Privacy Policy

In the following we will inform you in accordance with the legal requirements - in particular the EU General Data Protection Regulation (GDPR, available Here) - about the processing of personal data by our company.

 

Contents Overview:

  1. General Information
    1. Important
    2. Terms  Scope
    3. Controller
    4. Data Protection Officer
  1. Data Processing in Detail
    1. General Information about Data Processing
    2. Use of Our Services
    3. Customer Feedback or Contacting Customer Services
    4. Competitions and Promotions
    5. Download Offers and Activation of Content that Requires Registration
    6. Push Notifications via Apps in Browser
    7. Tracking & Usage Analysis
  1. Rights of the Data Subject
    1. Right to Object
    2. Right to Be Informed
    3. Right to Rectification
    4. Right to Erasure (“Right to Be Forgotten”)
    5. Right to Restriction of Processing
    6. Right to Data Portability
    7. Right to Revocation of Consent
    8. Right to Lodge a Complaint with a Supervisory Authority
  1. General Information

In this section of the Privacy Policy, you will find information on the scope, the person responsible for the data processing, the Data Protection Officer and data security. In addition, we explain in advance the meaning of important terms that are used in the Privacy Policy.

    1. Important Terms

Browser: Computer program for displaying websites (e.g. Chrome, Firefox, Safari)

Cookies: Text files that the visited web server places on the user’s computer using the browser used. The stored cookie information can contain an identifier (cookie ID), which is used for recognition, as well as content-related information such as the registration status or information about websites visited. The browser sends the cookie information back to the web server with each request on subsequent visits to this page. Most browsers accept cookies automatically.

Third Countries: Countries outside the European Union (EU)

GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 for the protection of natural persons with regard to processing of personal data on the free movement of such data and the repeal of Directive 95/46/EC (General Data Protection Regulation), available here.

Personal Data: All information relating to an identified or identifiable natural person. An identifiable person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Profiling: Any automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to the performance of work, economic situation, health, personal preferences, interests, reliability, conduct, whereabouts or movements of that natural person.

Services: Our offers to which this Privacy Policy applies (see Scope).

Tracking: The collection of data and their evaluation regarding the behavior of visitors to our Services.

Tracking Technologies: Tracking can be done both via the activity logs (log files) stored on our web servers and via data collection from your device vial pixels, cookies or similar tracking technologies.

Processing: Any process or series of processes carried out with or without the help of automated processes in connection with personal data such as the collection, recording, organization, arrangement, storage, adaptation or modification, reading, querying, use, disclosure through transmission, distribution or any other form of provision, comparison or linking, restriction, deletion or destruction.

Pixel: Pixels are also called counting pixels, tracking pixels, web beacons or web bugs. They are small, invisible graphics in HTML emails or on websites. When a document is opened, this small image is loaded from a server on the Internet, and the download is registered there. In this way, the server operator can see whether and when an email was opened or a website was visited. This function is usually implemented by calling up a small program (Javascript). Certain types of information on your computer system can be recognized and passed on, for example the content of cookies, time, and date of the page view and a description of the page on which the tracking pixel is located.

    1. Scope

 

This Privacy Policy applies to the following offers:

Our online offer “mygarden.comespecially available at www.mygarden.com,

 

Whenever a reference is made to this Privacy Policy from one of our offers (e.g. websites, subdomains, mobile applications, web services or integration in third-party sites), regardless of how you access or use it.

 

All of these offers are collectively referred to as “Services”.

 

    1. Responsible Entity

The entity responsible for data processing – i.e. the entity who is responsible for the purposes and means of processing of personal data – in connection with the Services is:

Burda Senator Verlag GmbH Hubert-Burda-Platz 1

77652 Offenburg

 

    1. Data Protection Officer

Contact Information for our Data Protection Officer:

Data Protection Inquiry Form

Via the address named under I.3 (Attention of Data Protection Department) or via:

Email:     mygarden@burda.com

 

  1. Data Processing in Detail

In this section of the Privacy Policy, we will inform you in detail about the processing of personal data in the context of our

Services. For better clarity, we have broken down this information according to certain functionalities of our Services. During normal use of the Services, different functionalities and therefore different processing operations may occur consecutively or simultaneously.

    1. General Information on Data Processing

Unless otherwise stated, the following applies to all processing operations shown below:

 

  1. No obligation to provide data & consequences of non-provision

The provision of personal data is not required by law or contract, and you are not obliged to provide data. As part of the input process, we will inform you if the provision of personal data is required for the respective Service (e.g. by designating it as a “mandatory field”). If the data is required, failure to provide it means that the Service in question cannot be provided. Otherwise, failure to provide it may mean that we cannot provide our Services in the same form and quality.

  1. Consent

In various cases you have the option of giving us your consent to further processing (possibly for part of the data) in connection with the processing described below. In this case, we will inform you separately in connection with the submission of the respective Declaration of Consent about all modalities and the scope of the consent and about the purposes that we pursue with this processing. The processing operations based on your consent are therefore not listed again here (Art. 13 (4) GDPR).

  1. Transmission of Personal data to Third Countries

If we transfer data to third countries, i.e. countries outside the European Union, then the transfer will only take place in compliance with the legal requirements for admissibility.

If the transfer of the data to a third country does not serve to fulfill our contract with you, we do not have your consent, the transfer is not required to assert, exercise or defend legal claims, and there are no other exceptions pursuant to Art. 49 GDPR , we will only transfer your data to a third country if an adequacy decision pursuant to Art. 45 GDPR or appropriate guarantees pursuant to Art. 46

GDPR exist.

Alternatively or additionally, by concluding the EU standard data protection clauses issued by the European Commission with the receiving body, we create appropriate guarantees pursuant to Art. 46 (2) (c) GDPR as well as an adequate level of data protection. Copies of the EU standard data protection clauses are available on the website of the European Commission here.

  1. Hosting with External Service Providers

Our data processing takes place to a large extent with the involvement of so-called hosting service providers, who provide us with storage space and processing capacities in their data centers and, according to our instructions, also process personal data on our behalf. With all of the following functionalities, personal data may be transmitted to hosting service providers. These service providers process data either exclusively in the EU, or we have guaranteed an adequate level of data protection with the help of the EU standard data protection clauses (see under c.).

  1. Transfer to Government Authorities

We transfer personal data to government authorities (including law enforcement authorities) if this is necessary to fulfill a legal obligation to which we are subject (legal basis: Art. 6 (1) (c) GDPR) or if it is necessary for the establishment, exercise or defense of legal claims (legal basis: Art. 6 (1) (f) GDPR).

  1. Retention Period

In the “Retention Period” section, it is specified how long we use the data for the respective processing purpose. After this period has elapsed, the data will no longer be processed by us, but will be deleted at regular intervals, unless continued processing and storage is provided for by law (in particular because it is necessary to fulfill a legal obligation or to assert, exercise or defend legal claims) or if you give us further consent.

  1. Duration of Operation of cookies

 

Some of the data processing presented in the following sections is carried out using cookies. The information stored in a cookie can only be accessed via the Internet by the operator of the web server that originally set the cookie. It is not possible for third parties to gain access in this way. The cookies have different durations of operation. Some cookies are only active during a browser session and are then deleted; others are active for longer periods of time, but usually for less than a year. After the duration of operation has expired, the browser deletes the cookie. You can manage cookies using the browser functions (usually under “Options” or “Settings”). This allows the setting of cookies to be deactivated, made dependent on your consent in individual cases, or otherwise restricted. You can also delete cookies at any time.

  1. Names of Data Categories

In the following sections, the following summarizing category names are used for certain types of data:

Access Data: Date and time of your visit to our Service; the website from which the accessing system came to our website; website pages called up during use; session identification data (Session ID); in addition, the following information from the accessing computer system: Internet protocol address (IP address) used, browser type and version, device type, operating system, and similar technical information.

    1. Accessing our Services

In the following, we describe how your personal data is processed when you access our Services (e.g. loading and viewing the website, opening and navigating within the mobile device app). In addition, we use technically or legally necessary auxiliary tools that do not collect any data themselves (such as the Google Tag Manager) but only serve to manage and operate other tools or to manage the consent you have given (Consent Management Platform). We particularly point out that the transfer of access data to external content providers (see under b.) is unavoidable due to the technical functionality of the transmission of information on the Internet. The third-party providers are responsible for the data protection-compliant operation of the IT systems they use. The decision about the retention period of the data is incumbent on these service providers.

 

  1. Purpose of data processing and legal basis as well as, if applicable, legitimate interests, storage duration

Data Category:

Access Data

Purpose:

Connection establishment; presentation of the content of the Service; detection of attacks on our site based on unusual activity; error diagnosis

Legal Basis:

Art. 6 (1) (f) GDPR

Legitimate interest pursued by us:

Proper functioning of the Services; data and business process security; prevention of abuse; prevention of damage caused by interference with information systems

Retention Period:

4 weeks

  1. Recipients of the personal data

Recipient Category:

External content providers who provide content (e.g., images, videos, embedded postings from social networks, advertising banners, fonts, update information, shortened links) that are required to display the Service.

Affected Data:

Access Data

Legal Basis:

Art. 6 (1) (f) GDPR

Legitimate interest pursued by us:

Proper functioning of the Services; (accelerated) presentation of the content

 

 

 

 

 

 

 

 

Data Category:

Personal master data; contact details; content of inquiries/complaints

Purpose:

Processing of customer inquiries and user complaints

Legal Basis:

Art. 6 (1) (b)(f) GDPR

Legitimate interest pursued by us: Improving our service; customer loyalty

Retention Period:

Processing of the request

 
  1. Recipients of the personal data

Recipient Category:

Service provider for customer support; call center

Affected Data:

All data mentioned under point a) of this section

Legal Basis:

Art. 28 GDPR

 

 

Legal Basis:

Art. 6 (1) (b) GDPR

Retention Period:

Duration of the sweepstake/promotion

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

  1. Recipients of the personal data

Recipient Category:

Service provider for sweepstake and promotions

Affected Data:

All data mentioned under point a) of this section

Legal Basis:

Art. 28 GDPR

 

  1. Purpose of data processing and legal basis as well as, if applicable, legitimate interests, storage duration

Data Category:

Browser ID or device ID

Purpose:

Delivery of push notifications at the request of the user

Legal Basis:

Art. 6 (1) (a) or (b) GDPR

Retention Period:

Duration of the subscription to the push notifications

 

 

 

 

  1. Recipients of the personal data

Recipient Category:

Provider of the app of the push notification Services (i.e. the technical service provider who delivers the notifications)

Affected Data:

All data mentioned under point a) of this section

Legal Basis:

Art. 6 (1) (a) or (b) GDPR

 

      1. Tracking with the legal basis of consent, Art. 6 (1) (a) GDPR

We carry out tracking, as far as you consent to this. We explain the type and scope of the tracking to you in the Consent Dialog. For clarification: If consent is not requested, no tracking will be carried out on this basis.

Consent is voluntary. It is granted by clicking the corresponding button in the Consent Dialog on our Services. There you will find all the information you need about the type and scope of data processing.

Can I revoke my consent?

Once you have given your consent, you can revoke it at any time for the future. You can find the option to revoke your consent here. The legality of processing remains unaffected until the revocation.

  1. Rights of the Data Subject
  1.  

    If we process your personal data for the purpose of direct marketing, you have the right to object, at any time with future effect, to the processing of your personal data for the purpose of such marketing, including profiling, insofar as it relates to such direct marketing.

     
       

    Right to Object

You also have the right to object, at any time, for reasons arising from your particular situation, and with future effect, to the processing of personal data concerning you that is carried out pursuant to Art. 6, (1) (e) or (f) GDPR, including profiling based on these provisions.

You can exercise your right to object free of charge.

You can contact us via the contact details mentioned in I 4 or via the Data Protection Inquiry Form.

 

  1. Right to Be Informed

You have the right to request confirmation from us as to whether personal data relating to you are being processed and, if necessary, information about this personal data and other information listed in Art. 15 GDPR

  1. Right to Correction

You have the right to request us to correct any incorrect personal data concerning you without delay (Art. 16 GDPR). Taking into account the purposes of processing, you have the right to request the completion of incomplete personal data - also by means of a supplementary declaration.

  1. Right to Erasure (“Right to Be Forgotten”)

You have the right to demand from us that personal data concerning you be deleted immediately, provided that one of the reasons stated in Art. 17 (1) GDPR applies,

 and the processing is not required for a purpose regulated pursuant to Art. 17 (3) GDPR .

 

  1. Right to Restriction of Processing

You are entitled to request a restriction in the processing of your personal data if any of the conditions listed in Art. 18 (1) (a) go (d) GDPR is met.

.

 

  1. Right to Data Portability

You have the right, under the conditions specified in Art. 20 (1) GDPR , to receive the personal data concerning you, which you have provided to us, in a structured, common, and machine-readable format, and the right to transfer this data to another controller without hindrance by us. When exercising the right to data portability, you have the right to have the personal data transmitted directly from us to another controller, insofar as this is technically feasible.

  1. Right to Revocation of Consent

As far as the Processing is based on your consent, you have the right to revoke your consent at any time. The legality of the processing carried out on the basis of the consent until revocation is not affected by this.

  1. Right to Lodge a Complaint to Supervisory Authority

You have the right to lodge a complaint with the supervisory authority responsible for our company. The supervisory authority responsible for our company is:

The State Commissioner for Data Protection Baden-Württemberg, P.O. Box 10 29 32, 70025 Stuttgart, http://www.baden-wuerttemberg.datenschutz.de/

 

 

As of: December, 2020