1 - Name and address of the controller
2 - Name and address of the data protection officer
3 – General information on data processing
4 – Provision of website and creation of log files
5 – Use of cookies
6 - Newsletter
7 – Registration
8 – Contact form and email contact
9 – Rights of the data subject
10 – Privacy policy Facebook
11 - Privacy policy Google Analytics
12 - Hotjar
13 – Order form
14 – Sample texts for vendors & affiliates
15 - Blog

1 - Name and address of the controller

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

Digistore24 GmbH
represented by the managing directors Sven Platte, Anthony Kossatz
St.-Godehard-Str. 32
31139 Hildesheim
Tel: 05121 9288860
Email: datenschutz@digistore24.com

2 - Name and address of the data protection officer

The data protection officer of the controller is:

Attorney Marion Albrecht
activeLAW Klein.Offenhausen PartmbB
Hans-Böckler-Allee 26
30173 Hannover
Germany
Tel: 0511 54747 0
Email: datenschutz@digistore24.com

3 – General information on data processing

1 – Scope of personal data processing

We only collect and use the personal data of our users insofar as this is necessary to provide a functional website as well as our contents and services. The collection and use of the personal data of our users regularly takes place only with the consent of the user. An exception applies in those cases where prior consent cannot be obtained for practical reasons and the processing of the data is permitted by law.

2 – Legal basis for the processing of personal data

Insofar as we obtain your consent for the processing of personal data, point (a) of Article 6 (1) of the European General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.

Point (b) of Article 6 (1) GDPR serves as the legal basis for the processing of personal data required for the performance of a contract to which you are a party. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Point (c) of Article 6 (1) GDPR serves as the legal basis insofar as the processing of personal data is necessary for compliance with a legal obligation to which we are subject.

If processing is necessary to protect a legitimate interest of our company or a third party, and your interests, fundamental rights and freedoms do not override the former interest, point (f) of Article 6 (1) serves as the legal basis for processing.

3 – Data erasure and storage period

Personal data concerning you shall be erased or blocked as soon as the purchase of storage ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which we are subject. The data shall also be blocked or erased if a storage period required by the aforementioned standards expires, unless there is a need for further data storage for the conclusion or performance of a contract.

4 – Provision of website and creation of log files

1 – Description and scope of data processing

Every time you visit our web page, our system automatically collects data and information from the computer system of the visiting computer.

The following data is collected here:

  • Information about the browser type and version used

  • The operating system of the user

  • The internet service provider of the user

  • The IP address of the user

  • Date and time of access

  • Websites from which the system of the user reaches our web page

This data is not stored together with other personal data of the user.

2 – Legal basis for data processing

The legal basis for the temporary storage of data and log files is point (f) of Article 6 (1) GDPR.

3 – Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the computer of the user. For this to happen, the IP address of the user must remain stored for the duration of the session.

The data is stored in log files to ensure the functionality of the website. In addition, the data serves to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not happen in this context.

Our legitimate interest in data processing pursuant to point (f) of Article 6 (1) GDPR also lies in these purposes.

4 – Duration of storage

The data shall be erased as soon as it is no longer necessary to achieve the purchase for which it was collected.

Storage of data in the log files:
The IP address and the HTTP user agent are stored in plain text in the web server log files for a maximum of 6 weeks to detect and analyze attacks on our website.

Storage of data in our database:
An anonymous storage as hash is carried out in our database for 7 days in order to be able to assign and pay out the sales commission to our affiliates.

5 – Possibility of objection and disposal

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. You therefore have no possibility of objection.

5 – Use of cookies

1 – Description and scope of data processing

Our website uses cookies. Cookies are text files stored in the internet browser/by the internet browser on the computer system of the user. If a user visits a website, a cookie may be stored on the operating system of the user. This cookie contains a typical character string that enables a unique identification of the browser when the website is called up again. We use cookies with two durations:

  • We store cookies until the end of the session to enable a login (a session). This is necessary so that our server recognizes your web browser after you have entered your login data. A session is also started during an order process so that the order can be processed correctly.

  • We store cookies for up to 185 days:

    • for affiliate tracking (so that we can provide our service i.e. the sale of a product. This is only possible in combination with the IP address and cookie)

    • the screen size (for a better display of the website)

    • for certain authorizations (e.g. for the authorization to make test purchases)

    • to prevent double orders (the cookie ensures that a warning message appears if you place a double order)

    • for the language setting

    • for the “Stay signed in” function

    • Products that have been placed in the shopping cart

Without cookies we cannot guarantee the correct functioning of our website.

2 – Legal basis for data processing

The legal basis for the processing of personal data by using technically necessary cookies is point (f) of Article 6 (1) GDPR.

3 – Purpose of data processing

The main service of Digistore24 is the sale of digital and other similar products over the internet. To this end, the buyer is given information and guidance about the products on the websites of third parties. In order for the providers of this information to be able to maintain their service, Digistore24 often reimburses their advertising costs. This is absolutely necessary for the operation of Digistore24.

The purpose of using technically necessary cookies is to simplify the use of websites for you. Some of the functions on our website cannot be offered without using cookies. In this regard, it is necessary that the browser is recognized even after a page change.

For these purposes, our legitimate interest lies in the processing of personal data pursuant to point (f) of Article 6 (1) GDPR.

4 – Duration of storage, possibility of objection and disposal

Cookies are stored on the user’s computer and transmitted to our page. Therefore, you as a user also have full control over the use of cookies. You can deactivate or limit the transmission of cookies by adjusting the settings in your internet browser. Cookies that have already been stored can be erased at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to fully use of all of the website functions.

6 – Newsletter

1 – Description and scope of data processing

If you purchase goods or services from us and provide us with your email address in the process, this may subsequently be used by us to send you a newsletter. In such a case, the newsletter shall only directly advertise your own similar goods or services. No data is passed on to third parties in connection with data processing for sending out newsletters. The data shall be used exclusively for sending the newsletter.

2 – Legal basis for data processing

The legal basis for the processing of data after registration for the newsletter by the user is point (b) of Article 6 (1) GDPR and section 7 (3) of the UWG (Act Against Unfair Competition).

3 – Purpose of data processing

The collection of the user’s email address serves the purpose of sending the newsletter.

4 - Duration of storage

The data is erased as soon as it is no longer necessary to achieve the purpose for which it was collected. The email address of the user shall therefore be stored as long as the subscription to the newsletter is active.

5 - Possibility of objection and disposal

You can cancel your subscription to the newsletter at any time. For this purpose, there is a corresponding link in every newsletter.

7 – Registration

1 - Description and scope of data processing

On our website we offer you the opportunity to register by providing personal data concerning you. The data is entered into an input mask and is transferred to us and then stored. The data shall not be passed on to third parties.

The following data is collected during the registration process:

  • The IP address of the user

  • Date and time of registration

  • First name

  • Last name

  • Address

  • Email address

  • Bank details or PayPal email address

2 – Legal basis for data processing

If registration serves the performance of a contract to which the user is a party or the implementation of pre-contractual measures, then the additional legal basis for the processing of the data is point (b) of Article 6 (1) GDPR.

3 - Purpose of data processing

The user must register in order to make the following content and services available on our website: provision of the Digistore24 software and performance of the B2B contract with our business customers.

4 - Duration of storage

The data is erased as soon as it is no longer necessary to achieve the purpose for which it was collected.

This is the case for the data collected during the registration process, if the registration on our website is cancelled or modified, or for the data collected during the registration process to perform a contract or to carry out pre-contractual measures, if the data is no longer required for the performance of the contract. Even after the conclusion of the contract, it may still be necessary to store personal data of the contractual partner in order to fulfill contractual or legal obligations.

5 - Possibility of objection and disposal

As a user you have the possibility to cancel the registration at any time. You can change the data stored about you at any time. To make a corresponding request, you can contact our data protection team using the email address given in chapter 2.

If the data is required to perform a contract or to carry out pre-contractual measures, premature erasure of the data is only possible insofar as there are no contractual or statutory obligations to the contrary.

8 – Contact form and email contact

1 – Description and scope of data processing

On our website there is a contact option which refers you to our general email address. In this case, the personal data transmitted with the email shall be stored.

In this context, the data shall not be passed on to any third parties. The data is used exclusively for processing the conversation.

2 - Legal basis for data processing

The legal basis for the processing of the data transmitted in the course of sending an email is point (f) of Article 6 (1) GDPR. If the aim of the email contact is to conclude a contract, then the additional legal basis for the processing is point (b) of Article 6 (1) GDPR.

3 - Purpose of data processing

In the case of contact via email, this also constitutes the necessary legitimate interest in the processing of the data.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

4 - Duration of storage

The data is erased as soon as it is no longer necessary to achieve the purpose for which it was collected. For the personal data sent by email, this is the case when the conversation with you has ended. The conversation is ended when it can be inferred from the circumstances that the facts in question have finally been clarified.

The additional personal data collected during the sending process shall be erased after a period of seven days at the latest.

5 - Possibility of objection and disposal

You now have the possibility to revoke your consent to the processing of personal data at any time. If you get in contact with us via email, you can object to the storage of personal data concerning you at any time. In such a case, the conversation cannot be continued. In this case, all personal data stored in the course of contacting us shall be erased.

9 – Rights of the data subject

If personal data is processed by you, you are the data subject as defined by the GDPR and you have the following rights against the controller:

1 – Right of access

You can ask us to confirm whether personal data concerning you will be processed by us. If such processing has happened, you can request the following information from us:

  • the purposes for which the personal data is processed;

  • the categories of personal data concerned;

  • the recipients or categories of recipient to whom the personal data concerning you has been or is still being disclosed;

  • the planned storage duration of the personal data concerning you, or, if specific information is not possible, criteria for determining the storage period;

  • the existence of a right to have personal data concerning you corrected or erased, a right to have processing restricted by the controller or a right to object to such processing;

  • the existence of the right to lodge a complaint to a supervisory authority;

  • any available information on the origin of the data if the personal data is not collected from the data subject;

  • the existence of automated decision-making, including profiling referred to in Article 22 (1) and (4) GDPR and, at least in these cases, meaningful information on the logic involved, as well as the significance and the envisaged consequences for the data subject.

You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you shall have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.

2 – Right to rectification

You have the right to rectification and/or completion of personal data concerning you if it is incorrect or incomplete. We must make the rectification without undue delay.

3 – Right to restriction of processing

Under the following conditions you may request that the processing of personal data concerning you be restricted:

  • if you contest the accuracy of the personal data concerning you for a period that enables us to verify the accuracy of the personal data;

  • the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;

  • we no longer need the personal data for the purposes of the processing, but you do need them for the establishment, exercise or defense of legal claims, or

  • if you have objected to processing pursuant to Article 21 (1) GDPR pending the verification whether our legitimate grounds override your grounds.

If the processing of personal data concerning you has been restricted, such data shall – with the exception of storage – only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the restriction of the processing is carried out pursuant to the conditions mentioned above, we shall inform you before the restriction is lifted.

4 – Right to erasure

Right to be forgotten

You can ask us to erase the personal data concerning you immediately and we shall have the obligation to erase this data without undue delay where one of the following grounds applies:

  • The personal data concerning you is no longer necessary in relation to the purposes for which it was collected or otherwise processed;

  • You withdraw your consent on which the processing is based according to point (a) of Article 6 (1) or point (a) of Article 9 (2), and where there is no other legal ground for the processing.

  • You object to the processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21 (2) GDPR.

  • Personal data concerning you has been unlawfully processed.

  • the personal data has to be erased for compliance with a legal obligation in Union or Member State law to which we are subject;

  • Personal data concerning you has been collected in relation to the offer of information society services referred to in Article 8 (1) GDPR.

Information to third parties

If we have made personal data concerning you public and are obligated to erase it pursuant to Article 17 (1) GDPR, we shall take appropriate measures, including those of a technical nature, taking into account the available technology and implementation costs, to inform those responsible for the data processing who process the personal data that you as the data subject have requested the erasure of all links to this personal data or of copies or replications of this personal data.

Exemptions

The right to be forgotten does not exist insofar as the processing is necessary

  • to exercise the freedom of expression and information;

  • to fulfill a legal obligation required for processing under the law of the Union or of the Member States to which we are subject or to perform a task in the public interest or in the exercise of official authority conferred on us;

  • for reasons of public interest in the area of public health pursuant to points (h) and (i) of Article 9 (2) and Article 9 (3) GDPR;

  • for archiving purposes in the public interest, scientific or historical purposes or statistical purposes in accordance with Article 89 (1) GDPR insofar as the law referred to under a) is likely to render impossible or seriously impair the attainment of the objectives of such processing, or

  • for the establishment, exercise or defense of legal claims.

5 – Right to information

If you have exercised your right to rectification, erasure or restriction, we are obligated to inform all recipients to whom personal data concerning you has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or would give rise to disproportionate difficulties.

You have the right to be informed of these recipients.

6 – Right to data portability

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where:

  • the processing is based on consent pursuant to point (a) of Article 6 (1) or point (a) of Article 9 (2) GDPR or on a contract pursuant to point (b) of Article 6 (1) GDPR and

  • the processing is carried out by automated means.

In exercising this right, you shall also have the right to request that the personal data concerning you be transferred directly from one data controller to another data controller, insofar as this is technically feasible. The freedoms and rights of other persons shall not be affected by this.

7 – Right to object

You shall have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on points (e) or (f) of Article 6 (1), including profiling based on these provisions.

We shall no longer process personal data relating to you unless we can provide compelling grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims.

Where the personal data concerning you is processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

8 – Right to revoke the data protection declaration of consent

You shall have the right to revoke your data protection declaration at any time. The revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

9 – Right of appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you shall have the right of appeal to a supervisory authority, in particular in the Member State where you reside, work or the place of the suspected infringement, if you believe that the processing of personal data concerning you is contrary to the GDPR. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

The supervisory authority responsible for us is:

The State Official for data protection in Lower Saxony, Prinzenstrasse 5, 30159 Hannover, telephone: +49 511 120-4500, telefax: +49 511 120-4599, email: poststelle@lfd.niedersachsen.de

10 – Privacy policy Facebook

Use of Facebook social plugins – our website uses so-called social plugins (‘Plugins’) of the social network Facebook, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). The plugins are marked with a Facebook logo or the addition ‘Social plugin of Facebook’ or ‘Facebook social plugin’. An overview of the Facebook plugins and their appearance can be found here: https://developers.facebook.com/docs/plugins

When you access one of our website pages that contain such a plugin, your browser establishes a direct connection to the Facebook servers. The content of the plugin is transmitted directly from Facebook to your browser and is embedded into the page. Through this integration, Facebook receives the information that your browser has called up the corresponding page of our website, even if you do not have a Facebook profile or are not currently logged into Facebook. This information (including your IP address) is transmitted directly from your browser to a Facebook server in the USA and stored there.

If you are logged into Facebook, Facebook can immediately associate your visit to our website with your Facebook profile. If you interact with the plugins, for example by clicking the "Like" button or making a comment, this information is also transmitted directly to a Facebook server and stored there. The information is also published on your Facebook profile and displayed to your Facebook friends.

The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your rights and setting options for the protection of your privacy can be found in the Facebook data protection information: http://www.facebook.com/policy.php

If you do not want Facebook to associate the data collected via our website directly with your Facebook profile, you must log out of Facebook before visiting our website. You can also completely prevent the Facebook plugins from loading with add-ons for your browser, e.g. by using the "Facebook Blocker".

Facebook pixel, custom audiences and Facebook remarketing: Due to our legitimate interest in the analysis, optimization and economic operation of our online offer and for these purposes, the so-called "Facebook Pixel" of the social network Facebook which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin, Ireland ("Facebook"), is used within our online offer.

With the help of the Facebook pixel, Facebook is able to determine the visitors of our offer as a target group for the presentation of advertisements, known as Facebook ads. Accordingly, we use the Facebook pixel to show the Facebook ads that we only post to such Facebook users. Privacy Policy of Facebook

11 – Privacy policy Google Analytics

We use Google Analytics on our website, an analysis service of the US company Google Inc. ("Google"), 1600 Amphitheatre Parkway, Mountain View, CA 94043, U.S.A. Google Analytics uses "cookies", small text files that are stored on your computer. These cookies are used to analyze your use of our website. The corresponding data about your user behavior is forwarded to a Google server in the USA where it is evaluated and stored.

If IP anonymization is activated on this website within the member states of the European Union and the Agreement on the European Economic Area, Google will shorten your IP address for the purposes of anonymization. Only in exceptional cases shall there be an uncut transmission to the USA with shortening of the IP address on a server there.

Google shall use this information at the initiative of the owner of this website to evaluate how you use the website. In addition, Google shall use this information to produce reports on website activity and provide other services in connection with the use of the website and the internet for its operators. Google does not amalgamate the IP address transmitted by your browser through the use of Google Analytics with other Google data.

You can prevent the storage of cookies yourself by adjusting an appropriate setting in your browser. However, in this case you may not be able to fully use all the website functions. You can prevent the collection of data generated by the cookie (including your IP address) about your use of the website and the processing of this data by Google. All you need to do is to download and install an additional browser plugin. You can download this plugin using the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

12 – Hotjar

We use Hotjar to better understand the needs of our users and to optimize the offer on this website. With the help of Hotjar technology, we get a better understanding of our users' experiences (e.g. how much time users spend on which pages, which links they click on, what they like and what they do not like, etc.) and this helps us to tailor our offer to our users' feedback. Hotjar uses cookies and other technologies to collect information about the behavior of our users and their devices (in particular the IP address of the device (collected and stored in anonymous form only), screen size, device type (unique device identifiers), information about the browser used, location (country only), language preferred for displaying our website). Hotjar stores this information in a pseudonymized user profile. Neither we nor Hotjar use this information to identify individual users and it is not amalgamated with other data about individual users. You can object to the storage of a user profile and information about your visit to our website by Hotjar and the setting of Hotjar tracking cookies on other websites by clicking on this opt-out link.

The Hotjar privacy policy provides information about the handling of personal data at Hotjar: https://www.hotjar.com/legal/policies/privacy

13 – Order form

The data requested on the order form shall be transmitted to the product manufacturer for the performance of the contract pursuant to point (b) of Article 6 (1) GDPR. In addition, the product manufacturer may operate various tracking tools on the order form at their own responsibility. We have no insight into or control over the data processed in this way. Digistore24 is a pure platform in this context, and is available to the customer for individual design. For further information on tracking, please contact the respective product manufacturer.

14 – Sample texts for vendors & affiliates

You will then find explanations of how various Digistore24 tools function. As a vendor or affiliate, you can include these texts in your own privacy policy or place a link to them on this policy.

Digistore24 WordPress plugin

The WordPress plugin offers the possibility to embed various Digistore24 services on your own website e.g. the Social Proof Bubble, the affiliate advertising material generator or other tools.

Each time you embed something, non-personal data is reloaded from the Digistore24 server (e.g. a JavaScript file).

When reloading, your web browser retrieves a web page from the Digistore24. Our server has no control over the extent to which your web browser transmits data to the Digistore24 server. In this context, our server does not transmit any data to the Digistore24 servers.

The data that Digistore24 stores and processes when you access this website is set out by Digistore24 GmbH as the contractor in its own privacy policy. The Digistore24 privacy policy can be found here: https://www.digistore24.com/dataschutz

Affiliate advertising material generator

The affiliate advertising material generator allows advertising materials to be created automatically. It provides an input field in which you can enter your Digistore24 ID. This way, you receive advertising material with which you can advertise products and services in a quick and easy manner.

In addition to the above, depending on your entry, the system checks whether an affiliate partnership exists. For more details, please refer to the Digistore24 privacy policy: https://www.digistore24.com/dataschutz

Promolinks / Content links

On our website we use various links to Digistore24 offers. The purpose of the links is to draw your attention to products that may be of interest to you.

Some of these links are links to the domain digistore24.com of the company Digistore24 GmbH.

If you click on one of the links, you call up a web page on the Digistore24 server.

Our server does not transmit any data to Digistore24, but rather the data is transferred from your browser to Digistore24, as is the case with any visit to a website. We have no control over the extent to which your web browser transmits data to Digistore24.

For more information about the scope of Digistore24 with data from website visits, please read the Digistore24 privacy policy: https://www.digistore24.com/dataschutz

Conversion tools / Shopping cart

Digistore24 offers the possibility to embed different services on your own website via HTML and JavaScript codes e.g. the Social Proof Bubble or the Digistore24 shopping cart.

Each time you embed something, non-personal data is reloaded from the Digistore24 server (e.g. a JavaScript file).

When reloading, your web browser retrieves a web page from the Digistore24. Our server has no control over the extent to which your web browser transmits data to the Digistore24 server. In this context, our server does not transmit any data to the Digistore24 servers.

The data that Digistore24 stores and processes when you access this website is set out by Digistore24 GmbH as the contractor in its own privacy policy. The Digistore24 privacy policy can be found here: https://www.digistore24.com/dataschutz

15 - Blog

The following data is transmitted to Digistore24 when the comment function is used:

  • First Name

  • Name

  • Email address

  • IP address

In addition, other users of the blog can see the written comments and the corresponding name at the end of each post.

Your consent is obtained for the processing of data within the scope of the sending process and is referenced on this privacy statement. The data shall not be passed on to third parties in this context. The data shall be used exclusively to process the conversation.

If you have granted your consent, the legal basis for processing the data is point (a) of Article 6 (1) GDPR.

You have the possibility to revoke your consent to the processing of personal data at any time. If you contact us via email, you can object to the storage of your personal data at any time. In such a case, the conversation cannot be continued. All personal data stored during the period of contact shall be deleted in this case.