PERSONAL DATA POLICIES - CAMPAIGNS AND SUBSCRIPTIONS

WELCOME TO WWW.EINHELL.SV

In compliance with the provisions of Law No. 29733, Personal Data Protection Law and its regulations approved by Supreme Decree No. 003-2013-JUS, Einhell.pe wishes to inform its users of the following aspects related to their personal information:

1. IDENTITY OF THE HOLDER OF THE PERSONAL DATA BANK

The owner of this database is Einhell Peru. The user is informed that any processing of personal data is in accordance with the provisions of the legislation in PERU on the matter (Law No. 29733 and its regulations).

2. PURPOSE

Einhell.sv will process the personal data provided in the "Subscribe" form to offer you commercial promotions and advertising (personalized or general) of products and/or services marketed or offered under our brand. Your personal data will only be used for limited purposes, as stated above. If you decide not to provide us with the personal data required in the "Subscribe" form, it will not be possible to carry out the aforementioned purposes. If you decide to enter the data, you declare and certify that they correspond to you and that they are true, exact, authentic, complete, and correct; and that you are of legal age.

3. DATA CONSERVATION PERIOD AND SECURITY MEASURES

The personal data provided will be kept as long as you do not request its cancellation.

4. EXERCISE OF THE RIGHTS OF INFORMATION, ACCESS, RECTIFICATION, CANCELLATION AND OPPOSITION OF THE DATA

As the owner of their personal data, the user has the right to access their data; know the characteristics of your treatment, rectify them if they are inaccurate or incomplete; request they be suppressed or canceled as they are considered unnecessary for the previously stated purposes or oppose their treatment for specific purposes. The user may at any time revoke the consent expressly granted, as well as limit the use or disclosure of their personal data.

5. LEGAL BASIS FOR DATA PROCESSING

The legal basis for the processing of your personal data depends on the purpose underlying the processing. 

 

5.1 Technical administration of the website

The legal basis for the processing of personal data for the purpose specified above is Art. 6(1) lit. b of the General Data Protection Regulation (GDPR), provided a contractual relationship exists with you. Where no contractual relationship exists between the company and you, the legal basis for data processing is Art. 6(1) lit. f GDPR. A transfer of personal data (e.g. IP address) is necessary in order to establish a connection to the website and to display website content.

 

5.2 Provision of services

The legal basis for the processing of personal data for the purpose specified above is Art. 6(1) lit. b GDPR. We provide our services as part of fulfilling contractual obligations. We are unable to fufil or perform the contract with you if we are unable to process personal data.

 

5.3 Google Tag Manager

Our website uses Google Tag Manager, a service provided for persons from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and for all other persons by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

The Tag Manager is used to manage the tools and external services we use on our website and allows the use of so-called tags. A tag is a code element that is stored in the source code of the website, for example to control which page or service elements and tools are activated and loaded in which order. The tool triggers other tags, which in turn may collect data and which are further explained in this privacy policy. Some of the data is processed on a Google server in the USA.

We have concluded a data processing agreement with Google Ireland Limited for the use of Google Tag Manager. In the event that personal data is transferred from Google Ireland Limited to the USA, Google Ireland Limited and Google LLC have concluded standard contractual clauses (Implementing Decision (EU) 2021/914, Module 3) pursuant to Art. 46(2)(c) GDPR. In addition, we also obtain your explicit consent for the transfer of your data to third countries in accordance with Art. 49(1)(a) GDPR.

Google’s Data Privacy Policy as it relates to this tool can be found here: https://www.google.com/analytics/terms/tag-manager/.

 

5.4 Google Analytics 4

If you have given your consent, this website uses Google Analytics 4, a web analytics service provided by Google LLC. The responsible party for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

Scope of processing
Google Analytics 4 uses cookies that enable an analysis of your use of our websites. The information collected by means of the cookies about your use of this website is generally transferred to a Google server in the USA and stored there.

Google Analytics 4 has IP address anonymization enabled by default. Due to IP anonymization, your IP address will be shortened by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser as part of Google Analytics 4 will not be merged with other Google data.

During your website visit, your user behavior is recorded in the form of "events". Events can be:

  • Page views
  • First visit to the website
  • Start of session
  • Your "click path", interaction with the website
  • Scrolls (whenever a user scrolls to the bottom of the page (90%))
  • Clicks on external links
  • Internal search queries
  • Interaction with videos
  • File downloads
  • Seen / clicked ads
  • Language settings
  • Purchase of products (if function is available on the website)

Also recorded:

  • Your approximate location (region)
  • Technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
  • Your internet service provider
  • The referrer URL (via which website/advertising medium you came to this website)

Purposes of processing
On behalf of the operator of this website, Google will use this information to evaluate your pseudonymous use of the website and to compile reports on website activity. The reports provided by Google Analytics 4 serve to analyse the performance of our website and the success of our marketing campaigns.

Recipients
Recipients of the data are/may be:

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (as processor under Art. 28 GDPR)
  • Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
  • Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

It cannot be ruled out that US authorities may access the data stored by Google.

Third country transfer
Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.

Duration of storage
The data sent by us and linked to cookies are automatically deleted after 14 months. The deletion of data whose retention period has been reached occurs automatically once a month.

Legal basis
The legal basis for this data processing is your consent pursuant to Art.6 para.1 p.1 lit. a GDPR.

Revocation
You can revoke your consent at any time with effect for the future by accessing the cookie settings (privacy button at the bottom left of the page) and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.

In addition, you can prevent the collection of data generated by the cookie and related to your use of the website to Google and the processing of this data by Google, by

  • downloading and installing the browser add-on to disable Google Analytics 4. This will install an opt-out cookie on your device. This prevents the collection by Google Analytics 4 for this website and for this browser in the future, as long as the cookie remains installed in your browser.
  • disabling Google Analytics 4 by via the following link: Disable Google Analytics 4. This will set an opt-out cookie on your device. This prevents the collection by Google Analytics 4 for this website and for this browser in the future, as long as the cookie remains installed in your browser.

For more information on Google Analytics 4 terms of use and Google's privacy policy, please visit https://marketingplatform.google.com/about/analytics/terms/us/ or https://policies.google.com/?hl=en.

 

5.5 Youtube-Videos

We embed YouTube videos on some of our websites. The provider of the corresponsing plug-ins is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a site with the YouTube plug-in, a connection to the servers at YouTube is established. YouTube is thereby notified of which sites you visit. If you are logged into your YouTube account, YouTube can associate your surfing history to you personally. You can prevent this by logging out of your YouTube account.

If a YouTube video is launched, the provider uses cookies to collect information on user interactions.

If you have deactivated the storage of cookies for the Google ad program, then you need not be concerned about this type of cookie when viewing YouTube videos. However, YouTube also collects non-personal user information in other cookies. If you wish to prevent this, you must block cookies from being saved to your browser.

You can find additional information on data privacy at "Youtube“ in the provider's data protection notice at: https://www.google.de/intl/de/policies/privacy/.

 

5.6 Google Maps

This website uses Google Maps API in order to visually display geographic information. When using Google Maps, Google collects, processes and utilises data on use of the map function by users. You can obtain further information on data processing by Google in Google's data protection notice. There you can also make changes to your personal data privacy settings in the data protection centre.

 

5.7 Use of script libraries (Google webfonts)

We use script libraries and font libraries on this website, such as, for example, Google Webfonts, in order to display our content correctly and in a graphically appealing manner on all browsers (https://www.google.com/webfonts/). Google Webfonts are used to avoid repeat downloads to your browser's cache. If the browser does not support Google Webfonts or blocks access, the content will be displayed in standard font.

Accessing script libraries or font libraries automatically establishes a connection to the provider of the library. It is theoretically possible - though it is currently unclear whether and for what purpose - providers collect data on these libraries.

You can find the data privacy guielines for the library provider Google here: https://www.google.com/policies/privacy/.

 

5.8 Issuu

Our website uses a JavaScript code to embed a Flash application (Flash plug-in) from Issuu Inc., 131 Lytton Ave, Palo Alto, CA 94301, USA (hereafter: Issuu). This enables print publications to be called up as e-paper.
Issuu uses cookies that allow an analysis of your use of the website. It will then raise and store personal information such as the IP address and information about the time and duration of use. The transfer takes place if you have activated JavaScript in your browser. For more information on Issuu's Terms of Use and Privacy, please visit https://issuu.com/legal/privacy.
If the Do-Not-Track feature is activated in the browser, no external Issuu plug-ins will be loaded without approval, only the reference to this option will be displayed.

 

5.9 Cloudflare

Our pages use features from Cloudflare. The provider is Cloudflare, Inc. 665 3rd St. #200, San Francisco, CA 94107, USA.

Cloudflare provides a globally distributed content delivery network with DNS. The technical transfer of information between your browser and our website is routed via the Cloudflare network. Cloudflare is thus able to analyse the data traffic between users and our websites; for example, to speed up the loading time of our pages or to detect and ward off attacks on our services.

In addition, Cloudflare may store cookies on your computer for optimisation and analysis. This safeguards our legitimate interests in the security, performance and reliability of our advertising offer in accordance with Art. 6(1)(f) GDPR. We have concluded a corresponding contract processing agreement with Cloudflare on the basis of the GDPR. The data is generally processed in Germany or other states in the European Union. Insofar as processing is carried out in third countries in certain cases, processing is only carried out if the adequacy of the level of data protection in the third country has been asserted by the EU Commission in accordance with Article 45 GDPR, on the basis of the EU standard contractual clauses or if an adequate level of data protection is ensured by the data recipient in another way. Cloudflare collects statistical data about your visit to this website. Access data includes:

  • IP address
  • Date and time of the request
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Amount of data transferred in each case
  • Website from which the request comes
  • Browser, operating system and its interface, language and version of the browser software

Cloudflare uses the log data for statistical evaluations for the purpose of operation, security and optimisation of the offer. You can find information about the data collected there and about security and data protection at Cloudflare here.

 

5.10 Facebook pixel and Facebook remarketing

Owing to our legitimate interest in the analysis, optimisation and economic operation of our webite, the site employs the so-called "Facebook pixel“ from the social network Facebook, operated by Facebook Inc. (1601 S. California Ave - Palo Alto - CA 94304 - USA) or, in the event your are resident in the EU, Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland) (“Facebook”).

With the aid of the Facebook pixel, Facebook is able to identify visitors to our website as a target group for presentation of ads, so-called "Facebook ads". We use Facebook pixel accordingly in order to show the Facebook-delivered ads only to those users who have demonstated an interest in our internet services or who exhibit the speicific characteristics that we communicate to Facebook (also referred to as "pixel events" and which contain, for example, user email addresses). In other words, by using the Facebook pixel, we seek to ensure that our Facebook ads reflect the potential interests of our users and are not simply an annoyance. With the aid of the Facebook pixel we are also better able to track the effectiveness of Facebook advertisements for statistical and marketing purposes by seeing whether users were directed to our website after clicking on a Facebook ad.

Facebook immediately incorporates the Facebook pixel when our website is accessed and can store a cookie, i.e. a small file, on your device. If you then log into Facebook or visit Facebook while logged in, your visit to our website is noted in your profile. The data collected on you remains anonymous to us, it therefore provide us no indication as to the identity of the user. However, the data is stored and processed by Facebook, so that it is possible to make a connection to the respective user profile. Insofar as we transmit data to Facebook for cross-checking purposes, this data is encrypted locally on your browser and only then sent to Facebook via a secured https connection. This occurs solely for the purpose of reconciling data likewise encrypted by Facebook.

Insofar as we transmit data to Facebook for cross-checking purposes, this data is encrypted locally on your browser and only then sent to Facebook via a secured https connection. This occurs solely for the purpose of reconciling data likewise encrypted by Facebook.

The processing of data by Facebook occurs within the scope of Facebook's data utilisation guidelines. General information on the display of Facebook ads can be found in Facebook's data utilisation guidelines: www.facebook.com/policy.php. You can find special information and details on Facebook pixel and how it operates in Facebook's Help section: www.facebook.com/business/help/651294705016616.

You can object to collection of data by Facebook pixel and its use in presenting Facebook ads. To do so, refer to the followng webpage created by Facebook and follow the directions there regarding the preferences for user-based advertisement: www.facebook.com/settings, or declare your objection via the US webpage: www.aboutads.com/choices or the EU webpage: www.youronlinechoices.com/uk/your-ad-choices/ erklären. The preferences are platform-independent, meaning, they are adopted by all devices, whether desktop computer or mobile devices.

 

5.11 Friendly Captcha

Einhell uses the "Friendly Captcha" service to prevent fraudulent activity and to protect you as an end user from becoming a potential victim of cybercrime.

The Friendly Captcha services provides a JavaScript element that is integrated into the source code of the website / webshop. The inclusion of the JavaScript element loads software in the background that provides crypto puzzles. Your device solves this crypto puzzle automatically, and you do not have to solve any arithmetic problems or picture puzzles.

The solution of the crypto puzzle is used to track whether the website / webshop is being used fraudulently or through automated machine processing, e.g. using bots, and to confirm the visitors are real people. The service is used in forms (contact forms, prize draw forms, registration and login forms, etc.) and in the order process.

To provide the service, Friendly Captcha stores the following data:

  • the User Agent, Origin and Referer request headers.
  • The puzzle itself, which contains information about the Friendly Captcha account and the identifier of the website to which the puzzle relates.
  • The version of the Friendly Captcha service being used.
  • Timestamp (Date / Time) that the puzzle was requested and solved.

Friendly Catch stores an anonymised counter for each IP address to enable dynamic scaling of the puzzle complexity in the edge network, in order to detect malicious/automated use and minimise the banning of real people. The IP addresses are anonymised by one-way hashing, and thus are not personally identifiable. The use of Friendly Captcha does not involve the storage of personal data such as your name, email address, online profile, etc.

No cookies are set when using Friendly Captcha.

Provider of the service:
Friendly Captcha GmbH, Wörthsee, Deutschland

You can find further information about Friendly Captcha's data protection policy here. Friendlycaptcha.com - Privacy policy for end users

In accordance with article 6, section 1(f) of the General Data Protection Regulation (GDPR), Einhell Germany AG and its subsidiaries have a legitimate interest in the use of Friendly Captcha, as the service helps to prevent potentially fraudulent activity on our website / webshop which could put Einhell infrastructure at risk.

 

5.12 Matomo (self-hosted)

Description of Service
This is an open source web analytics service. Matomo is providing the technology. However, Matomo is not processing any data as the data is not being transferred to Matomo due to the self-hosting solution. Self-hosting means that Einhell hosts the web analytics service Matomo on its own servers and thus has sole sovereignty over the analytics data.

Data Purposes
This list represents the purposes of the data collection and processing.

  • Analytics
  • Event tracking

Technologies Used
We use Matomo without any tracking cookies - instead we rely on cookieless tracking. Cookieless tracking is an alternative form of tracking that uses methods such as counting unique IP addresses or browser fingerprinting to identify users instead of cookies.

Data Collected
This list represents all (personal) data that is collected by or through the use of this service.

  • Time of users previous visit
  • Screen resolution
  • Files clicked or downloaded
  • Links to outside domain clicked
  • Page speed
  • Page URL
  • Number of users visits
  • Anonymized user IP
  • User agent
  • Browser information
  • Time zone
  • Time of users first visit
  • Date and time of visit
  • Page title
  • Referrer URL
  • Usage data
  • Device information
  • Geographic location
  • Anonymized order ID

We use IP anonymization for the analysis with Matomo. In this case, your IP address is shortened before analysis so that it can no longer be clearly assigned to you. The same applies to the order ID, which is also anonymized when the shopping functionality is available on the website.

Legal Basis
In the following the required legal basis for the processing of data is listed.

  • Art. 6 para. 1 s. 1 lit. f GDPR
  • §25 para. 2 no. 2 TTDSG

Location of Processing
This is the primary location where the collected data is being processed. If the data is also processed in other countries, you are informed separately.

  • European Union

Deactivate Matomo
If you do not agree to the storage and use of your data, you can deactivate the data processing here. In this case, an opt-out cookie will be stored in your browser, which prevents Matomo from storing usage data. If you delete your cookies, this will have the effect that the Matomo opt-out cookie will also be deleted. The opt-out must then be reactivated when you visit our site again.