likely to restrict the display of the online services and limit the user navigation. You can also delete cookies at any time. In this case, your device will remove the information that has been stored there.
4. Website analysis and tracking
4.1 We use the “Custom Audiences” remarketing function provided by Facebook. This service is provided by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. It enables us to respond to our website visitors with targeted advertising in Facebook. A Facebook remarketing pixel has been integrated on our website to facilitate this promotional activity. This pixel is used to establish a direct link to the Facebook servers when the website is visited. In doing so, we forward your IP address to Facebook. In addition, Facebook learns which of our websites you have visited and can then assign interests to your personal Facebook user account. It is then possible to import personalised advertising into your Facebook network for you. This data processing is necessary in order to protect our overriding legitimate interest (Art. 6(1)(f) GDPR) in only showing our website visitors advertisements of products that would be of interest to the user. You will find further information about Facebook's collection and use of data in Facebook's Privacy Notice which is available at https://www.facebook.com/about/privacy/. If you do not wish Facebook to assign the information it has collected directly to your Facebook user account, you can disable the “Custom Audiences” remarketing function. You need to log into Facebook to do this.
4.2 We use the “conversion pixel”, which is Facebook’s pixel for tracking user behaviour This service is provided by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). When this pixel is retrieved from your browser, Facebook can subsequently identify whether a Facebook advertisement was successful – in other words, whether it resulted in an online purchase, for example. In this regard, we only receive statistical data from Facebook that does not relate to a specific person. This enables us to measure the effectiveness of Facebook advertisements for statistical and market research purposes. Particularly if you have registered with Facebook, please also refer to its information on data protection which is available at www.facebook.com/about/privacy/. This data processing is necessary in order to protect our overriding legitimate interest (Art. 6(1)(f) GDPR) in only showing our website visitors advertisements of products that would be of interest to the user.
4.3 We use a Pinterest tag on our website. This technology is provided by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA (“Pinterest”). This tag is a pixel file that is integrated into our website and notifies Pinterest which subpages you have visited on our website. Pinterest uses this information to send you targeted advertising. This data processing is necessary in order to protect our overriding legitimate interest (Art. 6(1)(f) GDPR) in only showing our website visitors advertisements of products that would be of interest to the users on Pinterest.
4.4 We have integrated the Trustedshops Trustbadge feature. The Trustbadge from Trusted Shops is integrated on this website to display our Trusted Shops quality seal and any ratings that may have been collected as well as offer Trusted Shops’ products to buyers who have placed an order. When considering the interests at stake, this protects our overriding legitimate interest (Art. 6(1)(f) GDPR) in the optimum marketing of the products we have on offer. Trustbadge and the associated services are provided by Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, Germany. When Trustbadge is accessed, the web server automatically saves a “server log file” which contains items such as your IP address, the date and time of the access, the volume of data that has been transmitted and the requesting provider (access data), for example, and documents the request. This access data is not analysed and is automatically overwritten no more than seven days after your visit to our website has ended. Further personal data is only transferred to Trusted Shops with your consent, if you decide to use Trusted Shops products after completing an order or if you have already registered to use Trusted Shops. In this case, the contractual agreement concluded between you and Trusted Shops applies.
5. Social Plugins on our website
6. Contacting us
You can contact us in a number of ways:
6.1 If you use our contact form, the information you provide will be processed and stored by us so that we can respond to your query and the questions associated with this. We only process the personal data entered on the contact form in order to process the contact that has been established. The processing of your IP address during the sending procedure serves to prevent misuse of the contact form and ensures our IT system is safe and secure. If you use our contact form to contact us, you will need to provide your first and last names and your email address. We need your name so that we can refer to your enquiry in the reply and so that we can address you in person. We need the email address so that we can send you our answer. You can also provide us with optional details such as the order number, telephone number, your home country and a reference for the contact enquiry, which may help us when we respond to your query. Art. 6(1)(b) GDPR is the legal basis for processing the information provided via the contact form. We delete the data collected in this context when it is no longer necessary to store it, or we restrict the processing if there is a legal requirement to retain it.
6.3 We process the first and last names, the telephone number, the caller’s customer number, additional personal data the caller has provided over the phone, and information about the content of the telephone enquiry in order to process general telephone enquiries and to respond to customers’ telephone enquiries. This processing is required for the performance of, and compliance with the contract (Art. 6(1)(b) GDPR). As soon as the concerns raised by the person making the enquiry have been fully dealt with, the processing is restricted so that it specifically relates to the enquiry (e.g. customers’ use of our products or advertising for our services within the context of acquiring new customers), depending on the content of the enquiry. The data is automatically deleted after the intended purpose has been achieved and all statutory retention obligations, in particular with respect to commercial and tax law, have been met.
6.4 If you contact us via our presence on the Facebook, LinkedIn or Instagram social network sites, we will process the personal data that you have stored on the respective social network sites. We need to process your data to deal with your enquiry (Art. 6(1)(b) GDPR). The data is automatically deleted after the intended purpose has been achieved and all statutory retention obligations, in particular with respect to commercial and tax law, have been met.
8. Applying to work for Kapten & Son
If you would like to work with us and for Kapten & Son, you can submit an online application to the email address on our website […]. We will only use the personal data you send us in this regard to process your application. During the course of the application process, we will forward your data to the corresponding internal department relating to the job description. Your data is not used for other purposes that are not linked to the application and, in particular, it is not disclosed to third-party companies. We process your data to make decisions about the beginning of an employment relationship (Section 26(1) German Federal Data Protection Act (BDSG – Bundesdatenschutzgesetz) 2018). After the application process has been completed and the relevant statutory periods have lapsed, we will delete the data involved in your application. We will only continue to store this data, for example for future vacancies that may arise, if you have expressly given your prior consent to this storage.If you apply by post or use the LinkedIn careers network, the data processing will be treated in the same way as for an email application.
9. Your rights as the data subject
9.1 You can assert your rights vis-à-vis us at any time by sending a letter to the address listed above in section 2.1.or an email to the address listed in section 2.2. Please bear in mind that we cannot process any enquiries about personal data over the telephone as the identity of the caller cannot usually be established with sufficient certainty.
9.2 You have the following rights vis-à-vis us and the personal data concerning you:
9.2.1 At any time, you can assert your right to access (Art. 15 GDPR), right to rectification (Art. 16 GDPR), right to erasure (Art. 17 GDPR) and right to restriction of processing, i.e. blocking for specific purposes (Art. 18 GDPR), if the relevant legal requirements have been met.
9.2.2 Your right to data portability (Art. 20 GDPR) also states that you can ask us to provide you with the data concerning you in a structured, commonly used and machine-readable format, or have it forwarded to another data controller named by you if this is technically feasible and if the legal requirements have been met.
9.2.3 You have a right to object to the processing (Art. 21 GDPR) for specific processing purposes, especially for advertising purposes. If we process your data on the grounds that we have considered the interests at stake (according to Art. 6(1)(f) GDPR), you have the right to object to this processing at any time, for reasons relating to your particular situation. Such reasons exist especially if they add particular weight to your interests and override our interests as a result. An example would be if we had not known about these reasons and had therefore been unable to take them into account when considering the interests at stake.
9.2.4 You have the right to withdraw your consent to data processing at any time. The withdrawal of consent will not affect the legality of the data processing that had already taken place until consent was withdrawn.
9.3 You also have the right to contact the relevant data protection supervisory authority if you have any questions or complaints concerning our processing of your personal data.
10. Security of your data
10.1 We use appropriate and modern security measures to protect your data against loss, misuse or modification. Only authorised staff have access to your personal data at our company. We do all that we possibly can to prevent a breach of your rights and avoid risks to your personal data.
10.2 Please remember that transmitting data over the internet is never fully secure. We are unable to guarantee the security of the data entered onto our website while it is being transmitted over the internet. You do this at your own risk.