- 1. Provider, contact and data protection officer
- 2. Basic information regarding data processing, security measures and legal basis
- 3. Purposes of data processing
- 4. Contact process and customer communication (CRM)
- 5. Payments
- 6. Registration and termination
- 7. Newsletter
- 8. Collection of access data
- 9. Cookies and reach measurement
- 10. Google Analytics
- 11. Google marketing/remarketing services
- 12. Facebook Social Plugins
- 13. Facebook remarketing, Facebook-Pixel and Custom Audiences
- 14. Social media buttons and links
- 15. Incorporation of other services and third-party content
- 16. Users’ rights, opt-outs, withdrawal and revocation
- 17. Right to object
- 18. Data deletion
1. Provider, contact and data protection officer
The provider of the Online Service and the controller within the meaning of data protection legislation is Orderfox AG, Industriering 3, 9491 Ruggell, Principality of Liechtenstein (hereinafter ‘We’ or ‘Us’). Who to contact with data protection issues: email@example.com. For more information and contact options, please refer to our legal notice.
2. Basic information regarding data processing, security measures and legal basis
2.1We process your Data in accordance with the statutory requirements. We implement organisational, contractual and technical security measures in accordance with the latest technology so as to ensure that data protection legislation is complied with and the Data processed by Us is protected from incidental or intentional manipulation, loss, destruction or access by unauthorised persons. The security measures include, in particular, the encrypted transmission of data between your device and our server.
2.2 With regard to the processing of personal data on the basis of the EU General Data Protection Regulation (GDPR), which will become effective on the 25th of May 2018, we point out that the legal basis of your consents is Article 6 (1) a. and Article 7 GDPR, the legal basis for processing necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract is Article 6 (1) b. GDPR, the legal basis for the processing necessary for compliance with a legal obligation is Article 6 (1) c. GDPR, and the legal basis for the processing for the purposes of the legitimate interests we pursue, is Article 6 (1) f. GDPR.
3. Purposes of data processing
3.1 We process your Data for the purposes of delivering the functions of our Online Service requested by you and to fulfil our contractual, business and other legal obligations (among other things, provision and performance of our services and guaranteeing efficient customer service and technical support). Data processing comprises the transmission or disclosure of Data to third parties if this serves to fulfil our contractual or legal obligations (e.g. brokering jobs between CNC manufacturers and CNC buyers) or if this is necessary for invoicing purposes (e.g. transfer of Data to a payment service provider).
3.2 We additionally process your Data in accordance with the statutory requirements on the basis of our justified interests. These processing purposes include statistical analyses that serve on the one hand to optimise our Online Service and on the other to fulfil our own business purposes. In this context, We are able to create so-called user profiles (hereinafter ‘Profiles’ for short) based on the Data recorded (e.g. addresses, profile descriptions, profile access, jobs assigned, offer and request profiles). To protect your interests, We process your Data for the above-mentioned purposes using pseudonyms wherever possible, i.e. the Profiles are logged without any means of identification such as names or email addresses. Only if it is necessary for a Profile to be attributable to a User, for example to show the User specific information based on their behaviour, do We establish a link between a Profile and the specific User. Insofar as it is not necessary for a Profile to be attributable to a User (for example if We are only interested in statistical information), the User’s Details are processed anonymously, i.e. the Profiles and analysis results cannot be attributed to individual Users, thus identifying them.
3.3 Additionally, We may process Data in accordance with your consent, which We will explicitly ask you to grant.
3.5 You shall be notified of the individual purposes, forms and scope of Data processing and of the authorisations granted within the context of the consent granted in relation to this Data processing.
4. Contact process and customer communication (CRM)
4.1 When We are contacted (by means of a contact form or email), the User’s Details are logged in order for the request to be processed and in the event that there are follow-up questions.
4.2 To communicate with and support our customers (so-called customer relationship management or CRM), we make use of the communication services of Intercom as offered by Intercom, Inc., 55 2nd Street, 4th Floor, San Francisco, California 94105, USA on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our services). Intercom allows us to communicate with Users more quickly and more directly in accordance with their expectations and to process their enquiries. With Intercom, we can, insofar as is legally permissible, send Users messages via live chats, email, text message or push notifications. For this to be possible, we have to synchronise our User contact information with Intercom via an interface.
5.1 In the interests of our customers’ security, We do not log any credit card details or bank data ourselves and instead use the Saferpay payment service of the payment service provider SIX Payment Services (Europe) S.A., Germany Office, Theodor-Heuss-Allee 108, 60486 Frankfurt am Main.
6. Registration and termination
6.1 The Users themselves decide which personal details they wish to disclose and who has access to these details, for example when a User enters their name in Profiles, comment boxes, or similar.
6.2 The following Data is collected mandatorily when a User registers:
- Email address (not disclosed to other Users)
- Password (logged in encrypted form)
- First name and surname
6.3 Above and beyond the above-mentioned details, the Users themselves decide which other personal details are disclosed. The Users may additionally be required to make further disclosures insofar as these are necessary with regard to the provision of our Online Service and the fulfilment of the statutory requirements.
6.4 The Users’ public Profile information can be viewed by and searched in by other registered Users. The Users’ locations can be presented on a map.
6.5 Upon successful termination, We are at liberty to delete the Users’ Profiles. It is the Users’ responsibility to save their Profile information.
7.1 The following sections explain the contents of our newsletter, the registration, circulation and statistical analysis processes, and your rights of revocation. By subscribing to our newsletter, you consent to receipt of the newsletter and to the processes as outlined.
7.2 We send newsletters, emails and other electronic notifications containing advertising information (hereinafter ‘Newsletters’) only with the recipients’ consent or subject to legal permission. Insofar as the content of the Newsletter is specifically outlined at the registration stage, this content is authoritative with regard to the User’s consent. Our Newsletters otherwise contain information regarding developments and offers within the CNC industry and relating to our services.
7.3 Registering for our Newsletter involves a so-called double opt-in process. This means you will receive an email after registration requesting you to confirm your registration. This confirmation is necessary so as to prevent people from registering with another person’s email address. Newsletter registrations are logged so that evidence of the registration process can be produced pursuant to the statutory requirements. This includes logging of the times of registration and confirmation and of the IP address. Changes in your data recorded by the dispatch service provider are likewise logged.
7.5 Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy-Shield Agreement, thereby guaranteeing compliance with European data protection laws.
7.6 The email addresses of our Newsletter recipients and their other details as outlined here are saved on the Dispatch Service Provider’s servers. The Dispatch Service Provider uses this information in order to dispatch and analyse the Newsletter on our behalf. The Dispatch Service Provider may additionally use this Data to optimise or improve their own services, for example for the technical optimisation of the dispatch process and presentation of the Newsletter or for commercial purposes to determine which countries the recipients are based in. The Dispatch Service Provider will not, however, use the details of our Newsletter recipients to communicate with them directly or to share them with third parties.
7.7 Submission of your email address will suffice for a Newsletter registration. We optionally ask you to provide other details such as your first name and surname for the purposes of Newsletter personalisation and your industry in order that We can bring the content of the Newsletter into line with the readers’ interests.
7.8 The Newsletters contain a so-called web beacon, i.e. a pixel-sized file which is accessed by the Dispatch Service Provider’s server when the Newsletter is opened. When this is accessed, technical information is logged regarding, for example, your browser and system, your IP address and the time at which it is accessed. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behaviour, the places from which it is accessed (determined with the aid of IP addresses) or the times at which it is accessed. The statistics logged also include details regarding whether the Newsletters are opened, when they are opened and which links are clicked on. While this information can be attributed to specific Newsletter recipients for technical reasons, neither We nor the Dispatch Service Provider endeavour to monitor individual Users. Rather, the analyses allow Us to identify our Users’ reading habits and to adapt our content accordingly or to dispatch different content based on our Users’ interests.
7.9 The use of the service provider, the carrying out of the statistical surveys and analyses as well as the logging of the registration procedure shall be carried out on the basis of our legitimate interests, Article 6 (1) f. GDPR. We are interested in the use of a user-friendly and secure newsletter system, which serves both our business interests and user expectations.
7.10 You may terminate your subscription to our Newsletter at any time, i.e. revoke your consent. A link allowing termination of your subscription to the Newsletter can be found at the end of each Newsletter.
8. Collection of access data
8.1 The provider of the server from which our Online Service is executed collects data on the basis of our legitimate interests regarding all instances of server access (so-called server log files). Access data includes the name of the website visited, file, date and time of the visit, the data volume transmitted, notification of successful retrieval, the browser type and version, the User’s operating system, the referrer URL (i.e. the page previously visited), the IP address and the enquiring provider.
8.2 We use the server log files without attribution to a User or any other form of profile generation pursuant to the statutory requirements for statistical analyses only for the purposes of business operations, security and optimisation of our Online Service. We do, however, reserve the right to subsequently check the log files if, based on concrete indications, there is a justified suspicion of illegal usage. Otherwise we delete the data within seven days.
9. Cookies and reach measurement
9.2 If the Users do not want cookies to be stored on their computers, they are asked to deactivate the appropriate option within their browser’s system settings. Cookies previously stored can be deleted within the browser’s system settings. The exclusion of cookies can result in the limited functionality of this Online Service.
9.3 The online ad cookies of many companies can be managed via the US website http://www.aboutads.info/choices/, the EU website http://www.youronlinechoices.com/uk/your-ad-choices/, the Canadian website http://youradchoices.ca/choices or the Australian website http://youronlinechoices.com.au/.
10. Google Analytics
10.2 Google uses this information on our behalf to analyse the Users’ use of our Online Service, to compile reports on activities within the Online Service and to provide us with other services related to use of this Online Service and the Internet. Pseudonym-based usage profiles can be generated in relation to the Users on the basis of the Data processed.
10.3 Google is certified under the Privacy-Shield Agreement, thereby guaranteeing compliance with European data protection laws.
10.4 We only use Google Analytics with activated IP anonymisation. As such, Google truncates the IP addresses of Users within the member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases is a complete IP address sent to a Google server in the USA and then truncated there.
10.5 Google does not combine the IP address as provided by the User’s browser with any other Data. The Users can prevent cookies from being stored using the settings of their browser software; the Users can likewise prevent Google from collecting and processing the Data generated by cookies relating to their use of the Online Service by downloading and installing the browser plug-in which is available via the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
10.6 More information on Google’s Data usage and your browser setting and revocation options can be found on the following Google websites: https://www.google.com/intl/en/policies/privacy/partners/ (‘How Google uses data when you use our partners’ sites or apps’), https://www.google.com/intl/en/policies/technologies/ads/ (‘Use of data for advertising purposes’), http://www.google.com/settings/ads (‘Control the information Google uses to show you ads’) and http://www.google.com/ads/preferences (‘Choose which ads Google shows you’).
11. Google marketing/remarketing services
11.1 We use on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our services) the marketing and remarketing services (‘Google Marketing Services’ for short) of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (‘Google’).
11.2 Google Marketing Services allow us to show ads for and on our website in a more targeted manner, showing Users only those ads that are potentially of interest to them. If a User is shown ads for products in which they showed an interest on other websites, this is known as remarketing. To this end, Google executes a code as soon as a User views our website or other websites for which Google Marketing Services have been activated, thereby incorporating so-called (re)marketing tags into the website (invisible graphics or code, also referred to as web beacons). This allows a customised cookie, i.e. a small file, to be stored on the User’s device (comparable technologies may also be used instead of cookies). The cookies can be placed by various domains including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which websites the User visits, what content they express an interest in and which offers they click on, together with technical information relating to the browser and operating system, the referrer URL, the visit time and other details regarding use of the Online Service. The User’s IP address is likewise logged; please note that with regard to Google Analytics, IP addresses within member states of the European Union or in other signatory states to the Agreement on the European Economic Area are truncated and are only transmitted to a Google server in the USA in exceptional cases and then truncated. The User’s IP address is not combined with other User Data within other Google services. Google may combine the aforementioned information with such information from other sources. When the User subsequently visits other websites, they can be shown ads which are tailored to their interests.
11.3 The User’s Details are processed within the Google Marketing Services using pseudonyms. In other words, Google does not record or process the User’s name or email address, and instead processes the relevant Data within pseudonym-based user profiles using cookies. This means the ads are not managed for and shown to a specifically identifiable person from Google’s perspective, but for and to the cookie owner irrespective of who this cookie owner is. This does not apply if the User has explicitly allowed Google to process their Data without this pseudonymisation. The information collected by the Google Marketing Services regarding a User is sent to Google and stored on Google servers in the USA.
11.4 Google is certified under the Privacy-Shield Agreement, thereby guaranteeing compliance with European data protection laws.
11.5 The Google Marketing Services used by Us include the online ad program Google AdWords. With Google AdWords, each AdWords customer is assigned a different conversion cookie. Cookies can therefore not be traced via the websites of AdWords customers. The information collected with the aid of the cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. The AdWords customers learn the total number of Users who clicked on their ad and who were forwarded to a website featuring a conversion tracking tag. They do not, however, receive any information with which a User can be personally identified.
11.8 We can additionally use Google Tag Manager to incorporate Google’s analysis and marketing services into our website and manage them.
11.10 If you wish to revoke your consent to interest-based advertising by the Google Marketing Services, you can do so using the settings and opt-out options offered by Google: http://www.google.com/ads/preferences.
12. Facebook Social Plugins
12.1 Our Online Service makes on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our services) use of the Social Plugins (‘Plugins’) of the social network facebook.com, which is run by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (‘Facebook’). The Plugins can be identified on the basis of one of the Facebook logos (white ‘f’ on a blue tile, the terms ‘Like’ and ‘Gefällt mir’ or a thumbs-up symbol) or feature the phrase ‘Facebook Social Plugin’. A list of and the appearance of Facebook Social Plugins can be found here: https://developers.facebook.com/docs/plugins/.
12.2 When a User accesses a function of this Online Service containing such a Plugin, their device establishes a direct link with Facebook’s servers. The Plugin contents are sent directly to the User’s device by Facebook and are incorporated into the Online Service by the device. Usage profiles can be generated in relation to the Users on the basis of the data processed. We therefore have no control over the volume of Data collected by Facebook with the aid of this Plugin and therefore notify the Users on the basis of what we know.
12.3 When the Plugins are incorporated, Facebook is notified when a User views the corresponding page of the Online Service. If the User is logged in to Facebook, Facebook can assign this visit to their Facebook account. If Users interact with the Plugins, for example by clicking on the ‘Like’ button or adding a comment, the relevant information is sent directly to Facebook by their device and logged by Facebook. If the User is not a member of Facebook, Facebook is nonetheless able to determine and log their IP address. According to Facebook, only anonymised IP addresses are logged in Germany.
12.4 Users can learn about the purpose and extent of Facebook’s data collection and its further processing and use, and about the corresponding rights and settings for the protection of their privacy in Facebook’s data privacy notice: https://www.facebook.com/about/privacy/.
12.5 Facebook is certified under the Privacy-Shield Agreement, thereby guaranteeing compliance with European data protection laws.
12.6 If a User is a Facebook member and does not wish Facebook to collect information on them via this Online Service or combine such information with their Facebook membership details, they must log out of Facebook prior to using our Online Service and must delete their cookies. Other settings can be selected and consents to the use of data for advertising purposes revoked within the Facebook profile settings at https://www.facebook.com/settings?tab=ads or via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are applied to all devices such as desktop computers and mobile devices.
13. Facebook remarketing, Facebook-Pixel and Custom Audiences
13.1 Our Online Service uses on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our services) the so-called Facebook Pixel belonging to the social network Facebook, which is run by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are resident in the EU, by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (‘Facebook’). The Facebook Pixel enables Facebook to identify visitors to our Online Service as the target group for the presentation of so-called Facebook Ads. Accordingly, we use the Facebook Pixel to present the Facebook Ads placed by us only to those Facebook users who have expressed an interest in our Online Service (so called “Custom Audiences”). In other words, with the assistance of the Facebook Pixel, We want to ensure that our Facebook Ads are in keeping with the Users’ possible interests, rather than being seen as a nuisance. Additionally, the Facebook Pixel allows Us to understand the effectiveness of Facebook Ads for statistical and market research purposes by allowing Us to see whether Users were taken to our website upon clicking on a Facebook Ad.
13.2 The Facebook Pixel is incorporated by Facebook immediately upon one of our websites being viewed and can store a cookie, i.e. a small file, on your device. If you subsequently log in to Facebook or visit the page when already logged in to Facebook, your visit to our Online Service is recorded within your profile. The data collected on you is anonymous for Us and We are therefore unable to draw conclusions concerning the Users’ identities. However, the data is logged and processed by Facebook, and can therefore be linked to the corresponding User Profile. Facebook uses the data in accordance with its data policy. Accordingly, further information regarding how the remarketing pixel works and generally on the presentation of Facebook Ads can be found in Facebook’s data policy: https://www.facebook.com/policy.php.
13.3 Facebook is certified under the Privacy-Shield Agreement, thereby guaranteeing compliance with European data protection laws.
13.5 You may revoke your consent to the Facebook Pixel collecting data and using it to present Facebook Ads. You can access the page created by Facebook to do so, at https://www.facebook.com/settings?tab=ad, following the instructions there regarding the settings for use-based advertising, or you can revoke your consent via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are applied to all devices such as desktop computers and mobile devices.
14. Social media buttons and links
The links/buttons incorporated into our Online Service for social networks and platforms (hereinafter ‘Social Media’) only establish contact between the social networks and the Users when the Users click on the links/buttons and the corresponding networks or their websites are accessed. This corresponds to the regular functions of an online link.
15. Incorporation of other services and third-party content
15.1 The content or services of third-party suppliers are sometimes incorporated into our Online Service on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our services), such as city maps or other websites’ fonts. The incorporation of third-party content is always subject to the third-party supplier being aware of the User’s IP address, as they are unable to send content to the User’s browser without an IP address. The User’s IP address is therefore required in order for the content to be shown. Additionally, the providers of third-party content can use their own cookies and process the Users’ data for their own purposes. Usage profiles can be generated in relation to the Users on the basis of the data processed. We will use as little data as possible in relation to this content and will select reliable third-party suppliers in terms of data security.
15.2 Below is an overview of third-party suppliers and their content, together with links to their privacy policies containing more details regarding data processing and rights of revocation, some of which were mentioned above (so-called opt-outs):
15.2.3 External fonts from Typekit. Typekit is a service of the company Adobe. These fonts are incorporated when an Adobe server is accessed (in the USA). More information can be found in Typekit’s data privacy notice here: http://www.adobe.com/privacy/typekit.html.
15.3 Further information on data protection standards: Google is certified under the Privacy-Shield Agreement, thereby guaranteeing compliance with European data protection laws. Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy-Shield Agreement, thereby guaranteeing compliance with European data protection laws. Adobe is certified under the Privacy-Shield Agreement, thereby guaranteeing compliance with European data protection laws.
16. Users’ rights, opt-outs, withdrawal and revocation
16.1 In accordance with the law, the Users are entitled to request details of the personal data recorded by Us in relation to them and to receive this information free of charge.
16.2 Furthermore, you have the right to obtain the rectification of inaccurate personal data and the right to have incomplete personal data completed, the right to obtain the erasure of personal data or its restriction of processing and, if applicable, the right to data portability and the right to complain to the supervisory authority.
16.3 Users may additionally object to their data being processed and may revoke their consents granted, always with effect in the future (so-called opt-outs).
17. Right to object
Users may at any time object to the future processing of their personal data in accordance with legal requirements. The opposition may, in particular, be made against processing for the purposes of direct advertising.
18. Data deletion
18.1 Data is deleted as soon as it is no longer required for the purpose stipulated in relation to Orderfox and provided its deletion does not contravene any statutory record retention obligations. (i.e. in accordance with commercial or tax law).
18.2If users' data is retained, its processing for other purposes will be restricted.
Correct as at: 01.06.17