Privacy

Data Privacy Policy

Introduction

How can you contact us?

What do certain terms mean?

Which types of personal data do we process? 

Why and on which legal grounds do we store personal data? 

How do we use cookies, analysis and tracking tools, and social media logins?

Who do we transfer personal data to?

Use of Mailjet?

How do we work with our partners to provide services to you? 

Why do we work with international partners?

Which data privacy settings can you change? 

How can you withdraw your consent?

What are your rights?

How do we protect your personal data? 

How can minors use our services?

What other information should you know? 

Introduction

The purpose of this data privacy policy is to inform you about how we process personal data in our company. In doing so, we are complying with our obligations as per the German Telemedia Act (in German: Telemediengesetz or TMG for short) and the European General Data Protection Regulation (EU-GDPR, EU 2016/679), in particular those laid out in Articles 13-14 and Article 26 (2). 

Please read this data privacy policy carefully. Contact us if you have any questions.

Protecting your privacy is always a top priority here at  ROCKFALLmerchandise. Protecting your personal data is very important to us. This policy describes how we process certain information about you, your computer, or your mobile device ("device"). This information might contain personal data.
In this document, we also explain how we use cookies and analysis tools throughout our entire website and in our products and services. Please note that we might add additional terms to our data privacy policy depending on the product or service in question. We observe the currently applicable data privacy laws and this data privacy policy at all times. We only transfer data as described in this policy.

How can you contact us?

You can contact us at the following address:

ROCKFALLmerchandise
Feuchtwanger Strasse 12
D-91583 Diebach
info@rockfallmerchandise.com

What do certain terms mean?

Anonymization

The data is modified in such way that it is no longer possible to associate it with an individual. 

Activity Data

Data we store about the user's activities.

Analysis Tools

Software that allows us to evaluate user behavior. 

Cloud

The use of IT infrastructures and services we do not maintain on our local computers on site but are provided via a network (e.g. the Internet) by a service provider we have engaged.

Cookies

Cookies are small text files stored on your computer or in your browser.

Devices

A (mobile) device, e.g. smartphones, tablets, notebooks, and PCs, with which you can use apps or programs and information services. 

Personal Data

Information regarding a specific or identifiable natural, living person. 

Pseudonymization

The processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject.

Malware

Software programmed to cause damage to a device. 

Which types of personal data do we process?

When you use our website we process a variety of data. This data may directly or indirectly include personal data. Indirectly means that it may include personal data if used together with other sources of data. We collect much of this data in a pseudonymized or anonymized form. Among other data, we collect the following information:

Information on your visit to our websites:

When you visit our website, we might store information on the region from which you accessed our website, information about your device, operating system, and browser, on how you use our website, and whether you have visited us before.

Information about your registration:

You will need to open an account to purchase some of our products or services. When you open your account, we collect personal data, for example: your name, IP address and, where applicable, your telephone number and address. 

If you are using a mobile device, we might collect further information, e.g.: which device you used and its operating system.

Support requests:

If you contact us to submit a support request, for example, we save the data related to this request, e.g.: contact data and your name. 

Location:

We need to know the location of your device in order for some features to work. 

Why and on which legal grounds do we store personal data? 

Purposes of processing:

We process your data, whether they can be attributed to a person or not, for the following purposes:

• To meet our contractual obligations to you.
• To ensure the use of our products and services without problems.
• To ensure the user friendliness and ease of use of our products and services.
• To improve and optimize the features, security, safety, and stability of our products and services.
• For administrative purposes.
• To display ads tailored to your interests and provide you with relevant information. 
• To comply with the requirements imposed by public law and other regulations.

Contract initiation and fulfillment

In principle, we only store the personal data we need to meet our contractual obligations to you. 

Legal obligations

Public law requires us to collect, store, and transfer data to public authorities and their representatives. This may also be necessary to fulfill a public duty. 

Consent

In some instances, your consent serves as a basis for our right to process data. In these cases, we will inform you about this possibility and give you the opportunity to grant us your consent.

In these cases, we will inform you about the purpose of data processing and about your right to withdraw your consent. 

Legitimate interest

We also might process data based on a legitimate interest on our part. In this case, we are obligated to inform you about our interest and weigh our interests against your own. This applies to the following processes:

Time limits for storage and deletion

We only store the personal data we need to fulfill the purpose for which they are collected. The time limit for storage is based on statutory requirements and the duration of our contractual relationship. 

Once the data is no longer in use, we will anonymize and/or delete it as required by law.

If you request that your data be deleted, please note that we will block your data immediately; however, technical restraints may cause a delay of up to 30 days until we can permanently delete your data.

Please also note that once we confirm your request to delete your data, it will no longer be possible to recover it.

How do we use cookies, analysis and tracking tools, and social media logins?

If you use one of our websites or services, your browser will download cookies. Cookies make it possible to identify your browser, for example, to ensure that our website is displayed correctly. We also use cookies on different pages of our website to analyze how you use our website. This information can then be used to optimize the site, for example: the shopping cart features for orders placed in our online shop. 

Error: The domain ROCKFALLmerchandise.com is not authorized to show the cookie declaration for domain group ID 8b92576d-e119-48f0-9c16-bb2071e82dbd. Please add it to the domain group in the Cookiebot Manager to authorize the domain.

Who do we transfer personal data to?

We do no transfer your personal data to third parties for any reason other than those listed below.

We only transfer your personal data to third parties if:

• You have given us your express consent to process your personal data
• It is legally permissible and necessary to fulfill our contract with you
• A legal obligation makes it necessary for us to transfer data to a third party
• The transfer of data is based on a special interest and there is no reason to assume that you have a greater legitimate interest in your data not being disclosed

We transfer data to the following recipients or categories of recipients on the aforementioned grounds:

• Employees (internal and external)
• IT infrastructure service providers
• Payment processing providers
• Service providers offering support
• Software service providers
• Providers of analysis tools
• Other service providers
• Public authorities

Use of Mailjet

To process orders correctly it's mandatory to send transaction mails to the customers of ROCKFALLmerchandise. With sending these we make sure that all major info is communicated in time and on a persona level. For sending these mails we use mail sending service Mailjet, 37 Bis Rue du Sentier 75002 Paris, Frankreich. During this process we only submit and temporarily save the mail addresses that are mandatory to do a correct mailout. Mail addresses are used for  ROCKFALLmerchandise matters only and won't be given to third parties.
Why do we work with international partners?

We use a global IT infrastructure network to provide our services, e.g. computers, cloud-based servers, networks, and software solutions. 

These partners are based in different countries, some of them outside the European Union. Not all of these countries have established laws to protect data to the extent the European Union has. Therefore, we have taken a series of measures in accordance with the GDPR to ensure the greatest possible degree of protection for your personal data. These include:

• Collaborating with companies in a country that has the approval of the European Union obtained through an adequacy decision
• Collaborating with companies in accordance with the EU-US Privacy Shield
• Collaborating with companies based on EU standard contractual clauses
• Collaborating with companies on the basis of agreed guarantees

We insist that our partners guarantee the certainty of these measures within the context of the statutory requirements.

Furthermore, in special cases it is possible to transfer data with your express consent.

Which data privacy settings can you change?

When using our products, you have several different selection and configuration options. We will usually explain these options to you when you first use them or register a new account. By changing the settings, some services may no longer function properly. 

How can you withdraw your consent?

If you gave us your consent to process your personal data in a certain way, e.g. to subscribe to a newsletter or receive third-party offers, you have the right to withdraw your consent - fully or partially - at any time. Please contact us to do so.

Should the data be processed after considering the legitimate interests as described in Art. 6 (1) lit f GDPR, you also have the right to object to your data being processed as long as there are reasons to do so based on your special circumstances or if they are processed for direct marketing purposes. 

In the case of direct marketing, you have a general right to object without being required to provide details on special circumstances. Please inform us in writing if you object to us processing your personal data.

What are your rights?

Unless restricted by law, you have the following rights: 

The right to information, rectification, erasure, restriction of processing, data portability, and the right to object. 

Please note that we, as required by law, reserve the right to ask for identification and, if necessary, take additional measures to unambiguously verify your identity. 

Right to information:

Contact us if you wish to obtain information about the personal data we have stored. 

Right to rectification:

If the information we have stored is not correct, please provide us with your correct information in writing.

Right to erasure:

If you would like us to erase your data, we will do so in accordance with the statutory regulations. 

However, please note that statutory regulations require us to store certain types of data for an extended period of time, e.g. during the retention period for accounting documentation of 10 years (German Fiscal Code) or on the grounds of warranty (3 years).

Furthermore, please note that we will block your data immediately. However, due to technical limitations, it can take up to 30 days for your data to be deleted permanently. 

Please also note that once we confirm your request to delete your data, it will no longer be possible to recover it.

Right to restriction of processing:

You have the right to restrict how and to what extent your data is processed. Please inform us about the categories of data you consider relevant and the reasons for restricting their processing. We will review the facts immediately and inform you about the results.

Right to data portability:

Please inform us in writing about which data you wish to have transferred and to whom. We will review your request immediately and inform you about the results.

Right to lodge a complaint:

If you are not satisfied with how we protect your data, you have the right to lodge a complaint with the supervisory authority responsible for data protection in your country. For example, for Victorious Merch this would be the Commissioner for Data Protection and Freedom of Information of Baden-Württemberg, whom you can contact by writing to:

            Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg

Postfach 10 29 32, 70025 Stuttgart, Germany (PO box)

Königstrasse 10a, 70173 Stuttgart, Germany

How do we protect your personal data?

Victorious Merch has taken measures in line with the data protection laws that correspond to the latest codes of practice in the industry to protect your personal data. We review and, if necessary, adjust these measures on an ongoing basis. Our goal is to protect your data against accidental or intentional manipulation, partial or total loss, destruction, or unauthorized access by third parties. 

We encrypt our communication with SSL (Secure Socket Layer) to transfer data between our websites, apps and back-end systems. 

We protect the systems and processes with a variety of technical and organizational measures. These include, among others: data encryption, pseudonymization, anonymization, logical and physical access restriction and control, firewall and recovery systems, integrity tests.

What other information should you know?

Changes to the current privacy policy.

This data privacy policy is reviewed at irregular intervals to keep it up to date with the current developments in our company, our products and services, statutory regulations, and social developments.

Last updated: March 15th, 2021