Declaration on the handling of personal data

Declaration on the handling of personal data

Declaration on the handling of personal data

1 - Name and address of the data controller

The responsible person within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations shall be:

Digistore24 GmbH

St.-Godehard-Straße 32, 31139 Hildesheim, Germany

Telephone: +49 511/547470

Email: datenschutz@digistore24.com

Website: www.digistore24.com

2 - Name and address of the data protection officer

3 - General information on data processing

  1. Scope of the processing of personal data

    As a matter of principle, we shall only collect and use personal data insofar as this is necessary to fulfil our contractual obligation towards you, due to the initiation of a contractual relationship, due to legal obligations, or if you have granted us consent. We shall treat your personal data with the utmost confidentiality and in accordance with the statutory data protection regulations as well as this privacy policy.

  2. Legal basis for the processing of personal data

    As far as we obtain your consent for processing personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) shall serve as the legal basis for the processing of personal data.

    When processing personal data that is required to fulfill a contract with you, Article 6 (1) (b) of the GDPR shall serve as the legal basis. This shall also apply to processing operations that are necessary for the performance of pre-contractual measures.

    Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Article 6 (1) (c) of the GDPR shall serve as the legal basis.

    If processing is necessary to protect the legitimate interests of our company or a third party, and your interests, fundamental rights, and freedoms do not override the aforementioned interest, Article 6 (1) (f) of the GDPR shall serve as the legal basis for the processing.

  3. Data erasure and storage duration

    Your personal data shall be erased or blocked as soon as the purpose of storage ceases to be applicable. In addition, storage may take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the responsible party is subject. Data shall also be blocked or erased if a storage period prescribed by the aforementioned standards expires, except when there is a need for further storage of the data to conclude or fulfill a contract.

4 - Deployment of the website and creation of log files

5 - Use of cookies

6 - Newsletter

7 - Registration

  1. Description and scope of data processing

    On our website, we offer you the opportunity to register by providing personal data. The data is entered into an input mask and transmitted to us and stored. The data shall not be passed on to third parties.

    The following data shall be collected as part of the registration process:

    • The user's IP address

    • Date and time of registration

    • First name

    • Last name

    • Address

    • Email address

    • Bank details or PayPal email address

  2. Legal basis for data processing

    If the registration serves to fulfill a contract to which the user is a party or to carry out pre-contractual measures, the additional legal basis for processing the data shall be Article 6(1)(b) of the GDPR.

  3. Purpose of data processing

    User registration shall be required for the provision of the following content and services on our website: To provide the Digistore24 software and to fulfill the B2B contract with our business customers.

  4. Duration of storage

    The data shall be erased as soon as it is no longer required to fulfill the purpose for which it was collected.

    This applies to the data collected during the registration process when the registration on our website is canceled or modified, or for the data collected during the registration process to fulfill a contract or carry out pre-contractual measures when the data is no longer required for the implementation of the contract. Even after the contract is concluded, there may be a need to store personal data of the contractual partner to comply with contractual or legal obligations.

  5. Possibility of objection and elimination

    As a user, you shall have the option to cancel the registration at any time. You may have the data stored about you changed at any time. To make a corresponding request, you can contact our data protection team using the email address provided in Section 2.

    If the data is required to fulfill a contract or to implement pre-contractual measures, early erasure of the data shall only be possible insofar as contractual or legal obligations do not prevent said erasure.

8 - Contact form and email contact

9 - Multi-Step Order Box

The Multi-Step Order Box (MSOB) is a variant of our order form that our vicarious agent (hereinafter referred to as “vendor”) can integrate into their own website. The vendor may divide the contents of the MSOB into clear steps that are displayed as tabs. The vendor creates their own website. They are responsible for the operational and legal management of their website. The vendor shall determine the content and make it available.

As part of your use of the services provided by MSOB, personal data shall be processed both by us and the vendor. In this context, we and the vendor shall be jointly responsible under data protection law within the meaning of Article 26 of the GDPR.

As part of being joint controllers, we shall be responsible for the processing of your personal data in connection with processing the order. The subject of the processing, the legal basis of which is the contract to be concluded (Article 6 (I) (1) (b) of the GDPR), shall include your master data, IP addresses, log files, and payment data.

The vendor shall be responsible for processing your personal data in connection with your visit to the sales page within the framework of being joint controllers. The subject of the processing, the legal basis of which is in any case a pre-contractual measure (Article 6 (I) (1b) of the GDPR) as well as the (implied) consent in connection with the visit to the vendor's website, shall include IP addresses, log files, and, depending on further consent, any tracking data from third-party providers.

We and the vendor shall ensure that the personal data that is absolutely necessary for the lawful handling of the process is collected. In addition, the joint controllers shall observe the principle of data minimization within the meaning of Article 5 (I) (c) of the GDPR.

The vendor shall provide you with the information required under Articles 13 and 14 of the GDPR regarding their sales page. We shall assume these obligations as part of the order process.

You may assert the rights to which you are entitled under Articles 15-22 of the GDPR both against us and against the vendor.

10 - Rights of the data subject

11 - Google

1 - Google Analytics

You can prevent the storage of cookies yourself by making the appropriate setting in your browser. However, in this case, you may not be able to use all functions of the website to their full extent. You can prevent the collection of data generated by the cookie (including your IP address) about your use of the website and the processing of this data by Google. To do this, you only need to download and install an additional browser plugin. You can download this plugin at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

2 - Google Maps

3 - DoubleClick

12 - Hotjar

13 - External tracking

We allow our vendors, after prior review by Digistore24 to use their own tracking code on our order forms. In this process, personal data such as inventory data (e.g. name, address, etc.), usage data (e.g. order ID, time of order, etc.), and metadata (e.g. IP address, geodata, etc.) are processed.

This data is used exclusively on the basis of your consent within the meaning of Article 6(1)(a) of the GDPR and Section 25(1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG).

Please refer to our listing of approved external tracking providers and their privacy policy: https://www.digistore24.com/extern/cms/page/frontend/legal/privacy_3rd_party/

14 - Order form

The data requested on the order form is transmitted to the product manufacturer on the basis of Article 6(1)(b) of the GDPR for the purpose of fulfilling the contract. In addition, it may be that the product manufacturer operates various tracking tools on the order form under its own responsibility. We have no insight into or influence over the data processed in this way. Digistore24 is purely a platform in this context, and provides this to the customer for the individual design. For more information about tracking, please contact the respective product manufacturer.

If the customer repeatedly purchases (possibly different) products from the same product provider (vendor), these orders are recorded by us under the same customer ID (customer number). This is necessary in order to identify related customer orders in the event of any customer queries and to improve customer support. This shall also be our legitimate interest in data processing (Article 6 (1) (f) GDPR).

15 - Disclosure of data to payment service providers

In the context of contractual relationships, we offer data subjects efficient and secure payment options and, in addition to banks and credit institutions, use other service providers for this purpose (collectively, "payment service providers")(Art. 6(1)(1)(b) GDPR).

The data processed by the payment service providers includes inventory data, such as name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as the contract-, sum- and recipient-related information. The information is required in order to carry out the transactions. However, the data entered is only processed by the payment service providers and stored by them; i.e. we do not receive any account or credit card-related information, but only information with confirmation or negative information about the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. The purpose of this transmission is to check identity and creditworthiness. In this regard, we refer to the terms and conditions and the privacy notices of the respective payment service providers.

The terms and conditions and the privacy notices of the respective payment service providers, which can be accessed within the respective websites or transaction applications, shall apply to the payment transactions.

The types of data processed by payment service providers include: Inventory data (e.g. names, addresses); payment data (e.g. bank details, invoices, payment history); contractual data (e.g. subject matter of contract, term, customer category); usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).

16 - Credit report

According to Article 6(1)(f) of the GDPR, we check information about your address data (if applicable, first name, last name, address) and your creditworthiness in order to protect legitimate interests. For this purpose, we cooperate with Creditreform Boniversum GmbH (credit rating), Hellersbergstraße 11, 41460 Neuss, from whom we obtain or transmit data for these purposes. You can find the information pursuant to Article 14 of the GDPR on the data processing taking place at Creditreform Boniversum GmbH at: https://www.boniversum.de/eu-dsgvo/EU-DSGVO

Note

Within the scope of the consent given by the customer, the credit agency stores and transmits the data to the affiliated credit institutions, credit card companies, leasing companies, retail companies including mail order companies and other companies that commercially provide money or goods credits to consumers or offer telecommunication services in order to be able to provide them with information for assessing the creditworthiness of customers. Address data may be transmitted to companies that are contractually affiliated with the credit agency (e.g. SCHUFA/Boniversum) for the purpose of determining debtors. SCHUFA only transmits objective data without indicating the creditor; subjective value judgments, personal income and financial circumstances are not included in SCHUFA information. Credit agencies only make data available if a justified interest in the data transfer has been credibly demonstrated in the individual case. When providing information, the credit agency may also provide its contractual partners with a probability value calculated from its database to assess the credit risk (score procedure).

17 - Disclosure of data to our collection partner

Pursuant to Article 6(1)(f) of the GDPR, in the event of a payment default, the data required for the collection of our claim will be passed on to our collection partner. For this purpose, we work with Creditreform Essen Stenmans & Waterkamp KG, Hohenzollernstr. 40, D-45128 Essen, Germany

18 - Sample texts for vendors & affiliates

In the following you will find explanations on how various Digistore24 tools work. You can include these texts in your own privacy policy as a vendor or affiliate or link to this policy.

Digistore24WordPress plugin

The Wordpress plugin offers the possibility to embed various services from Digistore24 on your own website, e.g. the Social Proof Bubble, the Affiliate Ad Generator or other tools. Each time you embed, non-personal data is reloaded from the Digistore24

The privacy policy of Digistore24 can be found here: https://www.digistore24.com/dataschutz

Affiliate Ad Generator

Affiliate Ad Generator allows you to create ad media automatically. It provides an input field where you can enter your Digistore24 ID. This will provide you with advertising materials that you can use to promote products and services quickly and easily.

In addition to the aforementioned, depending on your input, it will be checked whether an affiliate partnership exists. For details, please refer to the privacy policy of Digistore24.

The privacy policy of Digistore24 can be found here: https://www.digistore24.com/dataschutz

Promo links/content links

On our website we use various links to offers from Digistore24. The purpose of the links is to draw your attention to products of interest to you.

Some of these links are links to the domain Digistore24 from the company Digistore24 GmbH.

When you click on one of the links, you are accessing a web page on the server of Digistore24. Our server does not transmit any data to Digistore24 in this process, but the data is transferred - as with every website visit - from your web browser to Digistore24. We have no influence over the extent to which your web browser transfers data to Digistore24.

Please find more information about the scope of Digistore24 using data from website visits in the privacy policy of Digistore24.

The privacy policy of Digistore24 can be found here: https://www.digistore24.com/dataschutz

Conversion tools/shopping cart

Digistore24 offers the possibility to embed various services on your own website via HTML and JavaScript codes. For example, the Social Proof Bubble or the Digistore24 shopping cart.

Each time you embed, non-personal data is reloaded from the Digistore24 server (e.g. a JavaScript file).

During this reload, your web browser retrieves a web page from the Digistore24 server. Our server has no influence over the extent to which your web browser thereby transmits data to the Digistore24 server. Our server itself does not transmit any data to the Digistore24 server in this context.

Which data Digistore24 stores and processes during this website visit is determined by Digistore24 GmbH as the data controller in its own privacy policy.

The privacy policy of Digistore24 can be found here: https://www.digistore24.com/dataschutz

19 - Blog

When using the comment function, the following data is transmitted to Digistore24:

  • First name

  • Name

  • Email address

  • IP address

In addition, other users of the blog can see the written comments as well as the respective name at the end of each post.

For the processing of the data, your consent is obtained during the submission process and reference is made to this privacy policy. In this context, the data will not be passed on to third parties. The data will be used exclusively for processing of the conversation.

The legal basis for the processing of the data is Article 6(1)(a) of the GDPR if you have given your consent.

You have the option to revoke your consent to the processing of personal data at any time. If you contact us by email, you can object to the storage of your personal data at any time. In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us will be deleted in this case.

20 - Beamer