Privacy Policy
Privacy policy
Person responsible:
Dolphin Innovations GmbH
Rothenbaumchaussee 5
20148 Hamburg
Germany
Phone: +49 (0) 40 412 63 98 30
E-Mail: logistik@dolphin-innovations.de
represented by the managing director Thomas Wingerter, who has sole power of representation, in the same place,
(following provider)
vis-à-vis the users of the websites www.truvirtu.com and
https://twitter.com/TRU_VIRTU, https://www.youtube.com/user/DolphinInnovations, https://www.facebook.com/truvirtuofficial/, https://www.instagram.com/truvirtuofficial/?hl=de.
With the following declaration, we inform you about the type, scope and purposes of the collection, processing and use of your data in connection with your visit to our websites.
I. Summary
The provider publishes information about its company and its products on the websites. The provider also operates a webshop for smart wallets and other accessories.
It uses technologies to measure reach in the context of advertising and market research. You can find more detailed explanations in the following explanations.
The provider stores and processes your personal data in compliance with the relevant data protection regulations, in particular the German Data Protection Regulation (DSGVO), the German Federal Data Protection Act (BDSG) and the German Telemedia Act (TMG). In doing so, it observes the principle of data minimisation. This means that data is processed to the extent necessary for the purposes of processing, as is appropriate and necessary for the provision of a functioning website and with regard to the content and services offered. The processing is carried out either on the basis of prior consent or, if permitted by legal provisions.
When you access the provider's websites, the provider processes certain usage data to enable you to use its offer.
If you transmit data to the provider as part of the transmission of an order or via a form provided, the provider processes this data exclusively for the purposes stated in each case.
All processed personal data will be deleted by the provider after the storage period has expired.
You have a right to information regarding your data or to correction, deletion and restriction of the processing of your data, a right to object to the processing, a right to data portability and a right to lodge a complaint with a supervisory authority.
You can find more information below.
II. Data protection information pursuant to Articles 13, 14 DSGVO
1. Definitions
a. Personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b. Accounting data
Billing data is data that is required to determine the fee and to bill the user.
c. Inventory data
Inventory data are personal data of a user which are required for the establishment, content-related structuring or amendment of a contractual relationship between the service provider and the user concerning the use of telemedia.
d. Usage data
Usage data are personal data of a user which are necessary to enable and bill the use of telemedia. This includes, in particular, features for identifying the user, information about the beginning and end as well as the scope of the respective use and information about the telemedia used by the user.
e. Processing
Processing is any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
f. Cookies
Cookies are small text files that are stored on your computer. Cookies always have a validity period, which can be limited to the end of the user session (so-called session cookies) or can also exist for a longer period (so-called permanent cookies). These permanent cookies remain on your computer and enable the provider or its partner companies (so-called third party cookies) to recognise your computer on your next visit. You can set your browser in such a way that you are informed about the setting of cookies and can decide individually whether to accept them or reject the setting of cookies for certain cases or in general. If you do not accept cookies, the functionality of the website may be limited.
g. Website
A website, also known as a web presence, is the presence of a private or corporate provider of telemedia on the worldwide web (World Wide Web), summarised under a specific internet address. The web presence includes web pages or sub-pages and optionally available downloadable documents as well as further retrievable audiovisual media services.
2. Your rights as a affected person
You have the right:
- revoke your consent at any time in accordance with Article 7(3) of the General Data Protection Regulation. This has the consequence that we may no longer continue the data processing based on this consent for the future;
- to request information about your personal data processed by us in accordance with Article 15 of the General Data Protection Regulation. In particular, you can request information about the processing purposes, the categories of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making, including profile formation and, if applicable, meaningful information about its details;
- demand the correction of inaccurate or incomplete personal data stored by us without delay in accordance with Article 16 of the Basic Data Protection Regulation;
- request the erasure of your personal data stored by us in accordance with Article 17 of the General Data Protection Regulation, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
- to request the restriction of the processing of your personal data in accordance with Article 18 of the General Data Protection Regulation, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or you have objected to the processing in accordance with Article 21 of the General Data Protection Regulation;
- in accordance with Article 20 of the General Data Protection Regulation, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller; and
- complain to a supervisory authority in accordance with Article 77 of the General Data Protection Regulation. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our registered office for this purpose.
3. Right of objection
If your personal data are processed on the basis of legitimate interests pursuant to Article 6, paragraph 1, sentence 1, letter f, of the General Data Protection Regulation, you have the right to object to the processing of your personal data pursuant to Article 21 of the General Data Protection Regulation, insofar as there are grounds for doing so that arise from your particular situation.
If you wish to exercise your right to object, a telephone message or an e-mail to the contact e-mail address above will suffice.
4. Description and scope of the processing of your data on our website
With this section, the provider informs you about the purposes for which the personal data are processed via the website and the legal basis for the processing.
When transferring data between your computer or mobile device and the provider's server, the provider uses the SSL security system (Secure Socket Layer). This technology is designed to protect your data from being read by unauthorised third parties and offers a very high standard of security. You can recognise that your data is being transmitted in encrypted form by the closed display of a key or lock symbol in the lower status bar of your browser.
a. Recipients of personal data in the EU and in third countries
The provider uses processors as part of the processing of your data. Processing operations carried out by such processors include, for example, hosting, maintenance and support of IT systems, customer and order management, order processing, accounting and billing, marketing activities or file and data carrier destruction. A processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the data controller. Processors do not use the data for their own purposes, but carry out data processing exclusively for the data controller and are contractually obliged to guarantee appropriate technical and organisational measures for data protection. In addition, we may transfer your personal data to bodies such as postal and delivery services, the company's bank, tax advisors/auditors or the tax authorities.
The provider also uses services and content from third-party providers on its website. In the course of this, the provider transmits data to the following location within the European Union:
- Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Irland (nachstehend Google)
- Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Irland (nachstehen Facebook Ireland)
- Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Köln, Deutschland (nachstehend Trusted Shops)
Visiting the website may involve the transfer of certain personal data to third countries, i.e. countries where the GDPR is not applicable law. Such a transfer takes place in a permissible manner if the European Commission has determined that an adequate level of data protection is required in such a third country. If such an adequacy decision of the European Commission does not exist, a transfer of personal data to a third country shall only take place if appropriate safeguards pursuant to Art. 46 GDPR are in place or if one of the conditions of Art. 49 GDPR is met.
Unless otherwise specified below, the Provider shall use as appropriate safeguards the EU standard contractual clauses for the transfer of personal data to processors in third countries: https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX%3A32010D0087.
If you consent to the transfer of personal data to third countries, the transfer is made on the legal basis of Art. 49 (1) a DSGVO.
b. Log data processing
When accessing a website of the provider, your internet browser automatically transmits certain data to the provider's server for technical reasons. The following data is collected by the provider separately from other data that you may transmit to the provider and used for the aforementioned purposes:
Data collection (usage data)
- Name of the accessed website or the url
- Date and time of the retrieval
- Access status / Http status code
- Website through which the request comes
- Browser software and software version
- IP address (anonymised, shortened by the last three digits)
The legal basis for the storage of the data and the log files are the legitimate interests of the provider pursuant to Art. 6 para. 1 lit. f DSGVO.
If the data is stored in log files, the usage data is deleted after 7 days at the latest. Storage beyond this period is possible in accordance with data protection law. In this case, the IP addresses are deleted or alienated so that it is no longer possible to allocate the internet page retrieval to your computer.
The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object. However, you can exercise your right to object by means of automated procedures that use technical specifications, such as in the case of the anonymisation of your IP address by VPN providers.
c. Processing in the case of the use of forms (contact form, order function in the webshop, newsletter subscription)
The provider provides contact forms through which you can send a message to the provider.
Data collection (inventory data)
Contact form https://truvirtu.com/en/contact
- First name
- Last name
- Company
- E-mail (mandatory field)
- Area code / telephone number
- Street
- House number
- Addition
- Country
- State
- POSTCODE
- City
- Subject (mandatory field)
- Comment (mandatory field)
- Reason for contact (mandatory field)
Contact form https://truvirtu.com/en/b2b-kontaktformular
- First name
- Last name
- Company
- E-mail (mandatory field)
- Area code / telephone number (mandatory field)
- Street (mandatory field)
- House number (mandatory field)
- Addition
- Country (mandatory field)
- State (mandatory field)
- Postcode (mandatory field)
- City (mandatory field)
- Website (mandatory field)
- Business model (mandatory field)
- Subject (mandatory field)
- Comment (mandatory field)
Registration form for the newsletter https://truvirtu.com/newsletter
- E-mail (mandatory field)
- Salutation
- First name
- Last name
- Street
- House number
- POSTCODE
- City
The newsletter can only be received by the data subject if the data subject registers to receive the newsletter. For legal reasons, a confirmation e-mail is sent to the e-mail address entered by a data subject for the first time for the newsletter dispatch using the double opt-in procedure. This confirmation e-mail serves to verify whether the owner of the e-mail address as the data subject has authorised the receipt of the newsletter. The declaration of consent given via the double opt-in procedure can be revoked at any time. Unsubscribing from the receipt of the newsletter is automatically interpreted as a revocation. When registering for the newsletter, we also store the IP address and the date and time of registration. The processing of this data is necessary in order to be able to prove that consent has been given. The legal basis results from our legal obligation to document your consent (Art. 6 para. 1 letter c in conjunction with Art. 7 para. 1 DSGVO).
The personal data collected in the context of a registration for the newsletter is used exclusively for sending our newsletter. The MailChimp service of The Rocket Science Group LLC d/b/a MailChimp (USA) is used to support the sending of e-mails. The personal data collected as part of the newsletter service is not passed on to third parties.
Order form in the webshop
- Entrepreneur / Consumer
- Salutation (mandatory field)
- First name (mandatory field)
- Last name (mandatory field)
- E-mail (mandatory field)
- Password
- Street
- House number
- POSTCODE
- City
Order form in the B2B webshop
- Salutation (mandatory field)
- First name (mandatory field)
- Last name (mandatory field)
- E-mail (mandatory field)
- Password
- Agent email address
- Company (mandatory field)
- Department
- VAT ID
- Country
- POSTCODE
- City
- Street
- House number
The legal basis for processing the data is Art. 6 para. 1 lit. a DSGVO if you have given the provider your consent, and furthermore, in the case of data processing for the provider's legitimate interests, also Art. 6 para. 1 lit. f DSGVO. If the purpose of contacting you is to initiate a contract, Art. 6 para. 1 lit. b DSGVO is also a legal basis for data processing.
Data provided by you will be deleted immediately after your enquiry has been dealt with, or in the absence of such, at the latest 14 days after the last contact, unless your data is subject to a longer storage period for a separate reason (e.g. the storage of information that serves the fulfilment of a contract). The request is considered to have been dealt with when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
You have the possibility at any time to revoke your consent to the processing of personal data or to object to data processing that is not based on consent. The exercise of the revocation or objection can be made in particular by e-mail to the contact e-mail address mentioned above. All personal data that the provider has stored in the course of your contact will be deleted in this case.
Your right of revocation does not apply to data that the provider requires in the context of the fulfilment of a contract or pre-contractual measures. However, you may have further rights.
d. Use of cookies
aa. Use of technical cookies
The provider uses session cookies to make visiting the websites attractive and to enable the use of certain functions. These cookies of the provider are generally deleted from your hard drive after the end of the browser session.
Data collection (usage data):
- session, identifies the current session, the user and his shopping cart
- csrf, provides protection against a CSRF attack. Further information
- Shop, stores the language/subshop that the customer calls up
- preferences, stores the settings from the Cookie Consent Manager
- decline, is set if the visitor refuses the storage of cookies
- allow, is set if the visitor allows cookies to be stored
- note, if a customer places an item on the notepad, a cookie is created for this purpose
- currency, stores the selected currency
- context_hash, is needed for the recognition of the control rules
- no_cache, the elements that are not to be cached are stored here
The legal basis for the storage of the data and the log files are the legitimate interests of the provider pursuant to Art. 6 para. 1 lit. f DSGVO. In the present case, these consist of ensuring the functionality and attractiveness of the website, which serves the purpose of provider advertising.
You have the option at any time to revoke your consent to the processing of personal data or to object to data processing that is not based on consent. Cookies are stored on your computer and transmitted from it to our websites. Therefore, you as a user have control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. You can delete cookies that have already been stored at any time.
bb. Use of cookies of the provider for advertising purposes (technically unnecessary cookies)
When the website is called up, the provider transmits permanent cookies for non-technical purposes, including sales promotion and web analysis of its telemedia. With the help of these cookies, the provider determines the user's usage data in pseudonymous form and can thus recognise, for example, how often the website is frequented by the respective pseudonymous internet user from which regions and with which types of end devices the user accesses the website.
After you have previously given your consent related to the respective cookie, technically unnecessary cookies are automatically stored on your computer and transmitted from it to our website. The duration of the respective storage is displayed to you at the time of obtaining consent.
Data collection (usage data):
- slt, allows customers to be recognised when they return to the webshop, even if the session has already expired - validity period: 1 year
- device, stores the device used, e.g. for the correct display of the shop - Validity period: Only for the current session.
- partner, is required to recognise partners for the partner programme - validity period: 1 year
- _ga, registers a unique ID that is used to generate statistical data on how the visitor uses the website- Validity period: 2 years
- _gid, registers a unique ID that is used to generate statistical data on how the visitor uses the website. - Validity period: 1 day
- _gat, used by Google Analytics to limit the request rate
- c_user contains the user ID of the logged in user - validity period: 1 year
- datr tracks the user's surfing behaviour - validity period: 2 years
- fr contains social media account data - validity period: 3 months
- sb contains information about the browser. - Validity period: 2 years
- xs contains a unique session ID. - Validity period: 1 year
The usage data is automatically deleted after the storage period has expired. Storage beyond this period is possible in accordance with data protection law. In this case, the IP addresses and the pseudonyms are deleted or alienated so that it is no longer possible to allocate the internet page retrieval to your computer.
The legal basis for the processing of usage data is Art. 6 para. 1 lit. a DSGVO.
You have the option to revoke your consent to the processing of personal data at any time. The cookies remain on your computer until they are deleted. Therefore, you as the user have control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. You can delete cookies that have already been stored at any time, either individually or in total.
4. Third party services and content
a. Use of Google Analytics
The website www.truvirtu.com uses Google Analytics, a web analytics service provided by Google. Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about the use of this website is usually transmitted to a Google server in the USA and stored there. In the event that IP anonymisation is activated on this website, however, Google will truncate the user's IP address beforehand within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.
Data collection (usage data):
- _ga, registers a unique ID that is used to generate statistical data on how the visitor uses the website
- _gid, registers a unique ID that is used to generate statistical data on how the visitor uses the website.
- _gat, used by Google Analytics to limit the request rate
Other data collected by Google includes unique identifiers, browser type and settings, device type and settings, operating system, mobile network information such as mobile carrier name and phone number, and app version number. Google also collects data about how your apps, browsers and devices interact with Google's services. This includes, but is not limited to, IP address, crash reports, system activity, and the date, time and referring URL of your request.
The IP address transmitted by the user's browser as part of Google Analytics will not be merged with other Google data.
The user may refuse the use of cookies by selecting the appropriate settings on the browser, however please note that if you do this you may not be able to use the full functionality of this website.
In addition, the user can prevent the collection of the data generated by the cookie and related to the use of the website (incl. the IP address) to Google as well as the processing of this data by Google by downloading and installing the browser plugin available under the following link [http://tools.google.com/dlpage/gaoptout?hl=de].
Google Analytics is used in accordance with the conditions agreed with Google by the German data protection authorities. Google terms of use: https://www.google.de/intl/de/policies/terms/regional.html, overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html, and data protection statement: http://www.google.de/intl/de/policies/privacy.
The provider points out that the code "gat._anonymizeIp();" has been added to Google Analytics on the website to ensure anonymised collection of IP addresses (so-called IP masking).
The legal basis for the transmission of usage data is your consent in accordance with Art. 6 para. 1 lit. a DSGVO.
Google will automatically delete the stored data after 14 months.
b. Use of Google Web Fonts
The website www.truvirtu.com uses fonts, so-called web fonts, which are provided by Google. When you call up a page, your browser loads the required web fonts into your browser cache so that texts and fonts can be displayed correctly.
When you visit this website, your computer establishes a connection to the servers on which the web fonts are provided. This enables Google to know that your IP address has been used to access the provider's website.
Data collected by Google includes unique identifiers, browser type and settings, device type and settings, operating system, mobile network information such as mobile carrier name and phone number, and app version number. Google also collects data about how your apps, browsers and devices interact with Google's services. This includes, but is not limited to, IP address, crash reports, system activity, and the date, time and referring URL of your request.
Google Web Fonts are used in the interest of a uniform and appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO. These consist of ensuring the functionality and attractiveness of the website, which serves the purposes of provider advertising.
Google Terms of Use: https://www.google.de/intl/de/policies/terms/regional.html, Privacy Policy Overview: http://www.google.com/intl/de/analytics/learn/privacy.html, and Privacy Policy: http://www.google.de/intl/de/policies/privacy.
Google informs in its privacy policy in the section "How Google stores the collected data" about the storage period : https://policies.google.com/technologies/retention?hl=de.
c. Use of Google Maps
The provider uses the Google Maps service from Google for the website www.truvirtu.com. When you access this website, your computer establishes a connection to the servers on which the web fonts are provided. This enables Google to know that your IP address has been used to access the provider's website.
When you access the https://truvirtu.com/StoreConsent section of the website, your computer establishes a connection to the servers on which the Google Maps service is provided. This enables Google to know that your IP address has been used to access the provider's website.
Data collected by Google includes unique identifiers, browser type and settings, device type and settings, operating system, mobile network information such as mobile carrier name and phone number, and app version number. Google also collects data about how your apps, browsers and devices interact with Google's services. This includes, but is not limited to, IP address, crash reports, system activity, and the date, time and referring URL of your request.
Google Maps is used in the interest of an appealing presentation of our company. This constitutes a legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO. These consist of ensuring the attractiveness of the website, which serves the purposes of provider advertising.
Google Terms of Use: https://www.google.de/intl/de/policies/terms/regional.html, Privacy Policy Overview: http://www.google.com/intl/de/analytics/learn/privacy.html, and Privacy Policy: http://www.google.de/intl/de/policies/privacy.
Google informs about the storage period in its privacy policy in the section "How Google stores the collected data": https://policies.google.com/technologies/retention?hl=de.
d. Use of the Google Content Delivery Network
The website www.truvirtu.com uses the Google Content Delivery Network, a service provided by Google. The Google Content Delivery Network is used to make certain content elements of the website, such as Javascript libraries, available particularly reliably and quickly in order to avoid technical problems when the website is called up. When the provider's website is called up, information about the use of this website (usage data) is transmitted to a Google server in the USA.
The legal basis for the transmission of the data is Art. 6 para. 1 lit. f DSGVO. These consist of ensuring the attractiveness of the website, which serves the purposes of provider advertising.
The transmission of this usage data to Google is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object. However, you can exercise your right to object by means of automated procedures that use technical specifications, such as in the case of the anonymisation of your IP address through the use of a VPN service.
The provider has entered into an order processing agreement with Google. Under this agreement, the provider has provided appropriate safeguards for the protection of the data subject on the basis of which the data subject has enforceable rights and effective legal remedies.
Privacy policy of Google: http://www.google.de/intl/de/policies/privacy.
e. Use of the Google Tag Manager
The provider uses the Google Tag Manager web analysis service from Google, which has the effect that the provider can integrate so-called code snippets such as tracking codes or conversion pixels into the website in order to collect user-specific information. The provider can use the collected data to determine how successful the individual advertising measures are.
Due to the functions used, your browser automatically establishes a direct connection with the Google server. By integrating the Google Tag Manager, Google receives the information that you have called up the corresponding part of our website or clicked on one of our advertisements. If you are registered with a Google service, Google can assign the website usage to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider may obtain and store your IP address.
The legal basis for the processing of your data is Art. 6 para. 1 p. 1 lit. f DSGVO. Legitimate interests of the provider consist, among other things, in the implementation of advertising measures.
You can prevent participation in this tracking process in various ways: a) by setting your browser software accordingly, in particular the suppression of third-party cookies will result in you not receiving third-party ads; b) by disabling conversion tracking cookies by setting your browser to block cookies from the domain "www.googleadservices.com", https://www. google.de/settings/ads, deleting this setting when you delete your cookies; c) by disabling the interest-based ads of the providers that are part of the self-regulatory campaign "About Ads" via the link http://www.aboutads.info/choices, deleting this setting when you delete your cookies; d) by permanently disabling them in your Firefox, Internetexplorer or Google Chrome browsers at the link http://www.google.com/settings/ads/plugin.
Privacy policy of Google: http://www.google.de/intl/de/policies/privacy.
f. Use of the Facebook Pixel
The provider uses the Facebook Pixel, a Facebook business tool of Facebook Ireland Limited (Ireland, EU), on the website. For information on the contact details of Facebook Ireland and the contact details of the Facebook Ireland data protection officer, please refer to the Facebook Ireland data policy at https://www.facebook.com/about/privacy.
The Facebook pixel is a JavaScript code snippet that allows the provider to track visitors' activity on the website. This tracking is called conversion tracking. The Facebook pixel collects and processes the following information (so-called event data) for this purpose:
Data collection (usage data):
- Information about actions and activities of visitors to the website, such as searching for and viewing a product or purchasing a product;
- Specific pixel information such as the pixel ID and the Facebook cookie;
- Information about buttons clicked by visitors to the website;
- Information present in the HTTP header, such as IP addresses, information about the web browser, the location of the page and the referrer;
- Information on the status of the deactivation/restriction of ad tracking.
Some of this event data is information that is stored in the device you are using. In addition, the Facebook pixel also uses cookies to store information on the end device you are using. Such storage of information by the Facebook pixel or access to information that is already stored in your end device only takes place with your consent.
Tracked conversions appear in the Facebook Ads Manager and Facebook Analytics dashboard. The provider can use the tracked conversions there to measure the effectiveness of their ads, set Custom Audiences for ad targeting, Dynamic Ads campaigns and analyse the effectiveness of the website's conversion funnels. The functions used by the provider via the Facebook pixel are described in more detail below.
Processing of event data for advertising purposes
Event data collected via the Facebook Pixel is used for ad targeting and to improve ad delivery, personalise features and content, and improve and secure Facebook products.
For this purpose, event data is collected on the website by means of the Facebook pixel and transmitted to Facebook Ireland. This only takes place if you have previously given your consent to this. The legal basis for the collection and transmission of personal data by us to Facebook Ireland is therefore Art. 6 (1) a DSGVO.
This collection and transfer of Event Data is carried out by the Provider and Facebook Ireland as joint controllers. The Provider has entered into a Joint Controller Agreement with Facebook Ireland which sets out the allocation of data protection obligations between the Provider and Facebook Ireland. In this agreement, the Provider and Facebook Ireland have agreed, inter alia, that,
- that the provider is responsible for providing you with all information pursuant to Art. 13, 14 GDPR about the joint processing of personal data;
- that Facebook Ireland is responsible for enabling data subjects' rights under Articles 15 to 20 of the GDPR in respect of personal data held by Facebook Ireland following the joint processing.
You can access the agreement concluded between the provider and Facebook Ireland at https://www.facebook.com/legal/controller_addendum.
Facebook Ireland is the sole controller of the subsequent processing of the submitted event data. For more information on how Facebook Ireland processes personal data, including the legal basis on which Facebook Ireland relies and how you can exercise your rights against Facebook Ireland, please refer to Facebook Ireland's Data Policy at https://www.facebook.com/about/privacy.
Processing of event data for analysis purposes
The Provider has also engaged Facebook Ireland to report on the impact of its advertising campaigns and other online content based on the Event Data collected through the Facebook Pixel (Campaign Reports) and to provide analytics and insights about Users and their use of the Website, Products and Services (Analytics). For this purpose, the Provider transmits personal data contained in the Event Data to Facebook Ireland. The personal data submitted will be processed by Facebook Ireland as a processor in order to provide the campaign reports and analytics to the provider.
Personal data is only processed for the creation of analyses and campaign reports if you have previously given your consent to this. The legal basis for this processing of personal data is therefore Art. 6 para. 1 lit. a DSGVO.
A transfer of data to Facebook Inc. in the USA cannot be ruled out. The legal basis for this transfer is the standard contractual clauses for the transfer of personal data to processors in third countries. Please note the information in the section "Data transfer to third countries“.
g. Use of the Trusted Shops trust badge
The Trusted Shops trust badge is integrated on this website to display our Trusted Shops seal of approval and any ratings collected, as well as to offer Trusted Shops products to buyers after they have placed an order.
This serves to protect our legitimate interests in optimal marketing by enabling secure shopping in accordance with Art. 6 para. 1 p. 1 f DSGVO, which prevail in the context of a balancing of interests. The trust badge and the services advertised with it are an offer from Trusted Shops. The trust badge is provided by a CDN provider (content delivery network) within the scope of order processing.
Further information on data protection at Trusted Shops can be found at: https://business.trustedshops.de/impressum
When the Trustbadge is called up, the web server automatically saves a so-called server log file, which also contains your IP address, date and time of the call-up, amount of data transferred and the requesting provider (access data) and documents the call-up. Individual access data are stored in a security database for the analysis of security anomalies. The log files are automatically deleted 90 days after creation at the latest.
5. Description and scope of the processing of your data on our social media profiles
With this section, the provider informs you about the purposes for which the personal data are processed via social media profiles and the legal basis for this processing.
The provider is represented on several social media platforms with a company profile. Through this, the provider would like to offer further opportunities for information about its company and for exchange. The provider has company profiles on the following social media platforms:
- YouTube
When you visit or interact with a profile on a social media platform, personal data about you may be processed. Information associated with a social media profile in use also regularly constitutes personal data. This also covers messages and statements made while using the profile. In addition, during your visit to a social media profile, certain information is often automatically collected about it, which may also constitute personal data.
a. Visit a social media page
aa. Facebook and Instagram
For the purpose of presenting the company, the provider maintains a company profile at the internet addresses xxx and xxx on the social media platforms Facebook and Instagram, both web services of the company Facebook.
When you visit the Facebook or Instagram page of the provider, certain information about you is processed. The sole controller of this processing of personal data is Facebook Ireland Ltd (Ireland/EU - "Facebook"). For further information about the processing of personal data by Facebook, please visit https://www.facebook.com/privacy/explanation. Facebook offers the possibility to object to certain data processing; information and opt-out options in this regard can be found at https://www.facebook.com/settings?tab=ads.
Facebook provides the provider with anonymised statistics and insights for its Facebook and Instagram page that help the provider gain insights into the types of actions people take on our page (known as "page insights"). These page insights are created on the basis of certain information about people who have visited the company profile. This processing of personal data is carried out by Facebook and the provider as joint controllers.
The processing serves the legitimate interest of the provider to evaluate the types of actions taken on its site and to improve its site based on these findings. The legal basis for this processing is Art. 6 para. 1 lit. f DSGVO. The provider cannot assign the information obtained via the page insights to individual user profiles interacting with its Facebook and Instagram page. The provider has entered into a joint controller agreement with Facebook, which sets out the distribution of data protection obligations between the provider and Facebook. Details of the processing of personal data to create Page Insights and the agreement entered into between the Provider and Facebook are available at https://www.facebook.com/legal/terms/information_about_page_insights_data. With regard to these data processing operations, you have the possibility to assert your data subject rights (see "Your rights") also against Facebook. Further information on this can be found in Facebook's privacy policy at https://www.facebook.com/privacy/explanation.
Please note that according to the Facebook privacy policy, user data is also processed in the USA or other third countries. Facebook only transfers user data to countries for which an adequacy decision has been issued by the European Commission in accordance with Art. 45 of the DSGVO or on the basis of appropriate safeguards in accordance with Art. 46 of the DSGVO.
bb. Use of a Youtube channel
The provider has videos available for viewing on the website www.truvirtu.com and at the Internet address https://www.youtube.com/user/DolphinInnovations, which are stored on the YouTube service, a Google service.
By visiting the website or the internet address https://www.youtube.com/user/DolphinInnovations, personal data may be transmitted. Google receives the information that you have accessed the corresponding channel. This occurs regardless of whether you have registered a user account with the YouTube service and are logged in to the service, or whether you do not have a user account. If you are logged in to the Youtube service, your data will be directly assigned to your account. If you do not want your data to be associated with your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or for the needs-based design of its website. Such evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities. Among other things, YouTube might collect the following activity data: Terms you search for, videos you watch, content and ads you view and interact with, voice and audio data from your use of audio features, purchase activity, people you communicate with or share content with, activity on third-party websites and apps that use Google services, the Chrome browsing history you have synced with your Google account.
Google is solely responsible for the processing of personal data.
Further information on the purpose and scope of data collection and processing by YouTube can be found in the privacy policy, available at https://policies.google.com/privacy?hl=de&gl=de.
cc. Twitter company profile
For the purpose of presenting the company, the provider maintains a company profile at the social media portal twitter.com, a web service of the company Twitter, at the internet address https://twitter.com/TRU_VIRTU. The company's profile is not accessible via Twitter. When the company profile is called up, certain data is transmitted to Twitter. This includes registration data, messages transmitted, files provided and payment information. You can find out what data is involved and how long this data is stored in the respective valid Twitter privacy policy, available at https://twitter.com/de/privacy. The provider has no influence on the collection of this data and its storage period.
b. Comments and direct messages
We also process information that you have provided to us via our company page on the respective social media platform. Such information may be the username used, contact details or a message sent to us. These processing operations are carried out by us as the sole data controller. We process this data on the basis of our legitimate interest to get in contact with inquiring persons. The legal basis for the data processing is Art. 6 para. 1 letter f DSGVO. Further data processing may take place if you have consented (Art. 6 para. 1 lit. a DSGVO) or if this is necessary for the fulfilment of a legal obligation (Art. 6 para. 1 lit. c DSGVO).
6. Further data processing
Processing in the case of sending e-mails and contacting us by telephone
You can contact the provider via the e-mail addresses and telephone numbers provided on the websites. The provider processes the data you provide to respond to your contact request.
Data collection (inventory data)
- First name
- Last name
- Company
- E-mail (mandatory field)
- Area code / telephone number
- Street
- House number
- Addition
- Country
- State
- POSTCODE
- City
- Subject (mandatory field)
- Comment (mandatory field)
In the event that you send an e-mail or contact us by telephone, the aforementioned inventory data will be processed if you provide the provider with this information.
The legal basis for the processing of the data is Art. 6 para. 1 lit. a DSGVO, if you have given the provider your consent, and furthermore also the perception of legitimate interests according to Art. 6 para. 1 lit. f DSGVO. Legitimate interests of the provider include the implementation of advertising measures. However, the provider will only ever use this option in a specifically appropriate manner. If the purpose of the contact is to initiate a contract, Art. 6 para. 1 lit. b DSGVO is also a legal basis for data processing.
Data provided by you will be deleted immediately after your enquiry has been dealt with, or in the absence of such, at the latest 14 days after the last contact, unless your data is subject to a longer storage period for a separate reason (e.g. the storage of information that serves the fulfilment of a contract). The request is considered to have been dealt with when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
You have the possibility at any time to revoke your consent to the processing of personal data or to object to data processing that is not based on consent. The exercise of the revocation or objection can be made in particular by e-mail to the above-mentioned contact e-mail address. All personal data that the provider has stored in the course of your contact will be deleted in this case.
Your right of revocation does not apply to data that the provider requires in the context of the fulfilment of a contract or pre-contractual measures. However, you may have further rights.