GDPR

Privacy policy

1. Data protection at a glance

General

The following policy gives you a simple overview of what happens to your personal data when you visit our website. Personal data is all data that could be used to identify you personally. For more detailed information on data protection, please see our privacy policy below.

Data collection on our website

Who is responsible for data collection on this website?

Data is collected on this website by the website operator. Please see the website’s legal notice for the operator’s contact details.

How do we collect your data?

One way that your data is collected is by you giving it to us. This may be data that you enter into a contact form.

Other data is automatically collected by our IT systems when you visit our website. This primarily encompasses technical data (e.g. internet browser, operating system or time of access). This data is collected automatically as soon as you open our website.

How do we use your data?

Some of the data is collected in order to guarantee error-free provision of the website. Other data may be used to analyse your user behaviour.

What rights do you have regarding your data?

You have the right to be informed free of charge regarding the origin, recipient and purpose of your saved personal data. You also have the right to request the rectification, restriction of access or deletion of this data. You can use the address provided in the legal notice to contact us with any questions on the issue of data protection at any time. Furthermore, you also have the right to complain to the responsible supervisory authority.

2. General and mandatory information

Data protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and comply with statutory data protection regulations as well as upholding this privacy policy.

When you use this website, various personal data is collected. Personal data is data that could be used to identify you personally. This privacy policy explains what data we collect and why we use it. It also explains how and for what purpose this takes place.

We must inform you that transferring data online (e.g. communication via email) can come with security breaches. It is not possible to completely protect data from third party access.

Controller

The controller for data processing on this website is:

S.Mile GmbH
Christian Peucker
Ickerner Str. 3a

45731 Waltrop

Telephone: +49 2309 78 53 510
Email: info@smile-gmbh.eu

The controller is the natural or legal entity that either solely or jointly with others decides the purposes and means of processing personal data (e.g. name, email address etc.).

Revoking consent for data processing

Many data processing operations are only possible with your express permission. You can revoke any consent granted at any time. An informal email to us is sufficient to do so. The legality of data processing up to the point of revocation remains unaffected by the revocation.

Right to complain to the responsible supervisory authority

If there are violations of data protection law, the affected party has the right to complain to the responsible supervisory body. The responsible supervisory body in matters of data protection is the State Information Commissioner in the state where our company is based. A list of Information Commissioners and their contact information can be found here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Right to data portability

You have the right to have the data that we process automatically based on your consent, or to fulfil a contract, provided to you or a third party in a standard, machine-readable format. Insofar as you request direct data transfer to a different controller, this shall only take place insofar as technically possible.

SSL/TLS encryption

This site uses SSL/TLS encryption for security reasons and to protect the transfer of confidential data such as orders or requests sent to us as the site operators by you. You can identify an encrypted connection by the ‘http://’ in the URL bar in your browser changing to ‘https://’ as well as the lock symbol.

When SSL/TLS encryption is activated, the data you transfer to us cannot be accessed by third parties.

Encrypted payments on this website

If the formation of a paid contract results in an obligation to provide us with your payment data (e.g. bank account details for a direct debit), this data is required in order to process payment.

Payments are only taken via standard payment methods (Visa/MasterCard, direct debit) over an encrypted SSL/TLS connection. You can identify an encrypted connection by the ‘http://’ in the URL bar in your browser changing to ‘https://’ as well as the lock symbol.

When communication is encrypted, your payment data transferred to us cannot be read by third parties.

You have the following rights as the data subject:
* in accordance with article 15 of the GDPR, and to the scope outlined herein, the right to request information from us about your personal data processed by us;
* in accordance with article 16 of the GDPR, the right to request the immediate correction or completion of your personal data saved by us;
* in accordance with article 17 of the GDPR, the right to request that we delete the personal data we have saved about you, insofar as further processing is not required to
– exercise the right to freedom of speech and/or information;
– fulfil a legal obligation;
– uphold grounds in the public interest or
– exercise,
enforce or defend legal claims;
* in accordance with article 18 of the GDPR, the right to request the restriction of processing of your personal data insofar as
– you are disputing the correctness of the data;
– the processing is unlawful but you do not wish it to be deleted;
– the data is no longer required but you need it to exercise, enforce or defend legal claims or
– in accordance with article 21 of the GDPR, you have objected to the processing;
* in accordance with article 20 of the GDPR, the right to request your personal data as submitted to us by you in a structured, standard machine-readable format or to request transfer to another controller;
* in accordance with article 77 of the GDPR, the right to
complain to a supervisory authority. In
general, you can
contact the supervisory body
for your regular place of residence of work or the body for our company’s headquarters
to this end.

Objection to promotional emails

We hereby object to the use of contact data provided as part of our obligation to publish certain information for the unsolicited sending of promotional or informational materials. The website operators expressly reserve the right to take legal action in the case of unsolicited promotional information being sent, e.g. through spam emails.

3. Data collection on our website

Cookies

This website uses cookies. Cookies do not cause any damage to your computer and do not contain viruses. Cookies serve to make our online presence more user-friendly, effective and secure. Cookies are small text files that are transferred to your computer and saved to your browser.

Most of the cookies we use are session cookies. These are automatically deleted at the end of your visit. Other cookies stay stored on your end device until you delete them. These cookies let us recognise your browser on your next visit.

You can set your browser up so that you are informed about the storage of cookies or so that cookies are only allowed in certain cases, cookies are automatically allowed within certain parameters or generally not allowed, and so that cookies are automatically deleted when you close your browser. If you deactivate cookies, this website’s function may be limited.

Cookies required to carry out the electronic communication process or provide certain functions desired by you (e.g. basket function) are stored on the basis of article 6 paragraph 1 f of the GDPR. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimised provision of their services. Insofar as other cookies (e.g. cookies to analyse your internet use) are stored, these will be covered separately in this privacy policy.

Server log files

The website provider automatically collects and stores information in server log files automatically sent to us from your browser. These encompass:

  • Browser type and version
  • Operating system used
  • Referrer URL
  • Host name of accessing computer
  • Time of server request
  • IP address

This data is not consolidated with other data sources.

The basis for the data processing is article 6 paragraph 1 f of the GPDR, which permits the processing of data to fulfil a contract or precontractual measures.

Contact form

If you send us requests using the contact form, the data you entered in the form will be stored along with the contact data you provided for the purpose of processing your request and in case of any follow-up questions. We will not pass on this data without your permission.

The data entered into the contact form is therefore processed exclusively based on your consent (article 6 paragraph 1 a of the GDPR). You can revoke this consent at any time. An informal email to us is sufficient to do so. The legality of data processing up to the point of revocation remains unaffected by the revocation.

The data you entered into the contact form shall remain stored by us until you request its deletion, revoke your consent for its storage or the purpose of data storage is no longer valid (e.g. if your request has been processed in full). Mandatory statutory regulations – especially retention periods – remain unaffected.

Registration on this website

You can register on our website in order to use all of the site’s additional functions. We use the data submitted to this end only for the purpose of using the relevant service for which you signed up. The required fields requested during registration must be completed. Otherwise, we will reject the registration.

For important changes, such as to the scope of services, or technically necessary changes, we use the email address provided upon registration to keep you informed.

The processing of the data provided upon registration is based on your consent (article 6 paragraph 1 a of the GDPR). You can revoke any consent granted at any time. An informal email to us is sufficient to do so. The legality of data processing up to the point of revocation remains unaffected by the revocation.

Data collected upon registration is saved by us for as long as you are registered with our website, and will be deleted afterwards. Statutory retention periods remain unaffected.

Processing data (customer and contractual data)

We collect, process and use personal data only insofar as this is required for the foundation, organisation or changing of the legal relationship (inventory data). This takes place on the basis of article 6 paragraph 1 b of the GPDR, which permits the processing of data to fulfil a contract or precontractual measures. We only collect, process and use personal data regarding the use of our website (usage data) insofar as this is required in order to allow the user to use the services or for billing purposes.

The collected customer data is deleted once the request has been completed or the business relationship has ended. Statutory retention periods remain unaffected.

Data transfer upon formation of contract for online shops, retailers and goods shipping

We only transfer personal data to third parties when this is necessary within the framework of contract processing, e.g. to the company tasked with delivering goods or processing payment. Data is only further transferred if you have granted your express permission. Your data is not passed on to third parties without express permission, e.g. for advertising purposes.

The basis for the data processing is article 6 paragraph 1 b of the GPDR, which permits the processing of data to fulfil a contract or precontractual measures.

4. Analysis tools and advertising

Google reCAPTCHA

We use ‘Google reCAPTCHA’ (hereafter ‘reCAPTCHA’) on our website. This service is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (‘Google’).

The intention of reCAPTCHA is to establish whether the data entered on our website (e.g. in a contact form) has been submitted by a human or an automated programme. To this end, reCAPTCHA analyses the behaviour of website visitors using certain characteristics. This analysis begins automatically, as soon as the website visitor views the website. For the analysis, reCAPTCHA assesses various information (e.g. IP address, time spent on the website or the user’s mouse movements). The data collected as part of the analysis will be forwarded to Google.

reCAPTCHA analysis take place in the background. Website visitors are not informed that any analysis is taking place.

Data processing is based on article 6 paragraph 1 f of the GDPR. The website operator has a legitimate interest in protecting their online presence from the misuse of automated reconnaissance and from spam.

Follow these links to find out more about Google reCAPTCHA and Google’s privacy policy: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.

5. Newsletter

Newsletter data

If you would like to receive the newsletter offered on the website, we need your email address as well as information to help us check that you are the owner of the email address and consent to receiving the newsletter. Further data is not collected or shall only be collected with consent. We exclusively use this data to send the requested information and will not pass this on to third parties.

The data entered into the newsletter subscription form is processed exclusively based on your consent (article 6 paragraph 1 a of the GDPR). You can revoke your permission for the storage of your data, your email address, as well as its use for sending the newsletter at any time, e.g. via the ‘unsubscribe’ link in the newsletter itself. The legality of data processing up to the point of revocation remains unaffected by the revocation.

The data submitted by you for the purpose of receiving the newsletter will be stored until you unsubscribe from the newsletter and deleted once you have unsubscribed. Data saved by us for other purposes (e.g. email addresses for member pages) remain unaffected.

6. Plugins and tools

YouTube

Our website uses plugins from YouTube, a website operated by Google. The website operator is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

If you visit one of our pages equipped with a YouTube plugin, a connection will be created to YouTube servers. The YouTube server will be informed as to which of our pages you have visited.

If you are logged into your YouTube account, you are letting YouTube directly allocate your internet use to your personal profile. You can prevent this by logging out of your YouTube account.

The use of YouTube is based on the interest in suitably displaying our online presence. This encompasses a legitimate interest in the sense of article 6 paragraph 1 f of the GDPR.

Further information on the handling of user data can be found in YouTube’s privacy policy at: https://www.google.de/intl/de/policies/privacy.

Google Web Fonts

This website uses Web Fonts provided by Google in order to consistently display fonts. When you visit a page, your browser loads the necessary Web Fonts into your browser cache in order to correctly display text and fonts.

To this end, your browser must form a connection to Google servers. This informs Google that your IP address has visited our website. The use of Google Web Fonts is based on the interest in suitably and consistently displaying our online presence. This encompasses a legitimate interest in the sense of article 6 paragraph 1 f of the GDPR.

If your browser does not support Web Fonts, then your computer will use a standard font.

You can find out more about Google Web Fonts at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://www.google.com/policies/privacy/.

7. Payment providers

PayPal

On our website, we offer the option of paying via PayPal. This payment service is provided by PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereafter ‘PayPal’).

If you select payment via PayPal, the payment data you enter will be transferred to PayPal.

Your data is transferred to PayPal on the basis of article 6 paragraph 1 a of the GDPR (consent) and article 6 paragraph 1 b of the GDPR (processing to fulfil a contract). You have the option of revoking your consent for data processing at any time. Revocation does not impact the validity of data processing already carried out.

8. SEAL WITH REVIEWS

Embedding of the Trusted Shops Trustbadge

In order to display our seal from Trusted Shops and any reviews as well as Trusted Shops’ offer of products for buyers after placing an order, the Trusted Shops Trustbadge is embedded into this website.

This serves to uphold our overriding legitimate interest in optimal marketing through allowing a safe purchase as under article 6 paragraph 1 sentence 1 f of the GDPR. The Trustbadge and services offered through it are provided by Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne. The Trustbadge is provided as part of order processing through a CDN (content delivery network) provider. Trusted Shops GmbH also uses service providers from the USA. A reasonable level of data protection is ensured. You can find more information about Trusted Shops GmbH’s data protection policies here: https://www.trustedshops.de/impressum/#datenschutz

If the Trustbadge is used, the web server automatically saves a server log file containing your IP address, date and time of request and amount of data transferred as well as the requesting provider (access data), and documents the request. Individual access data is saved in a security database for the analysis of security anomalies. The log files are automatically deleted no later than 90 days after their creation.

Further personal data is transferred to Trusted Shops GmbH if you decide to use Trusted Shops products after placing an order or have already signed up for such use. The contractual agreement formed between you and Trusted Shops applies. To this end, personal data is automatically collected from the order data. Whether you are already registered for product use as a buyer is automatically reviewed using a neutral parameter, an email address hashed using a one-way cryptological process. The email address is turned into a hash value before transfer to Trusted Shops, who cannot undo the encryption. After checking for a match, the parameter will be automatically deleted.

This is required to fulfil our and Trusted Shops’ overriding legitimate interest in providing buyer protection coupled with a specific order and transactional review services in accordance with article 6 paragraph 1 sentence 1 f of the GDPR. Further details, including regarding revocation, can be taken from the Trusted Shops privacy policy as linked above and via the Trustbadge.