- Who are we?
- We are Fox & Sheep GmbH (“Fox & Sheep“). You can reach us under the following contact data:
- Fox & Sheep is a “data controller” as defined by the applicable data privacy regulations. This means that we are responsible for deciding how to store and use your personal data.
- This policy notifies you how we process personal data that we collect from you or that you give us.
- This policy pertains to data collected about you when you use our website and our mobile applications (called “website” and “mobile apps” hereinafter).
- What data do we collect?
- We collect the following data in connection with your use of our website and the mobile apps:
- Details about contact with our support team and the data you provide in this context (e.g. contact data);
- Details about your visits to our website and use of the mobile apps (e.g. location data, weblogs, other communication data and resources you use);
- Information about your use of our information and communications systems;
- Browser information and online identifiers (such as your browser types, your browser version, your host operating system, your browser language and your IP address);
- Information about your visit to the websites and use of the mobile apps (such as URLs, clickstream to, on, and away from our website, page reaction times, download errors, duration of visits to particular pages, information about interaction between pages (such as scrolling, clicks, and mouse movements) and methods of leaving the page);
- Aggregated information (such as aggregated data traffic information that is collected during your visit to the websites and use of the mobile apps).
- If you have consented to receiving a newsletter:
- The email address you provided.
- We do not knowingly collect personal information of children (i.e. individuals under 18 years old) in connection with visits to our website and use of our mobile apps. If it is brought to our attention that we have received data from individuals under 18 years old, we will make appropriate efforts to remove it from our records.
- For what purposes do we process your data?
- We process the data listed in number 2.1 for the following purposes:
- To ensure a smooth connection to the website and running of the mobile apps;
- To ensure comfortable use of our website and the mobile apps;
- To evaluate system security and stability;
- To process your support requests;
- For other administrative purposes.
- We only process the data listed in number 2.2 for marketing purposes to provide you with information about our products and services in a newsletter, if you have given us your permission to do this. You have the right to revoke consent to the use of your data for marketing purposes at any time with effect for the future. Please contact firstname.lastname@example.org by email to do this.
- On what legal basis do we process your data?
- The legal basis for the processing described in numbers 3.1 arises from our legitimate business interest pursuant to Art. 6 (1), sentence 1, point (f) of the GDPR.
- The legal basis for the processing described in numbers 3.2 arises from your consent pursuant to Art. 6 (1), sentence 1, point (a) of the GDPR.
- Transmission of your data
- Subject to explicit regulations otherwise in this policy, your data is only transmitted to third parties if
- We have received your explicit consent to this pursuant to Art. 6 (1), sentence 1, point (a) of the GDPR;
- The transmission is necessary pursuant to Art. 6 (1), sentence 1, point (f) of the GDPR to establish, exercise, or defend legal claims and there is no reason to assume that you have a prevailing protected interest in non-transmission of your data;
- If a statutory obligation exists in regard to the transmission pursuant to Art. 6 (1), sentence 1, point (c) of the GDPR; and
- This is legally permissible and is required to process contractual relationships with you pursuant to Art. 6 (1), sentence 1, point (b) of the GDPR GDPR.
- If you have consented to receive newsletters, your email address will be transmitted to service providers of Fox & Sheep that support us technically in sending our newsletters. Such transmission takes place solely within the framework of a contract data processing agreement under which we have authority to issue instructions in regard to the affected data. If the service provider’s registered office is outside the EU or the EEA, we ensure a level of data privacy that complies with applicable data privacy regulations.
- If you click on an affiliate link on our website or in our mobile apps, the relevant vendor of the shop only receives from us the information that the click came from our website or our mobile app.
- Links to other websites
- The website and our mobile apps may contain links to third-party websites. If you follow a link to such a website, please note that your use of such a website is subject to the data privacy conditions of said website and that we assume no responsibility or liability for your use of such a website. Please read the data privacy conditions of this third-party website before transmitting personal data to such a website.
- storage and deletion of your data
- We only store your personal data as long as necessary to fulfill the purposes for which we collected it, including to fulfill legal, accounting, or reporting obligations.
- In some cases, we may anonymize your personal data so that it can no longer be linked to you; in such a case, we may use this data without further notifying you.
purposes to protect our legitimate interests as well as those of third parties pursuant to Art. 6 (1), sentence 1, point (f) of the GDPR. Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or so that a notice always appears before a new cookie is created. However, wholesale deactivation of cookies may lead to you not being able to use all the functions of our website or our mobile apps.
- Analytical tools
- Tracking tools
The tracking measures listed below and used by us are implemented based on Art. 6 (1), sentence 1, point (f) of the GDPR. The tracking measures used are intended to ensure needs-based design and continuous optimization of our website or our mobile apps. We also use tracking measures to record statistics about the use of our website or mobile apps and analyze them in order to optimize our offer for you. These interests are legitimate as defined by the regulation cited above. The particular data processing aims and data categories can be found in the corresponding tracking tools.
- Google Analytics
For purposes of needs-based design and continuous optimization of our pages, we use Google Analytics, a web analysis service of Google Inc. (https://www.google.com/intl/de/analytics/ ) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter “Google“). Pseudonymized use profiles are generated and cookies (see number 4) are used in this context. The information about your use of our website or our mobile apps generated by the cookie, such as
- Browser type/version,
- Operating system used,
- Referrer URL (previously visited page),
- Host name of accessing computer (IP address),
- Time of server query, is sent to a Google server in the USA and stored there. The information is used to analyze the use of our website or our mobile apps, to compile reports about website activities, and to perform other services related to website use and Internet use for purposes of market research and needs-based design of our website or our mobile apps. This information may also be sent to third parties if required by law or if third parties are processing this data on a contract basis. Under no circumstances will your IP address be linked to other Google data. IP addresses are anonymized to make association impossible (IP masking).
You can prevent cookies from being installed by disabling the corresponding setting in your browser software; however, we advise that in this case the full functionally of our website may not be able to be used. You can also prevent the collection of the data generated by the cookie about your use of our website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de ). As an alternative to the browser add-on, especially for browsers on mobile end devices, you can also prevent collection by Google Analytics by clicking on this link. An opt-out cookie is placed that prevents the future collection of your data when visiting our website. The opt-out cookie is only active in this browser and only for our website and is stored on your device. If you delete cookies on this browser, you must replace the opt-out cookie. You can find further information about data privacy in relation to Google Analytics in Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=de ).
- Google Adwords conversion
We also use Google conversion tracking to record statistics about the use of our website or our mobile apps and analyze them in order to optimize our website or our mobile apps for you. Google Adwords places a cookie (see number 8) on your computer if you arrived at our website through a Google ad on our website or our mobile apps. These cookies expire after 30 days and do not act as personal identification. If the user visits certain pages on the website or mobile apps of the Adwords customer and the cookie has not yet expired, Google and the customer can detect that the user clicked on the ad and was forwarded to this page. Data privacy authorities require a contract data processing agreement to be concluded for lawful use of Google Analytics. Google offers a template at http://www.google.com/analytics/terms/de.pdf. Every Adwords customer receives a different cookie. Cookies therefore cannot be traced through the websites or mobile apps of Adwords customers. The information obtained using conversion cookies helps create conversion statistics for Adwords customers that have chosen to use conversation tracking. Adwords customers learn the total number of users who have clicked on their ad and been forwarded to a website or mobile app that has a conversion tracking tag. However, they do not receive any information that could personally identify users. If you don’t want to participate in tracking, you can also refuse placement of a cookie required for this, for example using a browser setting that deactivates automatic placement of cookies in general. You can also deactivate cookies for conversion tracking by setting your browser so that cookies from the domain “www.googleadservices.com” are blocked. You can find Google’s data privacy notice about conversion tracking here (https://services.google.com/sitestats/de.html).
- Social media plug-ins
- On the basis of Art. 6 (1), sentence 1, point (f) of the GDPR, we place social media plug-ins of the social networks Facebook, Twitter, and Instagram on our website or our mobile apps to raise our company’s profile through them. The advertising purpose behind this is considered a legitimate interest as defined by the GDPR. Responsibility for operation that complies with data privacy must be guaranteed by the respective providers. We incorporate these plug-ins using the so-called two-click method to protect users of our website or our mobile apps as well as we can.
- Your rights
You have the right:
- Under Art. 15 GDPR, to request information about your personal data that we process. In particular, you can request information about the purposes of the processing, the categories of personal data concerned, the categories of recipients to whom the personal data has been or will be disclosed, the envisaged period for which it will be stored, the existence of a right to rectification, erasure, restriction of processing, or objection, the existence of a right to lodge a complaint, the source of your information if it was not collected from us, and the existence of automated decision-making, including profiling, and, if applicable, meaningful information about the details;
- Under Art. 16 of the GDPR, to request the rectification of inaccurate or completion of the personal data stored by us without undue delay;
- Under Art. 17 of the GDPR, to request erasure of personal data stored by us unless the processing is necessary to exercise the right to free expression and information, to comply with a legal obligation, for reasons of public interest, or to establish, exercise, or defend legal claims;
- Under Art. 18 of the GDPR, to request the restriction of processing of your personal data if you contest the accuracy of the data, if the processing is unlawful but you oppose erasure, and we no longer need the data, but you need it to establish, exercise, or defend legal claims or you have objected to processing under Art. 21 of the GDPR;
- Under Art. 20 of the GDPR, to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or to request transmission to another controller;
- Under Art. 7 (3) of the GDPR, to revoke at any time the consent you granted to us. The consequence of this is that we may in future no longer continue the data processing based on this consent and
- Under Art. 77 GDPR, to lodge a complaint with a supervisory authority. In general, you can do this with the supervisory authority of your habitual residence or place of work or our corporate headquarters.
- Right to object
Insofar as your personal data is processed based on legitimate interests pursuant to Art. 6 (1), sentence 1, point (f) of the GDPR, you have the right under Art. 21 of the GDPR to object to the processing of your personal data if there are grounds that arise from your particular situation or the objection is to direct marketing. In the latter case, you have a general right to object that we will implement without requiring any particular situation. If you wish to make use of your right to revoke consent or to object, an email to email@example.com suffices.
In addition to the data privacy regulations applicable in Europe and Germany, we also comply with the regulations of the US American Children’s Online Privacy Protection Act (COPPA). This includes e.g. that we do not knowingly collect personal data of children under 13 years old and that if a user identifies themselves through a support query or feedback as a child under 13 years old, we do not collect, store, or use personal information of such a user and erase it in a secure manner.
- Data security
We make use of appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, full or partial loss or destruction, and unauthorized access by third parties. Our security measures are continuously being improved as technology develops.