PRIVACY STATEMENT & DATA PROTECTION
Security and safeguard of your personal data
We consider it our urgent task to to ensure the security, integrity and privacy of the information you have provided and to protect it against unauthorised access. We value your trust and thus make every effort and use the highest security standards to ensure that we protect your personal data.
As a business we are liable to the regulations of the Federation Data Protection Law (BDSG) and the European General Data Protection Regulation (GDPR).
We have taken the technical and organizational steps necessary to protect personal data from loss, destruction, manipulation and unauthorized access.
Definitions (GDPR) – Article 4
For the purposes of this Regulation:
1. ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
2. ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
3. ‘restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future;
4. ‘profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
5. ‘pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
6. ‘filing system’ means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis;
7. ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
8. ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
9. ‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
10.‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
11.‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
12.‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
13.‘genetic data’ means personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question;
14.‘biometric data’ means personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data;
15.‘data concerning health’ means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status;
16.‘main establishment’ means:
1. as regards a controller with establishments in more than one Member State, the place of its central administration in the Union, unless the decisions on the purposes and means of the processing of personal data are taken in another establishment of the controller in the Union and the latter establishment has the power to have such decisions implemented, in which case the establishment having taken such decisions is to be considered to be the main establishment;
2. as regards a processor with establishments in more than one Member State, the place of its central administration in the Union, or, if the processor has no central administration in the Union, the establishment of the processor in the Union where the main processing activities in the context of the activities of an establishment of the processor take place to the extent that the processor is subject to specific obligations under this Regulation;
17.‘representative’ means a natural or legal person established in the Union who, designated by the controller or processor in writing pursuant to , represents the controller or processor with regard to their respective obligations under this Regulation;
18.‘enterprise’ means a natural or legal person engaged in an economic activity, irrespective of its legal form, including partnerships or associations regularly engaged in an economic activity;
19.‘group of undertakings’ means a controlling undertaking and its controlled undertakings;
20.‘binding corporate rules’ means personal data protection policies which are adhered to by a controller or processor established on the territory of a Member State for transfers or a set of transfers of personal data to a controller or processor in one or more third countries within a group of undertakings, or group of enterprises engaged in a joint economic activity;
21.‘supervisory authority’ means an independent public authority which is established by a Member State pursuant to ;
22.‘supervisory authority concerned’ means a supervisory authority which is concerned by the processing of personal data because:
1. the controller or processor is established on the territory of the Member State of that supervisory authority;
2. data subjects residing in the Member State of that supervisory authority are substantially affected or likely to be substantially affected by the processing; or
3. a complaint has been lodged with that supervisory authority;
23.‘cross-border processing’ means either:
1. processing of personal data which takes place in the context of the activities of establishments in more than one Member State of a controller or processor in the Union where the controller or processor is established in more than one Member State; or
2. processing of personal data which takes place in the context of the activities of a single establishment of a controller or processor in the Union but which substantially affects or is likely to substantially affect data subjects in more than one Member State.
24.‘relevant and reasoned objection’ means an objection to a draft decision as to whether there is an infringement of this Regulation, or whether envisaged action in relation to the controller or processor complies with this Regulation, which clearly demonstrates the significance of the risks posed by the draft decision as regards the fundamental rights and freedoms of data subjects and, where applicable, the free flow of personal data within the Union;
25.‘information society service’ means a service as defined in point (b) of Article 1(1) of of the European Parliament and of the Council (¹);
26.‘international organisation’ means an organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries.
Lawfulness of processing – Article 6
Processing shall be lawful only if and to the extent that at least one of the following applies:
1. the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
2. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
3. processing is necessary for compliance with a legal obligation to which the controller is subject;
4. processing is necessary in order to protect the vital interests of the data subject or of another natural person;
5. processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
6. processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
Information on the collection, processing and usage of your personal data
Collection of your personal data when visiting our website
The provider of this website automatically collects and saves data, the so called server-logfiles. These server-logfiles are provided by your browser, contain non-personal information and are not assignable to a specific individual. This logfiles are necessary to run the website safe and stable. Server-logfiles are:
- browser type
- utilised operating system
- referrer URL
- hostname of the accessing computer
- data and time of the server request
- IP address
- time zone difference
- access status/HTTP statuscode
- data volume transferred
Further functions and offers of our website
Use of our online academy
If you plan to use our online academy (quality-fx-academy.com) you need a personal customer account which can be accessed with your website and a personal password which is provided automatically at the sign up process.
Your access data for our online academy is saved unlimited to ensure you have unlimited access to your product and account. If you wish to delete this data simply contact us and we will delete all personal data except for data which is needed e.g. for tax documentation etc.
Purchase of our services/products
On our website you can find products and services which are linked to digistore24.com (Digistore24 GmbH, St.-Godehard-Straße 32, 31139 Hildesheim, Germany). Digistore24 is the vendor of these products/services, we are the manfucaturers. We do not operate our own shop and use payment providers only.
If you need further information about the processing of personal data through digistore24.com please contact digistore24 or go to www.digistore24.com.
If you want to subscribe to our newsletter provided on this website, we need to have your valid e-mail-address as well as information that allows us to check that you are the owner of the email address providedor the owner is in agreement with receiving the newsletter. We will not save any further data. The data will be used for the newsletter sending service only and will not be passed to third-parties. Your personal data will also be deleted without your revocation as soon as you cancel the newsletter or revoke your consent to save the data. You can recall the dispatch of the newsletter any time, e.g. by clicking on "unsubcribe from mailing list".
At this time, we use the emailprovider The Rocket Science Group LLC d/b/a MailChimp ("Mailchimp"). A proper data processing is secured by a lawful data processing agreement between Mailchimp and the owner of this website and can be reviewed on request.
Rights of the data subject
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
a) the purposes of the processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
f) the right to lodge a complaint with a supervisory authority;
g) where the personal data are not collected from the data subject, any available information as to their source;
h) the existence of automated decision-making, including profiling, referred to in (1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
b) the data subject withdraws consent on which the processing is based according to point (a) of (1), or point (a) of (2), and where there is no other legal ground for the processing;
c) the data subject objects to the processing pursuant to (1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to (2);
d) the personal data have been unlawfully processed;
e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
f) the personal data have been collected in relation to the offer of information society services referred to in (1).
(1) Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
(2) Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
a) for exercising the right of freedom of expression and information;
b) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
c) for reasons of public interest in the area of public health in accordance with points (h) and (i) of (2) as well as (3);
d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with (1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
e) for the establishment, exercise or defence of legal claims.
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
a) the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and
b) the processing is carried out by automated means.
In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others.
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
At the latest at the time of the first communication with the data subject, the right referred to in paragraphs 1 and 2 shall be explicitly brought to the attention of the data subject and shall be presented clearly and separately from any other information.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.
Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1), the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
Paragraph 1 shall not apply if the decision:
a) is necessary for entering into, or performance of, a contract between the data subject and a data controller;
b) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or
c) is based on the data subject’s explicit consent.
In the cases referred to in points (a) and (c) of paragraph 2, the data controller shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
Decisions referred to in paragraph 2 shall not be based on special categories of personal data referred to in Article 9(2)1), unless point (a) or (g) of Article 9(2) applies and suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests are in place.
Should you have questions concerning personal data that were are not able to answer by this privacy statement, please contact us via the address provided in our imprint. For more information and detailed infos about your rights visit this website: https://gdpr-info.eu/
Use of Social-Media-Plugins
This website use plugins for the Facebook.com social networking site which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland. The Facebook-plugins are identified by one of the Facebook logos or by the Facebook Social Plugin or the 'thumbs-up' sign. Over here you can find an overview about all Facebook-Plugins: https://developers.facebook.com/docs/plugins/
If you visit our website a direct connection between your browser and the Facebook-server will be set up. Facebook receives the information that you visit our website with your IP-address. If you click the 'Thumbs-up' button while you are logged into your Facebook-account, contents from this website can be linked in your Facebook-profile and Facebook can allocate the visit to your Facebook-account. We point out that we have no information about the contents of the transmitted data used by Facebook. More information about data protection of Facebook can be found here: https://www.facebook.com/policy.php .
If you do not wish that Facebook allocates your visit of this website please log-out of your Facebook-account while using this website. Another way to protect your data is to update your Facebook-profile preferences via your Facebook profile setting or the US-American wesite http://www.youronlinechoices.com/ or the European website http://www.aboutads.info/choices/. The settings are platform-independet and will be adopted to all devices.
Facebook is a certified member of the Privacy-Shield-Agreement and guarantees to comply with the European privacy law.
b. Facebook Pixel
This website also uses a 'conversation-tracking'-plugin which is called 'Facebook-Pixel' for the Facebook.com social networking site which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland. Facebook Pixel is an analysing tool with which we can measure the effectivity of our advertising activities on Facebook.com. Facebook Pixel tracks the activity of the Facebook user on external websites where the Facebook Pixel is activated on. Facebook Pixel helps us to analyse, understand and improve our advertising activities on Facebook.com. For example the Facebook Pixel can track if a user has signed up to a newsletter.
According to the European General Data Protection Regulation the user has to agree the use of his data trough Facebook Pixel. Therefore we have set-up an opt-in function which the website user has to agree before any data is collected. Once the user agree the use of his/her data through Facebook Pixel data is collected and processed by Facebook Pixel.
If you have opted-in for the Facebook Pixel and you want to opt-out (disagree the use of your data) use this opt-out function below this text.
We point out that we have no information about the contents of the transmitted data used by Facebook. More information about data protection of Facebook can be found here: https://www.facebook.com/policy.php .
Facebook is a certified member of the Privacy-Shield-Agreement and guarantees to comply with the European privacy law.
This website uses functions of the Social-Media-Service Instagram which are provided by Instagram Inc., 1601 Willow Road, Menlow Park, CA, 94025, USA. If you click the 'Thumbs-up' button while you are logged into your Instagram-account, contents from this website can be linked in your Instagram-profile and Instagram can allocate the visit to your Instagram-account. We point out that we have no information about the contents of the transmitted data used by Instagram. More information about data protection of Instagram can be found here: https://instagram.com/about/legal/privacy/.
This website uses SSL-encryption in order to save a secure data transfer of sensitive data. The SSL-encryption can be recognized by the lock-symbol in the address-bar of your browser and by the address-bar-prefix "https://". If the SSL-encryption is activated, data can not be read by third-parties.
Google Analytics Abbendum
website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files saved on your computer, to help the website
analyze how you use the site. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States. If this website
anonymizes IP addresses, your IP address will be truncated by Google within a EU member state or other EEA state before being transmitted to the US. Only in exceptional situations will your full
IP address be transmitted to Google servers in the United States and truncated there. Google will use this information for the purpose of evaluating your use of the website, compiling reports on
website activity for website operators and providing other services relating to website activity and internet usage. Google will not associate your IP address with any other data held by Google.
By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above. You can also prevent Google from collecting information
(including your IP address) via cookies and processing this information by downloading this browser plugin and installing it: http://tools.google.com/dlpage/gaoptout
You can prevent data collection via Google Analytics by clicking here. An "Opt-out Cookie" shall then be applied to your website which shall prevent any future collection of your data when visiting this website.
Further information concerning the terms and conditions of use and data privacy can be found at the Google Analytics Terms of Service or at the Google Analytics Privacy Overview. Please note that on this website, Google Analytics is supplemented by "gat._anonymizeIp();" to ensure anonymized collection of IP addresses (IP masking).
the reCAPTCHA service provided by Google Inc. (Google) to protect your submissions via internet submission forms on this site. This plugin checks if you are a person in order to prevent certain
website functions from being (ab)used by spam bots (particularly comments). This plugin query includes the sending of the IP address and possibly other data required by Google for the Google
reCAPTCHA service. For this purpose your input will be communicated to and used by Google. However, your IP address is previously truncated by Google within member states of the European Union or
in other states which are party to the agreement on the European Economic Area and is, as such, anonymized. Only in exceptional cases is a full IP address transmitted to a Google server in the
United States and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of this service. The IP address provided by reCaptcha from your
browser shall not be merged with any other data from Google.
By using the reCAPTCHA service, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
External data processing providers