Notes on data protection

We are pleased that you are visiting our website and thank you for your interest in our company and our products. We would like to inform you about which data we collect, use and process and how we handle your personal data.

Data collection and data use

Personal data is information that can be used to identify a person. This includes, for example, your name, address, email address or telephone number.

(1) Collection of personal data when using the website 
If you use the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you would like to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security:

• IP address
• Date and time of the request
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the request (specific page)
• Access status/HTTP status code
• amount of data transferred
• Website from which the request comes
• Browser
• Operating system and its interface
• Language and version of the browser software.
• The legal basis for the storage of the data is Art. 6 Para. 1 lit. f GDPR.

(2) Collection of personal data upon registration 
We offer you the opportunity to register on our website by providing personal data. 
Depending on the type of contract concluded, we store the following data:

• Names, first names
• Address
• Billing address
• E-mail address
• Telephone number

As part of the registration process, you will be asked whether you have read the privacy policy and agree to its validity, which you confirm by clicking on the box and ticking the appropriate box. By doing so, you consent to your personal data being used for the following purposes:

• Processing of orders
• Sending direct advertising, e.g. by email, package insert or post, sending offers and vouchers
• Sending evaluation requests
• Sending our newsletter

The legal basis for the processing of the data is, in the case of your consent, Art. 6 (1) (a) GDPR and, if the registration serves to fulfill a contract or to carry out pre-contractual measures with you, additionally Art. 6 (1) (b) GDPR.

Name and contact details of the person responsible 
The person responsible for the management of personal data is 
Otaro UG
Goethestrasse 5
67454 Ugly

Managing Director: Roman Wenz
Email: service@otaro-shop.com

Contact details of the data protection officer

You can reach our data protection officer at: 
Email: shopify@otaro-shop.com

Purposes of processing personal data 
We only store your data for the following purposes: 
To process orders (including payment processing and, if applicable, credit checks), to send advertising from us and for customer service.

We store and process your personal data at our central headquarters.

Your personal data will only be transferred to third parties if the transfer is necessary for the execution of the contract or for billing or debt collection purposes (e.g. shipping companies or payment service providers) or if you have expressly consented.

The legal basis for the transmission of data to third parties for the purpose of contract execution or for billing purposes is Art. 6 Para. 1 lit. b GDPR and for the transfer in cases where required by law is Art. 6 Para. 1 lit. c GDPR.

Duration of data storage 
We store your data for as long as the respective purpose requires, taking into account your legitimate interests. If there is a tax retention period for certain data that is processed for the execution of sales contracts, the data will be stored for 6 or 10 years. During this time, the processing of the data is restricted after 2 years, i.e. the data will only be used to comply with legal obligations. The retention period begins at the end of the calendar year in which the order was placed by the customer or the contract was fulfilled.

Transfer of personal data to third parties 
We may disclose your personal information to the following companies/categories of people in accordance with applicable law:

Tax auditing and other authorities 
External service providers and professional consultants such as lawyers, auditors, accountants, etc. Credit agencies for credit checks, debt collection service providers 
Postal/shipping service providers, freight forwarders e.g. UPS, DHL, Deutsche Post 
Payment providers such as PayPal (Europe) S.à rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg; Klarna AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden, (Amazon Pay) Amazon Payments Europe sca, 5 Rue Plaetis, L-2338 Luxembourg; (Apple Pay) Apple Distribution International, Hollyhill Industrial Estate, Hollyhill Cork, Ireland; Shopify Payments, 126 York Street, Suite 200, Ottawa, ON, Canada, K1N 5T5; Google Pay (Europe), Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

E-commerce platform Shopify. To operate our online shop, we use Shopify, a service of Shopify Inc., 126 York Street, Suite 200, Ottawa, ON, Canada, K1N 5T5. This service provides an e-commerce platform through which we offer our goods for sale. The data transmitted as part of your order is stored on a Shopify server in the USA. Shopify has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. For more information on data protection, please refer to Shopify's privacy policy at http://www.shopify.com/legal/privacy.

The legal basis for the transmission of data to third parties for the purpose of contract execution or for billing purposes is Art. 6 Para. 1 lit. b GDPR and for the transfer in cases where required by law is Art. 6 Para. 1 lit. c GDPR.

Your rights 
To exercise your rights, you can use the contact form (https://otaro-shop.com) or you can contact the data protection officer or the person responsible or you can contact us by email: service@otaro-shop.com.

You have the following rights: 
7.1 Revocation of consent 
You can revoke your consent to the processing of personal data at any time with effect for the future. 
The contact options above are available for this purpose.

7.2 Further rights 
You also have the following rights with regard to your personal data:

• Right to information,
• Right to rectification,
• Right to erasure or restriction of processing,
• Right to object to processing,
• Right to data portability,

You also have the right to complain to a data protection supervisory authority about our processing of your personal data. 
The responsible data protection supervisory authority for Baden-Württemberg is: 
Baden-Wurttemberg 
The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg 
PO Box 10 29 32, 70025 Stuttgart 
Koenigstrasse 10a, 70173 Stuttgart 
Phone: 0711/61 55 41 – 0 
Fax: 0711/61 55 41 – 15 
Email: poststelle@lfdi.bwl.de 
Internet: https://www.baden-wuerttemberg.datenschutz.de

contact form

If you send us inquiries via the contact form, we will use your data solely to process your request. This data will not be used for advertising purposes or passed on to third parties.

The legal basis for the processing of data transmitted via the contact form or when sending an email is Art. 6 (1) (f) GDPR. If the contact is also aimed at concluding a contract, the additional legal basis for the processing is Art. 6 (1) (b) GDPR.

The data you enter in the contact form will be stored by us until you request us to delete it, revoke your consent to storage or the purpose for storing the data no longer applies.

Cookies 
We use cookies to make visiting our website more attractive and to enable the use of certain functions. These are small text files that your web browser receives when you visit our website and saves on your computer. Some of the cookies are deleted immediately after you close your browser. Other cookies remain permanently on your computer and enable us to recognize you or your computer the next time you visit our website. 
This site uses the following types of cookies, the scope and functionality of which are explained below:

a) Transient cookies, these are automatically deleted when you close your browser. These include session cookies in particular. These store a so-called session ID, with which the various requests from your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close the browser.

b) Persistent cookies, these are automatically deleted after a specified period of time, which can vary depending on the cookie. You can delete the cookies at any time in the security settings of your browser. 
You can influence the use of cookies by changing the settings on your browser. Most browsers have an option that allows you to restrict or prevent cookies from being saved. Each browser is individual in the way it manages cookie settings. This is described in the respective help menu of your browser.

You can find these for the respective browsers under the following links:

• Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
• Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehne
• Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647
• Safari: https://support.apple.com/kb/ph21411?locale=de_DE

Please note, however, that deactivating cookies may result in only limited functions of the website being available to you. 
The legal basis for the use of cookies is Art. 6 (1) lit. f GDPR. 
Analysis tools

Use of Google Analytics

Our website uses Google Analytics, a web analysis service provided by Google Inc. ("Google"). Google Analytics uses so-called "cookies", text files that are stored on your computer and that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage.

The IP address transmitted by your browser as part of Google Analytics will not be merged with other data held by Google.

You can prevent cookies from being saved by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

This website uses Google Analytics with the extension "_anonymizeIp()". This means that IP addresses are processed in a shortened form, which means that they cannot be linked to a person. If the data collected about you is personally identifiable, this will be immediately excluded and the personal data will be deleted immediately.

We use Google Analytics to analyze the use of our website and to regularly improve it. Using the statistics obtained, we can improve our offering and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

Information from the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions: http://www.google.com/analytics/terms/de.html, data protection overview: http://www.google.com/intl/de/analytics/learn/privacy.html, and the data protection declaration: http://www.google.de/intl/de/policies/privacy.

11. Social Media Links 
We link to the social media platforms Facebook, Instagram and YouTube on our website using the respective symbols. These are hyperlinks via which no data is transmitted. If you click on the link, you will be redirected directly to our respective social media presence. Your data will only be transmitted to the respective social media service if you are logged into your respective user account. In this case, the respective social media platform may obtain information about which content you have viewed on our site.

The following are solely responsible for the social media services we link to:

for Facebook and its website, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA;

for Instagram and its website, Instagram, LLC, 1601 Willow Rd. Menlo Park, CA 94025, USA;

for YouTube and its website: YouTube, LLC, 901 Cherry Ave., St. Bruno, CA 94066, USA;

For further information about the purpose and scope of data collection and the further processing and use of your data by the respective social media service, please refer to the data protection guidelines of the respective platform.

12. Facebook Connect 
We use the “Facebook Connect” service provided by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook”) on our website. We offer you the option of logging into our website using Facebook Connect if you have a Facebook profile and give us your express consent to exchange data with Facebook. Additional registration is not required in this case. To log in, you will be redirected to the Facebook page, where you can log in with your usage data. This will create a direct connection between your browser and the Facebook servers, linking your Facebook profile and our service. Through this link, Facebook receives the information that your browser has accessed the corresponding page on our website, even if you do not have a Facebook profile or are not currently logged into Facebook. Through the link, we automatically receive the following information from Facebook Inc. (name, email address, date of birth, address, Facebook name, user ID, age, gender, and possibly profile picture, friends list and likes) depending on your data protection settings on Facebook. Of these data, we only use your name, email address, date of birth and address to create a user account if you have approved them on Facebook. This information is required to conclude the contract in order to be able to identify you.

For more information about Facebook Connect and privacy settings, please refer to the privacy policy and terms of use of Facebook Inc. http://www.facebook.com/policy.php

If you do not want Facebook to link the data obtained via our website with your Facebook profile, you must log out of Facebook before visiting our website. You can also exclude the Facebook Connect plugin using add-ons for your browser.

revocation

The consent given to exchange data via Facebook Connect can be revoked at any time in the future by sending a message to: service@otaro-shop.com.

13. Google Tag Manager

We use the Google Tag Manager service from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94.043 USA on our website. With the Google Tag Manager, marketers can manage website tags via an interface. A tag is a marking or labeling of a database. The Tag Manager itself, which uses the tags, works without cookies and does not collect any personal data. The tags set up via the Google Tag Manager only ensure that data is collected and passed on to the target system. Because the data is only passed on, the system does not collect or store the data collected itself. The Tag Manager therefore only triggers other tags, which in turn may collect data. Corresponding explanations for these third-party providers can be found in this data protection declaration. However, the Google Tag Manager does not use this data. If you have set or otherwise deactivated cookies, this will be observed for all tracking tags that were used with the Google Tag Manager, so the tool does not change your cookie settings.

Google may ask for your permission to share some product data (such as your account information) with other Google products to enable certain features, such as making it easier to add new conversion tracking tags to AdWords. In addition, Google developers may review product usage information from time to time to further optimize the product. However, Google will not share data of this kind with other Google products without your consent.

For more information, see the Google Terms of Use and the Google Privacy Policy for this product.

14. Newsletter

(1) With your consent, you can subscribe to our newsletter, with which we inform you about our current interesting offers. The advertised goods and services are named in the declaration of consent.

(2) We use the so-called double opt-in procedure to register for our newsletter. This means that after you register, we will send you an email to the email address you provided, asking you to confirm that you wish to receive the newsletter. If you do not confirm your registration within [24 hours], your information will be blocked and automatically deleted after one month. In addition, we store the IP addresses you use and the times of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.

(3) The only mandatory information required to send the newsletter is your email address. Providing additional, separately marked data is voluntary and will be used to address you personally. After your confirmation, we will save your email address for the purpose of sending you the newsletter. The legal basis is Art. 6 Para. 1 Clause 1 Letter a of GDPR.

(4) You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can revoke your consent by clicking on the link provided in each newsletter email, by email to (service@otaros-shop.com) or by sending a message to the contact details provided in the imprint. 
We use the Mailchimp service, USA, to send our newsletter. The data you provide when registering for the newsletter (email address, name if applicable, IP address, date and time of registration) will be transferred to a Mailchimp server in the USA and stored there in compliance with the "US Privacy Shield".

(5) We would like to point out that we evaluate your user behavior when sending the newsletter. For this evaluation, the emails sent contain so-called web beacons or tracking pixels, which are single-pixel image files stored on our website. For the evaluations, we link the data mentioned in § 3 and the web beacons with your email address and an individual ID. We use the data obtained in this way to create a user profile in order to tailor the newsletter to your individual interests. In doing so, we record when you read our newsletters, which links you click on in them and use this to deduce your personal interests. 
Right to object

You can object to this tracking at any time by clicking on the separate link provided in each email or by informing us via another contact method, e.g. by email: service@otaro-shop.com. The information will be stored for as long as you are subscribed to the newsletter. After unsubscribing, we store the data purely statistically and anonymously. Such tracking is also not possible if you have deactivated the display of images in your email program by default. In this case, the newsletter will not be displayed in full and you may not be able to use all functions. If you display the images manually, the above-mentioned tracking will take place. 
14. Use of social media plug-ins 
We use so-called social plugins (“plugins”) from Instagram on our website, which is operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”).

We use the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to Instagram. The plug-in in the form of images is provided with the heading "Follow us on Instagram". We give you the opportunity to communicate directly with Instagram via the button. Only if you click on the marked field and thereby activate it, will Instagram receive the information that you have accessed our website. In addition, the data mentioned under Section 1 of this declaration will be transmitted. By activating the plug-in, personal data from you will be transmitted to Instagram and stored there (for US providers in the USA). 
We have no influence on the data collected and data processing procedures, nor are we aware of the full extent of the data collection, the purposes of the processing, or the storage periods. We also have no information on the deletion of the data collected by Instagram.

If you interact with the plug-in, in particular by clicking on the plug-in image, your browser establishes a direct connection to the Instagram servers. The content of the plug-in is transmitted directly from Instagram to your browser and integrated into the page. Through this integration, Instagram receives the information that your browser has accessed our website, even if you do not have an Instagram profile or are not currently logged into Instagram. This information (including your IP address) is transmitted from your browser directly to an Instagram server in the USA and stored there. If you are logged into Instagram, Instagram can immediately assign your visit to our website to your Instagram account. The information is also published on your Instagram account and displayed to your contacts there. We recommend that you log out regularly after using a social network, but especially before activating the button, as this will prevent your visit from being assigned to your Instagram profile. 
Instagram stores the data collected about you as user profiles and uses them for the purposes of advertising, market research and/or needs-based design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) to display needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Instagram to exercise this right.

For further information on the purpose and scope of data collection and the further processing and use of the data by Instagram as well as your rights and setting options to protect your privacy, please refer to Instagram's privacy policy: https://help.instagram.com/155833707900388/. 
If you do not want Instagram to assign the data collected via our website directly to your Instagram account, you must log out of Instagram before visiting our website. You can also completely block the loading of the Instagram plug-in using add-ons for your browser, e.g. with the script blocker "NoScript" (http://noscript.net/). 
The legal basis for the use of plug-ins is Art. 6 Paragraph 1 Clause 1 Letter f of GDPR.

15. Remarketing/Retargeting

(1) We use "Custom Audiences" from Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook") on our websites for the purposes of retargeting or remarketing. This service uses so-called tracking or remarketing pixels. These are pixel image files that enable log file analysis. By using the pixels, the service provider can see when and how many users have accessed the pixel, or whether and when an email was opened or a website was visited.

(2) With the help of this service, website users can be shown interest-based advertisements ("Facebook Ads") when they visit the social network Facebook or other websites that also use the process. Our interest is to show you advertising that is of interest to you in order to make our website more interesting for you. When you visit our website, a direct connection to Facebook's servers is established via the pixel. This enables Facebook to identify you using the browser ID, as this can be linked to your user account. We have no influence on the scope and further use of the data collected by Facebook through the use of this tool and therefore inform you according to our level of knowledge: By integrating Facebook Custom Audiences, Facebook receives the information that you have accessed the corresponding web page on our website or clicked on an ad from us. If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered with Facebook or have not logged in, there is a possibility that the provider will find out and store your IP address and other identification features.

(3) Logged-in users can deactivate the “Facebook Custom Audiences” function at https://www.facebook.com/settings/?tab=ads#_.

(4) The legal basis for the processing of your data is Art. 6 Paragraph 1 Clause 1 Letter f of GDPR. Further information on data processing by Facebook can be found at https://www.facebook.com/about/privacy/. 
Right to object 
If you do not want to see advertising generated by the respective targeting service, you can object to the use of retargeting technology on our websites by sending us a message to service@otaro-shop.com.

16. Data security 
We have implemented a variety of security measures to protect your personal information. Our servers and databases are protected by physical and technical measures, among others.

We use standardized SSL encryption technology when collecting and transmitting data via our website. Personal data is transmitted as part of the ordering process using SSL encryption, which can be recognized by the lock symbol in the browser and the addition "https://" in the address bar.

With encrypted communication, your payment data that you send to us cannot be read by third parties. When communicating via email, 100% data security cannot be guaranteed.

17. Changes to this Privacy Policy 
We may change this privacy policy at any time. All changes to this privacy policy will be published on this website and will automatically take effect 30 days after they are published. We will notify you of any significant changes to this privacy policy by email.