Last update: July 29, 2020
We, the Booxli GmbH (hereinafter "Booxli" or "we") are pleased to welcome you to Booxli. With Booxli we want to give you an exciting and interesting time alone or together. It is our primary concern to offer you and all our customers a unique user experience and the best Booxli Service.
The trusting handling of your personal data as well as the adherence to all existing data protection regulations are important to us. The processing of your personal data by Booxli therefore takes place exclusively within the framework of the data protection provisions of the European General Data Protection Regulation (hereinafter “EU-GDPR”).
- Collection and processing of personal data
- Disclosure of personal data
- Information Security
- Links and advertising from third parties
- Adverstising Consent
- Contact & Communication
- Transmission of data to recipients
- Routine deletion and blocking
- Affected Rights
- Complaint to Regulators
i. Personal Data
Personal data is any information that relates to an identified or identifiable natural person (hereinafter "the person conced"). A natural person is considered to be identifiable who, directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special features, expresses the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person can be identified.
Restriction of the processing is the marking of stored personal data with the aim to limit their future processing.
Pseudonymization is the processing of personal data in such a way that personal data can no longer be assigned to a specific data subject without additional information, provided that such additional information is kept separate and subject to technical and organizational measures to ensure that the personal data not assigned to an identified or identifiable natural person.
iv. Third Party
Third (party) is a natural or legal person, public authority, body or body other than the data subject, the controller, the processor and the persons authorized under the direct responsibility of the controller or processor to process the personal data.
Consent is any expression of will voluntarily and unambiguously made by the data subject in the form of a statement or other unambiguous confirmatory act expressing to the data subject that they consent to the processing of the personal data concerning them is.
Responsible persons within the meaning of the EU-GDPR for all personal data collected, stored and processed by Booxli is Booxli GmbH, Kirschgartenstraße 37, 69126 Heidelberg, Germany.
3. Collection and processing of personal data
As part of your use of our Booxli Applications, we collect and process your personal information in order to operate, provide and improve our Booxli Applications and our Booxli Services. These include:
i. General use of your personal data
We use the personal information you collect for general purpose purposes to provide, troubleshoot, and improve our Booxli Services and Booxli Applications, but we do not use all available data for all listed purposes.
In addition, we use your personal information to analyze the performance of our Booxli Applications and Booxli Services and to resolve any errors or errors that may occur.
We also use your personal information to improve the usability and effectiveness of our Booxli Services and Booxli Applications.
ii. Use of your personal data in the context of the use of our services
iii. Use of your personal data in the course of the purchase
We collect, store and process your personal information in order to receive and process orders, deliver products and services, process payments, provide technical administration and communicate with you about orders, products, services and promotions. To complete your subscription, purchase or loan, we need your full, correct name and payment details.
We need your e-mail address so that we can confirm the order and communicate with you. We also use these for your identification when you log in to your user account (hereinafter "customer login").
iv. Use of your personal data in the context of interest-based advertising
In addition to processing your data to process your purchase with us, we also use your information to communicate with you about your orders, certain content or marketing campaigns and to recommend you content or services that may interest you. As our customer, you will occasionally receive product recommendations from us by e-mail. You receive these product recommendations regardless of whether you have subscribed to a newsletter. In this way, we want to provide you with information about products from our offer that may interest you based on your membership with us. We comply strictly with the legal requirements in accordance with § 7 UWG. Information on your right of objection can be found in Section 12 g).
You can find more information about offers directed to you in our information on interest-based advertising
v. Use of your personal data in the context of personalization
As part of personalizing the user experience and our Booxli Services, we process your personal information to recommend features, products, and services that may be of interest to you, to identify your preferences, and to personalize your experience with our Booxli Services.
vi. Use of your personal data to comply with legal obligations
We also use your personal information because in certain cases we have legal obligations to collect and process personal information from you.
vii. Use of your personal data to communicate with you
We use your personal information, in particular the inventory data stored in your user account, to communicate with you through various channels (such as telephone, e-mail, chat) regarding our Booxli Services.
viii. Use of your personal data for Fraud Prevention and Credit Risk
In fraud prevention, we process your personal information to prevent or detect fraud and misuse, and to protect the safety of our customers, ours and third parties. If necessary, we also use scoring procedures to assess and handle credit risks.
ix. Use of your personal data for purposes for which we obtain your consent
We may ask for your consent to collect, store and process your personal information for a specific purpose. The respective special ticks and backgrounds, we will call you in the context of our request. If you consent to the processing of your personal data for a specific purpose, you can revoke your consent at any time. In case of cancellation, we will stop processing your information for this purpose.
x. Use of your personal data in surveys
In surveys, we also use your data for market and opinion research. We use these exclusively anonymized for statistical purposes. Your responses to surveys will not be shared or published to third parties. In some cases, we store the responses from our surveys along with your email address or other personal information. In this case, we will point this out separately in the survey.
The legal basis for these processing operations is Art. 6 (1) lit. a), b) and c) of the EU-GDPR, whereby the justified interest in the provision of the use of the platform lies at the instigation of the user.
xi. Use of your personal data in sweepstakes
For sweepstakes, we use your information for the purpose of winning the prize and promoting our offers. Detailed information can be found in our terms and conditions for the respective competition.
5. Disclosure of personal data
i. Transfer to third party service providers
ii. Transfer of shares
As our business develops, there may be purchases or sales of other businesses or services. In the case of such transactions, personal data of our clients is usually transferred together with the part of the company to be transferred. However, the personal data are subject to the previously existing privacy statements even after completion of the transfer, unless our customers expressly and voluntarily agree to other provisions. In the event that the Booxli Applications, the Booxli Services or the Booxli GmbH all or significant parts of it are sold to another company or transferred in the context of a business transfer or spin-off, the personal data are also to the buyer or the new owner.
iii. Protection of Booxli and third parties
If we are required by law or personal information is required to enforce our terms and conditions or other agreements or to protect the rights of us or the rights of our customers and third parties, we will disclose personal information about our customers and customer accounts. This includes sharing information with companies and third parties to prevent and minimize abuse and fraud.
If your personal data should be affected by such or other disclosure to third parties, we will inform you in advance. If you do not want to agree to a disclosure of your personal data to third parties, you have the opportunity in advance.
iv. Data transmission to countries outside the European Economic Area
6. Information Security
When developing our systems and devices, we take your safety and privacy into account.
To protect your security when transmitting information to us, we use Secure Sockets Layer Software (SSL). This software encrypts the information that you submit to us.
When dealing with credit cards, we follow the Payment Card Industry Data Security Standard (PCI DSS).
We maintain physical, electronic and procedural security measures related to the collection, storage and disclosure of your personal information. These security measures include occasionally asking you to provide proof of your identity before we disclose your personal information to you.
7. Links and advertising from third parties
8. Advertising Consent
For the verification of your e-mail address and other contact details for sending subscribed newsletters and other advertising (hereinafter "advertising"), we use the so-called double-opt-in procedure. This means that we will not send you any advertising until you have explicitly confirmed to us that we should activate the advertising consent. You will then receive a notification requesting that you confirm by clicking on a link contained in this notification that you wish to confirm your advertising and receive our advertising. The double-opt-in process is no longer necessary if you have registered via the login of our partner Facebook and have already carried out the double-opt-in procedure.
We will not provide your personal information that we process for the purpose of sending advertising to third parties. If you do not wish to receive any further advertising from us later, you can revoke your advertising consent at any time by deactivating it in your profile settings. Alternatively, you can send us a text message to email@example.com.
9. Contact & Communication
You can contact us directly via a contact form deposited on Booxli. In this case you must give your name, your e-mail address and a subject to your inquiry. We also offer you the opportunity to contact us directly via the address data given in section 14.
If you contact us via e-mail or web form, we will also collect your IP address and the time you send us your message. The information you provide to us via contact form or e-mail is used exclusively to process your request. The legal basis for this processing is Article 6 (1) sentence 1 lit. b) EU-GDPR. We process your IP address and the time of your request in order to identify and ward off automated access and hacker attacks. The legal basis for this processing is Article 6 (1) sentence 1 lit. f) EU-GDPR. Basically, we delete this data at the end of one week after answering or otherwise completing your request; in individual cases, however, we retain this data for a longer period of time, insofar as we are legally entitled or obliged to do so (for example, by virtue of commercial or tax-related retention periods).
10. Transmission of data to recipients
A transfer of your personal data to third parties without your consent does not take place, unless we are legally obligated to provide this data (for example, for information to law enforcement agencies and courts; information to public authorities that receive data due to statutory regulations, eg social security institutions , Financial authorities, etc.) or third parties required to enforce our professional secrecy claims.
11. Routine deletion and blocking
We process and store your personal data only if this is necessary to achieve the respective purpose. In addition, storage will only take place if legally longer storage periods are provided for. As soon as the storage purpose is omitted or the legal retention period expires, the personal data is routinely blocked or deleted.
12. Affected Rights
In the following, we would like to inform you about the other rights that you as the person concerned are entitled to in accordance with Art. 15-21 and Art. 77 Para. 1 EU-GDPR. To enforce these rights, you can contact us by e-mail to firstname.lastname@example.org.
i. Right of providing information:
In accordance with Art. 15 EU-GDPR you have the right to receive information about the data processing as well as a copy of the processed data. In this context, you also have the right to receive a copy of your personal data processed by us in accordance with Art. 15 para. 3-4 of the EU-GDPR.
If you would like to exercise this right, please send us an email with the subject "Request Data Information" to email@example.com
ii. Right to rectification
In accordance with Art. 16 EU-GDPR you have the right to demand that we correct or complete your personal data.
If you would like to exercise this right, please send us an email with the subject "Request Rectification" to firstname.lastname@example.org
iii. Right to delete
In accordance with Art. 17 (1) of the EU-GDPR, you have the right to demand deletion of your personal data from us. Insofar as we have published your personal data, you also have the right to demand from us in accordance with Art. 17 para. 2 EU-GDPR that we inform other persons responsible for your request to delete all links to and / or copies or replications of your personal data.
If you would like to exercise this right, please send us an email with the subject "Request Data Deletion" to email@example.com
iv. Right to restriction of processing
In accordance with Art. 18 EU-GDPR, you have the right to demand that we restrict the processing of your personal data.
If you would like to exercise this right, please send us an email with the subject "Request Restriction Data Processing" an firstname.lastname@example.org
v. Right to data portability
In accordance with Art. 20 EU-GDPR, you have the right to receive the personal data about you provided to us in a structured, common and machine-readable format and to request the transmission of this data to another controller.
If you would like to exercise this right, please send us an email with the subject "Request Data Transfer" to email@example.com
vi. Withdrawal of your consent
If you have given us consent to the processing of your personal data, you can revoke this consent at any time, in total or for individual processing purposes, without stating reasons.
Please note that a lawful processing of your personal data, which took place up to the time of your revocation, by this not retroactively becomes illegal.
If you would like to exercise this right, please send us an email with the subject "Revocation Data Usage" to firstname.lastname@example.org
In the event of your revocation of your consent to a particular service, you may no longer use the service; In addition, you will not suffer any disadvantages.
vii. Right to object
In accordance with Art. 21 EU-GDPR, you have the right to object to the processing of your personal data by us insofar as this is for the purpose of direct advertising and / or on the basis of a "legitimate interest" within the meaning of Art. 6 (1) p lit. f) EU-GDPR.
If you would like to exercise this right, please send us an email with the subject "Contradiction Data Usage" to email@example.com
13. Complaint to Regulators
You have the right, in accordance with Art. 77 para. 1 EU-GDPR, to file a complaint against the processing of your personal data by us with a supervisory authority if you believe that the processing of your personal data violates data protection regulations.
The competent supervisory authority for the state of Baden-Württemberg is the
Landesbeauftragter für Datenschutz und Informationsfreiheit Baden-Württemberg
Königstraße 10 a, 70173 Stuttgart
In addition, you have the option of asserting other remedies to which you are entitled (for example, in the case of courts or public authorities).