Data Privacy Statement
GOLFINO AG takes matters relating to data protection very seriously, and will collect, process and use your personal data exclusively in accordance with the principles described below and taking account of the applicable data privacy laws.
A. Responsible bodies
(1) The responsible body and operator of the GOLFINO Online Store (hereinafter “Online Store”) is GOLFINO AG, 21509 Glinde, Germany.
(2) The company’s data protection officer is Andreas Frick, Diestelbarg 37, 21039 Börnsen, phone: 040-69702650, fax: 03212-6906434, email: firstname.lastname@example.org.
B. Collection and storage of personal data
(1) Personal data means all data relating to an identified or identifiable natural person. This includes for example your name, phone number, and your postal and email addresses.
(2) Personal data within the meaning of the law also includes information about your use of the website, which is collected and stored by our web servers to enable us to provide and optimise our website, guarantee system security and for statistical purposes (“usage data”). This consists of the connection details of the requesting computer (IP address), which of our websites you visit, the date and duration of the visit, the identification data of the browser and type of operating system used, and the website from which you visit us. We do not use usage data to ascertain your identity, and do not combine it with other personal data we have stored.
(3) Apart from the usage data referred to in Paragraph (2) we will only collect personal data when you provide this to us voluntarily. During the course of your order or when you open a customer account, mainly the following personal data will be collected: title, name, address, email address. In addition, when you place an order, payment information such as your bank details or credit card number is collected.
(4) You have the option of updating the data on your customer account at any time and adding further information on a voluntary basis (e.g. your phone number and your date of birth).
(5) The personal data you have disclosed (title, name, address, email address, phone number, credit card number) are stored lawfully and in accordance with the provisions of the law on data privacy. Naturally your data will be treated as confidential.
C. Data processing and use
(1) When this website (www.golfino.com) is accessed, the internet browser used by the visitor automatically sends data to the server of this website, where it is stored for a limited period in a logfile. The following data are stored without further input from the visitor until they are deleted automatically:
- IP address of the visitor’s end device,
- Date and time of the access by the visitor,
- Name and URL of the page accessed by the visitor,
- Website from which the visitor accesses the company’s website (so-called referrer URL),
- Browser and operating system of the visitor’s end device, and the name of the access provider used by the visitor.
The processing of these personal data is legitimate in accordance with Art. 6 Para. 1 (f) GDPR. The company has a legitimate interest in processing the data for the purpose of
- swiftly creating the connection to the company’s website,
- enabling user-friendly use of the website,
- identifying and guaranteeing the security and stability of the systems, and
- facilitating and improving the administration of the website.
Processing expressly does not take place for the purpose of gaining knowledge as to the identity of the visitor to the website.
(2) Your personal data will be used exclusively for managing the agreements concluded between us, for instance to deliver goods to the address you have provided. Any use of your data beyond this, for advertising or market research purposes or to structure our site in line with visitors‘ needs, shall only take place if you have granted us your consent.
(3) Data processing for customer service
If and insofar as you contact us via the contact form provided on our website, by email, phone, fax or via social media platforms, and wish to ask for information about your orders or your customer status, it might be necessary for the reasonable processing of your enquiry for you to provide us with personal data such as your name, address, date of birth, order number or invoice number. These data will exclusively be used for the specific purposes of verification and processing your enquiry. In the event of your contacting us via a social media platform, we wish to inform you that this is not owned by or in the sphere of influence of GOLFINO, and therefore we cannot guarantee the protection and confidentiality of the data made available to us via the respective social media platform. For questions on data protection, please contact the operator and owner of the social media platform concerned.
(4) Contact form
Visitors can send messages to the company via an online contact form or on the website. To be able to receive an answer, it is necessary for you to provide at least a valid email address. The person asking the question can voluntarily provide all their further details. By sending the message via the contact form, the visitor consents to the processing of the personal data they have transmitted. Such data processing will take place exclusively for the purpose of processing and answering queries via the contact form. This takes place on the basis of the consent you have voluntarily issued in accordance with. Art. 6 Para. 1 (a) GDPR.
D. Disclosure of data
(1) Personal data is transmitted to third parties if
- in accordance with Art. 6 Para. 1 (a) GDPR the person concerned has expressly consented to this,
- in accordance with Art. 6 Para. 1 (f) GDPR disclosure is necessary for the assertion, exercise or defence of legal claims and there are no grounds to assume that the person concerned has an overriding protectable interest in the non-transmission of their data,
- there is a legal obligation for the data transmission in accordance with Art. 6 Para. 1 (c), and/or
- in accordance with Art. 6 Para. 1 (b) GDPR this is necessary for the performance of a contract with the person concerned.
In other cases personal data will not be passed on to third parties.
(2) For the delivery of the goods and processing of the payment, we will pass the necessary personal data on to logistics companies and payment service providers. These service providers are carefully selected and are obliged to handle your data in confidence and use them exclusively for the purpose of delivery or payment processing.
(3) In the case of deliveries with the delivery option “Click & Collect” the data will be transmitted to the selected store.
E. Data security
(1) Your customer and payment data are protected during transmission to our server by the use of SSL (Secure Socket Layer) security procedures in combination with 256-bit encryption. You can check the security of the connection by means of the details shown in the URL field in your browser. If the beginning of the address line changes from “http” to “https”, there is a secured connection.
(2) In addition, all the service providers we use for payment processing are PCI DSS (Payment Card Industry Data Security Standard) certified, and by complying with the PCI Data Security Standards they meet the highest security requirements of the E-commerce industry standards. Further information on this can be found for example at www.pcisecuritystandards.org.
F. Credit checks
(1) Insofar as we provide services before receiving payment, e.g. when goods are purchased on account, to protect our legitimate interests we will as applicable obtain creditworthiness information on the basis of mathematical and statistical procedures. For this, GOLFINO AG will transmit certain information to carefully selected service providers. The data transmitted to these companies comprises your first and last names, your address and as the case may be your date of birth. These service providers will check for the existence of negative aspects of your creditworthiness and calculate your credit score. By using recognised experience values, by means of a mathematical and statistical procedure and amongst other things the use of address data, the credit score predicts the risks of possible defaults of payment.
(1) By registering for the newsletter, the visitor expressly declares their agreement to the processing of the personal data they have provided. To register to receive the newsletter, the visitor only needs to enter an email address. The legal basis for the processing of the visitor’s personal data for the purpose of sending newsletters is their consent in accordance with Art. 6 Para. 1 (a) GDPR.
(2) By registering for the GOLFINO newsletter and the GOLFINO Club, you also expressly declare your agreement to our using your email address for our own advertising purposes.
(3) Registration for the newsletter takes place by means of the so-called “double opt-in process”, in which after registering for the newsletter you receive a confirmation email asking you to click on a link contained in the confirmation email to confirm that you wish to receive the newsletter. You will only receive the newsletter once you have declared the corresponding confirmation by clicking on the link contained in the email.
(4) You can object at any time to our sending you the newsletter and the use of your email address for advertising purposes with future effect via the link contained in the newsletter or the advertising emails, or by email to email@example.com. We will draw your attention to this right of objection in the email accompanying the newsletter and separately in all other advertising emails.
H. Cookies and web beacons
(1) Cookies are small data packages sent by websites that are placed on the hard disk drive of your computer, tablet or mobile by your browser. These technologies help to optimise the offerings on the website and in the Online Store, for example by storing your personal preferences. This enables the website for example to store your virtual shopping basket, identify which country you come from or recognise you when you visit the website or Online Store again. The information recorded does not permit any conclusions as to your identity and does not contain any data such as your name or credit card details. Alongside this, cookies are also used by third party providers, and for example these enable GOLFINO product recommendations corresponding to your interests to be displayed on our partners’ websites (so-called retargeting technologies).
(3) GOLFINO uses small graphics known as web beacons on the website and in the Online Store. When you open a page, the web beacon is loaded and registered by a server. This makes it possible for example to identify which pages you have visited when and how frequently, and what actions you took.
(4) The data processing by cookies is justifiable for the aforementioned purposes to preserve the company’s legitimate interests in accordance with Art. 6 Para. 1 (f) GDPR.
I. Web analysis and retargeting
You can refuse the collection and use of information by Google at any time with future effect by installing the deactivation add-on provided by Google.
(2) This website uses the remarketing function from Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). This function enables visitors to the website to be shown advertising related to their interests within the framework of the Google advertising network. For this, the remarketing function uses “cookies”, text files that are stored on your computer and amongst other things make it possible to recognise your visit when you access websites belonging to the Google advertising network. On these sites you can then be shown advertising relating to content you have previously accessed on websites that use the Google remarketing function.
According to its own information, Google does not collect any personal data during this process. Nonetheless, should you not want the remarketing function you can completely deactivate it by implementing the corresponding settings at http://www.google.com/settings/ads.
(3) Our website uses the service Criteo (http://www.criteo.com/de). By means of this tool, users who have already visited our site once and have been interested in our products are offered target advertising on this website and on internet sites that also use the Criteo service. This advertising is shown on the basis of information about the visit to the respective Internet sites, which is stored amongst others in cookies on your computer. These text files are read during subsequent website visits to offer targeted product recommendations. For this purpose a randomly-generated identification number is stored in the cookies. Neither this number nor the information about your visits to the Internet sites can be allocated to you personally. In no event will these data be used to identify you personally as a visitor to our website.
You can prevent the storage and use of information by the Criteo service by accessing the following URL (http://www.criteo.com/de/datenschutzrichtlinie) and setting the “opt-out” switch to “ON”. When you select “ON”, a new cookie (opt-out cookie) will be placed on your browser. This cookie signals to the Criteo service that Criteo is not permitted to collect and process any more data on your usage behaviour. You have the option of reactivating this function by setting the switch to “OFF”. Please note that this setting has to be done for every browser you use. If all the cookies in your browser are deleted, this will also affect the opt-out cookie.
(4) Our site uses the service affilinet. affilinet places a cookie on the customer’s (visitor’s) website to record sales and/or leads correctly. This cookie is placed by the domain partners.webmaster-plan.com or banners.webmasterplan.com. This cookie corresponds to the respective valid data protection guidelines. The cookies used by affilinet are accepted in the default setting of the Internet browser. If you do not want this cookie to be stored, please deactivate the acceptance of the cookies from the relevant domains in your Internet browser. affilinet tracking cookies do not store personal data of any kind, but only the ID of the mediating partner and the serial number of the advertisement the visitor has clicked on (banner, text link or similar), which are required for payment processing. The partner ID serves to be able to allocate the commission payable to the mediating partner when a transaction is completed.
J. Rights as a data subject
Insofar as your personal data are processed when you visit our website, as a data subject (i.e. the person concerned) you are entitled to the following rights within the meaning of the GDPR:
You can request information from us as to whether we process your personal data. No right of information exists if issuing the requested information would infringe the duty of confidentiality in accordance with Section 83 StBerG [Tax Consultancy Act] or if the information has to be kept secret for other reasons, in particular on account of an overriding legitimate interest of a third party. Deviating from this, there can be a duty to issue information, in particular when with regard to impending damage your interests outweigh the interest in secrecy. The right of information is also excluded if the data are only stored because due to legal or statutory retention periods they cannot be deleted, or if they exclusively serve purposes of data backup or for monitoring data protection, if issuing information would require a disproportionately high expense and processing for other purposes is excluded by suitable technical and organisational measures. If in your case the right of information is not excluded and we process your personal data, you can ask us to disclose the following information:
- Purposes of processing,
- Categories of your personal information that are processed,
- Recipients or categories of recipients to which your personal data are disclosed, especially when the recipients are in third countries,
- If possible the planned period for which your personal data are going to be stored or, if this is not possible, the criteria for setting the storage period,
- The existence of a right to correction or deletion or to restriction of the processing of the personal data concerned, or a right of objection to this processing,
- The existence of a right of complaint to a data protection supervisory authority,
- If the personal data was not collected from you as a data subject, the available information on the origin of the data,
- If applicable, the existence of automated decision-making including profiling and meaningful information on the logic involved, as well as the scope and intended effects of decision-making,
- If applicable, in the case of transmission to recipients in third countries, insofar as no decision has taken place by the EU Commission on the adequacy of the level of protection in accordance with Art. 45 Para. 3 GDPR, information on which appropriate safeguards are provided to protect the personal data in accordance with Art. 46 Para. 2 GDPR.
(2) Correction and completion
If you notice that the personal data we have from you are incorrect, you can ask us to correct these incorrect data immediately. If the personal data that apply to you are incomplete, you can ask us to complete them.
You have a right of deletion (“right to be forgotten”) if the processing is not necessary for the exercise of the right of freedom of expression, the right of information or to fulfil a legal obligation or undertake a task that is in the public interest, and one of the following reasons applies:
- The personal data are no longer necessary for the purposes for which they were processed.
- The basis of the justification for such processing was exclusively your consent, which you have now retracted.
- You have filed an objection to the processing of your personal data that we have made public.
- You have filed an objection to the processing of personal data that we have not made public and there are no overriding legitimate reasons for such processing.
- Your personal data were processed unlawfully.
- The deletion of your personal data is necessary for the fulfilment of a legal obligation to which we are subject.
No entitlement to deletion exists if, in the case of lawful, unautomated data processing and due to the particular form of storage, deletion is not possible, or is only possible with a disproportionately high expense and your interest in deletion is low. In this case deletion is replaced by the restriction of processing.
(4) Restriction of processing
You can ask us to restrict the processing if one of the reasons below applies:
- You dispute the correctness of the personal data. In this case, the restriction can be requested for the time that permits us to review the correctness of the data.
- The processing is unlawful and instead of deletion you request the restriction of the use of your personal data.
- We no longer require your personal data for the purposes of processing, however you require this for the establishment, exercise or defence of legal claims.
- You have filed an objection in accordance with Art. 21 Para. 1 GDPR. The restriction of processing can be requested until it has been established whether our legitimate reasons outweigh your reasons.
Restriction of processing means that the personal data are only processed with your consent, or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or on the grounds of an important public interest. We have a duty to inform you before we lift the restriction.
(5) Data portability
You have a right to data portability if the processing is on the basis of your consent (Art. 6 Para. 1 (a) or Art. 9 Para. 2 (a) GDPR) or of a contract to which you are a contracting party, and the processing takes place by means of automated processes. In this case the right to data portability comprises the following rights, provided that this does not adversely affect the rights and freedoms of other persons: you can ask us to receive the personal data you have provided to us in a structured, conventional and machine-readable format. You have the right to transmit these data to another controller without obstruction on our part. Insofar as is technically feasible, you can ask us to transmit your personal data directly to another controller.
Insofar as the processing is on the basis of Art. 6 Para. 1 (e) GDPR (performance of a task carried out in the public interest or in the exercise of official authority) or of Art. 6 Para. 1 (f) GDPR (the legitimate interest pursued by the controller or by a third party), you have the right on grounds deriving from your particular situation to file an objection at any time against the processing of your personal data. This also applies to profiling on the basis of Art. 6 Para. 1 (e) or (f) GDPR. After you have exercised this right of objection, we will no longer process your personal data unless we can demonstrate compelling protectable reasons for the processing, which outweigh your interests, rights and freedoms, or the processing serves for the establishment, exercise or defence of legal claims.
You can file an objection to the processing of your personal data for direct advertising purposes at any time. This also applies to profiling associated with such direct advertising. After you have exercised this right of objection, we will no longer process your personal data for direct advertising purposes.
You can let our company know about this objection informally by phone, by email or to the postal address stated at the beginning of this Data Privacy Statement.
(7) Retraction of consent
You have the right to retract the consent you have issued at any time with future effect. You can retract your consent informally by phone, by email or to our postal address. Such retraction will not affect the lawfulness of the data processing that has taken place on the basis of your consent until we received your retraction. Once we have received your retraction, the data processing that was exclusively based on your consent will be halted.
If you believe that the processing of your personal data is unlawful, you can file a complaint with a data protection supervisory authority that has competence for your place of residence or place of work or the place of the suspected infringement.
K. Status and updating of this Data Privacy Statement
(1) This Data Privacy Statement was last updated on 25.05.2018. We reserve the right to update the Data Privacy Statement in due course in order to improve the data protection and/or adapt it to a change in the prevailing case law.