Privacy Policy

Data Protection Information

This data protection information will inform you about the kind, extent, and purpose of data processing of personal data (hereinafter abbreviated as “data”) within our online offer and all websites, features, and contents as well as external online presences such as, for example, our social media profile (hereinafter summed up as “online offer”) connected to it. Regarding the terms in use, such as “personal data” or their “processing”, we refer to the definitions given under Art. 4 of the General Data Protection Regulation (GDPR).

How We Use and Manage Your Data

Key Information

SubliminalSpace.com, including its staff and its owner (in this Privacy Policy also called “SubliminalSpace” or “we” / “us” / “our”) respects your right to privacy. We put in place security measures for your personal data and manage your personal data in accordance with applicable data privacy regulations.

Please note that SubliminalSpace is the Data Controller of your personal data. The principles set out in this Privacy Notice apply to all instances in which SubliminalSpace receives your personal data as a Data Controller for the purposes described in this notice. Those purposes are processing of data in order to participate in the various activities available on this website or as mentioned below.

We asked ourselves a number of key questions that we believe you would like answered about the personal data that you submit to SubliminalSpace. These answers will, to the extent required by applicable law, inform you of your rights relating to your personal data, the security measures that SubliminalSpace puts in place with regard to your personal data and the uses to which such personal data is put. We trust you find this information helpful.

Kinds of Data Processed:

We process data of the data categories inventory data (e.g. names, addresses), contact data (e.g. e-mail, phone numbers), content data obtained from communicating with users (e.g. text input, photographies), contract data (e.g. subject matters of the contract such as purchased products and/or services, contract terms), payment data (e.g. PayPal payment addresses, Amazon payment information etc., payment histories), usage data (e.g. accessing of our data and the times), as well as communication data (such as devices/client information, IP addresses).

Categories of Persons Affected by Processing:

Customers, interested persons, suppliers, and in general visitors and users of our online offer are affected persons. Hereinafter we will summarizingly refer to affected persons also as “users”.

Purpose of Processing:

Providing the online offer, its contents and features, performing contractual services, service and customer care, answering contact requests and communicating with our users, marketing and advertising our products and services, as well as security measures.

1. Relevant Legal Bases

In accordance with Art. 13 GDPR, we notify you about the legal bases of our data processing. Should the legal basis not be stated in the data protection information, the following applies: Legal basis for obtaining consents is Art. 6 para. 1 lit. a and Art. 7 GDPR, legal basis for processing in order to perform our services and for performing contractual measures as well as for answering requests is Art. 6 para. 1 lit. b GDPR, legal basis for processing in order to meet our legal obligations is Art. 6 para. 1 lit. c GDPR, and legal basis for processing in order to uphold our justified interests is Art. 6 para. 1 lit. f GDPR. In the event that vital interests of the affected person or of another natural person call for personal data to be processed, Art. 6 para. 1 lit. d GDPR serves as legal basis.

2. Alterations and Updates to the Data Protection Information

We kindly ask you to inform yourself about the content of our data protection declaration on a regular basis. We will adjust the data protection information as soon as changes to the data processing performed by us makes it necessary. We will inform you as soon as a cooperation is required from your part (e.g. giving consent) or any other individual notification becomes necessary due to the changes.

3. Security Measures

3.1 In accordance with Art. 32 GDPR, bearing in mind the state of the art, implementation costs, and kind, scope, circumstances, and purposes of processing as well as the different probabilities of occurrence and severity of risk to the rights and freedoms of natural persons, we take apt technical and organizational measures to provide a level of security appropriate to the risk; Among these measures are in particular securing the confidentiality, integrity, and availability of data by monitoring the physical access to the data as well as their retrieval, input, transfer, security of accessibility and disconnection. Furthermore, we put procedures in place to secure the holding up of rights of affected persons, deletion of data, and reaction to hazard for the data. Additionally, we take the protection of personal data into account already during the development stage, resp. when choosing the hardware, software, and procedures, following the principle of data protection by technology engineering and by data protection friendly preadjustments (Art. 25 GDPR).

3.2 Most notable part of the security measures is the encrypted data transfer between your browser and our server.

4. Cooperation With External Processors and Third Parties

4.1 Insofar as in the course of processing we reveal data towards other persons and companies (external processors or third parties), transmit data to them, or grant them access in another way, this happens exclusively based on a legal permission (e.g. if transmitting data to third parties, such as payment service providers, pursuant to Art. 6 para. 1 lit. b GDPR is necessary to fulfill the contract), if you gave consent, a legal obligation demands it, or based on our justified interests (e.g. when using commissioners, hosting partners, e-mail sending partners, etc.).

4.2 If we commission third parties with processing data based on a so-called “order processing contract”, this happens on the basis of Art. 28 GDPR.

5. Transmissions to Third Countries

If we process data in a third country (i.e. outside of the European Union (EU) or the European Economic Area (EEA)) or this happens in the course of using third party services or of disclosing or transmitting data to third parties, this only takes place insofar as it happens in order to fulfill our (pre)contractual obligations, is based on your consent, because of legal obligations, or based on our justified interests. Subject to legal or contractual permissions, we process data in third countries only if the special requirements of Art. 44 ff. GDPR are met. I.e. the processing takes place e.g. based on special assurances, such as the officially approved confirmation of a data protection level comparable to EU standards (e.g. in case of the USA the “Privacy Shield”) or compliance with officially approved contractual obligations (so-called “standard contractual clauses”).

6. Rights of Affected People

6.1 You hold the right to demand a confirmation on whether data regarding your person are being processed and to receive information about these data as well as further information and a copy of the data according to Art. 15 GDPR.

6.2 According to Art. 16 GDPR, you hold the right to demand completion of data regarding your person or correction of incorrect data regarding your person.

6.3 In accordance with Art. 17 GDPR, you hold the right to demand immediate deletion of data regarding your person, resp. to alternatively demand a limitation of processing of the data in accordance with Art. 18 GDPR.

6.4 In accordance with Art. 20 GDPR, you hold the right to demand receiving the data regarding your person you provided us with and to demand having them transmitted to other liable entities. Furthermore, pursuant to Art. 77 GDPR, you hold the right to issue a complaint to the supervisory authority in charge. We are subject to the following supervisory authority: Der Bayerische Landesbeauftragte für den Datenschutz (BayLfD), Wagmüllerstraße 18, 80538 München, https://www.datenschutz-bayern.de/.

7. Right to Revocation

You hold the right to revoke consents given pursuant to Art. 7 para. 3 GDPR, taking effect for future actions.

8. Right to Objection

You may object to future processing of data regarding your person pursuant to Art. 21 GDPR at any time. In particular, this objection can be aimed against processing for purposes of direct advertising.

9. Cookies and Right to Objection Against Direct Advertising (e.g. Newsletters)

We place both temporary and permanent cookies, i.e. tiny files saved on the users’ devices (for an explanation of term and function, see last section of this data protection information). Partly, these cookies serve security purposes or are necessary to run our online offer (e.g. for displaying the website or login functions of the customer account), or to save the user choice when confirming the cookie banner. Besides, we or our technology partners place cookies for range measuring and marketing purposes, as is explained to the users in the course of this data protection information. A general objection to the usage of cookies for purposes of online marketing can in case of many services, especially for tracking, be declared using the US-American site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. Apart from that, the saving of cookies can be prevented by turning them off in the settings of your browser. Please note that you might find yourself unable to use all the features of this online offer in that case.

10. Deletion of Data

10.1 The data processed by us are deleted or limited in their processing in accordance with Art. 17 and 18 GDPR. Insofar as not explicitly stated in the course of this data protection information, any data saved by us will be deleted as soon as they are no longer needed for their original purpose and no legal storage obligations prevent it. If data are not deleted because they are required for other and legally valid reasons, their processing gets limited. I.e. these data get blocked and will not be processed for any other purposes. That applies e.g. to data that have to be stored for reasons resulting from commercial or tax laws.

10.2 In accordance with legal provisions, storing more particularly takes place for 6 years pursuant to § 257 para. 1 HGB (Handelsgesetzbuch, Commercial Code) (account books, inventories, opening balances, annual accounts, commercial letters, booking documents, etc.) as well as for 10 years pursuant to § 147 para. 1 AO (Abgabenordnung, Tax Code) (books, documentations, management reports, booking documents, commercial and business letters, documents relevant for taxation, etc.).

11. Performing Contractual Services / Retrieval of Products / Customer Account

11.1 We process inventory data (e.g. names and addresses as well as contact data of users), contract data (e.g. products purchased, services used, additional (personal and other) information for custom(-made) orders/products/services, names of contact persons, payment data) for the purpose of fulfilling our contractual obligations and services pursuant to Art. 6 para. 1 lit b GDPR. Any input highlighted as mandatory in the online forms is required for the formation of a contract.

11.2 During the payment process, users are obliged to create a user account, resp. as a consequence of shopping via external market places (e.g. eBay), registering via external social login services (e.g. Facebook, YouTube, Amazon) or payment providers (e.g. PayPal Express, Stripe, Klarna, Amazon Pay), a user account with contact data of the users will be created which they can use in particular to check their orders and which allows us to fulfill our contractual obligations regarding a secure digital product delivery. Over the course of registration, the mandatory inputs will be pointed out to the users. Once users terminated their user accounts, all data regarding the user account will be deleted, subject to their saving being necessary for reasons resulting from commercial or tax law according to Art. 6 para. 1 lit. c GDPR. It behooves the users to save their data before the contract runs out after terminating it. We are entitled to delete all user data saved over the contract term irretrievably.

11.3 In the course of the registration process and signing in again as well as when using our online service, we save the IP address and the times of the respective user action. The saving takes place based on the justified interest of ours as well as our users in protection against misuse and other unauthorized use. Generally no transmitting of these data to third parties takes place, unless called for to enforce our claims or by legal obligations pursuant to Art. 6 para. 1 lit. c GDPR.

11.4 We process usage data (e.g. visited websites within our online offer, interest in our products) and content data (e.g. input in contact forms, search bars, return forms, or user profile) in a user profile for advertising purposes in order to, for example, show the user product information based on the services used by them so far.

11.5 Deletion takes place after legal guarantee obligations and comparable obligations expired, the necessity of storing the data is checked for on a regular basis; In case of legal archiving obligations, deletion takes place after its expiration (end of storage obligations according to commercial law (6 years) and tax law (10 years)); Information in the customer account remains until its deletion.

11.6 PayPal, PayPal (Europe) S.à r.l. et Cie, S.C.A., is a European external processor and located at 22-24 Boulevard Royal, L-2449 Luxembourg. Data protection declaration for paying with PayPal and PayPal Express: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE
Cookie statement: https://www.paypal.com/de/webapps/mpp/ua/cookie-full

11.7 Stripe, Stripe, Inc., is an American external processor and located at 510 Townsend Street San Francisco, CA 94103, USA. Data protection declaration for paying with Stripe: https://stripe.com/de/privacy
Cookie statement: https://stripe.com/cookies-policy/legal

11.8 Klarna, Klarna Bank AB, is a European external processor and located at Sveavägen 46, 111 34 Stockholm, Sweden. Data protection declaration for paying with Klarna: http://cdn.klarna.com/1.0/shared/content/legal/terms/Klarna/en_gb/privacy.
Cookie statement: https://www.klarna.com/uk/cookie-policy/

11.9 Google (also operator of YouTube) is certified under the Privacy Shield agreement and thus provides a guarantee for complying with European data protection regulations (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). Data protection declaration: https://policies.google.com/privacy
Cookie statement: https://policies.google.com/technologies/cookies?hl=en

11.10 Amazon is certified under the Privacy Shield agreement and thus provides a guarantee for complying with European data protection regulations: https://www.privacyshield.gov/participant?id=a2zt0000000TOWQAA4&status=Active Data protection declaration for logging in with Amazon: https://www.amazon.de/gp/help/customer/display.html/ref=footer_privacy?ie=UTF8&nodeId=3312401 Data protection declaration for paying with Amazon Pay: https://pay.amazon.com/de/help/201751600
Cookie statement: https://pay.amazon.de/help/201751620

12. Verification of Purchase / Verification of Customer Account (Photographing Identification Documents)

12.1 Where necessary, we process photographs of you and identification documents when delivering the products in order to meet our contractual obligations and perform services (transmitted via form by the user) pursuant to Art. 6 para. 1 lit f) GDPR.

12.2 In the course of accessing digital products not involving physical delivery, based on our justified interests (prevention of fraud) we may require additional identification from the user in order to protect ourselves from unwarranted product retrievals (deliveries and thus contract performances). Triggered by, among other things, the sum of your shopping cart or the products or services chosen (possibly products with a high frequency of frauds), our customer service staff bound to secrecy and trained accordingly processes the photographs transmitted via form by the user.

12.3 Deletion takes place after legal guarantee obligations and similar obligations expired, the necessity of storing the data is checked for on a regular basis; in case of legal archiving obligations, deletion takes place after their expiration (end of storage obligations according to commercial law (6 years) and tax law (10 years)); Information in the customer account remains until its deletion.

13. Making Contact and Return Requests

13.1 When contacting us (via contact form, return form, or e-mail), the user’s information are processed in order to handle the contact request and its settlement pursuant to Art. 6 para. 1 lit. b) GDPR.

13.2 We delete the requests once they are no longer needed. We check for that necessity on a regular basis; We save requests of customers who already have a customer account permanently and regarding their deletion refer to the information on customer accounts. In case of legal archiving obligations, deletion takes place after their expiration (end of storage obligations according to commercial law (6 years) and tax law (10 years)).

14. Comments and Posts

14.1 Whenever users leave comments, ratings, or other posts and inputs, their IP addresses will be saved on the basis of our justified interests in the sense of Art. 6 para. 1 lit. f. GDPR.

14.2 This happens for the sake of our security, in case somebody leaves unlawful content in comments and posts (insults, forbidden political propaganda, etc.). In this case, we can be held responsible for the comment or post and thus have an interest in the author’s identity.

15. Gathering of Access Data and Log Files

15.1 On the basis of our justified interests in the sense of Art. 6 para. 1 lit. f GDPR, we gather data upon every access to the server this service is hosted on (so-called server log files). Among the access data are name of the accessed website, file, date and time of access, volume of data transmitted, notification on success of access, browser type along with version, the operating system of the user, referrer URL (the previously visited website), IP address, and the provider issuing the request.

15.2 For security reasons (e.g. for clarifying cases of misuse or fraud), log file information is stored for a duration of 30 days at maximum before being deleted. Data required to be stored for evidence purposes are excluded from deletion until the respective incident is resolved conclusively.

16. Online Presences on Social Media and Rating Platforms

16.1 On the basis of our justified interests in the sense of Art. 6 para. 1 lit. f. GDPR, we run online presences within social networks and platforms (e.g. Instagram, Twitter, Facebook, YouTube, Xing, LinkedIn, TrustPilot) to be able to communicate with the customers, interested persons, and users active there and inform them about our services. When accessing the respective websites, the terms of use and data protection guidelines of the respective operators apply.

16.2 Insofar as not stated differently within our data protection information, we process data of users if they communicate with us within the social networks and platforms, e.g. by writing posts resp. ratings and comments on our online presences or sending us messages.

17. Cookies & Range Measurement

17.1 Cookies are information transferred from our web server or web servers of third parties to users’ web browsers and saved there for a later retrieval. Cookies can be tiny files or other means of information storage.

17.2 We use cookies, as well as so-called “session cookies”, placed for only the duration of the current visit on our online presence (e.g. to make saving your login status and thus the usage of our online offer possible in the first place). A randomly generated identification number is placed in the session cookie, the so-called session ID. Moreover, a cookie contains information on its origin and storage period. These cookies are unable to save any other data. Session cookies are deleted once you end the usage of our online offer and, for instance, log out or close the browser.

17.3 In the course of this data protection information, the users are informed on the usage of cookies in the course of pseudonymous range measurement.

17.4 Should users not want cookies to be saved on their computer, we kindly ask them to deactivate the respective option in the settings of their browser. Saved cookies can be deleted in the settings of the browser. Turning off cookies may result in a limitation of features of this online offer.

17.5 You may object to the usage of cookies serving range measurement and advertising purposes via the deactivation site of the Network Advertising Initiative (http://optout.networkadvertising.org/) and additionally the US-American website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

17.6 Insofar as our customers use payment services of third parties (e.g. PayPal, Stripe, Klarna), the terms of use and data protection declarations of the respective provider apply, which are accessible within the respective websites resp. transaction applications. These providers can also use cookies, more information on their use of cookies can also be found within the respective websites resp. transaction applications (often called “cookie statement”, “cookie policy” or “use of cookies”).

Paypal: https://www.paypal.com/de/webapps/mpp/ua/cookie-full

Stripe: https://stripe.com/cookies-policy/legal

Klarna: https://www.klarna.com/uk/cookie-policy/

Amazon Pay: https://pay.amazon.de/help/201751620

18. Google Analytics

18.1 On the basis of our justified interests (i.e. an interest in analyzing, optimizing, and economically running our online offer in the sense of Art. 6 para. 1 lit. f. GDPR), we deploy Google Analytics, an advertising analysis service by Google LLC (“Google”). Google uses cookies. The information on the user’s usage of the online offer generated by the cookie will normally be sent to a Google server in the USA and saved there.

18.2 Google is certified under the Privacy Shield agreement and thus provides a guarantee for complying with European data protection regulations (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

18.3 Google will use this information on our behalf to assess the usage of our online offer by the users, to file reports on the activities within this online offer, and to provide us with further services connected to this online offer and the usage of the internet. In doing so, pseudonymous usage profiles of the users can be created from the processed data.

18.4 We deploy Google Analytics in order to display advertisements placed by advertisement services of Google and its partners only to such users who actually showed an interest in our online offer or who show certain characteristics (e.g. interest in certain topics or products determined by websites visited previously) we transmit to Google (so-called “remarketing audiences” resp. “Google Analytics audiences”). We use remarketing audiences also in an attempt to make sure our advertisements match with the potential interests of the users rather than annoy them.

18.5 We deploy Google Analytics only with an activated IP anonymization. That means that the IP address of users will be shortened within member states of the European Union or other contractual states of the European Economic Area. Only in exceptional cases will the IP address be transmitted to a Google server in the USA and shortened there.

18.6 The IP address transmitted by the user’s browser will not be merged with other data from Google. Users may prevent the saving of cookies by configuring their browser software accordingly; Additionally, users may prevent the gathering of data generated by the cookie and regarding the usage of the online offer by Google as well as the processing of these data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

18.7 Further information on the data usage by Google, possible configurations and objections can be learned on Google’s websites: https://www.google.com/intl/de/policies/privacy/partners (“Google’s Data Usage When You Use Websites or Apps of Our Partners”), https://policies.google.com/technologies/ads (“Data Usage for Advertising Purposes”), https://adssettings.google.com/authenticated (“Administer the Information Google Uses to Show You Advertisements”).

18.8 Besides, personal data will get anonymized or deleted after 14 months passed.

19. Google Re/Marketing Services

19.1 On the basis of our justified interests (i.e. an interest in analyzing, optimizing, and running our online offer economically in the sense of Art. 6 para. 1 lit. f. GDPR), we deploy the marketing and remarketing services (in short “Google marketing services”) by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”).

19.2 Google is certified under the Privacy Shield agreement and thus provides a guarantee for complying with European data protection regulations: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

19.3 Google marketing services allow us to show advertisements for and on our website in a more targeted manner to present users only advertisements that might actually meet their interests. If a user e.g. is shown advertisements for products he showed an interest for on other websites, that is called “remarketing”. For this purposes, when accessing our website or others on which Google marketing services are activated, a code is run directly by Google and so-called (re)marketing tags (invisible graphics or code, also referred to as “web beacons”) are implemented into the website. By their means, an individual cookie, i.e. a tiny file, is saved on the user’s device (instead of cookies, comparable technologies can also be used). The cookies can be placed by various domains, among them google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. In this file will be logged which websites the user visited, which contents they showed interest in, and which offer they clicked on, along with technical information regarding browser and operating system, referring websites, times of visits, as well as further information on the usage of the online offer. Besides, the IP address of the user will be gathered, while for what Google Analytics is concerned it has to be noted that the IP addresses get shortened within member states of the European Union or other contractual members of the European Economic Area agreement and will only in exceptional cases be transmitted to a Google server in the USA as a whole to be shortened there. The IP address will not be merged with other data of the user from other services by Google. The previously listed information can also be merged by Google with information from other sources. When visiting other websites afterwards, advertisements tailored to them according to their interests can be shown to the user.

19.4 The users’ data are processed pseudonymously in the course of the Google marketing system. I.e. Google saves and processes e.g. not the name or e-mail address of the user but processes the relevant data within pseudonymous user profiles and based on cookies. I.e. from Google’s point of view, advertisements are not administrated and shown to concretely identified persons but to cookie holders, independent of who that cookie holder might be. This does not apply if the user explicitly allowed Google to process the data without this anonymization. The information gathered on the users by Google marketing services are transmitted to Google and saved on Google servers in the USA.

19.5 Among the Google marketing services deployed by us is, along with others, the online advertisements program “Google AdWords”. In case of Google AdWords, every AdWords customer receives an individual “conversion cookie”. Thus, cookies cannot be tracked via the websites of AdWords customers. The information gathered by means of this cookie serves the purposes of creating conversion statistics for AdWords customers who opted for conversion tracking. The AdWords customers learn the total number of users who clicked on their advertisements and were directed to a site tagged with a conversion tracking tag. They do, however, not receive any information suitable for personally identifying users.

19.6 We deploy the “Google Tag Manager” in order to implement Google’s analytic and marketing services into our website and administer these and other external services.

19.7 Further information on the data usage for marketing purposes by Google can be found on the overview site: https://policies.google.com/technologies/ads, Google’s data protection declaration is accessible under https://policies.google.com/privacy.

19.8 If you wish to object to the advertising based on interests using Google marketing services, you are free to use the possibilities of configuring and opting-out provided by Google: https://adssettings.google.com/authenticated.

20. Third Party Widgets

We make use of certain third-party widgets on our website in order to enhance the experience, namely; YouTube video embeds and social media widgets/buttons.

These widgets may collect your IP address, your web browser User Agent, store and retrieve cookies on your browser, embed additional tracking, and monitor your interaction with the widget, including correlating your social media account with whatever action you take within the widget, if you are logged in to that network. For more information about how this data may be used, please see the associated data privacy policy below:

YouTube: https://support.google.com/youtube/answer/7671399?p=privacy_guidelines
Instagram: https://help.instagram.com/519522125107875
Twitter: https://twitter.com/en/privacy#update
Facebook: https://www.facebook.com/about/privacy/update
LinkedIn: https://www.linkedin.com/legal/privacy-policy

21. Jetpack (WordPress Stats)

21.1 On the basis of our justified interests (i.e. an interest in analyzing, optimizing, and economically running our online offer in the sense of Art. 6 para. 1 lit. f. GDPR), we use the plugin Jetpack (specifically the subfunction “Wordpress Stats”), implementing a tool to statistically assess visitor accesses and run by Automattic, Inc. 132 Hawthorne Street San Francisco, CA 94107, USA. Jetpack uses so-called “cookies”, text files that are saved on your computer and allow for analyzing your usage of the website.

21.2 Automattic is certified under the Privacy Shield agreement and thus provides a guarantee for complying with European data protection regulations (https://www.privacyshield.gov/participant?id=a2zt0000000CbqcAAC&status=Active).

21.3 The information on your usage of this online offer generated by the cookie gets saved on a server in the USA. In the process, usage profiles of the users can be generated from the processed data, these profiles are only used for analyzing and not advertising purposes. You can find further information in the data protection declaration of Automattic: https://automattic.com/privacy/ and information on Jetpack cookies: https://jetpack.com/support/cookies/.

22. WooCommerce

22.1 On the basis of our justified interests (i.e. an interest in analyzing, optimizing, and economically running our online offer in the sense of Art. 6 para. 1 lit. f. GDPR), we use the plugin WooCommerce. This is a tool to process and manage Product, Cart, and Checkout pages, Secure payments, tax calculations and shipping options. It is run by Automattic, Inc. 132 Hawthorne Street San Francisco, CA 94107, USA. WooCommerce uses so-called “cookies”, text files that are saved on your computer and allow for analyzing your usage of the website.

22.2 Automattic is certified under the Privacy Shield agreement and thus provides a guarantee for complying with European data protection regulations (https://www.privacyshield.gov/participant?id=a2zt0000000CbqcAAC&status=Active).

22.3 The information on your usage of this online offer generated by the cookie gets saved on a server in the USA. In the process, usage profiles of the users can be generated from the processed data, these profiles are only used for analyzing and not advertising purposes. You can find further information in the data protection declaration of Automattic: https://automattic.com/privacy/ and information on WooCommerce cookies: https://docs.woocommerce.com/document/woocommerce-cookies/.

23. Newsletter

23.1 The now following information will inform you about the contents of our newsletter as well as the registration process, distribution process, and the statistical evaluation process as well as your rights of objection. By subscribing to our newsletter, you agree to receiving it and to the processes described.

23.2 Content of the newsletter: We send out newsletters, e-mails with advertising contents (hereinafter “newsletter“) only with consent of the receiver or another legal permission. Insofar as its contents are described concretely in the process of subscribing to the newsletter, they are definitive for the users’ consent. In addition, our newsletters contain information on our products, services, offers, special offers, discounts, and our company.

23.3 Double opt-in and logging: Subscribing to our newsletter happens using the so-called double opt-in method. This means after you subscribed, you receive an e-mail asking you to confirm your registration. This confirmation is necessary in order to ensure nobody can subscribe with other people’s e-mail addresses. The registrations for our newsletter are logged in order to be able to proof the registration process in accordance with the legal obligations. Part of this is saving the times of registration and confirmation, the communication data, as well as the IP address. Any changes to your data saved at the sending provider will also be logged.

23.4 Sending provider: Sending the newsletters takes place using „Newsletter (The Newsletter Plugin)“, a newsletter WordPress-plugin by The Newsletter Plugin Web Agile S.a.s. di Fietta Roberto, VAT# IT-03809490240. The data protection regulations of the sending provider can be seen here: https://www.thenewsletterplugin.com/documentation/subscription/gdpr-compliancy/. However, as you can read under paragraph 1 (currently at 2020-08) they do “… not transfer any data to any services of our company. Therefore, a Data Processing Agreement (DPA) is not needed…”.

23.5 Furthermore, the sending provider, according to their own information, may use these data pseudonymizedly, i.e. without attributing it to a user, in order to optimize or improve their own services, e.g. for technical optimizations of the sending and displaying of the newsletters or for statistical purposes in order to determine which countries the receivers are from. The sending provider does, however, not use the data of our newsletter receivers to write to them itself nor to pass them on to third parties.

23.6 Registration data for the newsletter are gathered and processed during the registration process of the customer account, they consist of e-mail address, form of address if provided, and surname and forename.

23.7 Performance measurement – The newsletters contain a so-called “web beacon“, i.e. a pixel sized file that gets opened when the newsletter is accessed from the server of the sending provider. In the course of this accessing, first of all technical information, such as information on your browser and system as well as your IP address and time of access, is gathered. This information is used for technical improvements of the services based on the technical data or on the target audience and their reading behavior based on their places of retrieval (that can be determined by means of the IP address) or times of access. Part of the statistical gathering, among other things, is also checking whether the newsletter are opened, when they are opened, and which links are clicked. While this information for technical reasons can be assigned to individual receivers of newsletters, neither we nor our sending provider have any aspiration to observe individual users. The cumulated assessments much rather serve the purpose of realizing the reading habits of our users and tailoring our contents to suit them or sending out different contents depending on our users’ interests.

23.8 Sending the newsletter and measuring the performance happen on the basis of consent of the receivers pursuant to Art. 6 para. 1 lit. a, Art. 7 GDPR in conjunction with § 7 section 2 No. 3 UWG (Gesetz gegen den unlauteren Wettbewerb, law against unfair competition) resp. on the basis of legal permission pursuant to § 7 section 3 UWG.

23.9 The logging of the registration process takes place on the basis of our justified interests pursuant to Art. 6 para. 1 lit. f GDPR and serves the purpose of proving the consent to receiving the newsletter.

23.10 Cancellation/revocation – Receivers of the newsletter may cancel the reception of our newsletter at any moment, i.e. they may revoke their consent. A link to cancelling the newsletter can be found at the end of every newsletter. Your consent to the performance measurement gets terminated at the same time. A separate revocation of the performance measurement, unfortunately, is not possible, in this case the entire newsletter subscription must be canceled. Upon unsubscribing from the newsletter, all personal data gets deleted, unless their storage is called for or justified by law, while their processing in this case will be limited to these exceptional cases. Most notably, we may store unsubscribed e-mail addresses for a duration of up to three years based on our justified interests before deleting them for purposes of sending the newsletters in order to be able to proof a formerly existing consent. Processing these data gets limited to the purpose of a potential defense against legal claims. An individual request for deletion is possible at any time if at the same time the former existence of a consent gets confirmed.

24. Implementation of Third Party Services and Contents

24.1 On the basis of our justified interests (i.e. an interest in analyzing, optimizing, and economically running our online offer in the sense of Art. 6 para. 1 lit. f. GDPR), we deploy content offers and service offers of third party providers within our online offer in order to implement their contents and services such as videos or fonts (hereinafter consistently referred to as “contents”). This always necessitates the third party providers of these contents to take note of the IP address of the users, since without the IP address they would be unable to send the contents to their browsers. Thus the IP address is necessary for delivering these contents. We try our best to use only contents of providers who use the IP address only to deliver their contents. Third party providers may also use so-called pixel tags (invisible graphics also referred to as “web beacons”) for statistical or marketing purposes. By means of pixel tags, information such as visitor traffic on this website’s pages can be evaluated. Besides, the pseudonymous information can be saved in form of cookies on the users’ device and, among other things, receive technical information regarding the browser and operating system, referring websites, visiting time, as well as further information on the usage of our online offer, and may also be merged with information from other sources.

24.2 The following description offers an overview of third party providers as well as their contents along with links to their data protection declarations, containing further information on data processing and, partly already mentioned here, possibilities of objection (so-called opt-out):

25. How to contact us

The owner of this website and the data controller responsible for your personal information for the purposes of the applicable European Union data protection law is:


Email: info@subliminalspace.com
or
Contact Us