1. Information on data protection when using the website
In the following, we inform you about the collection of personal data when using our website. We process your personal data in compliance with the provisions of the European General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and all other laws on the processing of personal data that are relevant to us.
2. Controller of the processing under data protection law
YOU MAWO GmbH, Macairestraße 3, 78467 Konstanz, Germany, represented by its managing directors Sebastian Zenetti and Daniel Miko, is responsible for the provision of the website and the processing described in this data protection information (“YOU MAWO”). You can contact YOU MAWO by telephone on +49 7531 945 45 35 and electronically via the e-mail address hello@1of1eyewear.com.
3. Contact details of the data protection officer
The data protection officer of YOU MAWO is Matthias Herkert, Steuerberater und Rechtsanwaltskanzlei reichert & reichert, Max-Porzig-Str. 1, 78224 Singen, Germany. You can reach the YOU MAWO data protection officer by telephone and post via the contact details of the controller, electronically via the email address datenschutz@reichert-reichert.de.
4. Purposes and legal bases of data processing when using the website
4.1 Informational use of the website
You can visit the website without having to provide any personal data. If you use the website purely for information purposes, YOU MAWO processes log data (Section 5.1) and identification data (Section 5.4). The legal basis for this is the legitimate interest of YOU MAWO pursuant to Art. 6 para. 1 subpara. 1 lit. f GDPR to make the use of the website available to you. The provision of this data is not required by law or contract, but if it is not provided, it will not be possible to use the website. The personal data will not be used for automated decisionmaking, including profiling.
For the hosting of our website and the technical support for its operation, data is transferred to Google Ireland Limited as a processor of YOU MAWO within the meaning of Art. 4 No. 8 GDPR. A contract has been concluded with the processor for the processing of personal data on behalf of Art. 28 GDPR.
4.2 Making contact via the website
When you contact YOU MAWO by email, YOU MAWO only processes communication data (Section 5.2). The legal basis for this is Art. 6 para. 1 subpara. 1 lit. b GDPR if the contact or correspondence is aimed at the conclusion of a contract or the execution or fulfilment of a contract to which you are a party. In all other cases, YOU MAWO’s legitimate interest in conducting the conversation initiated by your contact within the meaning of Art. 6 para. 1 subpara. 1 lit. f GDPR is the legal basis for processing. The provision of this data is not required by law or contract. The personal data is not used for automated decision-making, including profiling.
For the exchange of electronic correspondence, data is transferred to Google Ireland Limited as a processor of YOU MAWO within the meaning of Art. 4 No. 8 GDPR. A contract has been concluded with the processor for the processing of personal data on behalf of Art. 28 GDPR.
The personal data collected in connection with the establishment of contact and any subsequent correspondence will be deleted by YOU MAWO six years after the end of the year in which the correspondence was terminated. Correspondence with you is generally deemed to have ended when it can be inferred from the circumstances of the correspondence that the person concerned is no longer interested.
4.3 Improvement and further development of the website
YOU MAWO may process log data (Section 5.1) and usage data (Section 5.3) to improve and further develop the website and its functions. The legal basis for the processing is your previously given consent in accordance with Art. 6 para. 1 subpara. 1 lit. a GDPR. The provision of this data is not required by law or contract; you will not suffer any disadvantages if you do not give your consent to the processing. The personal data will not be used for automated decision-making, including profiling.
The stored data will be deleted or anonymised as soon as processing is no longer necessary. This is usually the case after seven days at the latest.
4.4 Ensuring the security of the website and the IT infrastructure used
YOU MAWO may process log data (Section 5.1) and identification data (Section 5.4) to ensure the IT security of the website and the IT infrastructure used. The legal basis for this is the legitimate interest of YOU MAWO pursuant to Art. 6 para. 1 subpara. 1 lit. f GDPR to ensure security, confidentiality, integrity, availability and resilience of the website and the IT infrastructure appropriate to the risk of processing, in particular for preventive IT security as well as for the detection, elimination and evidence-proof documentation of faults and incidents. The provision of this data is not required by law or contract, but if it is not provided, it will not be possible to use the website. The personal data is not used for automated decision-making, including profiling.
The personal data processed in connection with ensuring the security of the website and the IT infrastructure used is regularly deleted after the respective security-relevant event has been fully checked and clarified, unless there is a legal basis for further processing by YOU MAWO in individual cases.
4.5 Registration and receipt of newsletters
You can register to receive newsletters from YOU MAWO via the website. In this case, YOU MAWO processes the correspondence data provided by you for receipt (Section 5.5) as well as the log data (Section 5.1) and identification data (Section 5.4) required for proof of consent. The legal basis for the processing for sending the newsletter is your consent in accordance with Art. 6 para. 1 subpara. 1 lit. a GDPR, the legal basis for the processing of the required identification and log data is the legal obligation of YOU MAWO to prove the legality of the newsletter dispatch in accordance with Art. 6 para. 1 subpara. 1 lit. c GDPR. The provision of this data is not required by law or contract, but if it is not provided, it will not be possible to send newsletters. The personal data will not be used for automated decision- making, including profiling.
To send the newsletter, data is transferred to The Rocket Science Group, LLC as a processor of YOU MAWO within the meaning of Art. 4 No. 8 GDPR. A contract has been concluded with the processor for the processing of personal data in accordance with Art. 28 GDPR. The permissibility of the data transfer is based on the existence of adequacy decisions in accordance with Art. 45 GDPR and on the data protection regulations issued by the European Commission.
4.6 Playback of video files
A YouTube video can be played via the website. The online service YouTube is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland (“Google”). The video is available under the link https://www.youtube.com/watch? v=8qnJlmB1NBc&list=TLGGetdhRx25z3MyMzA2MjAyMw&t=6s&ab_channel=OneOfOne and is integrated directly into the website via a plug-in. YOU MAWO uses the embedded YouTube video to provide insights, impressions and information about its products and product benefits. The video file is integrated in “extended data protection mode”, i.e. no data about you is transferred to YouTube if you do not play the video. Only when you actively play the video will log data (section 5.1) and identification data (section 5.4) be transmitted. The legal basis for the processing is the legitimate interest of YOU MAWO pursuant to Art. 6 para. 1 subpara. 1 lit. f GDPR to provide information about its products, innovations and services and to make the offer more interesting and user-friendly for users of the website as a whole and thus to pursue its business interests. The provision of data from the displayed data categories is not required by law or contract. However, it is not possible to play the video file without providing the data. The personal data will not be used for automated decision-making, including profiling.
When using YouTube, data is transmitted to Google Ireland Limited. This may also result in data being transferred to and processed on servers in the USA. From a data protection perspective, the USA is a country without an adequate level of data protection. You can find Google’s terms of use at https://www.google.de/intl/en/policies/terms/regional.html and YouTube’s terms of use at https://www.youtube.com/t/terms. Information on data protection in connection with the use of YouTube can be found at https://policies.google.com/privacy?hl=en.
4.7 Cooperation with authorities, government agencies and courts
In order to cooperate with authorities, government agencies or courts to the extent required by law, YOU MAWO may process all the categories of personal data listed above. The legal basis for this is the legal obligation of YOU MAWO to fulfil the respective national law or the law of the European Union or its member states in accordance with Art. 6 para. 1 subpara. 1 lit. c GDPR or the legitimate interest of YOU MAWO in the fulfilment of your legal obligations in countries outside the European Union in accordance with Art. 6 para. 1 subpara. 1 lit. f GDPR. The personal data will not be used for automated decision-making, including profiling.
The personal data processed in connection with cooperation with authorities, government agencies or courts will be deleted as soon as they are no longer required to achieve the purpose of processing and provided that there are no legal provisions to the contrary. In these cases, your data will be deleted when the legal obligation no longer applies and after any resulting claim periods have expired.
4.8 Assertion, exercise or defence of legal claims
For the assertion, exercise or defence of legal claims against you or against third parties, YOU MAWO may process all the categories of personal data listed above. The legal basis for this is YOU MAWO’s legitimate interest in the defence against unjustified claims and in the assertion and enforcement of claims and rights in accordance with Art. 6 para. 1 subpara. 1 lit. f GDPR. The personal data will not be used for automated decision-making, including profiling. For the aforementioned purposes, data may be transferred to courts, lawyers, law firms and authorities within and outside the EU and the EEA.
The personal data processed in connection with the assertion, exercise or defence of legal claims will be deleted as soon as they are no longer required to achieve the purpose of processing and provided that there are no legal provisions to the contrary. In these cases, your data will be deleted when the legal obligation no longer applies and after any resulting claim periods have expired.
4.9 Scan
With our app, scans can be made. For this, we use the TrueDepth API of Apple. As soon as a new scan is made, the old one gets deleted. Only, when a session is created or an order is placed does the scan get uploaded to our own servers in order to create the custom production files of the frames based on the scan. The scans are stored encrypted on the servers – there is no possibility of direct access to this data from the outside. We don’t share the scan with any other company and only a few people at our own company have access to it in order to create the production files. If the user wants the scan to be deleted he/she can contact us via hello@youmawo.com.
5. Categories of personal data processed
5.1 Log data
The category of “log data” includes the date and time of connection establishment, version and type of operating system and browser of the terminal device used, access token used, amount of data transferred, HTTP referrer and domain and sub-websites accessed via an accessing system.
5.2 Communication data
The category of “communication data” includes the email address you use for communication as well as the content of the communication and correspondence you have with YOU MAWO.
5.3 Usage data
The category of “usage data” includes information on visits to individual sites and sub-sites, date and time of the last visit, information on the time spent on individual sites and sub-sites, information on the extent and duration of the use of functions, information on website crashes during use.
5.4 Identification data
The category of “identification data” includes the Internet Protocol address (IP address) of the end device used, device ID, user ID, app instance ID and other identification features set by cookies that make it possible to identify data subjects or the end devices used by the data subjects.
5.5 Correspondence data
The category of “correspondence data” includes the potentially personal e-mail address.
6. Social media links on the website
On the YOU MAWO website you will find social media buttons for LinkedIn. Behind these buttons are only hyperlinks. During your visit to the YOU MAWO website, no data is transferred to the respective social media providers. Only when you click on one of the buttons will the respective page open in a separate window and you will be redirected.
7. AppStore links on the website
On the YOU MAWO website you will find a button to the AppStore of the US company Apple Inc. behind this button is only a hyperlink. No data is transferred to Apple Inc. during your visit to the YOU MAWO website. Only when you click on the button will the page open and you will be redirected.
When using the Apple Inc. app store, data is transmitted to and processed on servers in the USA. From a data protection perspective, the USA is a country without an adequate level of data protection. You can view the data protection information of Apple Inc. at https://www.apple.com/legal/privacy/en-ww/.
8. Information on the use of cookies
In addition to the data specified in section 4, cookies are stored on your end device (client) when you use the website. Cookies are small text files that cannot execute programs or transmit viruses or malicious code. YOU MAWO uses cookies to enable the website to be accessed and displayed correctly and to make it easier and more effective to use. Cookies are also used to improve the quality of the website and its content. Through the analysis cookies used, YOU MAWO learns how the website is used, for example to optimize the offer. Some functions of the website cannot be offered without the use of cookies.
The storage period of the identification features set by cookies and the legal basis for data processing are described in the cookie policy.
9. Rights of data subjects affected by data processing
As a data subject, you have the following rights under data protection law in relation to the processing of personal data concerning you described in Section 4 vis-à-vis YOU MAWO in the cases and to the extent provided for by law, and you can contact YOU MAWO using the contact information provided in Section 1 to exercise these rights:
Right of access: Art. 15 GDPR standardizes the right to request confirmation from the controller as to whether the controller is processing the applicant’s personal data and what personal data is involved, as well as to receive a copy of the personal data concerned.
Right to rectification: Art. 16 GDPR enables the data subject to obtain from the controller without undue delay the rectification of inaccurate personal data and the completion of missing personal data.
Right to erasure: Art. 17 GDPR contains the data subject’s right to erasure in the cases and to the extent provided for by law.
Right to restriction of processing: Art. 18 GDPR stipulates that the data subject may request the controller to restrict the processing of their data under the legal conditions, so that further processing is only permitted in the legally standardized cases.
Right to restriction of processing: Art. 18 GDPR stipulates that the data subject may request the controller to restrict the processing of their data under the statutory conditions, so that further processing is only permitted in the cases standardized by law.
Right to data portability: Art. 20 GDPR regulates the right of the data subject to receive personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from the controller or to have the personal data transmitted directly from one controller to another.
Right to lodge a complaint with a supervisory authority: Art. 77 GDPR standardizes the right of every data subject to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to them infringes the provisions of the GDPR.
Right to object: Art. 21 GDPR gives the data subject the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Art. 6(1)(1) GDPR. The controller will then no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims. Data subjects also have the right to object at any time to the processing of personal data concerning them for the purpose of direct marketing. If the data subject objects to processing for direct marketing purposes, the personal data will no longer be processed for these purposes.
Right to withdraw consent: Art. 7 para. 3 GDPR regulates the right of data subjects to withdraw their consent at any time. The personal data covered by the consent will then no longer be processed by the controller. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
The full scope of the respective statutory rights of data subjects can be found in the above-mentioned articles, which can be accessed via the hyperlink http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679.