We, edding International GmbH (hereinafter referred to as “edding”), have written this privacy statement to inform you about the personal data we collect when you interact with our website, how these data are used and your options for influencing the way we collect, store and process data (hereinafter also referred to as “use”).
1. Responsibility and contact
The controller responsible for the use of personal data within the terms of the General Data Protection Regulation (hereinafter referred to as “GDPR”) is edding International GmbH, Bookkoppel 7, 22926 Ahrensburg, Germany, telephone +49 (0)4102 808-0, email@example.com.
The company’s data protection officer, Herr Andreas Daniel, can be reached via the contact details above.
If you would like to view or update personal data, or have questions about privacy in relation to our website, please email firstname.lastname@example.org or write to us at the above address.
2. Use of personal data
Personal data means any information relating to an identified or identifiable natural person (data subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2.1 Collection with your cooperation
We collect and store your personal data when you use this website if you provide us with such data voluntarily. We use such personal data without specific consent solely for the purpose of dealing with your request or question. You are free to choose whether to provide us with your data for the stated purposes. If the nature of your request or question permits, you can also interact with us anonymously, or by using a pseudonym. We will always obtain your express consent to use your personal data for other purposes (in particular for advertising).
In principle, we will only store your data for the length of time required to deal with your request or question. Data required for internal administrative purposes, in particular for commercial purposes and in order to defend legal claims, will not be erased until such data are no longer required for the purpose in question (legal basis is Art. 6 (1f) GDPR), but until that time will be barred from being used for any other purpose.
2.1.1 Email enquiries
If you send us an email, we will store your email address and any personal information that the message contains (legal basis is Art. 6 (1f) GDPR). We only do this in order to be able to deal with your enquiry, and we will erase the data in question once the data are no longer required. You may also assert your rights as a data subject (see point 5) at any time with regard to the processing of data; in particular, you can object to the corresponding processing of data.
2.1.2 Enquiries using the contact form
If you have contacted us using the contact form and have agreed the declaration of consent shown below, we will use your personal data as follows:
In order to process the form, the personal data you have entered in the corresponding entry fields of the contact form will be collected and stored.
Depending on the matter in question, this shall include the following personal data in particular:
- email address
- telephone number
Furthermore, you can compose a message to edding in the area of the contact form provided for this. If you enter any personal data as part of your message, these data will also be collected and stored.
These personal data are used exclusively in order to deal with your enquiry and are stored in the event that you have further questions. The enquiry may be forwarded by email to the relevant individual(s) within the company in order for us to be able to respond to your enquiry.
If you fill in the contact form or send an email to express interest in specific or general goods or services offered by edding, we will use the data you have provided so that we may advise you and, where necessary, send you information about these goods or services.
We use your personal data for the stated purposes on the basis of your consent (legal basis is Art. 6 (1a) GDPR). Furthermore, we store your IP address and the time at which you gave your consent to document the fact that you have given your consent.
On the website www.edding.com, edding provides a newsletter that contains news about products, services and promotions. We will use your personal data as follows if you subscribe to the newsletter and if you have consented to receiving the newsletter when you register:
When you subscribe to the newsletter, we will store your email address. Futhermore, you are able to submit your title, forename, surname and date of birth. The same applies to your interests. We use these data for internal statistical purposes and in order to personalise your newsletter.
We use what is known as the "double opt-in process" when you sign up for our newsletter. After you have signed up for our newsletter, we will send an email to the email address you have provided and will ask you to confirm that you have asked to receive the newsletter. If you confirm your subscription, the newsletter will be sent to your email address until further notice. If, on the other hand, you do not confirm your subscription, your registration will be automatically deleted after 48 hours.
We use your personal data for the stated purposes on the basis of your consent (legal basis is Art. 6 (1a) GDPR). Furthermore, when you sign up for and confirm your newsletter subscription, we store your IP address and the time at which you gave your consent to document the fact that you have given your consent.
We use MailChimp, a service of the Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA (hereinafter "MailChimp"), to structure the remaining content, distribute our newsletter and to analyse the response. We have concluded a data processing agreement with MailChimp for this purpose. This agreement ensures that MailChimp processes your personal data exclusively according to our instructions and in accordance with current data protection law. MailChimp is licensed under the EU-US Privacy Shield and therefore guarantees a level of data protection which corresponds to the standards of European laws on the protection of personal data.
If you sign up our newsletter, your email address and other personal data that you have given us in order to personalise the newsletter will therefore be stored on MailChimp's servers in the USA. MailChimp uses this information to send out our newsletters and to analyse user behaviour once the newsletter is received. MailChimp collects technical information when analysing use, in particular with regard to the browser used, the IP address and the time of download. MailChimp establishes whether and when a newsletter or the links it contains are opened. This information is used exclusively to make a better assessment of the expectations of the newsletter recipient and to adapt the content accordingly. In addition, it is also possible for MailChimp to use these data to optimise or improve its own services (for example, making newsletter distribution more efficient), by recording the language settings, location data or time zones. At no time will MailChimp write to you for its own ends using your personal data, or pass your data on to third parties.
The legal basis on which the newsletter is distributed is the consent for which provision is made in Art. 6 (1a) GDPR. We therefore use the services of MailChimp as our processor on the basis of the statutory consent given in accordance with Art. 6 (1f) GDPR. Our legitimate interest lies in the centrally coordinated offer of a legally compliant and interest-specific newsletter by a professional provider. If you no longer wish to receive the newsletter, you may cancel at any time (Art. 21 GDPR), or withdraw your consent (Art. 7 (3) GDPR) and thereby unsubscribe from the newsletter. To do so, click on the link that can be found in each newsletter. You will then be taken through the subscription cancellation process. Alternatively, you can cancel the newsletter by sending an email to email@example.com.
2.1.4 Ordering free samples
On the website www.edding.com/paintmarker edding offers free samples of the product „Paint marker“.
If you order such a sample, we will store the data you have entered into the input form (e-mail address, first and last name, company and address).
The legal basis of this data processing is the initiation or performance of the contract (Article 6 (1 b) GDPR). The data will be used exclusively for the ordering process. If you, in the context of the sample order, have given your consent to further contacting, the data provided by you will also be used for this purpose (see 2.1.5).
To fulfill our contractual obligations (in particular for the distribution of product samples) we cooperate with various subsidiaries of the edding group and distribution partners. We pass on your name as well as your address only for purposes of delivery of the product samples (Article 6 (1b) GDPR). These companies are obliged to comply with the applicable data protection regulations.
If the subsidiaries and distribution partners are based in countries outside the European Union, we will take appropriate security measures to protect your personal data. An appropriate security measure for example consists in an agreement with the recipient which includes the standard contractual clauses approved by the European Commission for the transfer of personal data to non-EU countries.
2.1.5 Direct advertisement
Based on your order of the sample “Paint marker” and provided that you have submitted a corresponding declaration of consent, we reserve the right to contact you in order to ask you about your experiences with the product and to submit further offers for the product itself and similar products and to advise you. Contacting will be done by the subsidiaries or distribution partner of the country from which you have placed the sample order.
We will pass your data to our subsidiaries and distribution partners, who are responsible for the respective countries from which you have placed the sample order. These companies are obliged to comply with the applicable data protection regulations.
If the subsidiaries and distribution partners are based in countries outside the European Union, we will take appropriate security measures to protect your personal data. An appropriate security measure for example consists in an agreement with the recipient, which includes the standard contractual clauses approved by the European Commission for the transfer of personal data to non-EU countries.
We use what is known as the "double opt-in process" when you have given your consent for further contacting. After you have given your consent for further contacting, we will send an email to the email address you have provided and will ask you to confirm that you have agreed in being contacted by us for direct advertisement. If you confirm, the direct advertising e-mail will be sent to your email address. If, on the other hand, you do not confirm, your registration will be automatically deleted after 48 hours.
We use your personal data for the aforementioned purposes on the basis of your consent (Article 6 (1a) GDPR). In order to document the submission of your consent, we also store your IP address and the time of submission of your consent. Your consent may be withdrawn at any time. To do so, please send an e-mail to firstname.lastname@example.org.
We use MailChimp, a service of the Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA (hereinafter "MailChimp"), for further content arrangement, distribution and analyse of the response of direct advertising e-mail. We have concluded a data processing agreement with MailChimp for this purpose. This agreement ensures that MailChimp processes your personal data exclusively according to our instructions and in accordance with current data protection law. MailChimp is licensed under the EU-US Privacy Shield and therefore guarantees a level of data protection which corresponds to the standards of European laws on the protection of personal data.
If you agree to us contacting you after ordering product samples, your e-mail address and any other personal data provided to us by you for personalizing the e-mail will therefore be stored on the servers of MailChimp in the USA. MailChimp uses this information to send the e-mail and to analyze user behavior upon receipt of the e-mail. MailChimp collects technical information when analysing use, in particular with regard to the browser used, the IP address and the time of download. MailChimp establishes whether and when an e-mail or the links it contains are opened. This information is used exclusively to make a better assessment of the expectations of the recipient and to adapt the content accordingly. In addition, it is also possible for MailChimp to use these data to optimise or improve its own services (for example, making newsletter distribution more efficient), by recording the language settings, location data or time zones . At no time will MailChimp write to you for its own ends using your personal data, or pass your data on to third parties.
We use the services of MailChimp as a contract processor based on the statutory provisions of Article 6 (1f) GDPR. Our legitimate interest is the use of an efficient, secure and user-friendly system from a professional provider for sending personalised direct mail. You may object to the use of MailChimp as a service provider at any time by sending us an informal message (Art. 21 DSGVO). In this case we will not be able to offer our service to you.
2.2 Collection of data without your cooperation
We collect and use personal data generated automatically by your visit to our website in order to provide our services. The authoritative legal basis for this analysis of user behaviour is section 15 (3) of the German Telemedia Act [Telemediengesetz] and Art. 6 (1f) GDPR. Our legitimate interest lies in offering a user-friendly service, optimising our product to meet our customers’ expectations, for example by tracking how users reach our website, the content that is of interest when they do and how much time is spent viewing it. We can then offer products that correspond more specifically to interests on this basis.
2.2.1 Log files and (session) cookies
Whenever you visit our website, our server temporarily notes your computer’s IP address, the client’s file request (filename and URL) and the http status code, as well as the website from which you have visited us, in what are known as log files. We store your IP address for seven days to highlight abuse (spam, virus, worms, etc.) and to identify and rectify problems.
Furthermore, our website uses “cookies” in several places, designed to make our products more user-friendly and efficient. Cookies are small text files which do not contain any personal data. These are placed on your computer and stored by your browser. These data are not combined with other data sources. Most of the cookies we use are “session cookies” and are deleted once you finish browsing.
Cookies do not damage your computer per se and do not contain viruses. You can set your browser so that it does not accept cookies at all or so the cookies are deleted at the end of your browser session. Please note that you may not be able to use all of our website’s functions if you do so.
2.2.2 Cookies for web analytics
You can prevent cookies from being accepted by adjusting your browser settings accordingly. We must, however, point out that if you do so you might not be able to use all our website’s functions in full. You can further prevent Google’s collection and processing of the aforementioned data by downloading and installing a browser plug-in provided by Google. edding also offers an opt-out cookie which also prevents the collection and processing of data by Google when you visit our website in future. Click on the button below this text to install the opt-out cookie. The opt-out cookie only applies to the specific browser used and only to our website and is stored on your device. If you delete cookies in this browser, you will have to install the opt-out cookie again.
This website uses the Google Analytics “Demographics and Interests reporting” function. This allows the generation of reports containing data about the age, gender and interests of the website visitors. Such data are obtained from Google's interest-related advertising and from visitor data from third-party providers. The data cannot be attributed to any specific person. You can deactivate this function at any time using the display settings in your Google account, or you can prevent Google Analytics from collecting your data by clicking on the button below. This sets an opt-out cookie that prevents the collection of your data during any future visits to this website.
Please visit Google Analytic’s website for further information.
In order to better understand what content on our website is of interest to our users and what we can improve, we use a tool from elbWalker GmbH, Harburger Schloßstraße 6- 12, 21079 Hamburg, Germany. This tool is an extension to Google Analytics and allows us, for example, to find out how far our users scroll down our pages and which buttons they click during their visit on our website. The collected data is transferred to servers of the Google Cloud platform in Europe and stored there. You can find more information about the tool used at https://www.elbwalker.com/. You can object to data processing by setting an "opt-out cookie" in your browser. You can find this opt-out cookie further down. It is the same opt-out cookie as for Google Analytics. Data processing is carried out in accordance with Art. 6 para. 1 f) DSGVO. Our legitimate interest lies in the improvement of our online service.
2.2.3 Web analytics by Facebook Pixel
We have integrated the analysis tool Facebook Pixel on our website. Facebook Pixel is a product of Facebook. Outside the USA and Canada, the contractual partner and service provider is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
Facebook Pixel is a short program code that we as the operator of this online service integrate on our website in order to measure and improve the effectiveness of our advertising measures. Further, Facebook Pixel helps us to make our advertising more interesting and to address exactly those people who are interested in our products.
The Facebook Pixel service enables Facebook to define people who have visited our website as a target group for ads on Facebook ("Facebook Ads"). Thus, Facebook Pixel helps us to display our Facebook Ads only to Facebook users who are probably interested in our products because they have already visited our website or because they have already shown interest in similar topics, products or websites (Facebook calls these target groups "Custom Audiences"). It is also possible for Facebook itself to display targeted advertising outside the Facebook website using the information obtained from Facebook Pixel.
Furthermore, Facebook Pixel provides us with information about so-called "Conversions". In the technical language of online marketing "Conversion" generally means the transformation of the status of one person into another. Conversion is, for example, when a website visitor "converts" into a customer by purchasing a product on the website. Through the statistical information on the conversions, we can further improve the design of our online service. You can find more information about Facebook Pixel here: https://en-gb.facebook.com/business/help/742478679120153.
We do not have access to personal data collected and processed via the Facebook Pixel service. Facebook only provides us as the operator of this website only with statistical data for evaluation of our marketing measures. This information does not allow us to identify specific individuals.
We have integrated the Facebook Pixel service in such a way that Facebook only processes the data collected by Facebook Pixel itself. We do not provide Facebook with any information about our customers. According to Facebook, Facebook Pixel collects the following types of data (see https://en-gb.facebook.com/business/gdpr):
- Http Headers – Anything present in HTTP headers. HTTP Headers are a standard web protocol sent between any browser request and any server on the internet. HTTP Headers include IP addresses, information about the web browser, page location, document, referrer and person using the website.
- Pixel-specific Data – Includes Pixel ID and the Facebook Cookie.
- Button Click Data – Includes any buttons clicked by site visitors, the labels of those buttons and any pages visited as a result of the button clicks.
- Optional Values – Developers and marketers can optionally choose to send additional information about the visit through conversion tracking. Example custom data events are conversion value, page type, and more.
Facebook itself processes the data collected by Facebook Pixel. We do not know the exact use of the data by Facebook. As the operator of this website, we cannot influence the processing of data by Facebook itself. However, we assume that Facebook also uses the data collected through Facebook Pixel for its own purposes according to its data policy (https://www.facebook.com/policy.php).
When using the Facebook Pixel service, the legal basis for data processing is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest in data processing lies in optimising our online service as well as our advertising measures in order to enable us to provide our users with relevant content in which they are interested.
You can prevent the Facebook Pixel service from collecting and processing your data by disabling Facebook Pixel. To do this, click on the following link with the text "Disable Facebook Pixel". When you click on this link, a setting is set in your Internet browser, which prevents the activity of Facebook Pixel.
However, the deactivation of Facebook Pixel via the link only applies to our website and only within the browser used to click on the link. The deactivation ends when you delete the opt-out setting from your browser.
You can find general information on data protection at Facebook in the Facebook data policy under the following link: https://www.facebook.com/policy.php. You can manage your personal settings for advertisements on Facebook at https://www.facebook.com/ads/settings. In case you do not have a Facebook account, you can use http://www.youronlinechoices.com/uk/your-ad-choices or http://optout.aboutads.info/ to set your preferences about what advertising content is displayed to you.
3. Forwarding of data
Some data may have to be forwarded to comply with contractual and statutory requirements:
3.1 Forwarding to external service providers
Service providers come into contact with our customers’ personal data only within the scope of data processing. There is express legal provision for this (Art. 6 (1f) GDPR in conjunction with Art. 28 GDPR) in accordance with our legitimate interest in offering our services on a more user-friendly, secure and more operationally meaningful basis.
In this case, too, edding remains responsible for protecting your data. The service provider works exclusively in line with our instructions, which we ensure through strict contractual regulations, technical and organisation measures and additional checks.
3.2 Forwarding on the basis of statutory obligations
We reserve the right to disclose your personal data if we are obliged to do so by law, or if we are asked to provide such information by officials or prosecution authorities. Beyond this, we do not pass any data on to third parties.
4. Data processing location and data security
In principle, your data are processed in Germany. In individual cases, the data may also be processed outside Germany if permitted by law. We have taken comprehensive, state-of-the-art technical and organisational safety measures in accordance with European data protection law (Art. 32 GDPR) to protect your data from unauthorised access and abuse.
5. Rights of the data subject
You can request information about the scope, origin and recipients of the stored data and the reason for which such data are stored, free of charge, at any time (Art. 15 GDPR). You can ask for incorrect data to be rectified at any time (Art. 16 GDPR). You also have the option of receiving the personal data relating to you in a structured, commonly-used and machine-readable format (Art. 20 GDPR). You can object to the use of your personal data in future (Art. 21 GDPR), request partial or complete erasure (Art. 17 GDPR), restrictions on the processing thereof or blocking (Art. 18 GDPR).
We will verify your request and comply with it, provided there is no other statutory basis for processing. We will inform you of the outcome.
No special format is required when asserting your right to information. Send an email to email@example.com or a letter to the above address.
You will find detailed information about this website's provider in our legal notice.