1. GENERAL INFORMATION AND RESPONSIBILITY


1.1 The protection and security of your personal data are of the utmost importance to us. Therefore, we treat your personal data confidentially and in accordance with the statutory data protection regulations as well as this privacy policy. Please read our privacy policy carefully and thoroughly.
1.2 This privacy policy addresses the collection, processing and use of your personal data when using our website  www.spyra.com (hereinafter referred to as “website”) and explains the nature, extent and purpose of personal data processing on our website.
1.3 Provider of the website and responsible for data protection is the

Spyra GmbH
Fraunhoferstrasse 23H
80469 München

CEO: Sebastian Walter
E-Mail:  hello@spyra.com


For further contact information, please refer to our imprint.


2. GENERAL PRINCIPLES OF DATA PROCESSING

 

2.1 The subject of data protection is personal data. This includes all information that relates to an identified or identifiable natural person (hereinafter “data subject”). An identifiable person is a natural person who can be identified directly or indirectly, in particular by assigning an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics, the expression of the physical , physiological, genetic, psychological, economic, cultural or social identity of this natural person. For example, this includes your name, address, e-mail address and phone number.

2.2 The term “user” encompasses all categories of data subjects. They include customers and visitors to this website. The terminology used, e.g. “users” are to be understood as gender-neutral.

2.3 We collect your data when you are using one of our various contact options (see section 8) or by placing an order with us via our web shop (see section 7). Other data is automatically collected when you visit the website.

2.4 We only process personal data in compliance with relevant data protection regulations and in accordance with the requirements of data minimization and data avoidance. This means that user data is only processed with legal permission. Especially, if the data processing is necessary to fulfill our contractual services (e.g. processing your orders) and online services or is required by law, the user has given consent, as well as on our legitimate interests.

2.5 Regarding the processing of personal data on the basis of the GDPR, we hereby point out in accordance with Art. 13 GDPR that the legal basis for consent is Art. 6 Para. 1 lit. a and Art. 7 GDPR, the legal basis for processing to perform our services and implement contractual measures Art. 6 Para. 1 lit. b GDPR, the legal basis for processing to fulfill our legal obligations Art. 6 para. 1 lit. c GDPR, and the legal basis for processing to safeguard our legitimate interests Art. 6 para. 1 lit. f GDPR.

2.6 We store your data for as long as the respective purpose requires, considering your legitimate interests. If there is a tax retention period for certain data (e.g. sales contracts), the data is stored for 6 to 10 years. The retention obligation begins at the end of the calendar year in which the order was placed by the customer or the contract was fulfilled. As far as there are different data storage periods in individual cases, e.g. in the case of application documents (see section 14), we will point this out to accordingly.


3. USER RIGHTS

 

3.1 You have the right to request confirmation of Spyra at any time as to whether we process personal data and the right to
- Disclosure
- Rectification
- Deletion of your personal data
- Limited data processing
- As well as the right to object to the processing of personal data at any time, or to withdraw consent to data processing at any time, or
- To request data transmission or
- To complain to a supervisory authority in the event of data protection violations. A list of the authorities and their contact details can be found in the following link:  https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

3.2 To exercise the above rights, please contact us using our contact form ( https://www.spyra.com/pages/contact) or contact us via email:  hello@spyra.com.



4. SECURITY MEASURES


4.1 We take organizational, contractual and technical security measures to ensure that the data protection regulations are complied with and thus to protect the data processed by us against accidental or intentional manipulation, loss, destruction or agains access by unauthorized persons.

4.2 The security measures include the encrypted transmission of data between your browser and our server. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http: //” to “https: //” and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.

4.3 If it is possible or not necessary to save the IP address, we will shorten it or have your IP address shortened. If the IP address is shortened, also known as "IP masking", the last octet, i.e. the last two digits of an IP address, is deleted (in this context, the IP address is an through the online access provider individually assigned identifier). Shortening the IP address is intended to prevent or make it significantly more difficult to identify a person based on their IP address.


5. WEBHOSTING

 

5.1 Our web hosting services also include sending, receiving and storage of emails. For these purposes, the addresses of the recipients and senders are being processed as well as further information regarding the sending of e-mails (e.g. the providers involved) and the content of the respective e-mails. The aforementioned data can also be processed for the purpose of detecting SPAM. Please note that e-mails in general are not sent encrypted on the internet. As a rule, e-mails are encrypted during transport, but (unless an end-to-end encryption process is used) not on the servers from which they are sent and received. Therefore, we cannot accept any responsibility for the transmission path of e-mails between the sender and our server.

5.2 Collection of access data and log files: We ourselves (or our web hosting provider) collect data on every access to the server (so-called server log files). The server log files can include the address and name of the accessed websites and files, date and time of access, transferred data volumes, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider.The server log files can be used on the one hand for security purposes, e.g. to avoid overloading the server (in particular in the event of abusive attacks, so-called DDoS attacks) and on the other hand to ensure the server's capacity and stability.

5.3 The following types of data are being processed: content data (e.g. text input, photographs, videos), usage data (e.g. visited websites, interest in content, access times), meta / communication data (e.g. device information, IP addresses).

5.4 The legal basis for processing is Art. 6 Para. 1 S. 1 lit. f. GDPR (protection of legitimate interests).


6. DATA COLLECTION FOR ALL VISITORS


6.1 With the simple use of our website, i.e. if you do not place an order and do not register or message us via the in section 6 mentioned contact options, we only collect the personal data that your browser transmits to our server. By clicking through our website, we collect the following data, which is technically necessary for us to display our website and to ensure stability and security:


* IP Address
* Date and time of the access
* On-site demand (specific page)
* Access status / HTTP status code
* Data volume transferred
* Referring URL
* Browser
* Operating system surface
* Language and version of the browser software

The legal basis for the processing and storage of the data is Art. 6 Para. 1 lit. f GDPR.

6.2 So-called cookies are used on the Spyra website. Cookies are information that is transmitted from our web server or third-party web servers to the user's web browser and stored there for later retrieval. Cookies can be small files or other types of information storage. Cookies also help to provide the services integrated on the website, to personalize content and to customize and analyze advertisements.

6.3 Depending on their function and purpose, cookies can be divided into five categories.

* Necessary or essential cookies: These are used so that you can navigate on our website and use the basic functions of the website.
* Performance cookies: These are used by Spyra to improve the user-friendliness of the website. Performance cookies collect user information, e.g. internet browser and operating system used; Domain name of the website you came from, number of visits, average time spent, and pages viewed.
* Analysis cookies: These are used to improve the user-friendliness of the Spyra website. With analysis cookies we can determine how our website is used based on which preferences and search terms are called.
* Advertising or marketing cookies: We use these to offer you more relevant content. They are also used to measure and control the effectiveness of advertising campaigns. Marketing cookies register whether a website is visited and what content is used. This information may be shared with third parties, such as advertisers and are often linked to third-party page functionalities (third-party cookies).
* Social media cookies are set by social networks.

6.4 Analysis Cookies

6.4.1 The web analysis (also referred to as "range measurement") is used to evaluate the flow of visitors to our online offer and can include behavior, interests or demographic information about visitors, such as age, or gender as pseudonymous values. Using range analysis we can e.g. recognize at what time our online offer or its functions or content are used most frequently or invite them to be reused. We can also understand which areas require optimization.

6.4.2 In addition to web analysis, we can also use test procedures to e.g. test and optimize different versions of our online offer or its components. For this purpose, the following information can be collected: content viewed, elements and technical information used on visited websites such as the browser used, the computer system used and information on times of use. If users have consented to the collection of their location data, this can also be processed depending on the provider.

6.4.3 The IP addresses of the users are also saved. However, if available, we use an IP masking process (i.e. pseudonymization by shortening the IP address) to protect users. In general, as part of web analysis, A / B testing and optimization, no clear user data (such as e-mail addresses or names) is saved, but pseudonyms. This means that we, as well as the providers of the software used, do not know the actual identity of the user, but only the information stored in their profiles for the purpose of the respective processes.

6.4.4 Opt-out: We refer to the privacy policy information of the respective provider and the objection options given for each of them (so-called \ "opt-out \"). If no explicit opt-out option has been specified, you have the possibility to deactivate cookies in the settings of your browser. However, this may restrict the functions of our online offer. We therefore also recommend the following opt-out options, which are offered in summary for each area: a) Europe:  https://www.youronlinechoices.eu. b) Canada:  https://www.youradchoices.ca/choices. c) USA:  https://www.aboutads.info/choices. d) Cross borders:  https://optout.aboutads.info

6.4.5 We are using the following analysis tools:

6.4.5.1 Google Analytics

We use the web analysis service of Google Inc. ("Google"), Google Analytics. Google uses cookies. The information generated by the cookie about your use of the online offer is usually transmitted to a Google server in the USA and stored there.

Google is certified under the Privacy Shield Agreement and thereby offers a guarantee to comply with European data protection law ( https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google will use this information on our behalf to evaluate your use of our online offer, to compile reports on the activities within this online offer and to provide us with other services related to the use of this online offer and the internet. Thereby, pseudonymous user profiles can be created from the processed data.

We only use Google Analytics with activated IP anonymization. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there.

The IP address transmitted by the user's browser is not merged with other Google data. The users can prevent the storage of cookies by setting their browser software accordingly; Users can also prevent Google from collecting the data generated by the cookie and relating to their use of the online offer and from processing this data by Google by downloading and installing the browser plug-in available under the following link:  http://tools.google.com/dlpage/gaoptout?hl=de.

You can find further information on data use by Google, settings and objection options on the Google website:  https://www.google.com/intl/de/policies/privacy/partners ("Data use by Google when you use websites or apps our partners ”),  http://www.google.com/policies/technologies/ads (“ Use of data for advertising purposes ”),  http://www.google.de/settings/ads (“Manage information that Google uses, to show you advertising").

You can also delete cookies or turn off tracking. You can delete individual cookies or the entire cookie inventory via your browser settings. Most browsers also offer a so-called "do not track function", with which you can indicate that you do not want to be "tracked" by websites. If this function is activated, the respective browser notifies advertising networks, websites and applications that you do not want to be tracked for behavior-based advertising and the like. In addition, you can prevent so-called scripts from loading by default. NoScript allows the execution of JavaScript, Java and other plug-ins only with trusted domains of your choice. You can get information and instructions on how to edit this function from the provider of your browser (e.g. for Mozilla Firefox).

Legal basis for the processing of the data is Art. 6 Para. 1 lit. a GDPR.

6.4.5.2 Lucky Orange

We also use the Lucky Orange analysis tool. The provider is Lucky Orange LLC, 8680 W 96th St, Overland Park, KS 66212, USA, "Lucky Orange").

Lucky Orange is certified for the US-European data protection convention "Privacy Shield", which guarantees compliance with the data protection level applicable in the EU.
Like Google Analytics, Lucky Orange also offers anonymization. Usage profiles can be created from this anonymized data under a pseudonym. Cookies might be used. Cookies enable recognition of the Internet browser. The data collected with the Lucky Orange technologies will not be used to personally identify the visitor to this website and will not be combined with personal data about the bearer of the pseudonym without the separate consent of the person concerned.

In order to avoid the storage of Lucky Orange cookies, you can set your internet browser so that no cookies can be stored on your computer in the future or cookies that have already been stored will be deleted. Disabling all cookies can, however, mean that some functions on our website can no longer be performed. You can object to the collection and storage of data for the purpose of creating a pseudonymized user profile at any time with effect for the future by informing us of your objection informally by e-mail to the above under section 1 mentioned contact details.

Alternatively, you can object to the collection of data by Lucky Orange for the future by setting an opt-out cookie which you can obtain from the following website:  http://www.luckyorange.com/privacy.php

Please do not delete this opt-out cookie as long as you object to the aforementioned data collection by Lucky Orange.

Legal basis for the processing of the data is Art. 6 Para. 1 lit. a GDPR.

6.4.6 Marketing/Remarketing & Retargeting-Cookies

Facebook Custom Audience (Pixel Variant)
With the help of Facebook and the partners who cooperate with Facebook (so-called "Audience Network"  https://www.facebook.com/audiencenetwork/), Facebook is able to target visitors to our online offer for the display of advertisements (so-called "Facebook Ads"). Facebook Inc., based in the USA, is certified for the US-European data protection convention “Privacy Shield”, which guarantees compliance with the data protection level applicable in the EU.
This service uses so-called tracking or remarketing pixels. These are pixel image files that enable log file analysis. By using the pixels, the service provider can see when and how many users have accessed the pixel.
Accordingly, we use the Facebook pixel to only display the Facebook ads we have shown to those users who have shown an interest in our online offer or who have certain characteristics (e.g. interest in certain topics or products based on the websites visited ) that we transmit to Facebook (so-called "custom audiences").
With the help of the Facebook pixel, we would also like to ensure that our Facebook ads correspond to the potential interest of the users and are not a nuisance. With the help of the Facebook pixel, we can also understand the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion measurement").
By integrating Facebook Custom Audiences, Facebook receives the information that you have accessed the corresponding website of our website or that you have clicked on an advertisement from us. If you are registered with a Facebook service, Facebook can assign your visit to your account. Even if you are not registered on Facebook or have not logged in, there is a possibility that the provider will find out and save your IP address and other identification features.
To deactivate "Facebook Custom Audiences" use the following link:  https://www.facebook.com/settings/?tab=ads#_.
Legal basis for the processing of the data is Art. 6 Para. 1 lit. a GDPR.
You can find further information on Facebook’s data use here:  https://www.facebook.com/about/privacy/.


7. SHOP SYSTEM AND ORDER PROCESSING


7.1 To process your order, we work with the following service providers who support us in whole or in part in the execution of contracts. Certain personal data is transmitted to these service providers in accordance with the following information.

7.2 The personal data collected by us will be passed on to the transport company commissioned with the delivery as far as this is necessary for the delivery of the goods. The legal basis for the transfer of the data is Art. 6 Para. 1 lit. b GDPR

7.3 Shopify

7.3.1 We use Shopify, a service of Shopify Inc., 126 York Street, Suite 200, Ottawa, ON, Canada, K1N 5T5 to operate our online shop. This service provides an e-commerce platform through which we offer our goods for sale. The data transmitted as part of your order will be stored on a Shopify server in the USA.

7.3.2 Shopify has submitted to the EU-US Privacy Shield,  https://www.privacyshield.gov/EU-US-Framework.

7.3.3 For more information on data protection, please refer to Shopify's data protection information at  http://www.shopify.com/legal/privacy.

7.3.4 The following data is processed: inventory data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contact details (e.g. email, telephone numbers), contract data (e.g. contract object, duration, customer category), usage data (e.g. websites visited, Interest in content, access times), meta / communication data (e.g. device information, IP addresses).

7.3.5 The legal basis for the transfer of the data is Art. 6 Para. 1 lit. b GDPR

7.4 Sufio

7.4.1 We use the automatic order generation system Sufio for instant order processing. For more information on data protection, please refer to Sufio's data protection information at  https://sufio.com/legal/privacy-policy/

7.4.2 The following data is processed: customer name, customer company, address, telephone number, e-mail address, commercial register number, tax ID, sales tax identification number (VAT ID), company register entry, quantity and price of the goods listed.

7.4.3 The legal basis for the transfer of the data is Art. 6 Para. 1 lit. b GDPR

7.5 Shipping: Disclosure of personal data to shipping service providers

DHL
If the delivery of the goods is carried out by the transport service provider DHL (Deutsche Post AG, Charles-de-Gaulle-Strasse 20, 53113 Bonn), we will provide your email address in accordance with Art. 6 Para. 1 lit. a DSGVO before delivery of the goods for the purpose of coordinating a delivery date or for delivery notification to DHL, provided you have given your express consent in the ordering process. Otherwise and solely for the purpose of delivery in accordance with Art. 6 Para. 1 lit. b GDPR we only forward the name of the recipient and the shipping address to DHL. The data will only be passed on if this is necessary for the delivery of goods. In this case, a prior coordination of the delivery date with DHL or a delivery announcement is not possible. The consent can be withdrawn at any time with future effect to the person responsible above (see section 1) or to the transport service provider DHL.

FedEx
If the delivery of the goods is carried out by the transport service provider FedEx (FedEx Express Germany GmbH, Langer Kornweg 34 k, 65451 Kelsterbach), we will forward your email address and / or your telephone number before the goods are delivered in accordance with Art. 6 Para. 1 lit. a DSGVO for the purpose of coordinating a delivery date or for delivery notification to FedEx, provided you have given your express consent in the ordering process. Otherwise and solely for the purpose of delivery in accordance with Art. 6 Para. 1 lit. b GDPR we only forward the name of the recipient and the shipping address to FedEx. The data will only be passed on if it is necessary for the delivery of goods. In this case, a prior coordination of the delivery date with FedEx or the delivery announcement is not possible. The consent can be withdrawn at any time with future effect to the person responsible above (see section 1) or to the transport service provider FedEx.

UPS
If the goods are delivered by the transport service provider UPS (United Parcel Service Germany Inc. & Co. OHG, Görlitzer Strasse 1, 41460 Neuss), we will forward your email address before the goods are delivered in accordance with Art. 6 Para. 1 lit. a DSGVO for the purpose of coordinating a delivery date or for delivery notification to UPS, provided you have given your express consent in the ordering process. Otherwise and solely for the purpose of delivery in accordance with Art. 6 Para. 1 lit. b GDPR we only forward the name of the recipient and the shipping address to UPS. The data will only be passed on if it is necessary for the delivery of goods. In this case, a prior coordination of the delivery date with UPS or the transmission of status information of the shipment delivery is not possible. The consent can be withdrawn at any time with future effect to the person responsible above (see section 1) or to the transport service provider UPS.

7.6 Shipment Tracking & Returns System Aftership

7.6.1 We operate the services of After Ship Track & Notify and After Ship Returns Center to operate our online shops. For more information on data protection, please refer to After Ship's data protection information at:  https://www.aftership.com/privacy

7.6.2 Processed data types: name, address, telephone number, email address, credit card information, shipping information (among others).

7.7 Gorgias CRM-System

7.7.1 We use the "Gorgias" chat service on our website to offer our customers the best customer service. When using this tool, personal data is processed (e.g. IP address, other data specified in the context of communication). The processing is carried out to perform (pre-) contractual measures (Art. 6 Para. 1 b GDPR) or to protect our legitimate interests in terms of optimal customer service (Art. 6 Para. 1 letter f GDPR).

7.7.2 When using the tool, personal data is transmitted to the provider's server located in the USA. The tool is provided by Gorgias Inc., 768 Harrison St Ste 2, 94107 San Francisco, USA ( https://www.gorgias.com/). Further information on the processing of data by Gorgias Inc. can be found here ( https://www.gorgias.com/privacy).


8. CONTACT OPTIONS

8.1 We at Spyra offer you various communication channels: (i) contact form, (ii) via e-mail, (iii) via Facebook chat, (iv) via the Gorgias chat or via (v) a chatbot.

8.2 Contact Form: Your (i) name and (ii) email address are collected via the contact form. We need this data in order to contact you and to be able to address you personally (by name). The legal basis for the processing of data transmitted via the contact form or in the course of sending an email is Art. 6 para. 1 lit. f GDPR. If the establishment of contact also aims to conclude a contract, then the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted after the final processing of your request, i.e. if it can be inferred from the circumstances that the matter in question has been finally clarified and provided that there are no statutory retention requirements.

8.3 Apart from the contact form, you can also contact us by email (at  hello@spyra.com).

8.4 Facebook chat: You can also contact us via the Facebook chat. Facebook chat is based on the Facebook messenger system: Facebook messenger with end-to-end encryption (the end-to-end encryption of the Facebook messenger requires activation, unless it should be activated by default) ; Service provider:  https://www.facebook.com, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website:  https://www.facebook.com; Data protection declaration:  https://www.facebook.com/about/privacy; Privacy Shield (guarantee of data protection level when processing data in the USA):  https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active; Opposition option (opt-out):  https://www.facebook.com/settings?tab=ads.

The legal basis for the processing of data transmitted via the contact form or in the course of sending an email is Art. 6 para. 1 lit. f GDPR. If the establishment of contact also aims to conclude a contract, then an additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

8.5 Chatbot: A chatbot is software that answers users' questions or informs them about messages. If you communicate with the chatbot within an online platform, your IP address will be processed and the data that will be communicated to us. We also collect information about which users interact with our chatbot and when. We also save the content of your conversations with the chatbot and log registration and consent processes in order to be able to prove them in accordance with legal requirements. We use the following chatbot tools:
* ManyChat: chatbot and assistance software and related services; Service provider: ManyChat, Inc., 535 Everett Ave, Palo Alto, CA 94301, USA; Website:  https://manychat.com; Data protection declaration:  https://manychat.com/privacy.html.
* Shopify Chat: chatbot and assistance software and related services; Service provider: Shopify, Inc. 150 Elgin St. Ottawa, ON K2P 1L4 Canada; Website:  https://www.shopify.com Privacy Policy:  https://www.shopify.com/legal/privacy.

If we use the chatbot to answer inquiries from users about our services or our company, this is done for the implementation of (pre-) contractual measures (Art. 6 Para. 1 b GDPR). Otherwise, we use the chatbot based on our legitimate interests in optimizing the chatbot, its economic efficiency and an increase in the positive user experience and thus on the basis of Art. 6 Para. 1 lit. f GDPR.

8.6 Data protection provisions about the application and use of WhatsApp as a means of communication The controller uses WhatsApp as a means of communication between employees, customers, business partners, shareholders and steakholders. WhatsApp is a widely used application that can be used to chat, make phone calls and send voice messages, among other things. The operating company of the service is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. We use the WhatsApp marketing tool from the company chatarmin.com, based in Vienna, Austria. The purpose of the processing is to handle operational communication.
The legal basis is Art. 6 para. 1 lit. f GDPR. WhatsApp is used to handle communication. WhatsApp stores personal communication data and itself accesses personal data, in particular the phone book of mobile devices, more precisely: all phone numbers of the persons stored in the phone are read out. The communication processed via WhatsApp, the telephone numbers collected and all other data are or could be transmitted to third parties, in particular Facebook or other companies as well as American or international secret services. If you do not want us to store your phone number in one of our mobile devices and/or communicate with you via WhatsApp, please simply inform us.In such a case, we would of course use alternative means of communication (e.g. telephone call). Further information and the applicable data protection provisions of WhatsApp can be found at https://www.whatsapp.com/legal/#privacy-policy
Further information about our WhatsApp software can be found on the Chatarmin website. https://chatarmin.com/en


9. NEWSLETTER

9.1 With the following information we inform you about the content of our newsletter as well as the registration, shipping and statistical evaluation procedure and your right to object. By subscribing to our newsletter, you agree to the receipt and the procedures described.

9.2 Newsletter content: We send newsletters, e-mails and other electronic notifications with advertising information (hereinafter "newsletter") only with the consent of the recipient or legal permission. In the event that the contents of a newsletter are specifically described when signing up, they are decisive for the consent of the user. Our newsletters also contain information about our products, offers, promotions and our company.

9.3 Double opt-in and logging: The registration for our newsletter takes place in a so-called double opt-in procedure. I.e. after registering, you will receive an email asking you to confirm your registration. This confirmation is necessary so that no one can register with someone else's email address. All registrations for the newsletter are logged in order to be able to demonstrate the registration process in accordance with the legal requirements. This includes storing the time of registration and confirmation, as well as the IP address. The changes to your data stored by the shipping service provider are also logged.

9.4 Shipping Provider
The newsletter is sent via Klaviyo. Klaviyo is an online marketing platform of Klaviyo Inc., 225 Franklin St.Boston, Massachusetts 02110. Further information on data protection at Klaviyo can be found at:  https://www.klaviyo.com/privacy/policy. Privacy Shield (guaranteeing the level of data protection when processing data in the USA):  https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active.
The newsletter was previously sent using "MailChimp", a newsletter distribution platform from the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE # 5000, Atlanta, GA 30308, USA. You can view the data protection regulations of the shipping service provider here:  https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d / b / a MailChimp is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with the European data protection level ( https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active)
To protect your data in the USA, we have concluded a data processing agreement with MailChimp ("Data Processing Agreement") based on the standard contractual clauses of the European Commission to enable the transmission of your personal data to MailChimp. If you are interested, this data processing contract can be viewed at the following Internet address:  https://mailchimp.com/legal/data-processing-addendum/

9.5 Furthermore, the shipping service provider can provide this data in pseudonymous form, i.e. use without association to a user, to optimize or improve their own services, e.g. to technically optimize the sending and presentation of the newsletter or for statistical purposes to determine from which countries the recipients come. However, the shipping service provider does not use the data of our newsletter recipients to write to them or pass them on to third parties.

9.6 Registration data: To register for the newsletter, it is sufficient to provide your email address.

9.7 The sending of the newsletter and the measurement of success are based on the consent of the recipient in accordance with Art. 6 para. 1 lit. a, Art. 7 GDPR in conjunction with Section 7 (2) No. 3 UWG or based on Section 7 (3) UWG.

9.8 The logging of the registration process is based on our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR and serves as proof of consent to receive the newsletter.

9.9 Cancellation / revocation: You can cancel your subscription to our newsletter at any time, i.e. revoke your consent. You will find a link to cancel the newsletter at the end of each newsletter. If the users have only registered for the newsletter and cancelled this registration, their personal data will be deleted.

MailChimp can also process this data in accordance with Art. 6 Para. 1 lit. f GDPR based on its own legitimate interest in the needs-based design and optimization of the service and for market research purposes, for example to determine which countries the recipients come from. However, MailChimp does not use the data of our newsletter recipients to write to them themselves or to pass them on to third parties.


10. PLUGINS


10.1 FACEBOOK


10.1.1 On the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Article 6 (1) (f) GDPR), we use social plugins (“plugins”) from the social network  facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland (“Facebook”). The plugins can represent interaction elements or content (e.g. videos, graphics or text contributions) and can be recognized by one of the Facebook logos (white "f" on blue tile, the terms "like" or a "thumbs up" sign ) or are marked with the addition "Facebook Social Plugin". The list and the appearance of the Facebook social plugins can be viewed here:  https://developers.facebook.com/docs/plugins/.

10.1.2 Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law ( https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Activ e).

10.1.3 When a user calls up a function of this offer that contains such a plugin, the used device establishes a direct connection to the Facebook servers. The content of the plug-in is transmitted from Facebook directly to the user's device, which integrates it into the online offer. User profiles of the users can be created from the processed data. We therefore have no influence on the scope of the data that Facebook collects with the help of this plugin and therefore inform the user according to our level of knowledge.

10.1.4 By integrating the plugins, Facebook receives the information that a user has called up the corresponding page of the offer. If the user is logged into Facebook, Facebook can assign the visit to their Facebook account. If users interact with the plugins, for example confirm the Like button or leave a comment, the corresponding information is transmitted from your browser directly to Facebook and stored there. If a user is not a member of Facebook, there is still the possibility that Facebook will find out and save his IP address. According to Facebook, only an anonymized IP address is saved in Germany.

10.1.5 The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as the related rights and setting options for protecting the privacy of users can be found in Facebook's data protection information:  https://www.facebook.com/about/privacy/ .

10.1.6 If a user is a Facebook member and does not want Facebook to collect data about them via this offer and link it to their member data stored on Facebook, they must log out of Facebook before using our website and delete their cookies. Further settings and contradictions regarding the use of data for advertising purposes are possible within the Facebook profile settings:  https://www.facebook.com/settings?tab=ads or via the US website  http://www.aboutads.info / choices / or the EU website  http://www.youronlinechoices.com/. The settings are platform independent, i.e. they are adopted for all devices, such as desktop computers or mobile devices.

The legal basis for processing the data is Art. 6 Para. 1 lit. a GDPR.

10.2 INSTAGRAM

10.2.1 On the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Article 6 (1) (f) GDPR), we also use the social plugin of the online service Instagram, which is provided by Instagram LLC. , 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). The plugins are marked with an Instagram logo, for example in the form of an "Instagram camera". An overview of the Instagram plugins and their appearance can be found here:  http://blog.instagram.com/post/36222022872/introducing-instagram-badges.

10.2.2 When you visit a page of our website that contains such a plugin, your browser establishes a direct connection to the Instagram servers. The content of the plugin is transmitted directly from Instagram to your browser and integrated into the page. Through this integration, Instagram receives the information that your browser has called up the corresponding page of our website, even if you do not have an Instagram profile or are currently not logged in to Instagram. This information (including your IP address) is sent from your browser directly to an Instagram server in the USA and stored there.

10.2.3 If you are logged into Instagram, Instagram can immediately assign your visit to our website to your Instagram account. If you interact with the plugins, for example by pressing the "Instagram camera" button, this information is also transmitted directly to an Instagram server and stored there. The information will also be published on your Instagram account and displayed to your contacts there. The purpose and scope of the data collection and the further processing and use of the data by Instagram as well as your rights in this regard and setting options to protect your privacy can be found in Instagram's data protection information:  https://help.instagram.com/155833707900388/.

10.2.4 If you do not want Instagram to directly associate the data collected via our website with your Instagram account, you must log out of Instagram before visiting our website. You can also completely prevent the loading of Instagram plugins with add-ons for your browser, e.g. B. with the script blocker "NoScript" ( http://noscript.net/).

The legal basis for processing the data is Art. 6 Para. 1 lit. a GDPR.

10.3 YOUTUBE


10.3.1 This website uses the YouTube embedding function to display and play back videos from the provider "Youtube", which belongs to Google LLC., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google").

10.3.2 The extended data protection mode is used here, which, according to the provider, only starts storing user information when the video (s) is/are played. If the playback of embedded Youtube videos is started, the provider "Youtube" uses cookies to collect information about user behaviour. According to "YouTube", these are used, among other things, to record video statistics, improve user-friendliness and prevent abusive practices. If you are logged in to Google, your data will be assigned directly to your account when you click on a video. If you do not want your YouTube profile to be assigned, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them.

10.3.3 The legal basis for processing the data is Art. 6 Para. 1 lit. a GDPR.

10.3.4 Regardless of whether the embedded videos are played back, a connection to the Google "DoubleClick" network is established each time this website is accessed, which may trigger further data processing operations without our influence.

10.3.5 Google LLC, based in the USA, is certified for the US-European data protection convention “Privacy Shield”, which guarantees compliance with the data protection level applicable in the EU.

10.3.6 Further information on data protection at "YouTube" can be found in the provider's data protection declaration at:  https://www.google.de/intl/de/policies/privacy

10.4 TikTok

10.4.1 We use social plugins ("Plugins") of the social network https://www.tiktok.com/, which is operated by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland ("TikTok"), on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 (1) f) GDPR). The plugins may display interaction elements or content (e.g., videos, graphics, or text posts) and are recognizable by one of the TikTok logos (white octuplet on black tile,) or are marked with the phrase "TikTok Social Plugin." The list and appearance of TikTok Social Plugins can be viewed here: https://developers.tiktok.com/plugins

10.4.2 When a user calls up a function of this offer that contains such a plugin, the device used establishes a direct connection with the servers of TikTok. The content of the plugin is transmitted by TikTok directly to the user's device and integrated by the latter into the online offer. User profiles can be created from the processed data. We therefore have no influence on the scope of the data that TikTok collects with the help of this plugin and therefore inform the users according to our state of knowledge.

10.4.3 By integrating the plugins, TikTok receives the information that a User has accessed the corresponding page of the offer. Provided that the user is logged in to TikTok, TikTok can assign the visit to his TikTok account. When users interact with the plugins, the corresponding information is transmitted from your browser directly to TikTok and stored there. If a user is not a member of TikTok, there is still the possibility that TikTok learns about and stores his IP address.

10.4.4 The purpose and scope of the data collection and the further processing and use of the data by TikTok as well as the related rights and setting options for the protection of the privacy of the Users can be found in the privacy policy of TikTok: https://www.tiktok.com/legal/privacy-policy-eea?lang=en.

10.4.5 If a user is a TikTok member and does not want TikTok to collect data about him/her through this offer and link it to his/her membership data stored with TikTok, he/she must log out of TikTok and delete his/her cookies before using our website. Further settings and objections to the use of data for advertising purposes are possible within the TikTok profile settings: https://support.tiktok.com/de/account-and-privacy/account-privacy-settings or via the EU website http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices

The legal basis for processing the data is Art. 6 (1) lit. a GDPR.


11. FACEBOOK FANPAGE


11.1 Spyra also runs a Facebook fan page at  https://www.facebook.com/SpyraOne/. This is to draw attention to the Spyra offer and to get in touch with Spyra.

11.2 In June 2018, the European Court of Justice ruled that site operators of a Facebook fan page, i.e. Spyra, and Facebook are jointly responsible in terms of data protection law in the sense of Art. 26 GDPR. Jointly responsible are therefore (i) Facebook and (ii) Spyra. For the division of data protection tasks between Facebook and Spyra see the following paragraphs and the supplement published by Facebook regarding the person responsible:  https://www.facebook.com/legal/terms/page_controller_addendum.

11.3 Facebook creates various anonymous statistical data in the form of so-called page insights for a Facebook fan page (more on the page insights can be found here:  https://www.facebook.com/business/pages/manage#page_insights). As the operator of the Spyra fan page, we have no influence on the generation, display and processing of the Insights data. We do not receive an assignment of individual data records to specific users. However, this data is generated by Facebook using so-called cookies. You can find out more about cookies in section. 5.2 of this data protection declaration. We can only determine certain parameters as to which data is collected by which target groups. Which information is used by Facebook can be found in the "Information on page insights data" provided by Facebook:  https://www.facebook.com/legal/terms/information_about_page_insights_data

11.4 The operation of the Facebook fan page and the processing of your personal data is based on Art. 6 Para. 1 lit. a GDPR.

11.5 Notwithstanding para. 3 of this data protection declaration, Facebook is responsible for asserting data subject rights. This follows from the following statement:  https://www.facebook.com/legal/terms/page_controller_addendum Facebook has committed to take responsibility in this. "Facebook Ireland ensures that it has a legal basis for processing the Insights data, which is set out in the data policy of Facebook Ireland (see under" What is our legal basis for the processing of data? "). Unless otherwise stated in this page insights supplement, Facebook Ireland assumes the fulfillment of the obligations under the GDPR for the processing of insights data (including Articles 12 and 13 GDPR, Articles 15 to 21 GDPR, Articles 33 and 34 GDPR). Facebook Ireland takes appropriate technical and organizational measures in accordance with Article 32 GDPR to ensure the security of processing.


12. PAYMENT SERVICES

12.1 Spyra uses various payment service providers to process payments. The data processed by the payment service providers include inventory data, such as the name and address, bank details, such as account numbers or credit card numbers, passwords, TANs and checksums as well as the contract, total and recipient-related information.

12.2 The information is required to complete the transactions. However, the data entered will only be processed and saved by the payment service providers. This means that we do not receive any account or credit card-related information, but only information with confirmation or negative information about the payment. The data may be transmitted by the payment service provider to credit agencies. The purpose of this transmission is to verify identity and creditworthiness. We refer to the terms and conditions and the data protection information of the payment service providers.

12.3 We use the following payment services:

12.3.1 PayPal

On our website we offer payment via PayPal. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”).

If you select payment via PayPal, the payment data you have entered will be transmitted to PayPal.
The transmission of your data to PayPal is based on Art. 6 Para. 1 lit. a GDPR (consent) and Art. 6 para. 1 lit. b GDPR (processing to fulfill a contract). You have the option to revoke your consent to data processing at any time. A revocation does not affect the effectiveness of past data processing operations.

12.3.2 Amazon Payments
We also use Amazon Payments. The service provider is Amazon Payments Europe S.C.A. 38 avenue J.F. Kennedy, L-1855 Luxemburg ("Amazon Payments"); Website:  https://pay.amazon.com/de; Data protection declaration:  https://pay.amazon.com/de/help/201212490.
The transmission of your data to PayPal is based on Art. 6 Para. 1 lit. a GDPR (consent) and Art. 6 para. 1 lit. b GDPR (processing to fulfill a contract). You have the option to revoke your consent to data processing at any time. A revocation does not affect the effectiveness of past data processing operations.

12.3.3 Shop-Pay
We also use Shop pay. The service provider is Shopify Inc., 126 York Street, Suite 200, Ottawa, ON, Canada, K1N 5T5. Website:  https://pay.shopify.com/terms-of-service; Data protection declaration:  https://www.shopify.com/legal/privacy.

Various payment methods are then offered within Shop Pay, e.g. Appl Pay, Google Pay, credit card payment, Sofortüberweisung, Klarna pay later / now, BanContact.

The transmission of your data to PayPal is based on Art. 6 Para. 1 lit. a GDPR (consent) and Art. 6 para. 1 lit. b GDPR (processing to fulfill a contract). You have the option to revoke your consent to data processing at any time. A revocation does not affect the effectiveness of past data processing operations.


13. OTHER TOOLS


GOOGLE WEB FONTS
For the uniform display of fonts, this page uses so-called web fonts provided by Google LLC., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google"). When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
For this purpose, the browser you are using must connect to the Google servers. This gives Google knowledge that our website has been accessed via your IP address. Google Web Fonts are used in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If your browser does not support web fonts, a standard font will be used by your computer.
Google LLC, based in the USA, is certified for the US-European data protection agreement “Privacy Shield”, which guarantees compliance with the data protection level applicable in the EU.
Further information on Google Web Fonts can be found at  https://developers.google.com/fonts/faq and in Google's data protection declaration:  https://www.google.com/policies/privacy/


14. APPLICATIONS

 

14.1 We offer you the opportunity to apply to us (e.g. by email or post).

14.2 If you send us an application, we will process your associated personal data (e.g. contact and communication data, application documents, notes in the context of job interviews, etc.), as far as this is necessary to decide on the establishment of an employment relationship. The legal basis for this is § 26 BDSG-new under German law (initiation of an employment relationship), Art. 6 para. 1 lit. b GDPR (general contract initiation) and - if you have given your consent - Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time. Your personal data will only be passed on within our company to people who are involved in processing your application.

14.3 If the application is successful, the data you submit will be processed on the basis of § 26 BDSG-new and Art. 6 Para. 1 lit. b GDPR stored in our data processing systems for the purpose of carrying out the employment relationship.

14.4 If we cannot make you a job offer, you reject a job offer, withdraw your application, revoke your consent to data processing or ask us to delete the data, the data transmitted by you, including any remaining physical application documents, will be used for 6 months after the application process has been completed saved or retained (retention period) in order to be able to understand the details of the application process in the event of discrepancies (Art. 6 Para. 1 lit.f GDPR).

14.5 After the retention period has expired, the data will be deleted unless there is a statutory retention requirement or another legal reason for further storage. If it is evident that the storage of your data will be necessary after the retention period has expired (e.g. due to an impending or pending legal dispute), deletion will only take place when the data has become irrelevant. Other statutory retention requirements remain unaffected.


15. PRODUCT REVIEWS / REVIEWS

 

15.1 You have the opportunity to rate our products. The evaluation can be carried out by assigning one to five stars and by specifying a further, explanatory text. There is no obligation to submit a rating.

15.2 If users rate us or otherwise provide feedback, the rating requires registration on our website.

15.3 Concerning the legal basis: If we ask you for consent for the processing of your data, this is the legal basis for the processing, otherwise the processing of your data (name, email address) is based on our legitimate interests in carrying out an objective survey


16. SURVEYS / POLLS

 


16.1 In order to check your satisfaction with our products and to create room for your ideas and expectations, we carry out surveys from time to time.

16.2 The surveys we carry out (hereinafter "surveys") are evaluated anonymously. Personal data is only processed insofar as this is necessary for the provision and technical implementation of the surveys (e.g. processing of the IP address to display the survey in the user's browser or the resumption of the survey using a temporary cookie (session cookie)) or users have consented.

16.3 In order to ensure that the evaluators have actually used our services, we will send you your order details on Spyra (including name, email address and order number or article number) in advance for confirmation. This data is used solely to verify the authenticity of the user.

16.4 Both contract data (e.g. contract object, term, customer category) and usage data (e.g. visited websites, interest in content, access times) as well as meta / communication data (e.g. device information, IP addresses) are processed. The purpose of the processing is to collect feedback on our products.

16.5 Concerning the legal basis: If we ask you for your consent to the processing of your data, this is the legal basis for the processing, otherwise the processing of your data (name, email address) is based on our legitimate interests in obtaining product-related feedback.


17. OTHER

 

17.1 Cloud Services


17.1.1 We use software services accessible via the Internet and executed on the servers of their providers (so-called "cloud services", also referred to as "software as a service") for the following purposes: document storage and administration, spreadsheets and presentations, exchange of documents, content and information with certain recipients or publication of websites, forms or other content. In this context, personal data can be processed and stored on the servers of the providers, insofar as these are part of communication processes with us or otherwise processed by us, as set out in this data protection declaration. This data can particularly include user master data and contact data, data on processes, contracts, other processes and their content. The providers of the cloud services also process usage data and metadata, which they use for security purposes and for service optimization.

17.1.2 Insofar as we use cloud services to provide documents, contents or the like for other users or publicly accessible website forms, the providers can store cookies on the user’s devices for web analysis purposes or to remember user settings (e.g. in the case of media control).

17.1.3 Services and service providers used:
Dropbox: cloud storage services; Service provider: Dropbox, Inc., 333 Brannan Street, San Francisco, California 94107, USA; Website:  https://www.dropbox.com/de; Data protection declaration:  https://www.dropbox.com/privacy; Privacy Shield (guarantee of data protection level when processing data in the USA):  https://www.privacyshield.gov/participant?id=a2zt0000000GnCLAA0&status=Active; Standard contractual clauses (guarantee of data protection level when processing in a third country):  https://www.dropbox.com/terms/business-agreement-2016.

17.2 Better Reports


17.2.1 Better Reports prepares the purchase and sales data for us. For this purpose, name, email address, telephone number, address, geolocation, IP address are communicated to Better Reports.

17.2.2 For more information on data protection, please refer to the Better Reports privacy policy at  https://app.betterreports.co/legal/privacypolicy.html.
17.2.3 The legal basis for the processing and storage of the data is Art. 6 Para. 1 lit. f GDPR.


18. FINAL PROVISIONS / CHANGES TO THE PRIVACY POLICY

 

18.1 We ask you to inform yourself regularly about the contents of our privacy policy. We will adapt our privacy policy whenever changes in our data processing make it necessary. We will inform you as soon as the changes require your participation (e.g. consent) or other individual notification.

18.2 If we provide addresses and contact information of companies and organizations in this privacy policy, please note that the addresses can change over time so we ask you to check the information provided before contacting.

18.3 We do our best to protect your personal data. Despite our efforts, no system can guarantee absolute security that your data will never be processed unauthorized. By using our website you have taken note of this.
 **