The following data privacy statement applies to the use of the website www.capicard.de (hereinafter referred to as "website").
Data privacy is of utmost importance to us. The collections and processing of your personal data takes place in accordance with the applicable data protection regulations, in particular the EU General Data Protection Regulation (GDPR). In our data privacy statement we would like to inform you to what extent and for which purpose personal data is collected, processed and used via our website.
By using this website, you agree to the collection, use and transfer of your data in accordance with this data privacy statement.
1 Data controller
The data controller responsible for the collection, processing and use of your personal data as per the GDPR is:
If you wish to object to the collection, processing or use of your data by us in its entirety, or individual measures in accordance with this data privacy statement, please address your objection to the aforementioned data controller.
You can save and print this data privacy statement at any time.
2 General use of the website
2.1 Access data
We collect information about you when you use this website. We automatically record information about your usage behaviour and interaction with us, and register data about your computer or mobile device. We collect, store and use data about every access to our online services (known as server log files). Access data includes name and URL of the accessed file, if necessary a user name if authentification takes place, date and time of access, size of the request and server response, message about successful access (HTTP response code), browser type and version, operating system, referrer URL (i.e. the page visited previously), IP address and the visitor's actual request.
We use this log data without assignment to you or other profiling for statistical evaluations for the purpose of operation, security and optimisation of our online services, and also for the anonymous recording of the number of visitors to our website (traffic) and the extent and nature of use of our website and services. Based on this information, we can provide personalised and location-based content and analyse data traffic, troubleshoot and improve our services. We reserve the right to retrospectively review the log data if, on the basis of concrete evidence, there is a legitimate reason to suspect unlawful use. We store IP addresses in the log files for a limited time if this is required for security purposes. We also store IP addresses if we have a specific suspicion of a crime in connection with the use of our website.
2.2 E-mail contact
If you contact us (e.g. using the contact form or via e-mail), we store your details in order to process your enquiry and in case any subsequent queries arise. We only store and use further personal data if you provide consent or this is legally permissible without your consent.
2.3 Google Analytics
We use Google Analytics, a web analytics service provided by Google Inc. ('Google'). Google Analytics uses so-called 'cookies', which are text files saved on your computer that make an analysis of your use of the website possible. The information generated by the cookie on the use of the website by visitors is generally transmitted to a Google server in the USA and stored there.
If IP anonymisation is activated on this website, however, your IP address will be abbreviated by Google beforehand in Member States of the European Union or a state party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and abbreviated there. We use IP anonymisation on this website. As requested by us, Google will use this information to evaluate your use of the website, to create reports concerning website activity and to carry out other services related to the use of the website and the Internet for us.
The IP address provided by your browser as part of Google Analytics will not be merged with other Google data. You can prevent the storage of cookies by configuring your browser software accordingly; however, please note that if you do this, you may not be able to use all the features of this website to the fullest extent possible.
You can also prevent the logging of data generated through cookies and associated with your use of the website (including your IP address) by Google and the processing of this data through Google by downloading and installing the browser plug-in available via the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
2.4 Matomo Web Analytics
As a consequence of using Matomo, we collect, store and use the following data:
- The IP address (the last byte of the IP address is anonymised before it is processed by Matomo)
- The date and time of the visit
- The title and URL of the page viewed
- The URL of the page viewed before the current page (referrer URL)
- The screen resolution used
- The time in the user's local time zone
- The clicked and downloaded files (download)
- The clicked links to an external domain (outlink)
- The page generation time (the time required for web pages to be generated by the web server and then downloaded by the user: page speed)
- The user's location (country, region, city, approximate latitude and longitude, geolocation), the primary language of the browser used (Accept-Language header)
- The user agent of the browser used (User-Agent header)
To opt out of the recording of data generated by Matomo relating to your use of the website, deactivate the checkbox below.
2.6 Integration of third-party services and content
It may happen that content from third parties, such as videos from YouTube, map material from Google Maps, RSS feeds or graphics from other websites are included in this online offer. This always presupposes that the providers of this content (hereinafter referred to as "third-party providers") will perceive the IP address of the users. After all, without the IP address, the content would not be able to be sent to the corresponding user's browser. The IP address is therefore necessary for the presentation of this content. We strive only to use content whose provider uses the IP address solely for the delivery of the content. However, we have no influence on whether third-party providers store the IP address for statistical purposes, for instance. Should we become aware of such, we shall inform our users accordingly
2.7 Legal bases and storage duration
For processing operations where we can obtain consent for a particular processing purpose, Art. 6 Para. 1 lit. a of the GDPR serves as the legal basis.
For the processing of personal data that is required for the fulfilment of a contract, Art. 6 Para. 1 lit. b of the GDPR serves as the legal basis. For example, this is the case if data pertaining to the data subject is required for the provision of a service or for the implementation of contractual measures.
If the processing of personal data is required by legal obligation, such as to meet tax obligations, said processing is based on Art. 6 Para.1 lit. c of the GDPR.
Processing operations may ultimately be based on Art. 6 Para. 1 lit. f of the GDPR. This article serves as the legal basis for processing operations if the processing is required to safeguard the legitimate interests of our company, unless the interests, fundamental rights and freedoms of the data subject prevail. Our interests in data processing are, above all, ensuring the operation and security of the website, examining the way the website is used by visitors and simplifying website use.
Unless specifically stated, we only store personal data as long as is necessary to fulfil the purposes pursued.
3 Your rights as the data subject
Under applicable legislation, you have various rights concerning your personal data. If you would like to assert these rights, please send your request by e-mail or post with clear identification of yourself to the address specified in section 1.
Below is an overview of your rights.
3.1 Right to confirmation and information (Art. 15 of the GDPR)
You have the right at any time to obtain confirmation from us as to whether personal data relating to you is being processed. If this is the case, you have the right to obtain free information from us about the personal data stored as well as a copy of this data. You also have the right to the following information:
- the purposes of processing;
- the categories or personal data being processed;
- the recipients or categories of recipients to whom the personal data has been or will be disclosed, especially concerning recipients in third countries or international organisations;
- if possible, the planned duration of personal data storage or, if this is not possible, the criteria used to determine this duration;
- the existence of a right to rectification or deletion of personal data relating to you, a right to restrict processing by the data controller or a right to object to such processing;
- the existence of a right of appeal to a supervisory authority;
- if the personal data is not collected from you directly, all available information about the origin of the data;
- the existence of an automated decision-making process including profiling in accordance with Art. 22 Paras.1 and 4 of the GDPR and - at least in these cases - meaningful information concerning the logic involved and the implications and intended consequences of such processing for you.
If personal data is transmitted to a third country or international organisation, you have the right to be informed of the appropriate safeguards in connection with said transmission as per Art. 46 of the GDPR.
3.2 Right to rectification (Art. 16 of the GDPR)
You have the right to request the immediate rectification of inaccurate personal data relating to you. Under consideration of the purposes of the processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary statement.
3.3 Right to deletion ("right to be forgotten" Art. 17 of the GDPR)
You have the right to request us to immediately delete the personal data relating to you. We are obliged to delete this data with immediate effect if one of the following applies:
- The personal data is no longer required for the purpose for which it was collected or otherwise processed.
- You revoke your consent to processing as per Art. 6 Para. 1 lit. a or Art. 9 Para. 2 lit. a of the GDPR and there is no other legal basis for processing.
- You object to processing in accordance with Art. 21 Para. 1 of the GDPR and there are no prevailing, legitimate reasons for the processing, or you object to processing in accordance with Art. 21 Para 2 of the GDPR.
- The personal data has been unlawfully processed.
- The deletion of personal data relating to you is required to fulfil a legal obligation in accordance with European Union legislation or the law of the Member States to which we are subject.
- The personal data was collected in relation to information society services offered in accordance with Art. 8 Para. 1 of the GDPR.
If we have made the personal data relating to you public and are obliged to delete it in accordance with Art. 17 Para 1 of the GDPR, we shall, under consideration of the available technology and implementation costs, take appropriate measures including technical means to inform other data controllers who process the personal data that you have requested the deletion of all links to the personal data or copies or replications thereof.
3.4 Right to limit processing (Art. 18 of the GDPR)
You have the right to request the limitation of processing by us if one of the following conditions applies:
- the accuracy of the personal data is disputed by you for a period of time that enables us to verify the accuracy of the personal data;
- the processing is unlawful and you refused deletion of the personal data and instead requested the restriction of use of your personal data;
- we no longer require the personal data for the purpose of the processing, but you needed it to assert, exercise or defend legal claims or
- you have objected to processing in accordance with Art. 21 Para. 1 of the GDPR and it is not yet certain whether legitimate reasons of our company prevail over your reasons.
3.5 Right to data portability (Art. 20 of the GDPR)
You have the right to obtain the personal data relating to you, and which you provided to us, in a structured, common and machine-readable format, and you have the right to transfer said data to another data controller without hindrance from us, provided that
- the processing was consented to in accordance with Art. 6 Para. 1 lit. a of the GDPR or Art. 9 Para. 2 lit. a of the GDPR or is based on a contract as per Art. 6 Para 1 lit. b of the GDPR and
- the processing is carried out using an automated procedure.
In exercising your right to data portability in accordance with Para. 1, you have the right to request the direct transfer of the personal data from us to another data controller, as far as is technically feasible.
3.6 Right to object (Art. 21 of the GDPR)
For reasons that arise from your particular situation, you have the right to object at any time to the processing of your personal data pursuant to Art. 6 Para. 1 lit. e or f of the GDPR; this also applies to profiling based on these provisions. We shall no longer process your personal data unless we can prove compelling, legitimate reasons for the processing that prevail over your interests, rights and freedoms or the processing is required for the purpose of enforcing, exercising or defending legal claims.
If the personal data is processed by us for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such advertising; this also applies to profiling insofar as it is associated with such direct advertising.
For reasons that arise from your particular situation, you have the right to object to the processing of your personal data for scientific or historical research purposes, or for statistical purposes in accordance with Art. 89 Para. 1 of the GDPR, unless this processing is required to fulfil a task in the reasons of public interest.
3.7 Automated decisions including profiling (Art. 22 of the GDPR)
You have the right not to be subjected to a decision based solely on automated processing - including profiling - that will have legal effect or considerably affect you in a similar manner.
3.8 Right to revoke data privacy consent Art. 7 Para. 3 of the GDPR
You have the right to revoke your consent to personal data processing at any time.
3.9 Right to complain to a supervisory authority (Art. 77 of the GDPR)
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, employment or the place of the alleged breach if you believe that the processing of your personal data is unlawful.
4 Data security
We make every effort to ensure the security of your data within the framework of applicable data protection laws and technical possibilities.
We transmit your personal data in encrypted form. We use the SSL (Secure Socket Layer) coding system. Please note, however, that data transmission over the Internet (e.g. via e-mail communication) may have security vulnerabilities. It is impossible to guarantee complete data protection against access by third parties.
To secure your data, we take technical and organisational security measures that are always adapted to state-of-the-art technology.
We cannot guarantee that our service will be available at specific times; faults, interruptions and failures cannot be excluded. The servers used by us are regularly and diligently backed up.
5 Automated decision-making
No automated decision-making takes place using the personal data collected.
6. Data disclosure to third parties, no data transmission to non-EU countries
In general, your personal data will only be used within our company.
If and insofar as we engage with third parties to fulfil contracts (such as logistics service providers), they only receive personal data to the extent necessary for the corresponding service.
In the case that we outsource certain aspects of data processing ("order processing"), we contractually obligate processors to use personal data only in accordance with the requirements of data protection laws and to ensure the protection of the data subject's rights.
Apart from those cases stipulated in Point 2.3, data transmission to agencies or persons outside the EU does not take place and is not planned.