Privacy Notice.
Introduction
We are delighted about the visit of our website. Circulee GmbH (hereinafter ‘circulee, ‘we’ or ‘us’) attaches great importance to the security of users’ data and compliance with data protection provisions. Hereinafter, we would like to inform about how personal data is processed on our website.
Controller and data protection officer
Controller:
circulee GmbH
Karlplatz 7
10117 Berlin
E-Mail: info@circulee.com
External data protection officer:
Eva Schmidt
Tel.: +49 (0) 7542 949 21 - 00
E-Mail: privacy@circulee.com
Terms
The specialist terms used in this Privacy Policy are to be understood as legally defined in article 4 GDPR.
Information on data processing
Automated data processing (log files etc.)
Our website can be visited without actively providing personal information about the user. However, every time our website is accessed, we automatically store access data (server log files), such as the name of the internet service provider, the operating system used, the website the user visited us from, the date and duration of the visit and the name of the file accessed, as well the IP address of the device used (for security reasons, such as to recognise attacks on our website) for a duration of 7 days. This data is solely evaluated for the purpose of improving our offering and does not enable conclusions to be drawn about the person of the user. This data is not merged with other data sources. We process and use the data for the following purposes: to provide the website, to improve our websites and to prevent and identify errors/malfunctions and the abuse of the website.
Legal base: legitimate interests (Art. 6 (1) (f) GDPR
Legitimate interests: ensuring the functionality of the website and its error-free, secure oper- ation, as well as in adapting this website to suit users’ needs
Consent Management Tool
We use a consent management procedure on our online offer which enables us to store and manage the consent given by visitors to our online offer in a verifiable manner in accordance with the requirements of the GDPR. At the same time, visitors to our online offering can manage the consent and preferences granted or withdraw consent via the service integrated by us.
The consent status is stored on the server side and/or in a cookie (so-called opt-in cookie) or a comparable technology in order to be able to assign the consent to a user or their device. In addition, the time of the declaration of consent is recorded.
Categories of data subjects: Website visitors using the Consent Management Tool
Data categories: usage data (e.g. websites visited, interest in content, access times) metadata and communication data (e.g. device information, IP addresses)
Purposes of processing: Fulfilment of accountability obligations, consent management
Legal bases: legal obligation (article 6 (1) (c) GDPR in conjunction with article 7 GDPR)
Usercentrics
Tool: Usercentrics GmbH, Sendlinger Straße 7, 80331 München, Deutschland
Privacy: https://usercentrics.com/de/datenschutzerklaerung/
Use of cookies (general, functionality, opt-out links etc.)
We use ‘cookies’ on our website to make visiting our website more attractive and to enable certain functions to be used. The use of cookies serves our legitimate interest in making a visit to our website as pleasant as possible and is based on article 6 (1) (f) GDPR. Cookies are standard internet technology used to store and retrieve login details and other usage information for all the users of a website. Cookies are small text files that are deposited on your end device. They enable us to store user settings, inter alia, to ensure that our website can be shown in a format tailored to your device. Some of the cookies we use are deleted after the end of a browser session, i.e. when closing the browser (known as ‘session cookies’). Other cookies remain on the user’s end device and enable us or our partner companies to recognise the browser on the next visit (known as ‘persistent cookies’).
The browser can be set so that the user is informed when cookies are to be stored and can decide whether to accept them in each individual situation, to accept them under certain circumstances, or to exclude them in general. In addition, cookies can be retrospectively deleted to remove data that the website stored on your computer. Deactivating cookies (known as ‘opting out’) can limit our website’s functionality in some respects.
Categories of data subjects: Website visitors, users of online services
Opt-out: Internet Explorer:
https://support.microsoft.com/de-de/help/17442
Firefox:
https://support.mozilla.org/de/kb/wie-verhindere-ich-dass-websites-mich-verfolgen
Google Chrome:
https://support.google.com/chrome/answer/95647?hl=de
Safari
https://support.apple.com/de-de/HT201265
Legal bases: Consent (article 6 (1) (a) GDPR), legitimate interest (article 6 (1) (f) GDPR)
The pertinent legal basis is specifically stated for each tool in question.
Legitimate interests: Storing of opt-in preferences, presentation of the website, assurance of the website's functionality, provision of user status across the entire website, recognition for the next website visitors, user-friendly online offering, assurance of the chat function
Contract processing via our online store
We provide our online store via a specialized service provider. With this service provider, we are able to carry out the complete order process (registration, order, payment, shipping).
Shopify International Ltd.
Tool: Shopify International Ltd., Haddington Road, Dublin 4, D04 XN32, Irland
Privacy: https://www.shopify.com/legal/privacy#contact
Registration
For the use of our online services, it is necessary to create a customer account. As part of the registration process, we collect the necessary data from interested users that we need to provide a user account and the associated functions.
If visitors to our online service decide to register, they will receive an e-mail to verify the e-mail address provided.
To prevent the internal area from being exploited, we collect IP addresses and the time of access to prevent misuse of a user account and unauthorised usage. We do not pass this data on to third parties unless it is necessary to pursue our claims or we are legally obliged to do so.
To protect user accounts from unauthorized access more effectively, logging in to the user account requires another action in addition to entering the password, such as entering a code sent to a mobile device. In this way, the user account is protected even if the password is known to a third party.
Categories of data subjects: Registered users
Data categories: Master data (e.g. name, address), contact data (e.g. email address, telephone number), login data (username and password), content data (e.g. text inputs, photographs, videos), metadata and communication data (e.g. device information, IP addresses), usage data (e.g. websites visited, interest in content, access times)
Purposes of processing: Simplification of the website function, performance of contract, increase in customer loyalty
Legal bases: Consent (article 6 (1) (a) GDPR)
Order via our online shop
We offer our customers the option of using our online shop and obtaining our products through it. To this end, we collect the data necessary for initiating and executing the contract. In addition, we collect data so that we can send our customers adverts or discounts tailored to their interests.
If necessary, we pass data to third parties that help us to handle orders or if we are legally obliged to provide certain data. This is especially the case when a customer freely decides to use TrustedShops buyer protection. The processing of data only takes place at the instigation of the customer and according to the TrustedShops privacy notice.
Categories of data subjects: Purchasers in our online shop, shop visitors upon registration
Data categories: Master data (e.g. name, address), contact data (e.g. email address, telephone number), contract data (e.g. subject of the contract, term, customer category), metadata and communication data (e.g. device information, IP addresses), usage data (e.g. websites visited, interest in content, access times)
Purposes of processing: Initiation and execution of contracts, interest-based advertising, if applicable rewards or discounts related to a customer's account, outsourcing
Legal bases: Legitimate interest (article 6 (1) (f) GDPR), performance of contract (article 6 (1) (b) GDPR)
Legitimate interests: Simplification of work processes, resource-efficient performance, market research, marketing
Payment services providers
In order to be able to make and receive payments easily, we offer the payment options offered by our online store provider.
To make transactions particularly simple and easy for visitors to our online offering, payments to us can be made via our online store provider. The provider processes the data required for the transaction. We do not receive any of the data provided by the visitor to our online offering when the payment services provider is used.
Categories of data subjects: Clients
Data categories: Master data (e.g. name, address), metadata and communication data (e.g. device information, IP addresses), contact data (e.g. email address, telephone number), contract data (e.g. subject of the contract, term, customer category), Transaction/payment data (bank details, invoices, payment history)
Purposes of processing: Simplification of handling orders and payments, outsourcing, data minimisation
Legal bases: Legitimate interest (article 6 (1) (f) GDPR)
Legitimate interests: Simplification of work processes, resource-efficient performance, market research, service
Credit check
If we are providing or rendering services ahead of payment, we reserve the right to carry out an identity/credit check. To do so, we make use of certain service providers who usually assess the risk to us using mathematical and statistical procedures.
Using the results given to us by the service provider in question, we decide at our discretion whether and, if so, how we will commence, execute or end a contractual relationship with you. In the event of a negative credit check, we reserve the right to refuse certain payment types or other types of services rendered ahead of payment.
Categories of data subjects: Purchasers in our online shop
Data categories: Master data (e.g. name, address), Transaction/payment data (bank details, invoices, payment history), contact data (e.g. email address, telephone number), contract data (e.g. subject of the contract, term, customer category), credit data
Purposes of processing: Avoidance of payment default and reducing the default rate for payments, reduction of our credit risk
Legal bases: Legitimate interest (article 6 (1) (f) GDPR)
Legitimate interests: Financial protection, protection against payment default, reduction in credit risk, profit generation
Creditreform Berlin
Recipient of data: Creditreform Berlin Brandenburg Wolfram GmbH & Co. KG, Karl-Heinrich-Ulrichs-Straße 1, 10787 Berlin, Germany
Privacy: https://www.creditreform.de/berlin/datenschutz
Creditreform Boniversum
Recipient of data: Creditreform Boniversum GmbH, Hammfelddamm 13, 41460 Neuss
Privacy: https://www.boniversum.de/eu-dsgvo/informationen-nach-eudsgvo-fuer-verbraucher/
Shipping via our shipping service provider
In order to send our customers the goods ordered in our online store, we use various shipping providers or forwarding companies to deliver the goods. For this purpose, we transmit the specified recipient address and any contact persons and/or contact details to the company responsible for shipping.
After the package has been handed over to the shipping service provider, our customers receive information from us about the shipment that has taken place, the service provider used and a package number for tracking purposes.
If our customers have given consent at the conclusion of the order to transmit the e-mail address to the responsible shipping service provider, it will contact our customers directly on this basis for the purpose of package/delivery notification.
Categories of data subjects: Clients
Data categories: Master data (e.g. name), address/delivery address, Package number, contract data (e.g. e-mail-address, phone number)
Purposes of processing: Execution of contracts, Simplification of work processes, delivery notification by the shipping provider
Legal bases: Performance of contract (article 6 (1) (b) GDPR) Legitimate interest (article 6 (1) (f) GDPR), Consent (article 6 (1) (a) GDPR)
Legitimate interests: Simplification of internal work processes of our customers
Post & DHL Shipping
Tool: DHL Paket GmbH, Sträßchensweg 10, D-53113 Bonn
Privacy: https://www.dhl.de/de/toolbar/footer/datenschutz.html
Online marketing
We process personal data within the framework of online marketing, particularly regarding potential interests and to measure the effectiveness of our marketing measures, with the aim of continually boosting our reach and the prominence of our online offering.
We store the relevant information in cookies or use similar procedures for the purpose of measuring the effectiveness of our marketing measures and identifying potential interests. The data stored in the cookies could include the content viewed, webpages visited, settings, and the functions and systems used. However, plain data from users is not normally processed for the above purposes. If so, the data is changed so that the actual identity of the user is not known to us, nor the provider of the tool used. The changed data is often stored in user profiles.
In the event that user profiles are stored, the data can be used, read, supplemented, and expanded on the server of the online marketing procedure when other online offerings are visited that use the same online marketing procedure.
We can calculate the success of our adverts using summarised data that is made available to us by the provider of the online marketing procedure (known as ‘conversion measurement’). As part of these conversion measurements, we can trace whether a marketing measure caused a visitor to our online offering to decide to make a purchase. This evaluation serves to analyse the success of our online marketing.
Categories of data subjects: Website visitors, users of online services, prospective customers, communication partners, business partners and contractual partners
Data categories: Usage data (e.g. websites visited, interest in content, access times), metadata and communication data (e.g. device information, IP addresses), location data, contact data (e.g. email address, telephone number), content data (e.g. text inputs, photographs, videos)
Purposes of processing: Marketing (sometimes interest-based and behavioural, as well), conversion measurement, target group formation, click tracking, development of marketing strategies and increase in the efficiency of campaigns
Legal bases: Consent (article 6 (1) (a) GDPR), legitimate interest (article 6 (1) (f) GDPR)
Legitimate interests: Optimisation and further development of the website, increase in profits, customer loyalty and acquisition,
Tools:
Google Ads
Google Analytics
Facebook-Pixel
LinkedIn Insight Tag
Outbrain
Taboola
Web analysis and optimisation
We use Recipients of datas for web analysis and reach measurement so that we can evaluate user flows to our online offering. To do so, we collect information about the behaviour, interests or demographics of our users, such as their age, gender, and so on. This helps us to recognise the times at which our online offering, its functions, and content are frequented the most or accessed more than once. In addition, we can use the information that has been collected to determine whether our online offering requires optimisation or adjustment.
The information collected for this purpose is stored in cookies or deployed in similar procedures used for reach measurements and optimisation. The data stored in the cookies could include the content viewed, webpages visited, settings, and the functions and systems used. However, plain data from users is not normally processed for the above purposes. In this case, the data is changed so that the actual identity of the user is not known to us, nor the provider of the Recipients of data used. The changed data is often stored in user profiles.
Categories of data subjects: Website visitors, users of online services
Data categories: Usage data (e.g. websites visited, interest in content, access times), metadata and communication data (e.g. device information, IP addresses), contact data (e.g. email address, telephone number), content data (e.g. text inputs, photographs, videos)
Purposes of processing: Website analyses, reach measurement, utilisation and assessment of website interaction, lead evaluation
Legal bases: Consent (article 6 (1) (a) GDPR)
Tool:
Mouseflow
Hotjar
Plug-ins and integrated third-party content
We have integrated functions and content obtained from third-party providers into our online offering. For example, videos, depictions, buttons or contributions (hereinafter termed ‘content’) can be integrated. Moreover, we are enabled to show certificates provided by independent third parties with regard to our online offering.
To enable visitors to our online offering to be shown content, the third-party provider in question processes the user’s IP address, inter alia, to transmit the content to the browser and display it. It is not possible to integrate third-party content without this processing taking place.
Sometimes, additional information is collected via ‘pixel tags’ or web beacons through which the third-party provider receives information about the use of the content or visitor traffic to our online offering, technical information about the user's browser or operating system, the visit time or referring websites. The data collected in this manner is stored in cookies on the user’s end device.
Categories of data subjects: Users of plug-ins or third-party content
Data categories: Usage data (e.g. websites visited, interest in content, access times), metadata and communication data (e.g. device information, IP addresses) contact data (e.g. email address, telephone number), Master data (e.g. name, address)
Purposes of processing: Design of our online offering, increase in the reach of adverts on social media, sharing of contributions and content, interest-based and behavioural marketing, cross-device tracking
Legal bases: Consent (article 6 (1) (a) GDPR)
Tool:
Google Fonts
Trusted Shops Trustbadge
Contacting us
On our online offering, we offer the option of contacting us directly or requesting information via various contact options. Therefore, we provide a contact form and a live chat.
In the event of contact being made, we process the data of the person making the enquiry to the extent necessary for answering or handling their enquiry. The data processed can vary depending on the method via which contact is made with us.
When using our live chat, a cookie is set to provide the chat history to our website visitors.
Categories of data subjects: Individuals submitting an enquiry
Data categories: Master data (e.g. name, address), contact data (e.g. email address, telephone number), content data (e.g. text inputs, photographs, videos), metadata and communication data (e.g. device information, IP addresses), usage data (e.g. websites visited, interest in content, access times)
Purposes of processing: Processing requests
Legal bases: Consent (article 6 (1) (a) GDPR), performance of contract (article 6 (1) (b) GDPR)
recipients: Hubspot Inc.; 25 First Street, Cambridge, MA 02141 USA
third country transfer: The transfer to the third courtry has been approved by the EU Comission. The transfer is based on appropriate guarantees according to art. 46 GDPR. You can take insight into the protection guarantees here.
Advertising communications
We also use data provided to us for advertising purposes, particularly to provide information on various channels about new products from us or in our portfolio of offerings. However, promotional contact from our side is only undertaken within the framework of the statutory requirements, and once consent has been granted, insofar this is necessary.
If the recipients of our advertising do not want to receive it, they can inform us of this at any time with future effect. We are happy to acquiesce to their request.
Categories of data subjects: Communication partners
Data categories: Master data (e.g. name, address), contact data (e.g. email address, telephone number)
Purposes of processing: Direct marketing
Legal bases: Consent (article 6 (1) (a) GDPR), legitimate interest (article 6 (1) (f) GDPR)
Legitimate interests: Retention of existing contacts/contractual partners and acquisition of new ones, profit increase
Data transfer
We transfer the personal data of visitors to our online offering for internal purposes (e.g. for internal administration or to the HR department so we can meet statutory or contractual obligations). Internal data transfer or the disclosure of data only occurs to the extent necessary, under the pertinent data protection provisions.
It may be necessary for us to disclose personal data for the performance of contracts or to comply with legal obligations. If the data necessary in this regard is not provided to us, it may be the case that the contract cannot be concluded with the data subject.
We transfer data to countries outside the EEA (known as ‘third countries’). This occurs due to the above-mentioned purposes (transfer within the group and/or to other recipients). Transfer is only effected to fulfil our contractual and legal obligations, or on the basis of the consent that the data subject granted prior to this.
In the event of transferring personal data to a country outside the EEA, we ensure that the processing is legally permissible in the manner we intend. In this case, we have concluded standard data protection clauses including a separate regulation of appropriate technical and organisational measures to protect the data of data subjects best possible.
recipients: Hubspot Inc.; 25 First Street, Cambridge, MA 02141 USA
third country transfer: The transfer to the third courtry has been approved by the EU Comission. The transfer is based on appropriate guarantees according to art. 46 GDPR. You can take insight into the protection guarantees here.
Storage period
In principle, we store the data of visitors to our online offering for as long as needed to render our service or to the extent that the European body issuing directives and regulations or another legislator stipulates in laws and regulations to which we are subject. In all other cases, we delete personal data once the purpose has been fulfilled, with the exception of data that we need to continue to store to comply with legal obligations (e.g. if retention periods under tax law and trade law require us to keep documents such as contracts and invoices for a certain period of time).
Automated decision-making
We do not use automated decision-making or profiling.
Legal bases
The decisive legal bases primarily arise from the GDPR. They are supplemented by national laws from member states and can, if applicable, be applied alongside or in addition to the GDPR.
Consent: Article 6 (1) (a) GDPR serves as the legal basis for processing procedures regarding which we have sought consent for a particular purpose of processing.
Performance of a contract: Article 6 (1) (b) serves as the legal basis for processing required to perform a contract to which the data subject is a contractual party or for taking steps prior to entering into a contract, at the request of the data subject.
Legal obligation: Article 6 (1) (c) GDPR is the legal basis for processing that is required to comply with a legal obligation.
Vital interests: Article 6 (1) (d) GDPR serves as the legal basis if the processing is necessary to protect the vital interests of the data subject or another natural person.
Public interest: Article 6 (1) (e) GDPR serves as the legal basis for processing that is necessary to perform a task in the public interest or to exercise public force that is transferred to the controller.
Legitimate interest: Article 6 (1) (f) GDPR serves as the legal basis for processing that is necessary to protect the legitimate interests of the controller or a third party, provided this is not outweighed by the interests or fundamental rights and fundamental freedoms of the data subject that require personal data to be protected, particularly if the data subject is a child.
Rights of the data subject
Right of access: Pursuant to article 15 GDPR, data subjects have the right to request confirmation as to whether we process data relating to them. They can request access to their data, along with the additional information listed in article 15 (1) GDPR and a copy of their data.
Right to rectification: Pursuant to article 16 GDPR, data subjects have the right to request that data relating to them, and that we process, be rectified or completed.
Right to erasure: Pursuant to article 17 GDPR, data subjects have the right to request that data relating to them be erased without delay. Alternatively, they can request that we restrict the processing of their data, pursuant to article 18 GDPR.
Right to data portability: Pursuant to article 20 GDPR, data subjects have the right to request that data made available to us by them be provided and transferred to another controller.
Right to lodge a complaint: In addition, data subjects have the right to lodge a complaint with the supervisory authority responsible for them, under article 77 GDPR.
Right to object: If personal data is processed on the basis of legitimate interests pursuant to article 6 (1) (1) (f) GDPR, under article 21 GDPR data subjects have the right to object to the processing of their personal data, provided there are reasons for this that arise from their particular situation or the objection relates to direct advertising. In the latter case, data subjects have a general right to object that is to be put into effect by us without a particular situation being stated.
Withdrawal of consent
Some data processing procedures can only be carried out with the express consent of the data subject. Once granted, you are able to withdraw consent at any time. To do so, sending an informal note or email to privacy@circulee.com is sufficient. The legality of the data processing carried out up to the point of withdrawal shall remain unaffected by the withdrawal.
External links
Our website includes links to online offerings from other providers. We note that we have no influence over the content of the online offerings linked to and over whether their providers comply with data protection provisions.
Amendments
We reserve the right to amend this information on data protection, in compliance with the applicable data protection provisions, if changes are made to our online offering so that it complies with the legal requirements.
This Privacy Policy was drawn up by the DDSK GmbH
Information obligations customers and suppliers
Manage consent