Introduction and terms
By operating our website with the URL www.the-white-label.com (hereinafter referred to as “website”), we process personal data. These are treated confidentially by us and processed in accordance with the applicable laws – in particular the General Data Protection Regulation (GDPR), the Federal Data Protection Act (Bundesdatenschutz Gesetz – BDSG) and the Telecommunications Telemedia Data Protection Act (Telekommunikations Telemedien Datenschutzgesetz – TTDSG). With these data protection provisions, we want to inform you about what personal data we collect from you, for what purposes and on what legal basis we use it and, if applicable, to whom we disclose it. In addition, we will explain which rights you have to protect and enforce your data privacy.
2.1. Personal data
Personal data” is any information relating to an identified or identifiable person (Art. 4 No. 1 GDPR). Information of an identified person can be, for example, the name or the e-mail address. However, personal data is also data for which the identity is not immediately apparent, but can be determined by combining one’s own information or that of others and thus finding out who it is. A person can be identified, for example, by providing your address or bank details, date of birth or user name, IP addresses and/or location data. The key point is that any information that can be used in any way to identify a person can be described as personal data.
Under a “processing” understands Art. 4 No. 2 GDPR any operation applied to personal data. This especially includes the collection, capture, administration, classification, recording, amendment, printing, making available, use, disclosure, sharing, dissemination, provision, comparison, linking, restriction, erasure or destruction of personal data.
Responsible for data processing is:
Controller: wlec white label eCommerce GmbH (“we”)
Legal representative: Arndt Scheffler
Address: Stadthausbrücke 12, 20355 Hamburg
4. DATA PROTECTION OFFICER
We have appointed an external data protection officer for our company. You can reach him under:
Name: Reinher Karl
Address: HABEWI GmbH & Co KG, Palmaille 96, 22767 Hamburg
Phone: 040/ 46008966
Fax: 040/ 46008977
5. PROCESSING PARAMETERS
We only process data from you that you actively provide on the website (e.g. by filling out forms) or that you automatically provide when using our offer.
Your data will be processed exclusively by us and will not be sold, lent or passed on to third parties. If we use the help of external service providers for the processing of your personal data, this is done within the framework of so-called order processing, in which we as the client are authorized to issue instructions to our contractors. To operate our website, we use external service providers for hosting, as well as for maintenance, care and further development. We host our website with the external provider IPHH GmbH (address: Wendenstrasse 408, 20537 Hamburg, Germany) in the data center location Hamburg, Germany. If further external service providers are used for individual processing operations listed in section IV, they will be named there.
As a matter of principle, we do not transfer data to third countries and do not plan to do so. We will provide information about exceptions to this principle in the processing operations described below. Any data transfer to third countries will then take place on the basis of the so-called EU standard contractual clauses.
The processing in detail
6. COOKIES AND OTHER TRACKING TECHNOLOGIES
6.1 Description of processing
|_GRECAPTCHA||This cookie is used to distinguish between humans and bots. This is beneficial for the website to generate valid reports on the use of its website.||179 days|
|cookielawinfo-checkbox-marketing||Determines whether the visitor has accepted the cookie consent field.||1 year|
|li_gc||Stores the user’s consent status for cookies on the current domain.||2 years|
|rc::a||This cookie is used to distinguish between humans and bots. This is beneficial for the website to generate valid reports on the use of its website.||Persistent|
|rc::b||This cookie is used to distinguish between humans and bots.||Session|
|rc::c||This cookie is used to distinguish between humans and bots.||Session|
|rc::d-15#||This cookie is used to distinguish between humans and bots.||Persistent|
|test_cookie||Used to check whether the user’s browser supports cookies.||1 day|
|lang||Saves the language version of a web page selected by the user||Session|
|pll_language||This cookie is used to determine the preferred language of the visitor and to set the language accordingly on the website, if possible.||1 year|
|_ga||Registers a unique ID that is used to generate statistical data about how the visitor uses the website.||2 years|
|_ga_#||Collects data on how many times a user has visited a website, such as data for first and last visit. Used by Google Analytics.||2 years|
|_gat||Registers a unique ID that is used to provide statistical data on how the visit he the website uses.||1 day|
|AnalyticsSyncHistory||Used in conjunction with data synchronization with third-party analytics service.||29 days|
|collect||Used to end data to Google Analytics about the device and the behaviour of the visitor. Captures the visit he made across devices and marketing channels.||Session|
|_gcl_au||Used by Google Ad Sense to experiment with advertising efficiency on web pages that are use their services.||3 Monate|
|bcookie||Used by the social networking service LinkedIn for tracking the use of embedded services.||2 years|
|bscookie||Used by the social networking service LinkedIn for tracking the use of embedded services.||2 year|
|IDE||Used by Google DoubleClick to record and report the user’s actions on the website after viewing or clicking on one of the provider’s ads, with the purpose of measuring the effectiveness of an advertisement and displaying targeted advertisements to the user.||1 year|
|lidc||Used by the social networking service LinkedIn for tracking the use of embedded services.||1 day|
|agead/1p-user-list/#||Used to track whether the visitor has shown interest in specific products or events on multiple sites and how the visitor navigates between sites – This is used to measure advertising efforts and facilitates payment of referral fees between sites.||Session|
|UserMatchHistory||Ensures browsing security for visitors by preventing cross-page forgery of requests. This cookie is essential for the security of the website and the visitor.||29 days|
6.3. Legal basis
The processing is necessary with regard to technically required cookies, as well as the use of the Consent Tool to protect the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR in conjunction with § 25 para. 2 TTDSG). Our legitimate interest lies in the data protection described in para. 6.2 named purpose. For processing with regard to all other – i.e. non-technically necessary cookies/tracking technologies – the legal basis is consent (Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TTDSG). Such consent is voluntary.
6.4. Storage period, revocation of consent
7. CONTACT FORM AND CONTACT BY E-MAIL
7.1. Description of processing
By providing a contact form on our website, we want to offer you a convenient way to contact us. The data transmitted with and in the contact form or your e-mail will be used exclusively for the purpose of processing and responding to your request.
7.3. Legal basis
The processing is necessary to protect the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the data protection measure described in para. 7.2 named purpose. If the e-mail contact is aimed at the conclusion or fulfillment of a contract, the data processing is carried out for the fulfillment of the contract (Art. 6 para. 1 lit. b GDPR).
7.4. Storage period
We delete the data as soon as they are no longer required to achieve the purpose for which they were collected. This is usually the case when the respective communication with you has ended. The communication is terminated when it can be inferred from the circumstances that your concern has been conclusively clarified. If legal retention periods prevent deletion, the data will be deleted immediately after the expiry of the legal retention period.
8.1. Description of the processing
We send out a newsletter at irregular intervals. With the newsletter we inform you about news in our business field. You will receive our newsletter only if you actively subscribe to our mailing list. You can subscribe to it by filling out and submitting a newsletter registration form on our website.
For the newsletter registration, only the specification of your e-mail address is required. All other information (such as your first name and last name) is voluntary and serves solely to personalize the e-mails. For the execution and verification of newsletter registrations, we use the so-called double opt-in procedure. A registration takes place in several steps. First, you register for the newsletter on our website. You will then receive an e-mail from us to the e-mail address you have provided. With this e-mail, we ask you to confirm that you have actually registered for the newsletter and wish to receive it. Confirmation takes place by clicking on a confirmation link in the e-mail. Only after successful confirmation will we add you to our newsletter distribution list and send you future e-mails. As part of the double opt-in process, we save the date, time and your IP addresses both during registration and confirmation.
The processing takes place in order to offer the newsletter function and to be able to send newsletter emails to subscribers. The collection and storage of date, time and IP addresses during newsletter registration serves to document consent given and to protect against the misuse of e-mail addresses.
8.3. Legal basis
In the case of our subscriber newsletter, processing is based on consent pursuant to Art. 6 (1) lit. a GDPR. You can access the declaration of consent on our website at any time at https://the-white-label.com/newsletter/. Your consent is voluntary. The collection and storage of date, time and IP addresses during newsletter registration is necessary to protect the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the data protection measure set out in para. 8.2.
8.4. Storage period and revocation of consent
If you do not confirm your subscription to our newsletter within 24 hours after receipt of the corresponding registration email, your data will be automatically deleted. We process your personal data for the duration of your newsletter subscription. You can cancel your subscription to our newsletter at any time by revoking your consent. A simple declaration (by e-mail to firstname.lastname@example.org or by post to wlec white label eCommerce GmbH, Stadthausbrücke 12, 20355 Hamburg) is sufficient for this. It is also possible to unsubscribe from the newsletter by clicking on the unsubscribe link in every newsletter e-mail. With the revocation of your consent, no more newsletters will be sent to you and your personal data will be removed from our active distribution list.
8.5. Recipients and transfer to third countries:
We use the services of the newsletter provider Clever Reach to manage our newsletter distribution list and to send the emails. This is done within the framework of order processing. Clever Reach is a service provided by CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany. Further information on data protection at Cleverreach can be found at www.cleverreach.com/de/funktionen/datenschutz-sicherheit.
9. SOCIAL NETWORKS
9.1. Description of processing
Our website does not use so-called social media plugins. The Facebook, Instagram and LinkedIn logos displayed on our website are linked to the corresponding profiles of our company on the social networks. A data transfer to the social networks does not take place with the integration of the logos. If you click on one of the logos, you will only be redirected to the external website of the respective social network. However, our profiles within the social networks represent data processing. If you are logged into the respective social network when you visit such a profile, this information will be assigned to your user account there. If you interact with our profile, e.g. comment, “share”, “like” or “retweet” a post, this information will also be stored in your user account. As a rule, your interactions with our profile can also be viewed by us.
On the social networks Facebook and Instagram, we have the possibility to obtain statistical data about the use of our Facebook page or our Instagram profile via the so-called “Insights” function. These statistics are provided by Facebook and Instagram respectively. The “Insights” function cannot be disabled. We cannot decide to turn this feature on or off. It is available to all Facebook Fan Page operators and all Instagram business account operators, regardless of whether you use the Insights feature or not.
We are provided with the following data via Facebook Insights for a selectable period of time in anonymized form with regard to fans, subscribers, people reached and people interacting: Total page views, “likes” including origin, page activity, post interactions, reach, post reach (broken down into organic, viral, and paid interactions), comments, shared content, replies, and demographic analysis, i.e. country of origin, gender, and age. In the Insights statistics, it is not possible for us to identify subscribers and fans of our site and view their profiles.
Furthermore, we receive anonymized data about the development and reach of our Instagram profiles, as well as the posts, stories, and videos we post there, via Instagram Insights. We also receive statistical information about the place of origin, gender and age of the subscribers of our Instagram profile in the Instagram Insights.
9.2.On the social network LinkedIn, we have the possibility to obtain statistical data about the use of our LinkedIn profile via the so-called “Insights” function.
The social networks with which you communicate store your data using pseudonyms as usage profiles and use them for advertising purposes and market research. For example, you may be shown advertisements within the social network and on other third-party websites that match your presumed interests. For this purpose, cookies are usually used, which the social network stores on your terminal device. You have the right to object to the creation of these user profiles; to exercise this right, you must contact the social networks directly.
We maintain profiles on the aforementioned social networks for the purpose of public relations and corporate communication with customers and interested parties. We use the “Insights” function of Facebook and Instagram to evaluate the reach of our posts on the social network and to make them more appealing to our visitors in the future.
9.4. Legal basis
The legal basis for data processing in the context of our profiles on social networks is the protection of our overriding legitimate interests (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the data processing described in para. 9.3 named purpose. If you are asked for consent by the respective operator of a social network, the legal basis is Art. 6 (1) a GDPR. The data processing with regard to our presences on Facebook, Instagram and LinkedIn is also based on joint responsibility pursuant to Art. 26 GDPR.
9.5. Recipients and transfer to third countries
The respective social networks are operated by the companies listed below. Further information on data protection with regard to our profile on the social networks can be found in the linked data protection provisions.
The social networks also process your personal data in the USA.
10. GOOGLE ANALYTICS
10.1. Description of processing
The processing takes place in order to be able to evaluate the use of our website. The information thus obtained is used to improve our online presence and to design it in line with requirements.
10.3. Legal basis
The processing is based on consent pursuant to Art. 6 (1) lit. a GDPR. This is provided by us via the Consent Tool (see para. 6.1). Such consent is voluntary.
10.4. Storage period and right to object, revocation of consent
We have described the storage period and your control and setting options for cookies in section 6.4 explained. You can revoke the consent you have given with regard to Google Analytics at any time in the settings of the consent tool with effect for the future. Alternatively, you can object to data processing by Google Analytics at any time by downloading and installing the browser add-on offered by Google at tools.google.com/dlpage/gaoptout?hl=en. The analysis data processed and stored with Google Analytics will be automatically deleted by us after 14 months.
10.5. Recipients and transfer to third countries
Google Analytics is jointly responsible for data processing on our behalf according to the German data protection supervisory authorities (Data Protection Conference). Against this background, we have also concluded the “Google Measurement Controller-Controller Data Protection Terms” with Google. Google also processes your personal data in the USA.
11. GOOGLE WEBFONTS
11.1. Description of processing
Our website uses “Google Web Fonts”, a font substitution service provided by the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google”). With Google Web Fonts, the standard fonts of your terminal device are replaced by fonts from Google’s catalogue when displaying our website. If your browser disables the integration of Google Web Fonts, the text of our website will be displayed in the standard fonts of your end device. The Google fonts are loaded directly from a Google server. For this to happen, your browser sends a request to a Google server. This may also transmit your IP address in connection with the address of our website to Google. However, Google Webfonts does not store any cookies on your terminal device. According to Google, data processed as part of the Google Web Fonts service is transferred to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com. They are not associated with data that may be related to the use of other Google services, such as the search engine of the same name or Gmail. Further information on data protection at Google Web Fonts can be found at developers.google.com/fonts/faq?hl=en-DE&csw=1. General information on data protection at Google can be found at policies.google.com/privacy?hl=en-DE.
The processing is carried out in order to display the text of our website in a more readable and aesthetically pleasing way.
11.3. Legal basis
The processing is necessary to protect the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the data protection measure described in para. 11.2 named purpose.
11.4. Recipients and transmission to third countries
Through the use of Google Web Fonts, personal data may be transmitted to Google. Google also processes your personal data in the USA.
12. GOOGLE ADS CONVERSION
12.1. Description of processing
Our website uses the advertising service “Google Ads Conversion”, which is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4. Ireland (hereinafter referred to as “Google”). With the help of Google Ads Conversions, we can place advertisements on external websites in order to draw your attention to our offers there. In addition, the service enables us to determine the reach and success of individual advertising measures. Our advertisements are delivered by Google via so-called “ad servers”. For this purpose, Google uses so-called “Ad Server” cookies, through which certain parameters for measuring success, such as display of the ads or clicks by users, are measured. If you access our website via a Google ad, a cookie is stored by Google Ads in your end device (see para. 6.). According to Google, these cookies are not intended to identify you personally. For this cookie, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values. The cookies enable Google to recognize your internet browser. If you visit websites of a Google Ads customer and the cookie stored on your end device has not yet expired, Google and the customer can recognize that you clicked on the ad and were redirected to our website. A different cookie is assigned to each Google Ads customer. Cookies can therefore not be tracked via the websites of Google Ads customers. We ourselves do not process any personal data with our Google Adwords advertising measures. Google only provides us with statistical evaluations. Based on these evaluations, we can see which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising media; in particular, we cannot identify users on the basis of this information. When you visit our website, a connection is therefore established to the Google servers. We have no influence on the scope and further use of the data collected by Google through the use of Google Ads Conversion and therefore inform you according to our state of knowledge: Through the integration of Google Ads Conversion, Google receives the information about which subpage of our website you have accessed or clicked on an ad from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that Google learns your IP address and stores it.
The processing takes place in order to carry out targeted online advertising for our own offers and to be able to evaluate its effectiveness and reach.
12.3. Legal basis
The processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR. This is provided by us via the consent tool “Borlabs” (see para. 6.1). Such consent is voluntary.
12.4. Storage period and right to object, revocation of consent
We have explained the storage period and your control and setting options for cookies in section 6. explained. You can also object to data processing by Google Ads Conversion at any time via the following website: www.google.com/ads/preferences. You can revoke your consent to data collection by Google Ads Conversion at any time in the settings of the consent tool with effect for the future.
12.5. Recipients and transmission to third countries
Through the integration of Google Ads Conversion, personal data may be transmitted to Google. Google also processes your personal data in the USA.
13. GOOGLE RECAPTCHA
13.1. Description of processing
Our website uses “reCAPTCHA”, a service operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA (hereinafter referred to as “Google”). With reCAPTCHA, we can check in the context of forms whether the input is made by a human or by automated software – in particular so-called bots. This enables us to protect our website from spam and misuse. In this context, your IP address, the time you spend on the website, mouse movements made by you and, if necessary, other data required for the reCAPTCHA service are transmitted to Google. You can find more information about data protection at Google at policies.google.com/privacy?hl=en-DE .
The processing is done to secure forms on our website against misuse and spam.
13.3. Legal basis
The processing is necessary to protect the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the data protection measure described in para. 13.2 described purpose.
13.4. Recipients and transfer to third countries
Google also processes your personal data in the USA.
14. SECURITY MEASURES
To protect your personal data from unauthorized access, we have provided our website with an SSL or TLS certificate. SSL stands for “Secure Sockets Layer” and TLS for “Transport Layer Security” and encrypts the communication of data between a website and the user’s end device. You can recognize active SSL or TLS encryption by a small lock logo that is displayed on the far left of the browser’s address bar.
15. Data subject rights
With regard to the data processing by our company described above, you are entitled to the following data subject rights:
15.1. Information (Art. 15 GDPR)
You have the right to request confirmation from us as to whether we are processing personal data relating to you. If this is the case, they have a right to information about this personal data and to the information listed in detail in Art. 15 GDPR under the conditions specified in Art. 15 GDPR.
15.2. Rectification (Art. 16 GDPR)
You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you and, where applicable, to have incomplete personal data completed, including by means of providing a supplementary statement.
15.3. Erasure (Art. 17 DSGVO)
1.You have the right to demand that we erase personal data concerning you without undue delay, provided that one of the reasons listed in detail in Art. 17 GDPR applies, e.g. if your data is no longer required for the purposes we pursue.
15.4. Restriction of data processing (Art. 18 GDPR)
You have the right to request that we restrict processing if one of the conditions listed in Art. 18 GDPR applies, e.g. if you dispute the accuracy of your personal data, data processing will be restricted for the period of time that allows us to verify the accuracy of your data.
15.5. Data portability (Art. 20 GDPR)
You have the right, under the conditions listed in Art. 20 GDPR, to request the surrender of the data concerning you in a structured, common and machine-readable format.
15.6. Withdrawal of consent (Art. 7 (3) GDPR)
You have the right to withdraw your previously provided consent for data processing. The withdrawal will take effect from the time you request it (i.e. it will have future effect but no retrospective affect).
15.7. Complaints (Art. 77 GDPR)
If you believe that the processing of personal data concerning you infringes the GDPR, you can complain to a supervisory authority. You can exercise this right at a supervisory authority in the EU member state of your residence, workplace or the place of the alleged infringement.
15.8. Restraint on automated decision-making/profiling (Art. 22 GDPR)
1.Decisions that have legal consequences for you or that could have a significant detrimental affect on you must not be based solely on the automated processing of personal data, including profiling. We do not apply any such processing or profiling to your personal data.
15.9. Right of objection (Art. 21 GDPR)
Where we process your personal data on the basis of Art. 6 Par. 1f of the GDPR in pursuit of our overriding legitimate interests, you have the right subject to Art. 21 of the GDPR to object, provided your objection is based on grounds relating to your specific situation. Once you have objected, we will no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. Regardless of the aforementioned restrictions, and regardless of whether any special circumstances apply, you have the right to object at any time to the processing of your personal data for direct marketing purposes.
Status: March 2023