Data Privacy Information

This data privacy information informs you about the handling of your personal data. To make the processing of your data transparent, we would like to provide you with the following information to give you an overview of these processing operations. In order to guarantee fair processing, this data protection declaration contains general information about our handling of your data as well as information about your rights according to the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).

We will inform you in detail about

I. General data processing
II. Data processing on our website
III. Data processing on our Facebook fan page
IV. Further data processing

The party responsible for data processing is ondemandcommerce GmbH (hereinafter ‘we’ or ‘us’).

I. General data processing

1. Contact

If you have any questions or feedback concerning this information or wish to contact us to assert your rights, please send your enquiry to

ondemandcommerce GmbH
Poststraße 12, 20354 Hamburg
Tel. +49 40 696359040
E-Mail info@ondemandcommerce.com

2. Legal basis

 The data protection term “personal data” refers to all information relating to an identified or identifiable natural person.

We process personal data in compliance with the data protection regulations, primarily the GDPR and the BDSG. Our data processing solely occurs on a legal permission. We will process personal data solely with your consent (art. 6 sec. 1 letter a) GDPR), to perform a contract to which you are a party, or to take steps at your request prior to entering into a contract (art. 6 sec. 1 letter b) GDPR), for compliance with a legal obligation (art. 6 sec. 1 letter c) GDPR) or where processing is necessary for the purposes of our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data (art. 6 sec. 1 letter f) GDPR).

3. Period of storage 

In the absence of alternative provision ensuing from the following statements, we will only store your data for as long as required to achieve the intended processing purpose or to fulfil our contractual or statutory obligations. Such statutory retention requirements may result from regulations under commercial or tax law.

4. Recipients of data

We may use Service Providers for individual processes. This includes, for example, hosting, maintenance and support of IT-systems, as well as marketing actions. These Service Providers process the data only according to strict instructions and are contractually bound to guarantee suitable technical and organisational measures for data protection. In addition, we may transfer personal data of our customers to parties such as postal and delivery services, payment and information services, banks, tax consultants/auditors or the tax authorities.

5. Processing in the exercise of your rights pursuant to art. 15 to 22 GDPR

If you exercise your rights pursuant to art. 12 to 22 GDPR for the purpose of providing information and preparing such information, we will process stored data only for this purpose and for purposes of data protection control and otherwise restrict processing in accordance with art. 18 GDPR.

These processing operations are based on the legal basis of art. 6 sec. 1 letter c) GDPR in combination with art. 15 to 22 GDPR and § 34 sec. 2 BDSG.

6. Your rights

As the person concerned, you are entitled to exercise your rights against us. In particular, you have the following rights:

  • Pursuant to art. 15 GDPR and § 34 BDSG, you have the right to request information confirming whether or not and, if so, to what extent we are processing personal data concerning you.
  • Pursuant to art. 16 GDPR, you have the right get your data rectified.
  • Pursuant to art. 17 GDPR and § 35 BDSG, you have the right to delete personal data.
  • Pursuant to art. 18 GDPR, you have the right to require us to restrict the processing of your personal data.
  • Pursuant to art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit such data to another controller.
  • Where you have granted us separate consent to process your data, you can withdraw such consent at any time pursuant to art. 7 sec. 3 GDPR. Any such withdrawal of consent shall not affect the lawfulness of processing based on that consent prior to its withdrawal.
  • If you consider that the processing of personal data relating to you infringes GDPR provisions, you have the right to lodge a complaint with a supervisory authority pursuant to art.77 GDPR.

7. Right to object

Pursuant to art. 21 sec. 1 GDPR, you have the right to object to processing operations based on art. 6 sec. 1 letter e) or letter f) GDPR on grounds arising from your particular situation. If we process personal data about you for the purpose of direct marketing, you may object to such processing pursuant to art. 21 sec. 2 and sec. 3 GDPR.

8. Data protection officer

You can contact our data protection officer using the following address:
dsb@ondemandcommerce.com

II. Data processing on our website

When using our website, we collect and use information that you provide by yourself. We also automatically collect certain information about your use of the Site during your visit on the Site. In data protection law, the IP address is also considered as a personal date. An IP address is assigned to each device connected to the Internet by the Internet provider so that it can send and receive data.

1. Data transmission to the USA

Visiting our website may involve the transmission of certain personal data to the USA. For the transfer of data to the USA as a non-member country, a country in which the GPDR is not applicable law, the European Commission has decided in accordance with art. 45 GDPR that an adequate level of data protection is required for companies certified under the EU-US Privacy Shield. The transfer to the USA will then take place in a permissible manner.

2. Processing Server-Log-Files

When using our website for purely informative purposes, general information that your browser transmits to our server is initially stored automatically (not via registration). This includes by default: browser type/-version, operating system used, page called, the previously visited page (referrer URL), IP address, date and time of server request and HTTP status code. The processing is carried out to ensure our legitimate interests and is based on the legal basis of art. 6 sec. 1 letter f) GDPR. This processing provides the technical administration and security of the website. The stored data will be deleted after seven days unless there is a justified suspicion of illegal use based on concrete indications and further examination and processing of the information is necessary for this reason. We are not able to identify you as a data subject based on the stored information. art. 15 to 22 GDPR therefore do not apply pursuant to art. 11 sec. 2 GDPR, unless you provide additional information to enable your identification in order to exercise the rights set out in these articles.

3. Cookies

We use cookies on our website. Cookies are small text files that are stored by your browser when you visit a website. This identifies the browser used and can be recognised by our web server. If the use of cookies results in the processing of personal data, finds its legal basis in art. 6 sec. 1 letter f) GDPR. This processing serves our legitimate interest in making our website more user-friendly, effective and secure. We used so-called “session cookies”, which are deleted when the browser session is closed. Other cookies (“persistent cookies”) are automatically deleted after a specified period, which may vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time. You can object to the use of cookies through your browser settings in principle or in certain cases. Further information can be obtained from the Federal Office for Information Security at https://www.bsi-fuer-buerger.de/BSIFB/DE/Empfehlungen/EinrichtungSoftware/EinrichtungBrowser/Sicherheitsmassnahmen/Cookies/cookies_node.html.

4. Contact form and request

Our website provides a contact form, through which you can enquire an offer from us. Your data is transferred encrypted (note the ‚https‘ in the address bar of your browser). All data fields marked as mandatory are necessary to be filled in for the handling of your request. Failure to provide the required information will result in us being unable to process your request. You have the alternative option to send us an email. We process the data for the purpose of handling your request. If your request relates to the establishment or execution of a contract with us, the processing of your data is based on art. 6 sec. 1 letter b) GDPR. In all other cases we process data out of our legitimate interest in contacting the person enquiring. The latter data processing finds its legal basis in art. 6 sec. 1 letter f) GDPR.

5. Newsletter

We regularly inform our customers about the newest developments and functions of our software by sending a newsletter via email. For the distribution of our newsletter we process the email address and the name of our customers. This is based on § 7 sec. 3 UWG. Furthermore, we analyze how often our customers open the newsletter and how they read it. For this purpose, we collect and process pseudonymized usage data, which is not combined with your name or email. The legal basis for this process is art. 6 sec. 1 letter f) GDPR. The processing serves our legitimate interest to improve our newsletter. You can always object to receiving the newsletter without costs arising by virtue thereof, other than transmission costs pursuant to the basic rates. Send your objection to info@ondemandcommerce.com.

6. Analysis of our website by Google Analytics

We use the Google Analytics service from Google Ireland Limited (Ireland/EU) to analyse our website visitors. Google uses cookies. In the course of this, personal data consisting of online tags (including cookie identifiers), IP addresses, device identifiers and information about the interaction with our website is processed. Google will use this information on our behalf to evaluate the use of our online products and services by users, to compile reports on the activities within these online products and services and to provide us with further services associated with the use of these online products and services and the use of the internet. Pseudonymous user profiles can be created from the processed data.

We use Google Analytics only with IP anonymization enabled. This means that Google will truncate the IP address of users within Member States of the European Union or in other states that are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. The IP address transmitted by the user’s browser is not merged with other Google data.

We use the variant Google Universal Analytics, which enables us to assign interaction data from different devices and different sessions to a single User-ID. By doing so, we can contextualize individual user actions and analyse long term relationships. Data about user actions is stored for a period of 14 months after which it is deleted automatically. Data for which the period of storage has expired is deleted once a month.

Information on the cookies used by Google can be found at https://policies.google.com/technologies/types?hl=en. Users can prevent cookies from being stored by adjusting the settings to their browser software accordingly or by downloading and installing the browser plug-in that is available at the following link:  http://tools.google.com/dlpage/gaoptout?hl=en.

If you visit our website using a mobile device, you can disable Google Analytics by clicking on this link.

The legal basis for the use of this service is art. 6 sec. 1 letter f) GDPR. The processing serves the legitimate interest of the analysis of user behaviour on our website and the possible need-based design.

A transmission of your data to Google LLC in the USA cannot be ruled out. Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) is certified under the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

7. Google Marketing Services

We also use marketing and remarketing features provided by Google Ireland Ltd. (Ireland/EU). This feature, combined with the cross-device features of Google Ads, enables us to display advertisements in a more focused manner and present users with ads that are relevant to their interests. Through remarketing, users are shown ads and products that have been found to be of interest on other websites in the Google network. For this purpose, Google executes a code everytime our website is visited and embeds remarketing tags. This enables the storage of an individual cookie on the device oft he user (instead of cookies, similar technologies may be used). The cookies can be set by different domains. Among others, those domains are google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. In this file it is noted which websites users visited, what content they are interested in and which services they use. Additionally, technical information about the browser and operating system used, as well as further information on the use oft he website. To support the remarketing function, Google Analytics collects the google-authenticated IDs of the users, which are temporarily linked to our Google Analytics data. In member states of the EU and the EEC the IP address is truncated.

Personal data is only processed pseudonymously, so Google saves no names or email addresses. Thus, all ads shown as a result are not shown for an identifiable person but for a person associated with the cookie. This information is collected and stored by Google. A data transfer to the USA cannot be ruled out. Google is vertified under the EU-US Privacy Shield and thus offers an adequate protection in the sense of art. 45 GDPR (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

The legal basis for using this service is art. 6 sec. 1 letter f) GDPR. To object to the use of ads personalized by Google-Marketing-Services go to the op-out options provided by Google: https://adssettings.google.com/.

The Google service is used via the Google tag manager. For further information concerning Google’s use of data for marketing go to https://www.google.com/policies/technologies/ads. For Google’s data privacy information go to https://www.google.com/policies/privacy.

8. Integrated services and third-party content

We use services and content (collectively, “Content”) provided on our Website by third parties. For such an integration a processing of your IP address is necessary, so that the contents can be sent to your browser. Your IP address will therefore be transmitted to the respective third party providers. This data processing is carried out in order to safeguard our legitimate interests in the optimisation and economic operation of our website and finds its legal basis in art. 6 sec. 1 letter f) GDPR. You can object to this data processing at any time by changing the settings of your browser or by using certain browser extensions. One such extension is the uMatrix matrix-based firewall for the Firefox and Google Chrome browsers. Please note that this may result in functional restrictions on the website. 

We have incorporated into our website content from the following third-party services:

Services provided by Google Ireland Limited (Ireland/EU):
– ‘Google Maps‘ for displaying maps;
– ‘Google Web Fonts’ to display fonts.

When using Google services, we cannot rule out the possibility that the processed data may be transferred to Google LLC (USA), which is based in the USA. Google LLC is certified under the EU-US Privacy Shield. (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

9. Social network plugins 

On our website we use buttons of social networks and similar third-party services (hereinafter ‘plugins’). By using these plugins, you can share the content of our website in your social networks. The code of the respective plugin embedded is retrieved directly from the servers of its distributor with every visit of our website. In the course of this, it is necessary to transmit the IP address used, whether you click on the plugin or not. Should you be logged into your account at the social network while visiting our website or interact with the plugin, further data may be transmitted. For further information contact the distributor of the respective plugin.

This data is processed due to our legitimate interest in improving popularity and coverage of our website. The processing is legally based on art. 6 sec. 1 letter f) GDPR.

The following third-party plugins are embedded in our website:

The plugin of Linkedin.com by LinkedIn Ireland Unlimited Company, (Ireland/EU). LinkedIn is certified under the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active).

III. Data processing on our Facebook fan page

When visiting our Facebook page, on which our company or individual products are portrayed, certain information about you is processed. The sole controller of this data processing is Facebook Ireland Ltd (Ireland/EU). For further information on the processing of personal data by Facebook go to https://www.facebook.com/privacy/explanation.

1. Processing of page insights

Facebook provides us with anonymized statistics and insights for our page which grant information about the way visitors use our page (hereinafter ‘page insights’). These page insights are created based in certain information about people that have visited our page. This data processing is carried out by Facebook and us as joint controllers. It serves our legitimate interest in improving our page by means of evaluation of the traffic on it. The legal basis for this processing is art. 6 sec. 1 letter f) GDPR. We will never assign the information obtained through the page insights to a certain Facebook profile. Together with Facebook, we came to an agreement about the processing as joint controllers, in which the assignment of data privacy obligations is determined. For details about the processing of personal data for the creation of page insights and the agreement between Facebook and us go to https://www.facebook.com/legal/terms/information_about_page_insights_data.

2. Processing of data shared via our Facebook page

Furthermore, we process information which you share with us via our page. Such information can consist of the Facebook name, contact details or messages to us. We will only process this data after having expressly asked for it, for example in the context of a survey or a lottery. We are the sole controllers of this processing. 

If your request relates to the establishment or execution of a contract with us, the processing of your data is based on art. 6 sec. 1 letter b) GDPR. In all other cases we process data out of our legitimate interest in contacting the person enquiring. The latter data processing finds its legal basis in art. 6 sec. 1 letter f) GDPR.

IV. Further data processing

1. Applications

When you apply for a position at our company, we process your application data exclusively for purposes related to your interest in current or future employment with us. Your application will only be processed and acknowledged by the responsible contact person. All employees entrusted with data processing are obliged to maintain the confidentiality of your data. If we are unable to offer you an employment, we will retain the data you provide for up to six months for the purpose of potentially answering questions relating to your application and rejection. This does not apply if legal provisions prevent deletion, if further storage is necessary for the purpose of presenting evidence or if you have expressly consented to longer storage. Legal basis for the data processing is § 26 sec. 1 BDSG. If we keep your applicant data for a period of six months and you have expressly consented to this, we would like to point out that this consent can be freely revoked at any time in accordance with art. 7 sec. 3 GDPR. Such a revocation does not affect the legality of the processing, which has taken place until the revocation on the basis of the consent.

2. Contractual relationship

In order to establish or execute the contractual relationship with our customers, it is regularly necessary to process the contact data of the relevant contact persons provided to us. The processing serves our legitimate interest in a fluent course of business. The legal basis for this processing is art. 6 sec. 1 letter f) GDPR. In addition, we process customer and potential customer data for evaluation and marketing purposes. This processing takes place on the legal basis of art. 6 sec. 1 letter f) GDPR and serves our interest in further developing our offer and informing you specifically about our offers. Further data processing can take place if you have consented (art. 6 sec. 1 letter a) GDPR) or if this serves to fulfil a legal obligation (art. 6 sec. 1 letter c) GDPR).