data protection

Data protection We are very happy that you are interested in our company. Data protection is a top priority for the executive management of envy GmbH. The processing of personal data, such as the name, address, e-mail address or telephone number of a data subject is always performed in accordance with the General Data Protection Regulation and in compliance with the country-specific data protection requirements applicable to envy GmbH. With this privacy policy, our company would like to make the public aware of the type, scope and purpose of the personal data that we retrieve, use and process. Furthermore, data subjects are made aware of their rights via this privacy policy.
As the data processor, envy GmbH has implemented numerous technical and organisational measures in order to ensure optimal protection of the personal data obtained through this website. However, internet-based data transmissions may exhibit gaps in security, meaning that absolute security cannot be guaranteed. For this reason, each data subject is authorised to transfer personal data to us by alternative means, such as via telephone.


Contents

General information
1. Name and address of the data processor
2. Name and contact information of the data protection manager
3. Legal basis of the processing
4. Routine deletion and blocking of personal data

Cookies, analysis tools and log files
5. Cookies
6. Data protection regulations concerning the use of Google Analytics (with anonymisation function)
7. Logfiles
20. SalesViewer

Contacting envy GmbH
8. Contact via the website

Social media and tools from third-party providers
9. Data protection regulations concerning the use of Facebook
10. Data protection regulations concerning the use of Instagram
11. Data protection regulations concerning the use of YouTube
12. Data protection regulations concerning the use of Google Maps

Rights of the data subject
13. Disclosure, correction, limitation of processing, deletion
14. Revocation of granted consent
15. Right of revocation
16. Right to complain to the data protection supervisory authority

Other remarks
17. Legal or contractual regulations concerning the provision of personal data; necessity of contract formation; obligation of the data subject to provide personal data; possible consequences of non-provision
18. Existence of automated decision-making
19. Copyright


General information 1. Name and address of the data processor
The data processor pursuant to the General Data Protection Regulation is:

envy GmbH
Hanauer Landstr. 196a
60314 Frankfurt am Main
Germany
Tel.: +49 69 238079610
E-mail: info@envy.de
Website: www.envy.de

2. Name and contact information of the data protection manager
The data protection manager for the data processor is:

Alexander Tribess
Tel.: +49 40 24181893
E-mail: datenschutz@envy.de

Every data subject may always direct data protection questions and feedback directly to our data protection manager.

3. Legal basis of the processing
Art. 6 I lit. a GDPR serves as the legal basis for our company's processing, in which we obtain consent for a certain processing-related purpose. If the processing of personal data is required to fulfil a contract, to which the data subject is a party, such as is the case in processing for which a delivery of goods or the rendering of another service or return service is necessary, the processing is based on Art. 6 I lit. b GDPR. This applies likewise to processing required to execute pre-contractual measures, such as in the case of enquiries concerning our products or services. If our company is subject to a legal obligation necessitating the processing of personal data, such as to fulfil fiscal obligations, the processing is based on Art. 6 I lit. c GDPR. Ultimately, processing may be based on Art. 6 I lit. f GDPR. This section covers processing not subject to any of the preceding regulations if the processing is required to preserve a justified interest of our company or a third party, provided the interests, basic rights and basic freedoms of the data subject do not take priority. In particular, we are authorised to conduct such processing as it has been specially mentioned by European legislation. Such legislation stipulates that a justified interest may be assumed if the data subject is a customer of the processor (recital 47 sentence 2 GDPR).

We have explained which legal basis applies to which type of processing in the respective section.

4. Routine deletion and blocking of personal data
The data processor processes and stores personal data of the data subject only for the amount of time required to achieve the purpose of the storage, or as long as such has been authorised by the European legislators or another legislator in the form of laws or regulations that apply to the data processor. If the storage purpose ceases to apply or the storage period stipulated by the European legislators or other responsible legislators lapses, the personal data are routinely deleted or blocked in accordance with the legal requirements.

We have explained the storage period applicable to the respective processing types in the respective sections when possible.

Cookies, analysis tools and log files

5. Cookies
The web pages of envy GmbH use cookies. Cookies are text files that are filed and stored on a computer system by a web browser. Many websites and servers use cookies. Many cookies contain a cookie ID. A cookie ID is a unique cookie identifier. It consists of a sequence of characters with which websites and servers can identify the specific web browser in which the cookie was saved. This allows the visited websites and serves to differentiate the data subject's specific browser from other web browsers that contain other cookies. A specific web browser can be recognised and identified via the unique cookie ID.

We process the data processed by the cookies on the basis of our justified interests, provided said cookies are those which solely serve to optimise your visit to our website (Art. 6 I lit. f GDPR). We process the data processed by cookies via "analysis tools" (See below) solely on the basis of your prior granted consent, which you may grant voluntarily upon visiting the website by clicking the corresponding field in the "cookie banner" (Art. 6 I lit. a GDPR).

If you do not grant your consent, only those cookies with which we can understand your cookie settings are used on the website. We file a cookie so that we can save your consent or rejection of the usage of cookies for "analysis tools". This storage is effective for a period of 30 days. Thus, following this 30-day period, you will be asked about your cookie preferences once again upon visiting our website.

The data subject may always prevent the filing of cookies by our website via a corresponding setting in the respective web browser, and thus permanently reject the filing of cookies. Furthermore, cookies that have already been filed can always be deleted via the web browser or other software programs. This is possible in all conventional web browsers. If the data subject disables the filing of cookies in the web browser being used, it may happen that not all functions of our website are fully usable.

6. Data protection regulations concerning the use of Google Analytics (with anonymisation function)
The data processor has integrated the component Google Analytics (with anonymisation function) on this website. Google Analytics is a web analysis service. Web analysis is the retrieval, collection and evaluation of data concerning the behaviour of website visitors. Among other things, a web analysis service records data regarding the website from which a visitor accessed another website ("referrer"), which sub-pages of the website are visited, or how often and for how long a sub-page is visited. Web analysis is mainly used to optimise a website and for cost-benefit analysis of internet marketing.

We use Google Analytics solely on the basis of the consent you have granted us (Art. 6 I lit. a GDPR). We use the Google Tag Manager to manage Google Analytics. This Tag Manager does not process any personal data on its own.

The managing company of the Google Analytics component is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. You can voluntarily grant us your consent when visiting the page by clicking on the respective field in the cookie banner. For purposes of the types of processing described below, we regularly also transmit data to Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Google Ireland Limited and Google LLC are hereafter jointly referred to as "Google". Google also ensures the appropriateness of the data protection level when processing data in the USA; there is an agreement to this end with inclusion of the EU standard contract clauses.

The data processor uses the addition "_gat._anonymizeIp" for web analysis via Google. This addition truncates and anonymises the IP address of the data subject's internet connection if our websites are being accessed from a member state of the European Union or another signatory member of the Agreement of the European Economic Area.

The purpose of the Google Analytics component is analysis of visitor flow on our website. Google uses the acquired data and information to, among other things, evaluate usage of our website so as to create online reports for us that show the activities on our websites, and to render other services pertaining to the usage of our website.

Google Analytics installs a cookie on the data subject's information technology system. Cookies have been defined above. Google facilitates analysis of usage of our website by installing the cookie. With each visit to the sub-pages of this website, operated by the data processor and where a Google Analytics component has been installed, the Google Analytics component causes the internet browser on the data subject's information technology system to automatically transmit data to Google for online analysis purposes. It is through this technical process that Google obtains information on personal data, such as the IP address of the data subject, which Google uses, among other things, to determine the origin of the visitor and clicks, and thereby facilitate commission settlements.

The cookie is used to save personal information, such as the time of access, the location from which the access took place, and the frequency of visits to our website by the data subject. These personal data, including the IP address of the internet connection used by the data subject, are transmitted to Google in the United States of America with each visit to our web pages. Google stores these data in the United States of America. Google may disclose personal data obtained via these technical means to third parties. The data subject may always prevent the installation of cookies by our website, as described above and even after having previously granted consent, via a corresponding setting in the respective web browser, and thus permanently decline the installation of cookies or revoke their consent. Such a setting in the web browser would also prevent Google from installing a cookie on the data subject's information technology system. Furthermore, a cookie already installed by Google Analytics can always be deleted via the web browser or other software programs.

In addition, it is possible for the data subject to decline and prevent the recording of data concerning usage of the website created by Google Analytics, and the processing of these data by Google. To do so, the data subject must download and install a browser add-on from the link https://tools.google.com/dlpage/gaoptout. This browser add-on notifies Google Analytics via JavaScript that no data or information concerning visits to the website may be transmitted to Google Analytics. Google considers the installation of the browser add-on as a rejection of consent. If the data subject's information technology system is deleted, formatted or reinstalled at a later time, the data subject must reinstall the browser add-on in order to deactivate Google Analytics. Once the browser add-on is uninstalled or disabled by the data subject or another party within the data subject's purview, it is possible to reinstall or re-enable the browser add-on. Further information and the pertinent data protection regulations of Google can be found at https://www.google.de/intl/de/policies/privacy/ and at http://www.google.com/analytics/terms/de.html. Google Analytics is explained further at https://www.google.com/intl/de_de/analytics/.

7. Logfiles
With each visit by a data subject or automated system, the envy GmbH website records a range of general data and information. These general data and information are stored in the server logfiles. The (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website ("referrer"), (4) the sub-pages which are visited via an accessing system on our website, (5) the data and time of access to the website, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system, and (8) other similar data and information that serve to prevent hazards in the event of attacks on our information technology systems, can be recorded. envy GmbH does not make any conclusions about the data subject when using these general data and information. Rather, this information is required to (1) correctly deliver the contents of our website, (2) optimise the contents of our website and marketing for it, (3) ensure permanent functionality or our information technology systems and technology of our website, and (4) provide to the prosecuting authorities any information required for prosecution purposes in the event of a cyber-attack. These anonymously retrieved data and information are thus statistically evaluated by envy GmbH and evaluated to increase data protection within our company, in order to ensure an optimal level of protection for the personal data that we process. The anonymous data of the server logfiles are stored separately from all personal data disclosed by a data subject.

legal basis for the data processing is Art. 6 I lit. f GDPR. Our justified interest stems from the data retrieval purposes specified above. We generally do not use the retrieved data to draw conclusions about your personal identity. However, we reserve the right to do so in the event that it is required to resolve issues concerning misuse of the website.

Contacting envy GmbH

8. Contact via the website
Due to legal requirements, the envy GmbH website contains information that facilitates quick electronic contact with our company, as well as immediate contact with us, which also includes a general electronic mail (e-mail) address. If a data subject contacts the data processor via e-mail, the personal data transmitted by the data subject are automatically stored. Such personal data voluntarily disclosed by the data subject to the data processor are stored for purposes of processing or contacting the data subject. There is no disclosure of these personal data to third parties.

The data processing for purposes of contacting us is based on Art. 6 I lit. a GDPR, on the basis of your voluntarily granted consent, and for (pre-)contractual enquiries the processing is based on Art. 6 lit. b. GDPR. The data retrieved and processed during the contact with us are deleted upon completion of the enquiry and, if applicable, following any legal retention periods (e.g. if you send us a pre-contractual message via the contact form and we form a contract relationship on this basis, or if your message concerns existing contract relationships).

Social media and tools from third-party providers

9. Data protection regulations concerning the use of Facebook
The data processor has integrated links to internet services by the company Facebook on this website. Facebook is a social network. A social network is a meeting place operated on the internet, an online community that generally allows the users to communicate with each other and interact in the virtual space. A social network can serve as a platform for sharing opinions and experiences, and allows the internet community to provide personal or company-related information. Facebook allows the users of the social network to, among other things, create personal profiles, upload photos and network via friendship requests.

The managing company of Facebook is Facebook, Inc., 1 Hacker Way, Melo Park, CA 94025, USA. If a data subject resides outside the USA or Canada, the processor of personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. When the user clicks on the links to Facebook that are integrated on these websites, the web browser on the data subject's information technology system is linked to our company website in the social network. By visiting the Facebook page, Facebook also receives information about the user, as described in detail in Facebook's Privacy Policy.

If the data subject is logged in to Facebook at the same time, Facebook identifies the data subject as a user of our website with each visit to the company profile on Facebook. In particular, Facebook may use this information to add further information on the user's interests to the user's Facebook profile.

With regard to the usage of our Facebook page, both we and Facebook share joint responsibility pursuant to Art. 26 GDPR. For this purpose we have formed a corresponding agreement with Facebook, which can be viewed here: https://www.facebook.com/legal/terms/page_controller_addendum. In particular this concerns the following processing: when visiting our Facebook page, Facebook records your IP address as well as other information available on your PC in the form of cookies. This information is used to provide us, as the operator of the Facebook pages, with statistical information on the usage of the Facebook page. Facebook provides further information on this at the following link: http://de-de.facebook.com/help/pages/insights. You have (also) consented to this form of evaluation of your visit by accepting Facebook's Terms of Use (Art. 6 I lit. a GDPR). However, we would like to note that the statistical evaluations do not allow us to make any conclusions about the personal identity of specific users.

Beyond this, we indicate our own data processing on Facebook as follows: we may use your comments and reviews as occasion to respond with our own comments. To this end we assert our justified interest in interacting with active users of our Facebook page (Art. 6 I lit. f GDPR). For enquiries of any type we offer you the opportunity to contact us on Facebook via personal messages. This automatically notifies us of your Facebook username. Further information can be provided voluntarily, in particular means of contact outside of Facebook. Further information on data processing for purposes of contacting us can be found in section 8 of this Privacy Policy.

Facebook's Data Directive, published at https://de-de.facebook.com/about/privacy/, provides information on the retrieval, processing and usage of personal data by Facebook. Furthermore, it is explained therein which optional settings Facebook offers to protect the data subject's privacy. Various applications are also available that make it possible to prevent the transmission of data to Facebook. The data subject can use such applications to prevent the transmission of data to Facebook.

10. Data protection regulations concerning the use of Instagram
The data processor has integrated links to internet services by the service Instagram on this website. Instagram is a service that serves as an audio-visual platform, and which allows users to share photos and videos as well as share such data in other social networks. The managing company of the Instagram services is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Melo Park, CA 94025, USA. If a data subject resides outside the USA or Canada, the processor of personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

When the user clicks on the links to Facebook that are integrated on these websites, the web browser on the data subject's information technology system is linked to our company website in the social network Instagram. By visiting the Facebook page, Instagram also receives information about the user, as described in detail in their Privacy Policies.

If the data subject is logged in to Instagram at the same time, Instagram identifies the data subject as a user of our website with each visit to the company profile on Instagram. In particular, Facebook may use this information to add further information on the user's interests to the user's Facebook profile.

Beyond this, we indicate our own data processing on Instagram as follows: we may use your comments and reviews as occasion to respond with our own comments. To this end we assert our justified interest in interacting with active users of our Instagram profile (Art. 6 I lit. f GDPR). For enquiries of any type we offer you the opportunity to contact us on Instagram via personal messages. This automatically notifies us of your Instagram username. Further information can be provided voluntarily, in particular means of contact outside of Instagram. Further information on data processing for purposes of contacting us can be found in section 8 of this Privacy Policy.

Facebook's Data Directive concerning use of the service Instagram, published at https://de-de.facebook.com/about/privacy/, provides information on the retrieval, processing and usage of personal data by Facebook. Furthermore, it is explained therein which optional settings Facebook offers to protect the data subject's privacy. Various applications are also available that make it possible to prevent the transmission of data to Facebook. The data subject can use such applications to prevent the transmission of data to Facebook.

11. Data protection regulations concerning the use of YouTube
The data processor has integrated links to components of YouTube on this website. YouTube is an internet video portal that allows video publishers to post video clips for free, and other users to view, review and comment on these clips, also for free. YouTube allows the publication of all types of videos, meaning that complete film and television broadcasts, music videos, trailers or videos made by users can be viewed on the internet portal.

YouTube videos are all integrated in "expanded data protection mode", meaning that no user data are transmitted to YouTube if the users do not play the videos. The data described below are only transmitted when a user plays the videos. As part of this technical process, YouTube and Google are informed of which specific sub-page of our website is visited by the data subject.

YouTube is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For purposes of the types of processing described below, the data are also regularly transmitted to Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) or other companies of the Google Corporation. Google Ireland Limited and Google LLC are jointly referred to as "Google" in this Privacy Policy. Google uses standard contractual clauses provided by the EU Commission, and in this way ensures the adequacy of the level of data protection even when data is processed in the USA.

If a user activates one of the YouTube videos integrated in this website, the respective YouTube component automatically causes the web browser on the data subject's information technology system to download a display of the corresponding YouTube component from YouTube. Further information on YouTube can be found at https://www.youtube.com/yt/about/de/. As part of this technical process, YouTube and Google are informed of which specific sub-page of our website is visited by the data subject.

If the data subject is simultaneously logged in to YouTube, YouTube determines which specific sub-page of our website the data subject is visiting with each visit to the sub-page containing a YouTube video. YouTube and Google compile this information and allocate it to the respective YouTube account of the data subject.

Via the YouTube component, YouTube and Google are notified that the data subject visited our website if the data subject is simultaneously logged in to YouTube at the time that a YouTube video is activated. If the data subject does not wish for such a transmission of this information to YouTube and Google, the data subject may prevent said transmission by logging out of their YouTube account before visiting our website.

Beyond this, we indicate our own data processing on YouTube as follows: we may use your comments and reviews as occasion to respond with our own comments. To this end we assert our justified interest in interacting with active users of our YouTube channel (Art. 6 I lit. f GDPR). For enquiries of any type we offer you the opportunity to contact us on YouTube via personal messages. This automatically notifies us of your YouTube username. Further information can be provided voluntarily, in particular means of contact outside of YouTube. Further information on data processing for purposes of contacting us can be found in section 8 of this Privacy Policy.

YouTube's Privacy Policy, published at, https://www.google.de/intl/de/policies/privacy/, provides information on the retrieval, processing and usage of personal data by YouTube and Google.

12. Data protection regulations concerning the use of Google Maps
On our websites we also use the service Google Maps, which is also a service from Google Ireland Limited Gordon House, Barrow Street, Dublin 4, Ireland. For purposes of the types of processing described below, the data are also regularly transmitted to Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) or other companies of the Google Corporation. Google Ireland Limited and Google LLC are jointly referred to as "Google" in this Privacy Policy. Google uses standard contractual clauses provided by the EU Commission, and in this way ensures the adequacy of the level of data protection even when data is processed in the USA.

Google Maps offers an interactive map with which our website visitors can conveniently view our location as well that the location of our affiliates, and obtain directions to them. With the integration of this service, our website visitors' data can be transmitted to Google. However, this only occurs if you have granted your consent for such (Art. 6 I lit. a GDPR).

If you have granted us your consent and the map is displayed, Google receives the information that you have visited the respective sub-page. Furthermore, additional information concerning the usage of our website (including your IP address) is sent to a Google server and stored there. This occurs regardless of whether Google provides a user account that you are logged in to, or if there is no user account at all. If you are logged in to Google, the data retrieved during your visit to our website are allocated directly to your account.

Google stores the data as a usage profile and uses them for purposes of advertising, market research and/or needs-based configuration of its own services. In particular, such evaluation (including for users who are not logged in) serves to provide needs-based advertising and to notify other Google users of your activities on our website. You have a right to object to the creation of this usage profile, to which end you must contact Google to exercise this right. If you do not wish for allocation to your Google profile, you must log out of your Google user account before granting your consent.

Further information on the purpose and scope of the data retrieval and the processing thereof by Google is included in Google's Privacy Policy, as well as further information on the rights in this regard and optional settings for protecting privacy: http://www.google.de/intl/de/policies/privacy.

Rights of the data subject

13. Disclosure, correction, limitation of processing, deletion
You have the right:

• as per Art. 15 GDPR, to request disclosure of your personal data that we have processed. In particular, you may request disclosure of the purposes of processing, the class of personal data, the classes of recipients to whom your data have been, are or will be disclosed, the planned duration of retention, the existence of a right to correction, deletion, limitation of processing or objection, the existence of a right to complain, the origin of your data if we did not retrieve them, as well as concerning the existence of automated decision-making including profiling and any meaningful information on the properties thereof;

• as per Art. 16 GDPR, to request the immediate correction of incorrect personal data or completion of your data that we are storing;

• as per Art. 17 GDPR, to request the deletion of your personal data stored by us, provided the processing thereof is not required to exercise the right to freedom of expression and information, to fulfil a legal obligation, for purposes of public interest or to assert, exercise or defend legal claims;

• as per Art. 18 GDPR, to request the limitation of processing of your personal data, provided you contest the accuracy of the data, the processing thereof is illegal but you object to the deletion thereof and we no longer require the data, but you require them to assert, exercise or defend legal claims, or you have submitted an objection to the processing thereof as per Art. 21 GDPR;

• as per Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, conventional and machine-readable format, or to request the transmission thereof to another data processor.

14. Revocation of granted consent
As per Art. 7 para. 3 GDPR, you have the right to revoke your granted consent at any time. This results in us no longer being allowed to continue with the data processing based on said consent.

15. Right of revocation
If your personal data are processed on the basis of justified interests as per Art. 6 I lit. f GDPR, you may oppose the processing of your personal data as per Art. 21 GDPR provided there are reasons stemming from your particular situation or the opposition is to direct advertising. In the latter instance, you have a general right of revocation which we will implement without the need for you to disclose your particular situation.

16. Right to complain to the data protection supervisory authority
Furthermore, you have a general right to complain to the responsible data protection supervisory authority.

Other remarks

17. Legal or contractual regulations concerning the provision of personal data; necessity of contract formation; obligation of the data subject to provide personal data; possible consequences of non-provision
We hereby notify you that the provision of personal data is partially stipulated by law (e.g. fiscal regulations) or may stem from contractual regulations (e.g. information on the contract partner). For purposes of contract formation, it may be required that a data subject provide us with personal data that we must then process. For example, the data subject is obligated to provide us with personal data if your company forms a contract with the data subject. Non-provision of the personal data would result in the inability to form the contract with the data subject. Before the data subject provides us with personal data, the data subject must contact one of our employees. Depending on the respective circumstances, our employee will then inform the data subject whether the provision of personal data is legally or contractually stipulated or is required for contract formation, whether there is an obligation to provide the personal data, and the consequences of non-provision of the personal data.

18. Existence of automated decision-making
As a responsible company, we abstain from automated decision-making or profiling.

19. Copyright
This Privacy Policy was created with usage of the privacy policy generator by DGD Deutsche Gesellschaft für Datenschutz GmbH, which serves as the external data protection manager Bamberg, in cooperation with IT and data protection attorney Christian Solmecke. .

20. SalesViewer

Use of SalesViewer® technology:
This website uses SalesViewer® technology from SalesViewer® GmbH on the basis of the website operator’s legitimate interests (Section 6 paragraph 1 lit.f GDPR) in order to collect and save data on marketing, market research and optimisation purposes.

In order to do this, a javascript based code, which serves to capture company-related data and according website usage. The data captured using this technology are encrypted in a non-retrievable one-way function (so-called hashing). The data is immediately pseudonymised and is not used to identify website visitors personally

The data stored by Salesviewer will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them.

The data recording and storage can be repealed at any time with immediate effect for the future, by clicking on https://www.salesviewer.com/opt-outin order to prevent SalesViewer® from recording your data. In this case, an opt-out cookie for this website is saved on your device. If you delete the cookies in the browser, you will need to click on this link again.