We are pleased about your use of our website. The protection of your personal data is important to us and we want you to feel safe when using our website.
1. Information concerning the collection of personal data
a. The following shall inform you about the collection, processing and utilization of personal data on our website. Personal data means all data relating to a living individual who can be identified.
b. Controller as per the EU General Data Protection Regulation (“EU GDPR”) is: Emma Sleep GmbH
60329 Frankfurt on the Main
You can reach our data security officer through the following details: entplexit GmbH
Kölner Straße 12
65760 Eschborn [email protected]
c. If we use contracted service providers for individual functions to present our services to you or to your data for advertising purposes, we will inform you in detail about the respective processes below.
2. Your rights as a data subject
a. You have the following rights against us with respect to the personal data concerning you:
Right of access by the data subject (Article 15, EU GDPR):
You have the right to request information on the data we hold about you from us at any time. This information includes, but is not limited to, the categories of data we process, the purposes for which it is processed, the source of the data if not collected directly from you, and, if applicable, the recipients with whom we have shared your data. You can obtain a copy of your data from us free of charge. If you require additional copies, we reserve the right to charge you for these copies.
Right to rectification (Article 16, EU GDPR):
You have the right to request that we rectify inaccurate data relating to you. We will take appropriate steps to keep the data we store and process on an ongoing basis accurate, complete and current, based on the most up-to-date information available.
Right to erasure (Article 17, EU GDPR):
You have the right to demand the deletion of your personal data stored with us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
Right to restriction of processing (Article 18, EU GDPR):
You have the right to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, if the processing is unlawful but you refuse to have it deleted and we no longer need the data, but you need it for the assertion, exercise or defense of legal claims or if you have lodged an objection to the processing pursuant to Art. 21 GDPR.
Right to data portability (Article 20, EU GDPR):
You have the right to request that we transfer your data – if technically possible – to another responsible party. However, you may only enforce this right if data processing is based on your consent or is necessary for the performance of a contract. Rather than receiving a copy of your data, you may also ask us to submit the data directly to another responsible party specified by you.
Right to object (Article 21, EU GDPR):
You have the right to object to the processing of your data at any time for reasons that arise from your particular situation, as long as data processing is based on your consent, on our legitimate interests or those of a third party. In this case, we will cease to process your data. This does not apply if we can show that there are compelling legitimate grounds for processing that outweigh your interests, or if we need your data for the establishment, exercise or defense of legal claims.
Right to withdraw consent (Article 7(3), EU GDPR):
You have the right to revoke your consent to us at any time. As a result, we are not allowed to continue the personal data processing that was based on this consent in the future.
b. If you have the feeling that we have not responded in an appropriate manner to your requests, or complaints, or you have further concerns, you additionally have the right to complain to a data protection authority. The responsible authority to us is the Hessische Beauftragte für Datenschutz und Informationsfreiheit.
c. You can send your inquiries regarding your rights as a data subject to us by sending a data subject request to [email protected]
3. Collection of personal data when you visit our website
When visiting our website, i.e. without registering or agreeing to our further processing or utilization of the data, only the personal data, which your browser transmits to our server is automatically saved. In order to fulfil these technical requirements for you to view our website and provide for the necessary security, the following data is saved:
- IP Address,
- Date and time of your visit,
- Time zone difference to Greenwich Mean Time (GMT),
- Content of the query (specific site visited),
- Access status/HTTP status code,
- Amount of transferred data,
- Website from which the initial request emanates,
- Operating system, device, and its user interface
- Language and version of browser software.
The personal data mentioned above gets processed for the following purposes and legitimate interests (Article 6 (1)(f), EU GDPR): To ensure a smooth connection of the website To guarantee a comfortable use of our website To evaluate system security and stability as well as for other administrative purposes.
These information are temporarily stored in so-called log files. When you visit this website, this information is automatically recorded without your intervention and stored until it is automatically deleted. If you don’t want the above personal data to be collected, you should not access our website as we will be unable to allow you access to our website without such personal data.
4. Use of our webshop: orders and product returns
If you would like to order in our webshop, it is necessary for the conclusion of the contract that you provide your personal data, which we need to process your order and fulfill the contract of sale with you. The essential data for the conclusion of the contract is marked, further data is given on a voluntary basis. We use the personal data provided by you to process your order and returns. For charging purposes, we can pass on your payment data to our house bank or to the selected payment service provider. To manage the delivery of the goods to you, and due to the nature of the transaction, we will need to share your delivery address and contact details (email and phone number) with delivery companies. Only strictly necessary data will be shared for the purpose of coordination of delivery, protection against fraud and clarification of urgent issues. The legal basis for this is that this processing is objectively necessary for the performance of the contract of sale with you (Article 6 (1) (b) GDPR). This means that the sale of goods cannot, as a matter of fact, be fully performed if this specific processing of the personal data in question does not occur. Please note that failure to provide the mandatory personal data can lead to that that your order with us cannot be carried out.
If you want to do a product return, we will also need to share your personal data (delivery address and contact details) to the assigned non-governmental/charitable organization or delivery company for the pick-up and collection of the product. The legal basis is that the processing is necessary for the performance of a contract to which the data subject is party (Article 6 (1) (b) GDPR) and our legitimate interest in managing product returns.
5. Recipients of personal data
a. Within the scope of our activities and services, it may become necessary for us to disclose the personal data stored about you to natural persons, legal entities or public authorities. We conclude contracts with our service providers, which ensure that they may only process your personal data in a way that we have explicitly instructed them to do so. Furthermore, we ensure that they take the necessary technical and organizational measures to process your data securely and store your personal data only as long as necessary. External service providers who may receive personal data generally fall into the following categories of recipients: Subsidiaries and affiliates Credit institutions and providers of payment services for billing and payment processing (online payment providers) Parcel Shipper Non-Governmental/Charitable Organization that collects product returns IT service provider to maintain our IT infrastructure Cloud provider Service provider for the optimization of the online offer Collection service providers or lawyers to collect receivables and enforce claims in court. If, in the event of a collection case, personal data (customer and contact data, payment and consumption data and data on the claim) is transferred to a collection service provider, we will inform you in advance about the intended transfer.
b. If personal data is processed in countries outside of the European Union, we will ensure that your personal data is processed in accordance with EU GDPR’s data protection level. In the absence of an adequacy decision, we only transfer data to service providers from third countries that offer suitable guarantees in accordance with Art. 46, EU GDPR (usually Standard Contract Clauses).
6. Communications and contact form
When you contact us such as through e-mail or via the contact form, the information you provide will be processed for the purpose of processing your request and for the event that follow-up questions arise. If you are contacting us in relation to your purchase, our legal basis for the processing of your personal data is that it is needed to fulfill our contract of sale with you. If you are contacting us in relation to other matters, our legal basis for the processing of your personal data is our legitimate interest to address your concern and to enable you to contact us quickly and easily. The legal basis is Article 6(1)(f), EU GDPR. The personal data collected by us in this context will be deleted when the request associated with the contact has been completely clarified and it is also not to be expected that the specific contact will become relevant again in the future, unless legal storage obligations stand against this.
7. Newsletters and electronic notifications
a. We send newsletters, e-mails and other electronic notifications containing promotional information. Our newsletters contain information about our products, offers, promotions and our company. With the following notes we inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedure and your right of objection.
For the subscription to our newsletter we use a logged Double-Opt-in procedure. This means that after subscription you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that nobody can register with foreign e-mail addresses. Newsletter subscriptions are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. Changes to your data stored by the service provider are also logged. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.
To subscribe to the newsletter, it is sufficient to enter your e-mail address. The provision of further data is voluntary and is used to address you personally. After your confirmation we will save your e-mail address for the purpose of sending the newsletter. The newsletter dispatch and the measurement of performance are based on your consent if you subscribed.
b. If you receive a newsletter, notification, and/or marketing without subscribing, we are doing so on the basis of our Article 6(1)(f), EU GDPR and our legitimate interest for marketing and to inform you about our products and services.
c. To stop receiving the newsletter, you may withdraw your consent to or object to receiving the same at any time by clicking on the unsubscribe link provided in every newsletter e-mail or by reaching out to us through [email protected]
8. Data retention
We keep your personal data for the period of the customer relationship with you or for the legally-required period after termination of such relationship or agreement in order to defend our legal claims, to protect and enforce our rights, or to comply with laws and regulations. In general, the legal retention period for documents important for taxation (such as accounting receipts) is ten (10) years while other documents that can be considered as commercial or business transaction documents is six (6) years.
9. Social-Media portals
a. We are represented in the social networks and employer evaluation portals mentioned below. These presences are operated exclusively by the respective provider. They serve to communicate directly with customers, interested parties and users. If you contact us via our social media channels, we process the personal data that you provide us with as well as the personal data that is necessary to process your request. Insofar as you have given your consent to the operators of the respective social media platforms (e.g. by means of a checkbox opt-in), the processing is carried out on the basis of your consent. You can revoke your consent at any time with the operator of the respective platform with effect for the future.
b. When you visit our social media pages, your user data is recorded and provided to us by the operator. The exact types of data differ from provider to provider, but generally include the following information: Follower: number and stored profiles; information about growth and development over a defined time frame. Reach: number of people who see a specific contribution; number of interactions with a contribution. From this, it can be deduced, for example, which content is better received by the community than others. Ad performance: how many people were reached by a contribution or a paid ad and have interacted with it? Demographics: average age of visitors, sex, location, language.
c. Since our social media channels are operated by the providers of the respective social network, there may be a supplementary use of your personal data by the respective operator, over which we have no influence. This often involves the recording of your IP address, the creation of static evaluations and the processing of further information stored in the form of cookies. We have no influence on the generation and presentation of this personal data and can neither turn off this function nor prevent the processing of the personal data.
d. The assertion of data subject rights and requests can most effectively be addressed directly to the platform providers, since only they have access to your personal data and can take immediate action and provide information. Should our cooperation be necessary for this, we will support you in enforcing your rights as a data subject.
10. Social-Media plug-ins
We have integrated plug-ins on our web services. These plug-ins are indicated by the respective button belonging to the service. With the help of the plug-ins, users can share or post links to the corresponding websites in social networks such as Facebook or Twitter or recommend the contents there. Through your active interaction with these plugins, (e.g., by clicking the respective button or leaving a comment) this information is transmitted directly to the respective service and stored there.
When you visit one of our web services that contain an activated plugin, your browser establishes a connection with the servers of the respective service, which in turn transmits the content of the plugin to your browser, which then integrates it into the displayed page. Thus, the information about the visit of our web services is forwarded to the respective service. We do not collect personal data ourselves by means of the social plugins or about their use and have no influence on which data an activated plugin collects and how these are used by the provider. It must be assumed that at least the IP address and device-related information is collected and used. It is also possible that the service provider will attempt to store cookies on the computer used. If you are logged in to the respective service at the same time as visiting our web services via your personal user account (e.g. via another browser session), the service provider can assign the visit to our web services to your account.
11. Facebook Insights - "Facebook Fanpages"
Upon a visit of our Facebook page collects Facebook among others your IP address as well as other information, which is saved on your device in form of cookies. This information will be used to provide us as the operator of the Facebook page with statistical information on Facebook usage. We can access these statistics through so-called Facebook “insights”. These statistics are collected and provided solely by Facebook. We as the operator of the page have no influence over their generation and presentation. We cannot either stop or prevent their generation and data processing. You can find further information about “Insights” provided by Facebook here: https://www.facebook.com/help/pages/insights. Following information will be provided to us by Facebook through “Insights”: Number of page views, “likes”, page activities, reach, impressions, video views, post clicks and reactions, post reach, comments, shared content, answers, gender ratio, regional distribution of the users (origin based on country and city), language, opens and clicks in the shop, clicks on the address and on the telephone number. The operation of this Facebook page and processing of personal data of the users arising out of it is based on Article 6(1)(f), EU GDPR and our legitimate interest to inform and interact with users and visitors of our Facebook page.
b. This website uses the following types of cookies: Transient Cookies
- Transient cookies are automatically deleted when you close your browser. These are mostly session cookies, which save a so-called “session-ID”, which allows for the assigning of different queries within your browser during a particular session. This can be used to identify your device when one repeatedly visits a website during a session. These cookies are deleted once you log out or the browser window is closed. Persistent Cookies
- Persistent cookies enable the website to remember your information and settings on your next visit. This gives you faster and more convenient access to the website, as you do not have to change your language settings again, for example. How long the cookie remains on your device depends on the duration or expiration date of the respective cookie and your browser settings. These cookies are automatically deleted after a set period of time which can differ from cookie to cookie. Persistent cookies can be deleted via the security settings in your browser at any time.
d. Cookies used in the website may include the following: