I. General
RedGecko GmbH, Paul-Lincke-Ufer 20-22, 10999 Berlin, Germany (hereinafter referred to as “RedGecko GmbH”, “we” or “us”) processes personal data of visitors to our website https://www.magnalister.com (hereinafter referred to as the website) and users of our services (hereinafter referred to as “users” and “you”). Personal data refers to all data that is personally referable to you, such as your name, address, e-mail addresses and user behaviour. Below, we provide information on the collection of personal data when using this website.
This Privacy Policy describes how we, as a Data Controller, process your personal data and other information in accordance with data protection law, in particular REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data, on the free movement of such data and repealing Directive 95/46/EC (the General Data Protection Regulation, “GDPR”).
Our Privacy Policy should be easy to read and understand. In this Privacy Policy, the official terms of the General Data Protection Regulation (GDPR) are generally used. The official definitions are explained in Art. 4 of the GDPR.
II. Data Controller and Data Protection Officer
The responsible party pursuant to Art. 4 No. 7 EU General Data Protection Regulation (GDPR) and in particular also the addressee of your rights is RedGecko GmbH, Paul-Lincke-Ufer 20-22, 10999 Berlin, Germany, represented by Semira Stark and Peter Mähner. Phone: +49 (0)30 / 120 76 74 12 / Fax: +49 (0)30 / 120 76 74 19 / E-mail: datenschutz [at] redgecko.de, (see also our Imprint).
The Data Protection Officer is Proliance GmbH / www.datenschutzexperte.de
Leopoldstr. 21
80802 München
datenschutzbeauftragter [at] datenschutzexperte.de
Our Data Protection Officer can also be contacted as follows: e-mail: datenschutz [at] redgecko.de
When you contact us and our Data Protection Officer, the data you provide (your e-mail address, name and telephone number, if applicable) will be stored by us in order to answer your questions. We will erase the data collected in this context after its storage is no longer required, or otherwise limit its further processing if we are required by the law to continue retaining it.
III. Access to and Storage of Information in End Devices
By using our website, information (e.g. IP address) can be accessed or information (e.g. cookies) stored in your end devices. This access or storage may involve further processing of personal data within the meaning of the GDPR.
In cases where such access to information or such storage of information is absolutely necessary for the technical-error-free provision of our services, this is done on the basis of Section 25 (1) 1, (2) No. 2 TTDSG.
In cases where such a process serves other purposes (e.g. the needs-based design of our website), it will only be carried out on the basis of Section 25 (1) TTDSG with your consent in accordance with Art. 6 (1) a of the GDPR. The consent can be revoked at any time with effect for the future. The provisions of the GDPR and the German Federal Data Protection Act (BDSG) apply to the processing of your personal data.
Further information on the processing of your personal data and the relevant legal bases in this context can be found in the following sections on the specific processing activities on our website.
See below for more information on cookie usage at VI. Cookie setting and cookie use / collection of personal data and on the Cookie Information page.
IV. Web Hosting
This website is hosted by an external service provider (hoster). The hosting of this website, as well as personal data collected on this website, is stored on various servers within the EU. This information primarily consists of IP addresses, contact requests, meta and communication data, website access and other data generated via a website.
We have concluded an order processing contract with the provider in accordance with the requirements of Art. 28 of the GDPR, in which we oblige the provider to protect our customers’ data and not to pass it on to third parties.
V. Server Log Files and Location Determination
When you visit our website, it is technically necessary for data to be transmitted to our web server via your internet browser. The following data is recorded during an ongoing connection between your internet browser and our web server:
- Date and time of request
- The name of the requested file
- The page from which the file was requested
- Access status
- Web browser and operating system used
- (Complete) IP address of the requesting computer
- Amount of data transferred
We collect this data in order to be able to guarantee a smooth connection to the website and technical-error-free provision of our services. The processing of this data is absolutely necessary in order to make the website available to you. The log files are used to evaluate system security and stability as well as for administrative purposes. The legal basis for processing the data is our legitimate interest in the protection and functionality of our website in accordance with Art. 6 (1) f of the GDPR.
For technical security reasons, especially to defend against attempted attacks on our web server, we will store this data for a short period of time. After 3 months at the latest, the data is anonymized by shortening the IP address at domain level, so that it is no longer possible to establish a link to the individual user.
The data may also be processed anonymously for statistical purposes. This data is never stored together with other personal data of the user, compared with other data, or transferred to third parties.
When you visit our website, we also process your IP address on the basis of our legitimate interest pursuant to Art. 6 (1) f of the GDPR in order to determine your geographical location (country of access). This is necessary in order to provide you with location-based services and to display prices and currencies applicable to your location. Our legitimate interest is to minimize latency in data synchronization for our interface software magnalister and to compensate for locally differing operating costs. The maximum retention period of the IP address is 30 days.
VI. Cookie Setting and Cookie Use/Collection of Personal Data
When using our website, cookies are stored on your computer. You can find more information on the setting (storage) and use of cookies and the associated collection of personal data when you visit our website at Cookie Information.
VII. User Account
When you create a user account on our website, you will be asked to provide the following personal information about yourself:
- Company name
- Title, first name, last name (contact person)
- Country, street, zip code and city (company headquarters)
- VAT identification number
- E-mail address
- Phone number
- Fax
- Payment information (e.g. credit card or bank account) in connection with one of the services offered by us against payment.
We process this personal data for the purpose of providing our services to you. The provision of this personal data is voluntary. However, you cannot create a user account without providing this personal data. The legal basis for the processing of such personal data is the contract concluded with you for the use of the website or our services (Art. 6 (1) b of the GDPR). The data from your user account will be deleted when the contract with us is terminated and provided there are no statutory retention requirements for continued storage.
For registered customers, we also use cookies for location recognition on the basis of our legitimate interest pursuant to Art. 6 (1) f of the GDPR, by means of which we can recognize the country from which users wish to use our services. Our legitimate interest is to be able to provide you with location-based services in the customer area and to display prices and currencies applicable to your location and to compensate for locally differing operating costs. We only use cookies for the duration of your visit. You can find more information on the setting (storage) and use of cookies and the associated collection of personal data when you visit our website at Cookie Information.
VIII. Contact Form and E-mail Inquiries
If you send us inquiries using the contact form or e-mail, your details from the inquiry form or your e-mail, including the personal data you provided there, will be stored by us for the purpose of processing the request and in the event of follow-up questions. An e-mail address and your first and last name must be provided in order to contact you. Additional data, such as your telephone or customer number, is voluntary. We will not pass on this data under any circumstances without your consent. The legal basis for the processing of the data is our legitimate interest in responding to your request pursuant to Art. 6 (1) f of the GDPR and, if applicable, Art. 6 (1) b of the GDPR, if your request is aimed at concluding a contract or a contract with us already exists. Your data will be deleted after the final processing of your request, provided that there are no legal obligations to retain data. You can object to the processing of your personal data at any time in the case of Art. 6 (1) f of the GDPR.
IX. Contacting Us Via Our Live Chat (Tawk.to)
You can contact us via our live chat. For this, we use Tawk.to, a service of Tawk.to Inc., 187 East Warm Springs Road, SB119, Las Vegas, NV, 89119, USA. This is live chat software that is accessed via a script in the source code of our website as well as in our plugin. With the use of the live chat, you are automatically using the services of Tawk.to.
If you have given us your consent to do so pursuant to Art. 6 (1) a of the GDPR, the service will be loaded on our website, whereby the retrieval of your IP address at the time of the chat as well as your country of origin will be collected and the use of cookies will take place. You can find more information on the use of cookies at VI. Cookie setting and cookie use / collection of personal data and on the Cookie Information page.
The chat history is collected solely for the purpose of processing your request, for protection, to improve the quality of our customer service and for internal statistics. The legal basis for processing the data from the chat history is our legitimate interest pursuant to Art. 6 (1) f of the GDPR in responding to your request. If your request is aimed at the conclusion of a contract or if a contract already exists with us, the legal basis for the processing of the personal data provided by you in the chat process is Art. 6 (1) b of the GDPR. You can object to the processing of your personal data at any time in the case of Art. 6 (1) f of the GDPR.
The above data can be stored to assert, exercise or defend legal claims. Deletion takes place after the general limitation periods have expired.
We have an order processing contract with the service provider in accordance with Art. 28 of the GDPR, which obliges them to process the data confidentially and strictly according to our instructions.
Since personal data is transferred to third countries outside the EU (including the USA), further protective mechanisms are required to ensure the data protection level of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 (2) c of the GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe.
For more information regarding the use of Tawk.to as well as your rights and setting options to protect your privacy, please refer to Tawk.to’s data protection information: https://www.tawk.to/privacy-policy.
X. Newsletters and Advertising
If you register for our newsletter on our website within your user account and consent to receiving newsletters and processing your e-mail address for this purpose, you will be asked to provide your e-mail address. We will use your e-mail address to send you regular newsletters containing, among other things, information about new products, promotions and general information about e-commerce. Providing your e-mail address is voluntary. However, if you do not provide your e-mail address, you will not receive any newsletters. You can revoke your consent to the sending of the newsletter at any time without giving reasons and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in every newsletter e-mail, by e-mail to support [at] magnalister.de or by sending a message to the contact details provided in the imprint. The legal basis for the processing of your personal data for sending newsletters is your consent (Art. 6 (1) a of the GDPR).
If you have given us your consent to do this, we can use your personal data to provide you with advertising by e-mail, telephone or SMS. Your consent is based on Art. 6 (1) a of the GDPR. You have the right to withdraw your consent with future effect at any time. To do this, send an e-mail to support [at] magnalister.de
XI. YouTube
We embed videos from “YouTube”, a social media platform of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as “Google”) on our website. The legal basis for the processing of your personal data is your consent pursuant to Art. 6 (1) 1 a of the GDPR.
If the playback of embedded YouTube videos is started by your consent, the provider, “YouTube”, uses cookies to collect information about user behavior. According to information from YouTube, these are used, among other things, to collect video statistics, improve the user experience and prevent abusive behavior. You can find more information on the use of cookies at VI. Cookie setting and cookie use / collection of personal data and on the Cookie Information page.
If you are logged in to Google, your information will be directly associated with your account when you click on a video. If you do not wish to be associated with your profile when using YouTube, you must first log out before clicking the button. Google stores this data as usage profiles and uses it for the purposes of advertising, market research and/or requirements-oriented design of its website. Such an evaluation is carried out in particular (also for non-logged-in users) for the display of tailored advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. Please contact Google directly in this case.
Since personal data is transferred to third countries outside the EU (including the USA), further protective mechanisms are required to ensure the data protection level of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 (2) c of the GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe.
Further information on data protection and data use by Google can be found on the following Google website: https://policies.google.com/privacy?hl=en
XII. Transfer of Personal Data to Third Parties
Your personal data will not be transferred to third parties, unless
- We have explicitly indicated this in the description of the respective data processing;
- You have given your express consent in accordance with Art. 6 (1) 1 a of the GDPR;
- Disclosure is required in accordance with Art. 6 (1) 1 f of the GDPR for the establishment, exercise or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data;
- In the event that there is a legal obligation for the disclosure in accordance with Art. 6 (1) 1 c of the GDPR; or
- insofar as this is in accordance with Art. 6 (1) 1 b of the GDPR is required for the processing of contractual relationships with you.
RedGecko GmbH may also engage external service providers who act as RedGecko GmbH’s data processors to provide certain services to RedGecko GmbH, such as website service providers or IT support service providers. In providing such services, these external service providers may have access to and/or be able to process your personal data.
These external service providers are contractually obligated pursuant to Art. 28 of the GDPR to take appropriate technical and organizational security measures to protect personal data and to process personal data only in accordance with our instructions.
XIII. International Transfer of Personal Data
The personal data we receive from you or collect from you may be transferred to recipients in countries outside the European Union and the European Economic Area that do not provide an adequate level of data protection. To the extent that your personal data is transferred to countries that do not provide an adequate level of data protection from an EU perspective, we rely on appropriate security measures for the transfer, such as standard data protection clauses of the European Commission. You may request a copy of these appropriate security measures by contacting us at the address below.
XIV. Data Security
RedGecko GmbH maintains up-to-date technical and organizational measures to ensure the security of data processing, in particular to protect your personal data from risks during data transmissions and from third parties gaining knowledge. These measures are adapted to the current state of the art, the need to protect personal data and the risks to your rights and freedoms. If third parties work for us as processors, we ensure that they take the current technical and organizational measures to guarantee the security of data processing.
XV. Storage
Your personal data will be stored for as long as is necessary to provide the requested services. When we no longer use your personal data to fulfill contractual or legal obligations, we will remove it from our systems and records and/or take steps to properly anonymize it so that you can no longer be identified, unless we need to retain your data, including personal data, to comply with legal or regulatory obligations to which we are subject, such as legal retention periods arising from the Commercial Code or tax laws, or if we need data to preserve evidence within a statute of limitations.
XVI. Your Rights
In the following, you will find information on which data subject rights the applicable data protection law grants you vis-à-vis the Data Controller with regard to the processing of your personal data:
The right to request information about your personal data processed by us in accordance with Art. 15 of the GDPR. In particular, you may obtain information about the purposes of processing; the category of personal data; the categories of recipients to whom your data has been or will be disclosed; the planned retention period; the existence of a right to rectification, erasure, restriction of processing or objection; the existence of a right of appeal; the origin of your data, if not collected by us; the existence of automated decision-making including profiling and, where appropriate, meaningful information about the details of the above;
The right to request the correction of inaccurate or incomplete personal data stored by us without delay in accordance with Art. 16 of the GDPR.
The right to request the deletion of your personal data stored by us in accordance with Art. 17 of the GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
The right to request the restriction of the processing of your personal data in accordance with Art. 18 of the GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful, yet you object to the deletion of the data and we no longer need the data, but you still need the said data to assert, exercise or defend legal claims or you have objected to the processing pursuant to Art. 21 of the GDPR.
The right, pursuant to Art. 20 of the GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another data controller.
The right to complain to a supervisory authority in accordance with Art. 77 of the GDPR. As a rule, you can contact the supervisory authority of the federal state of our registered office stated above or, if applicable, that of your usual place of residence or workplace for this purpose.
The right to revoke consent given in accordance with Art. 7 (3) of the GDPR: you have the right to revoke consent to the processing of data once given at any time with future effect. In the event of revocation, we will promptly delete the data concerned, provided that there is no legal basis for further processing without consent. This revocation will not affect the lawfulness of any processing done beforehand.
To exercise your rights, please use the contact details under section II.
If your personal data is processed by us on the basis of legitimate interests pursuant to Art. 6 (1) f of the GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 of the GDPR, insofar as this is done for reasons arising from your specific situation. Insofar as the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement to specify a particular situation.
The revocation/objection can be declared by e-mail to support [at] magnalister.de or by a message to the contact details given under section II.
XVII. Legal Obligation
The provision of personal data for the decision on the conclusion of a contract, the performance of a contract or for the implementation of pre-contractual measures is voluntary. However, we can only make the decision in the context of contractual measures if you provide such personal data that is required for the conclusion of the contract, the performance of the contract or pre-contractual measures.
XVIII. Automated Decision-Making
Automated decision-making or profiling according to Art. 22 of the GDPR does not take place.
XIX. Subject to Change
We reserve the right to adapt or update this Privacy Policy as necessary to comply with applicable data protection regulations. In so doing, we can adapt them to current legal requirements and take into account changes in our services, for example, when new services are introduced. The current version applies to your visit.
The date of the current version can be found at the beginning of the Privacy Policy.