Privacy Policy

Privacy Policy for the website https://froach.de

as at 02.09.2021

  1. Introduction/Preamble

Data protection is an important concern for us and your trust is our highest priority! Therefore, we will always treat your personal data with confidentiality and, of course, comply to all applicable data protection regulations. We therefore only process your personal data insofar as this is permitted by law or you have given us your consent to do so. 

In this Privacy Policy you will learn:

  • The way we handle personal data on the Internet.

  • What information is collected and analysed about visitors to our website.

  • Whether and how this information is used, passed on or otherwise processed.

This Privacy Policy applies to your visit to our website; it does not apply to other offers and services we may provide.

  1. Person responsible

This Privacy Policy applies to data processing by us as the responsible Party (“Verantwortlicher”) pursuant to Article 4 (7) of the General Data Protection Regulation („DSGVO“). Our contact details are:

 

Froach Media GmbH

Friedenstr. 92

10249 Berlin

 

Commercial Register Court: AG Berlin

Commercial Register Number: HRB 137240 B

Represented by: Agnieszka Sarnecka (Managing Director)

Sales tax ID: DE279931492 

 

Contact: info@froach.de

Phone: +49 (0)30 679 50 840 

  1. Data Protection Officer

You can reach the Data Protection Officer appointed by us under: 

 

comp/lex – Data Protection Officers

Attorney at law Dr. Jochen Notholt

Lindwurmstrasse 10

80337 Munich.

 

Contact: datenschutz@froach.eu

Fax: +49 89 41614295-9

  1. Terminology Definitions

Unless this Privacy Policy contains or implies a different definition, reference is made to the definitions in Art. 4 GDPR („DSGVO“) with regard to the terms used.

  1. Processing of personal data

    1. When accessing our website

When accessing our website, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data:

  • IP address

  • Date and time of the request

  • Time zone difference to Greenwich Mean Time (GMT)

  • Content of the request (specific page)

  • Access status/HTTP status code

  • Amount of data transferred in each case

  • Web page from which the request originates

  • Browser 

  • Operating system and its interface

  • Language and browser software version

This data is functionally required for us  in order to display and provide you with our website. The legal basis for this processing is Art. 6 para. 1(1) lit. f GDPR („DSGVO“). This data is stored for security reasons (e.g. to clarify acts of abuse or fraud) for a maximum of 14 days and then deleted. Data whose further storage is required for evidentiary purposes is exempt from deletion until the final clarification of the respective incident. The hosting service provider we use, Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany, processes personal data on our behalf and within the scope of our instructions as a so-called processor (“Auftragsverarbeiter”) pursuant to Art. 28 GDPR („DSGVO“).

 

  1. For Retrieval and Setting of Cookies

Our website partly uses so-called cookies. Cookies are small data records that are stored on your end device and saved by your browser. Cookies serve our legitimate interest to analyze the use of the website in order to make our website more user-friendly and effective as well as to advertise and offer our services more optimally. 

Some of the cookies used are so-called session cookies. These are automatically deleted after the end of your visit. Other cookies remain stored on your end device until you delete them.

Furthermore, you can so configure your browser that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser.

On our website, you will also find a link to cookie settings in the footer, whereby you can access further information as well as adjust your cookie settings in relation to our website at any time (for example: grant / revoke consent).

If cookies are deactivated, the functionality of this website may be limited (for example: shopping cart function, etc.).

The following cookies may be set (see also the further points under clause 5 of this privacy policy for particular functions):

Name

Domain

Purpose

Privacy Notice

Duration

_pk_id.10.41db

www.froach.de

Cookie of Matomo for website analytics. Generates statistical data about how the visitor uses the website.

https://matomo.org/docs/gdpr/ 

13 Months

_pk_ref.10.41db

www.froach.de

Cookie of Matomo for website analytics. Generates statistical data about how the visitor uses the website.

https://matomo.org/docs/gdpr/ 

Session

_pk_ses.10.41db

www.froach.de

Cookie of Matomo for website analytics. Generates statistical data about how the visitor uses the website.

https://matomo.org/docs/gdpr/ 

Session

woocommerce_cart_hash, woocommerce_items_in_cart, wp_woocommerce_session_, woocommerce_recently_viewed, store_notice[notice id]

WooCommerce

Cookies

Helps WooCommerce detect when the cart content/data changes. Contains a unique code for each Customer so WooCommerce knows where to find the cart data in the database for each customer. Allows Customers to hide the store notifications.

https://docs.woocommerce.com/document/woocommerce-cookies/

Session / 2 Days

NID

YouTube, google.com

Is used to unlock YouTube content

https://policies.google.com/privacy

6 Months

Borlabs Cookie Banner

www.froach.de

Stores the settings of the visitor, which were selected in the cookie box of Borlabs Cookie.

https://borlabs.io/borlabs-cookie/

1 Year

_icl_*, wpml_*, wp-wpml_*

www.froach.de

Stores the current language.

https://www.froach.de/datenschutz/

1 Day

 

The use of cookies is based on Art. 6 para. 1(1) lit. f GDPR („DSGVO“), unless you have given your consent. In the case of consent, the legal basis is Art. 6 para. 1(1) lit. a GDPR („DSGVO“) and Art. 7 GDPR („DSGVO“).

 

  1. Without the use of these cookies, the website offer as well as its access and use by you are functionally not possible.Use analysis through Matomo – local hosting

We use technology from Matomo (formerly: PIWIK) to analyze the use of our website (number of visitors, click-rates, ads monitoring). Therefore, we process the following data for analysis purposes using the analysis tool Matomo, on a locally hosted basis. Used for this purpose are Cookies, which enable the recognition of your Internet browser. These store the following data:

  • IP address (anonymized)

  • Date and time of the request

  • Operating system and its interface

  • Website from which the request originates

Right to object: You can object to data processing with the purpose of creating a pseudonymized user profile at any time with effect for the future. If you would like to exercise your right to object, you can notify us by sending an e-mail to datenschutz@froach.eu. Alternatively, you can also use the contact data mentioned above in clause 2.

The processing of your personal data enables us to analyze your interaction behavior with the website. By evaluating the data obtained, we are able to compile information about the use of various components of our website. This helps us to continuously improve our website and its user-friendliness. In these purposes also lies our legitimate interest in processing the data according to Art. 6 para. 1(1) lit. f GDPR (“DSGVO”). By anonymizing the IP address, your interest in the protection of your personal data is sufficiently taken into account. The legal basis for this processing is Art. 6 para. 1(1) lit. f GDPR (“DSGVO”).

The data is deleted as soon as it is no longer required for the analysis purposes. We review the necessity every 6 months.

 

  1. For consent management – Borlabs Cookie Consent Management

The service Borlabs Cookie Consent Management of the company Borlabs, Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg, Germany (https://de.borlabs.io/borlabs-cookie/) is used on our website for the purpose of consent management. In this context, the following data is processed: Opt-in and opt-out data, Consent ID, time of consent. The processing is necessary to comply with our legitimate interest and our legal obligations (proof and documentation of consent). The legal basis is Art. 6 para. 1(1) lit. c GDPR („DSGVO“) or Art. 6 para. 1(1) lit. f GDPR („DSGVO“).

 

  1. Accessing Videos – YouTube

We partially use videos from the YouTube platform of the third-party provider Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and companies affiliated with Google. For users who have their habitual residence in the European Economic Area („EWR“) or Switzerland, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, EU is the responsible party for the Google services. Accordingly, Google Ireland Limited is the company affiliated with Google LLC whose services we embed and who must also comply with the General Data Protection Regulation.

Through the accessing of videos, a connection to the service providers and your end device is established as a technical requirement and cookies are only used after notification and consent on your part and finally also when playing the video. It is therefore third-party content.

We have implemented a do-not-track function along with so-called enhanced privacy mode for the video content. This means that data processing by the third-party providers only takes place after you activate this third-party content.

Privacy Policy Youtube: https://www.google.com/policies/privacy/  and https://support.google.com/youtube/answer/7671399?hl=de&ref_topic=2803240 

The legal basis is Art. 6  para. 1(1) lit. a GDPR (“DSGVO”).

 

  1. In the context of contacting us via e-mail

We process e-mails that you send to us and that we send to you using the services of our e-mail provider. In the context of e-mail communication, our e-mail provider processes your personal data (i.e. your e-mail address and the information you provide in the e-mail) on our behalf to enable us to communicate with you by e-mail or, if you are our customer, to process the contract. The processing of your personal data is based on Art. 6  para 1(1) lit. f or Art. 6 para 1(1) lit. b GDPR (“DSGVO”). We will delete this data, insofar it is no longer required and there are no legal obligations to the contrary. We review the necessity every twelve (12) months.

 

  1. In the context of contacting us via telephone

If you get into contact with us via telephone, we require personal data (e.g. name, telephone number, address or email address), in order to process your inquiry or request. The processing of your personal data is based on  Art. 6 para 1(1) lit. b GDPR (“DSGVO”). We will delete this data, insofar as it is no longer required and there are no legal obligations to the contrary. We review the necessity every six (6) months.

 

  1. In the context of contacting us via contact form

If you get into contact with us via contact form, email, we require personal data (e.g. name, contact information, etc.) in order to process your inquiry or request. This data processing is necessary to enable us to communicate with you or, if you are our customer, to process the contract. The processing of your personal data is based on Art. 6  para 1(1) lit. f or Art. 6 para 1(1) lit. b GDPR (“DSGVO”). We will delete this data, insofar it is no longer required and there are no legal obligations to the contrary. We review the necessity every six (6) months.

 

  1. BGM-Newsletter

When registering to receive our BGM newsletter, the data you provide will be used exclusively for this purpose of sending the newsletter to you. It is sufficient to provide an e-mail address. The data will be used exclusively for sending the newsletter and will not be passed on to third parties. The legal basis for the dispatch is your consent Art. 6  para.1(1) lit. a GDPR (“DSGVO”).

Our newsletters contain information about corporate health management and healthy break culture in the work environment as well as news about us. Insofar as its contents are specifically described when you register for the newsletter, these descriptions are conclusive for your consent to receive the newsletter. Subscribers to the newsletter will also be informed by e-mail about circumstances relevant to the service or registration (for example, changes to the newsletter offer or technical circumstances).

After registration, you will receive an e-mail asking you to confirm your registration (so-called “double-opt-in”). The background to this is the prevention of misuse of your e-mail address by third parties. The registration for the newsletter is logged in order to be able to prove the registration process in accordance with legal requirements. This includes the storage of the e-mail address, IP address, the time of registration and the time of confirmation. The legal basis for this is Art. 6 para 1(1) lit. f GDPR (“DSGVO”).

You can revoke your consent to the processing of personal data and its use for the newsletter dispatch at any time. In each newsletter you will find a corresponding link. In accordance with Art. 7 para. 3 GDPR (“DSGVO”) , you can revoke your consent at any time. As a consequence, we will no longer continue the data processing based on this consent in the future.  Please also see our explanations on your rights below in our privacy policy.

 

  1. Payment Service Provider Stripe

On our website we offer, inter alia, payment via Stripe and related payment options. These payment services are offered by Stripe Payments Europe Ltd., Block 4, Harcourt Centre, Harcourt Road, Dublin 2.

If you choose payment via Stripe, the payment data you enter along with information about your order will be transmitted to Stripe (such as name, address, account number, bank routing number, credit card number if applicable, invoice amount, currency and transaction number, passwords, TANS, checksums). Only the payment service provider, not we, receive account or credit card related information. If necessary, data will be transmitted by the payment service providers to credit agencies. The purpose of this transmission is to check identity and creditworthiness. In this regard and beyond, we refer to the terms and conditions that can be called up when using Stripe and the data protection information of the payment service provider. Further information can be found at https://stripe.com/de and on data protection at: https://stripe.com/de/privacy 

The processing of personal data happens on the legal basis of Art. 6 para 1(1) lit. fa (consent) or Art. 6 para 1(1) lit. b (processing of data for the performance of contract) or Art. 6 para 1(1) lit. f (legitimate interest: offering of efficient and secure payment options) GDPR (“DSGVO”).

Online Shop Plug-in WooCommerce

  1.  

On our website, we integrate the plug-in WooCommerce for wordpress, in the so-called Germanized version (see: https://vendidero.de/woocommerce-germanized) It adds the functionality of an online shop to the content management system. 

The legal basis is Art. 6 para 1(1) lit. b (processing for the performance of contract) or Art. 6 para 1(1) lit. f (legitimate interest: offering of the functionality of an online shop) GDPR (“DSGVO”).

 

  1. order processing via Printful

Order processing is carried out via the service provider “Printful” of Printful, Inc. 11025 Westlake Drive, Charlotte, NC28273, USA. For the processing of an online order, name and address, for example, are passed on to Printful in accordance with Art. 6 para 1(1) lit. b GDPR (“DSGVO”). T The transfer of personal data only takes place to the extent that this is actually necessary for the processing of the order. Details on the data protection of Printful and the privacy policy of Printful, Inc. can be viewed at https://www.printful.com/policies/privacy

  1. Data transfer to third countries

We will only process your data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) when it is necessary for the fullfilment of our (pre)contractual (“vorvertraglich”) obligations (pursuant to Art. 6 para 1(1) lit. B GDPR (“DSGVO”)), on the basis of your consent (according to Art. 6 para. 1(1) lit. a GDPR (“DSGVO”)), due to a legal obligation (according to Art. 6 para. 1(1) lit. c GDPR (“DSGVO”) or on the basis of our legitimate interest (in accordance with Art. 6 para. 1(1) lit. f GDPR (“DSGVO”). The same applies for the processing of data by third parties on our behalf, the disclosure of your personal data to third parties as well as its transfer to third parties.

Service providers that process personal data on our behalf in a third country are furthermore only used if an “adequacy decision” of the European Commission (Art. 45 GDPR („DSGVO”) exists for this third country, “appropriate safeguards” (Art. 46 GDPR („DSGVO“)) or “internal data protection rules” (Art. 47 GDPR („DSGVO“)) exist with the recipient.

General information on adequacy decisions can be found at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_de, on available suitable safeguards at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_de and on internal data protection rules at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/binding-corporate-rules_de. For further information, you can contact us.

  1. Deletion of Data

The data processed by us will be deleted in accordance with Art. 17 GDPR („DSGVO“) or restricted in its processing in accordance with Art. 18 GDPR („DSGVO“). 

Unless otherwise regulated within the scope of this Data Protection Declaration, the data processed by us will be deleted as soon as they are no longer necessary for the intended purpose and the deletion does not contradict any statutory retention obligations. We review the necessity every 6 months. If the data is not deleted because it is required for other, legally permissible purposes, its processing is restricted. I.e. the data is blocked and not used. This applies, for example, to data that must be retained for reasons of commercial or tax law.

According to legal requirements in Germany, the retention or storage of, in particular, commercial books, inventories, opening balances, annual financial statements, commercial letters, accounting vouchers, etc. is carried out for six years in accordance with Section 257 (1) of the German Commercial Code („HGB”) and, in particular, of books, records, management reports, accounting vouchers, commercial and business letters as well as documents relevant for taxation, etc. for ten years in accordance with Section 147 (1) of the German Fiscal Code („AO”).

  1. Provision of Personal Data and Data Subject Rights

You are not required by law to provide personal data. However, the provision may be necessary for the conclusion of a contract or for functions of the website. Thus, if not provided, a contract or a function on the website may not be offered. There is no automated decision-making on our website.

If the legal requirements are given, you have the right:

  • to request information about your personal data processed by us in accordance with Art. 15 GDPR („DSGVO“). In particular, you can request information about processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right to complain, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, substantiated information about its details;

  • In accordance with Art. 16 GPDR (“DSGVO”), to immediately request the correction of incorrect or completion of your incomplete personal data stored by us;

  • pursuant to Art. 17 GDPR („DSGVO“), to request deletion of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;

  • pursuant to Art. 18 GDPR („DSGVO“), to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its deletion and we no longer require the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing pursuant to Art. 21 GDPR („DSGVO“);

  • pursuant to Art. 20 GDPR („DSGVO“), to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller;

  • in accordance with Art. 7 (3) GDPR („DSGVO“), to revoke your consent once given to us at any time. This has the consequence that we may no longer continue the data processing based on this consent for the future; and

  • to complain to a supervisory authority in accordance with Art. 77 GDPR („DSGVO“). As a rule, you can contact the supervisory authority of your usual place of residency or workplace or our company headquarters for this purpose. The supervisory authority responsible for us is the Berlin Commissioner for Data Protection and Freedom of Information („Berliner Beauftragter für Datenschutz und Informationsfreiheit“), Friedrichstr. 219, 10969 Berlin.

 

  1. Rights of Revocation and Objection

    1. Revocation of Consent

If we process personal data on the basis of your consent pursuant to Art. 6 para. 1(1) lit. a GDPR („DSGVO“), you have the right to revoke any consent granted to us pursuant to Art. 7 para. 3 GDPR  („DSGVO“) with effect for the future.

If you wish to exercise your right of revocation, you can notify us by e-mail to datenschutz@froach.eu. Alternatively, you can also use the contact data mentioned above under clause 2. 

 

  1. Objection for processing data based on legitimate interest

If we process your personal data on the basis of our legitimate interests pursuant to Art. 6 para.1(1) lit. f GDPR („DSGVO“), you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR („DSGVO“), provided that there are grounds for doing so that arise from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right of objection, which is implemented by us without specifying a particular situation.

If you wish to exercise your right of objection, you can notify us by e-mail to datenschutz@froach.eu. Alternatively, you can also use the contact data mentioned above under clause 2.

  1. Security Measures

We take organizational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of data protection laws are complied with and thus to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons. The security measures include in particular the encrypted transmission of data between your browser and our server.

  1. Privacy Policy Version

We reserve the right to change our data protection declaration if this should be necessary due to new technologies or changes in our data processing procedures or in order to adapt it to changes in the legal situation applicable to us. However, this only applies to this privacy policy. If we process your personal data on the basis of your consent or if parts of the data protection declaration contain provisions of the contractual relationship with you, any changes will only be made with your consent.

The current version of our data protection declaration and its history of changes can be found at https://froach.de/datenschutz/website.html . The version date is always noted at the beginning of the statement.

 

Date

Changes

28.07.2021

  • Clause 5.4. supplemented by parenthesis in introductory sentence; other previously listed data removed as inaccurate.

  • Clauses 5.11. (Stripe), 5.12. (WooCommerce) and 5.13 (Printful) added.

21.07.2021

  • Data protection officer specifically named (clause 3)

  • Subcontractor Hetzner named (clause 5.1.)

  • reCaptcha included (clause 5.3.)

  • Matomo included (clause 5.4.)

  • Usercentrics Consent Management included (clause 5.5.)

  • YouTube videos included (clause 5.6.)

  • Newsletter included (clause 5.10.)

  • Language revisions and legal citations added.

  • Headings partially corrected (ins. clause 11).

  • Supervisory authority named (clause 7).

  • General information on third country transfer (clause 5.9.) and on provision of personal data expanded and added (clause 7)

  • Numbering for the Third Country Transfer Privacy Statement Platform adjusted to this one (now no longer a sub-number here, but as for the Platform Clause 6).

  • Version number updated and last sentence of the declaration added (clause 11).

01.09.2021

  • 5.2. completely revised and supplemented by a table dummy.

  • 5.6. added reference to extended privacy mode.

  • 5.12. Added link to Germanized version.

  • Format adjustments.

02.09.2021

5.4. revised (now: Borlabs).

Write to us!