Datenschutz

Below, we inform you about the processing of personal data when using our website www.jellogo.com and our social media profiles. Personal data is any data that can be related to a specific natural person, e.g., their name or IP address.

The scope of data processing, processing purposes, and legal bases are explained in detail below. The following are generally possible legal bases for data processing:

• Article 6 paragraph 1 sentence 1 letter a GDPR serves as our legal basis for processing operations for which we obtain consent.
• Article 6(1)(b) GDPR is the legal basis insofar as the processing of personal data is necessary for the performance of a contract, e.g., when a website visitor purchases a product from us or we perform a service for them. This legal basis also applies to processing necessary for pre-contractual measures, such as inquiries about our products or services.
• Article 6(1)(c) GDPR applies if we fulfill a legal obligation by processing personal data, as may be the case, for example, in tax law.
• Article 6(1)(f) GDPR serves as the legal basis when we can rely on legitimate interests for the processing of personal data, e.g. for cookies that are necessary for the technical operation of our website.

Insofar as we transfer data to service providers or other third parties outside the EEA, the security of the data during the transfer is guaranteed, where available (e.g. for Great Britain, Canada and Israel), by adequacy decisions of the EU Commission (Art. 45 para. 3 GDPR).

If no adequacy decision exists (e.g., for the USA), the legal basis for data transfer is generally, unless we provide a different indication, standard contractual clauses. These are a set of rules adopted by the EU Commission and form part of the contract with the respective third party. According to Article 46(2)(b) GDPR, they guarantee the security of data transfer. Many providers have issued additional contractual guarantees beyond the standard contractual clauses, which protect the data beyond the scope of the standard contractual clauses. These include, for example, guarantees regarding data encryption or the third party's obligation to inform data subjects if law enforcement agencies wish to access their data.

Unless expressly stated otherwise in this privacy policy, the data we store will be deleted as soon as it is no longer required for its intended purpose and there are no legal obligations to retain it. If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted, meaning the data will be blocked and not processed for other purposes. This applies, for example, to data that we are required to retain for commercial or tax law reasons.

Data subjects have the following rights with regard to their personal data:

• Right to information
• Right to rectification or erasure
• Right to restriction of processing
• Right to object to processing
• Right to data portability
• Right to withdraw consent at any time

Data subjects also have the right to lodge a complaint with a data protection supervisory authority regarding the processing of their personal data. Contact details for the data protection supervisory authorities can be found at https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html .  

Customers, prospective customers, or third parties are only required to provide us with personal data within the context of a business relationship or other relationship that is necessary for establishing, executing, and terminating the business relationship or other relationship, or that we are legally obligated to collect. Without this data, we will generally have to refuse to conclude a contract or provide a service, or we may no longer be able to perform an existing contract or other relationship.

Mandatory fields are marked as such.

We generally do not use fully automated decision-making pursuant to Article 22 GDPR for establishing and maintaining a business relationship or other relationship. Should we use these procedures in individual cases, we will inform you separately if required by law.

When you contact us, for example by email or telephone, we store the data you provide (e.g., names and email addresses) in order to answer your questions. The legal basis for this processing is our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR) in responding to inquiries addressed to us. We delete the data collected in this context once storage is no longer necessary, or restrict processing if there are statutory retention obligations.

Occasionally, we offer prize draws via our website or other means. We process the data requested in these draws to determine and notify the winners. Afterwards, we delete the data. We may also offer prize draws exclusively to existing customers. In this case, we only process the name to determine the winners and the contact details to notify them. It is in our legitimate interest to offer prize draws for customer acquisition or to interact with our existing customers. The legal basis for this data processing is Article 6(1)(f) GDPR.

From time to time, we conduct customer surveys to better understand our customers and their needs. We collect the data requested in each survey. It is in our legitimate interest to better understand our customers and their needs, so the legal basis for the associated data processing is Article 6(1)(f) GDPR. We delete the data once the survey results have been evaluated.

We reserve the right to inform customers who have already used our services or purchased goods from us about our offers from time to time via email or other electronic means, unless they have objected to this. The legal basis for this data processing is Article 6(1)(f) GDPR. Our legitimate interest lies in direct marketing (Recital 47 GDPR). Customers can object to the use of their email address for advertising purposes at any time without additional costs, for example, via the link at the end of each email or by sending an email to our email address provided above.

Interested parties have the option to subscribe to a free newsletter. We process the data provided during registration solely for sending the newsletter. Registration is completed by selecting the corresponding field on our website, by ticking the corresponding box in a paper document, or by any other unambiguous action, thereby declaring the interested party's consent to the processing of their data. The legal basis for this processing is Article 6(1)(a) of the GDPR. Consent can be withdrawn at any time, for example, by clicking the corresponding link in the newsletter or by contacting us at the email address provided above. Data processing prior to withdrawal remains lawful even in the event of withdrawal.

Based on the consent of the recipients (Art. 6 para. 1 sentence 1 lit. a GDPR), we also measure the open and click rates of our newsletters to understand which content is relevant to our recipients.

We send newsletters using the Klaviyo tool from the provider Klaviyo, Inc., 125 Summer St, Floor 6 Boston, MA 02111, USA (Privacy Policy: https://www.klaviyo.com/privacy/policy ). The provider processes content, usage, meta/communication data and contact data in the USA. 

Furthermore, we reserve the right to use your first and last name as well as your postal address for our own advertising purposes, e.g., to send you interesting offers and information about our products by mail. This serves our legitimate interest in contacting our customers for advertising purposes, which outweighs your interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

When you use our website for informational purposes only, i.e., when visitors do not separately provide us with information, we collect the personal data that your browser transmits to our server in order to ensure the stability and security of our website. This constitutes our legitimate interest, and the legal basis for this processing is Article 6(1)(f) GDPR.

This data is:

• IP Address
• Date and time of the request
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the request (specific page)
• Access status/HTTP status code
• each data volume transferred
• Website from which the request originates
• Browser
• Operating system and its interface
• Language and version of the browser software

This data is also stored in log files. It is deleted when its storage is no longer necessary, at the latest after 14 days.

Our website is hosted by Shopify. The provider is Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. The provider processes personal data transmitted via the website, such as content, usage, meta/communication data, or contact data, within the EU. Further information can be found in the provider's privacy policy at https://www.shopify.de/legal/datenschutz . 

It is in our legitimate interest to provide a website, so the legal basis for the described data processing is Art. 6 para. 1 sentence 1 lit. f GDPR.