Data Protection Policy of SAXOPRINT Limited


Name and Address of the responsible persons:

The responsible persons in line with the General Data Protection Regulation (GDPR), other national data protection laws of the member states as well as other data protection regulations are:

Post Address: SAXOPRINT Limited
GW2 Great West House, London, TW8 9HU
Registered Office: SAXOPRINT Limited
1 Bedford Row, London, WC1R 4BZ
Managing Director: Klaus Sauer, Carsten Heitkamp
Commercial Registration: Registered in England and Wales
Company No. 06325849
VAT Reg No: GB930 6484 23
Telephone: +44 (0)20 3936 8880
Homepage: https://saxoprint.cloud/uk

E-Mail: customer-service@saxoprint.cloud

Name and Address of the Data Protection Officer Contact

The Data Protection Officer is:
SAXOPRINT GmbH
c.o. Data Protection Officer Mr. Thomas Iberl
Enderstraße 92 c
01277 Dresden
Germany

E-Mail : privacy@saxoprint.com

General Information on Data Handling

The scope of personal data processing

We collect and use your personal data only to the extent necessary to provide a functional website as well as our content and services. Personal data is information that can be used to identify a person, i.e. information that can be traced back to a person. This includes your name, e-mail address or telephone number. This data refers only to a natural person, not to a legal (company). The collection and use of your personal data takes place regularly only after your consent. An exception applies in those cases where prior consent cannot be obtained for valid reasons and the processing of the data is permitted by law. The term "you/user/your" refers to all customers and visitors to our website. The terms used, such as "user", are to be understood as gender-neutral. If "we" or "us" is mentioned in the text, this refers to SAXOPRINT Limited.

Basic information on data processing and legal bases

We process personal data only in compliance with the relevant data protection regulations. This means that your data will only be processed if permission has been given or if statutory regulations are processed. I.e. in detail that:

• the processing of data for the provision of our contractual services (e.g. processing of orders) and online services is required or prescribed by law;
• your consent has been given;
• is based on our legitimate interests (i.e. interest in the analysis, optimisation and economic operation and security of our website), in particular range measurement; creation of anonymous profiles for advertising and marketing purposes (by collecting access data and using the services of third-party providers).

With regard to the processing of personal data on the basis of the GDPR, we make reference to:

• the legal basis of consent in Article 6, section 1, subsection a and Article 7 of the GDPR;
• the legal basis for processing the fulfilment of our services and the implementation of contractual measures in Article 6, section 1, subsection b of the GDPR;
• the legal basis for processing in order to fulfil our legal obligations in Article 6, section 1, subsection c of the GDPR;
• the legal basis for processing to protect our legitimate interests in Article 6, section 1, subsection f of the GDPR.
In the event that the vital interests of the data subject or another natural person require the processing of personal data, Article 6, section 1, subsection d serves as the legal basis.

Registration with third-party authentication services

Some of our campaigns require you to register and log in using third-party authentication services, as far as they are available (hereinafter referred to as "third-party authentication"). Authentication services can be e.g. Facebook, Twitter or Google (hereinafter referred to as "authentication provider").

The prerequisite for third-party authentication is that you are registered with the respective authentication provider and enter the required access data on the web form provided for this purpose. The actual registration takes place directly with the respective authentication provider.

During registration we will receive a user ID with the information that you are logged in under this user ID. Furthermore, we will receive a temporary ID ("User Handle") that we will not be able to indefinitely. Whether we receive additional information depends solely on the third-party authentication you use, the data sharing settings you choose for authentication, and also what information you have shared in the privacy or other settings of your user account with the authentication provider. Depending on the authentication provider and your selections, the data we receive will vary, but it is usually your email address and user name. In the case of Facebook, this is known as" public information" that everyone can see. These include the name, profile and cover picture, gender, networks (e.g. school or workplace), user name (Facebook URL) and user ID (Facebook ID).

The password entered as part of third-party authentication is neither visible to us nor is it stored by us.

Please note that your data stored with us can be automatically compared with your user account with the authentication provider, but this is not always possible or actually happens. For example, if your email address changes, you will have to change it manually in your user account with us.

If you decide that you no longer want to use the user account link with the authentication provider for third-party authentication, you must cancel this connection within your user account with the authentication provider. If you wish to delete your data with us, you must have your account deleted with us.

You should note that when using third-party authentication, both the terms of use and data usage policies, as well as revocation and objection options of the authentication providers, apply.

These are in particular:

Twitter (https://twitter.com/en/tos, https://twitter.com/en/privacy),

Facebook (https://www.facebook.com/legal/terms).

Collection of access data

On the basis of our legitimate interests, we collect data about every access to the server on which this service is located (so-called "server log files").

The access data includes

• Name of the retrieved website/file
• Date and time of retrieval
• transferred data volume
• Notification of successful retrieval
• browser type and version, the operating system of the calling device
• Referrer URL (the previously visited page)
• IP address and the requesting provider

Log file information is stored for a maximum of seven days for security reasons (e.g. to investigate misuse or fraud) and then deleted. Data which requires further storage for evidentiary purposes are excluded from deletion until the respective incident has been finally clarified.

Data deletion and storage time

The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

Use of analysis services

Use of Google Analytics

Our website uses Google Analytics, a web analysis service of Google Inc, (1600 Amphitheatre Parkway Mountain View, CA 94043, USA; "Google"). Google Analytics uses so-called "cookies". These are text files that are stored on your computer and enable us to analyse your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. More information on how Google Analytics handles user data can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.

Browser plugin and objection against data collection

You may refuse the use of cookies by selecting the appropriate settings on your browser; however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en. However, the disabling add-ons for browsers from Google Analytics does not prevent information from being transmitted to us or to other web analytics services that we may use.

You can also prevent the collection by Google Analytics (Universal) by clicking on the following link, e.g. if you cannot install a browser plug-in on your terminal. This sets an opt-out cookie that prevents future collection of your data when you visit this website: Disable Google Analytics.

Anonymised collection of IP addresses

We use the "IP Anonymization Activation" function on our website. This will reduce your IP address within Member States of the European Union or other countries party to the Agreement on the European Economic Area prior to transmission to Google. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and saved there. On our behalf, Google will use this information to evaluate your use of the website in order to compile reports on website activity. Our legitimate interest in data processing also lies in these purposes. The legal basis for the use of Google Analytics is Article 6, Section 1, subsection f of the GDPR. For more information on terms of use and data protection, please visit https://www.google.com/analytics/terms/us.html or https://policies.google.com/?hl=en.

Use of Hotjar

We use Hotjar, a web analysis tool from Hotjar Ltd (Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta). Hotjar records the interactions of randomly selected individual visitors to our website in anonymised form. This creates a log of mouse movements and clicks, for example, with the aim of identifying possible improvements to our website. In addition, information about the operating system, browser, incoming and outgoing links, geographical origin as well as resolution and type of the calling up terminal device are evaluated by means of Hotjar for statistical purposes. In addition, we offer the possibility to leave anonymous user feedback via "feedback pools" via Hotjar. The information collected is not personal, is stored by Hotjar Limited and is not passed on to any other third parties. Additional information on functions and data usage using Hotjar can be found at: https://www.hotjar.com/privacy. If you do not want a website analysis using Hotjar, you can deactivate it on all websites using Hotjar by setting a "DoNotTrack header" in your browser (opt-out) https://www.hotjar.com/opt-out.

Use of social plugins

Facebook

We use so-called social plugins ("plugins") of the social network Facebook, which is operated by Facebook Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA). The plugins are marked with a Facebook logo or the addition "Facebook Social Plug-in" or "Facebook Social Plugin". An overview of the Facebook plugins and their appearance can be found here: https://developers.facebook.com/docs/plugins?locale=en_EN.

When you access a page of our website that contains such a plugin, your browser establishes a direct connection to the Facebook servers. The content of the plugin is transmitted directly from Facebook to your browser and integrated into the website.

By integrating the plugins, Facebook receives the information that your browser has called up the corresponding page of our website, even if you do not have a Facebook account or are not currently logged on to Facebook. This information (including your IP address) is transmitted directly from your browser to a Facebook server in the USA and stored there.

If you are logged in to Facebook, Facebook can directly associate your visit to our website with your Facebook account. If you interact with the plugins, for example by clicking the "like" button or making a comment, the corresponding information is also transmitted directly to a Facebook server and stored there. The information is also published on Facebook and displayed to your Facebook friends.

Facebook may use this information for the purposes of advertising, market research and demand-oriented design of Facebook pages. To this end, Facebook creates usage, interest and relationship profiles, e.g. to evaluate your use of our website with regard to the advertisements displayed to you on Facebook, to inform other Facebook users about your activities on our website and to provide other services associated with the use of Facebook.

If you do not want Facebook to link the data collected via our website with your Facebook account, you must log out of Facebook before visiting our website and delete all stored data (cookies) from Facebook from your browser if necessary.

To find out more about the reasons and range of data collection, the further processing and use of the data by Facebook as well as your respective rights and setting options for the protection of your privacy, please refer to the data protection information of Facebook https://www.facebook.com/policy.php.

Twitter ("Tweet Button")

We use functions of the Twitter service. These features are provided by Twitter Inc. (1355 Market Street, Suite 900, San Francisco, CA 94103, USA). By using Twitter and the "Re-Tweet" function, Twitter links the user's Twitter account with the websites you visit. This is communicated primarily to the user's followers on Twitter. Data is also transmitted to Twitter servers. We would like to point out that we are not aware of the content of the data transmitted or how it is used by Twitter. Further information is available under the following link: https://twitter.com/privacy?lang=en.

Privacy settings on Twitter can be changed in the account settings at https://twitter.com/settings/account.

If you are a Twitter member and have logged in to Twitter and do not want Twitter to collect data about you when you visit our website and link to your membership data stored on Twitter, you must log out of Twitter before visiting our website and delete all stored data (cookies) from Twitter from your browser if necessary.

Instagram

We use the Instagram service. Instagram is a service of Instagram Inc (1601 Willow Road, Menlo Park, CA, 94025, USA). The integrated "Insta" button on our site informs Instagram that you have visited the corresponding page of our website. If you are logged in to Instagram, Instagram can link this visit to our site to your Instagram account. Instagram saves the data transmitted by clicking the "Insta" button. For information about the purpose and scope of data collection, processing and use, and your rights and privacy choices, please refer to Instagram's Privacy Policy, which is available at https://help.instagram.com/155833707900388.

To prevent Instagram from linking your visit to our site with your Instagram account, you must log out of your Instagram account and delete all Instagram data (cookies) from your browser before visiting our site.

YouTube

We use the plugins from YouTube (YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA). If you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers is established. The Youtube server is informed which of our pages you are visiting. If you are logged in to your YouTube account, YouTube is able to map your surfing behavior to your YouTube user profile. This can be prevented by logging out of your YouTube account and deleting all stored data (cookies) from YouTube from your browser if necessary. Further information can be found in YouTube's privacy policy at https://www.google.com/intl/en/policies/privacy.

Competitions, campaigns and events

If you decide to participate in any of our promotions, we will ask you to provide us with your name, date of birth, email address, telephone number and/or postal address to ensure that each user participates only once and to inform you of the progress of the promotion. In connection with the organisation of competitions or other events, the necessary personal data of the participants will also be transmitted to the associated co-organisers, cooperation partners and sponsors as well as other media. For details on the partners, please consult the relevant promotional details. The use of the data is limited exclusively to the purpose of the respective action. The personal data collected will not be pooled with other data sources. After completion of the respective action, the collected data will be deleted. Any other stipulations require your explicit consent.

Online advertising and targeting

Google Dynamic Remarketing

We use the dynamic remarketing function of "Google AdWords", a service of Google (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). The technology enables us to place automatically generated, target group-oriented advertising following your visit to our website. The ads are based on the products and services you clicked on the last time you visited our website.

Google uses cookies to create interest-based ads. Google usually saves information such as your web request, IP address, browser type, browser language, date and time of your request. This information is only used to assign the web browser to a specific computer. They cannot be used to identify a person.

If users do not wish to receive user-based advertising from Google, advertisements may be turned off using Google's ad preferences (https://www.google.com/settings/u/0/ads/authenticated?hl=en).

DoubleClick, Google Ads and Google Conversion Tracking

To draw your attention to our products, we place advertisements relevant to you and use the "Google Conversion Tracking", a service of Google (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). These ads appear after searches on Google Network web pages. We have the possibility to combine our ads with certain search terms.

When you click on an ad, DoubleClick (DoubleClick is a trademark of the US company Google LLC) sets a cookie on your computer. Cookies enable us to serve ads based on a user's previous visits

The use of DoubleClick cookies ("floodlights") only allows Google and its partner websites to place ads based on previous visits to our or other websites on the Internet. The information generated by the cookies is transmitted by Google to a server in the USA for analysis and stored there. A transfer of data by Google to third parties only takes place due to legal regulations or within the scope of order data processing. Under no circumstances will Google combine your data with other data collected by Google.

DoubleClick cookies help Google and we as a customer receive information that a user clicked on an ad and was redirected to our website. The information obtained in this way is used exclusively for statistical evaluation to optimize our advertisements. We do not receive any information that personally identifies you. The statistics provided to us by Google include the total number of users who clicked on one of our ads and, if applicable, whether they were redirected to a page of our website with a conversion tag (identifier for a page on the e.g. a purchase transaction is completed). On the basis of these statistics, we can trace which search terms were clicked on our ad most frequently and which ads led to an action by the user.

Further information can be found in Google's privacy policy: http://www.google.com/policies/technologies/ads/.

If you don't want this to happen, you can prevent the storage of the cookies required for these technologies, e.g. via the settings of your browser. In this case, your visit will not be included in the user statistics. You can change this using Google's ad settings (https://www.google.com/settings/u/0/ads/authenticated?hl=en) and disable interest-based ads.

Use of Facebook Retargeting

We use the retargeting technology "Website Custom Audience" of the social network Facebook, which is operated by Facebook Inc., 1601 S. California Avenue, Palo Alto, CA 94394, USA ("Facebook") and enables us to display relevant advertising and offers to web site users who are already interested in our Internet presence and are Facebook members, on Facebook via the Facebook Ad Network.

To display these advertisements, we have embedded a Facebook retargeting pixel on our website that enables Facebook to record our users as visitors to our website using a pseudonym and to use this data for our ad placements on Facebook. Personal data is not collected or stored. Users cannot be identified on Facebook. Facebook does not link the data collected via the retargeting pixel to the user data stored about a person on Facebook. Further information on data protection and setting options can be found at https://www.facebook.com/settings/?tab=ads and at https://www.facebook.com/about/privacy. Users may object to the use of Facebook Website Custom Audiences at https://www.facebook.com/settings/?tab=ads.

Microsoft Bing Ads

Our website uses conversion tracking from Microsoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). Microsoft Bing Ads will place a cookie on your computer if you access our website via a Microsoft Bing ad. This allows us and Microsoft Bing to recognize that someone has clicked on an ad, been redirected to our site, and has reached a predetermined conversion page. We only see the total number of users who clicked on a Bing ad and were then redirected to the conversion page. No personal information about the identity of the user will be disclosed. If you do not wish to participate in the tracking process, you can also reject the setting of a cookie required for this - for example using a browser setting that will deactivate the automatic setting of cookies in general. For more information on data protection and the cookies used at Microsoft Bing, please visit the Microsoft website: https://privacy.microsoft.com/en-en/privacystatement.

Deactivation tool provided to third parties for online advertising

You can deactivate the use of cookies with the assistance of the Network Advertising Initiative (NAI - http://www.networkadvertising.org/choices/) et de l'EDAA (European Interactive Digital Advertising Alliance - http://www.youronlinechoices.com/uk/your-ad-choices/). However, we advise that we cannot guarantee the integrity of the third-party cookies for these free services.

Integration of third-party services and content

It is possible that contents of third parties, e.g. in the form of YouTube videos, Google Maps mapping material, RSS feeds or graphics from other platforms may be integrated within the SAXOPRINT online services. There is the chance that the suppliers of this content may be able to see the IP address of the user, as they cannot send the content to the browser of the individual user if the IP address is not known. In such a case, the IP address is required to display the contents of third parties. SAXOPRINT takes care to only use content for which IP addresses are solely used for the purpose of distribution. However, SAXOPRINT has no influence on if the IP address is stored for the information of third parties by the respective provider, e.g. for statistical purposes. In so far as SAXOPRINT has information on this, the users will be informed.

Data integrity

We protect our website and other systems by technical and organisational measures against data loss, destruction, unauthorised access, modification or distribution. Access is only possible after entering your personal password. You should always keep your access information confidential and close the browser window when you have finished communicating with us, especially if you share your computer with others.

Links (hyperlinks) to third-party websites

Our Internet services contain links to external third-party websites, the contents of which are beyond our control. Therefore, we cannot assume any liability for these external contents. The respective provider or operator of the pages is always responsible for the contents of the linked pages. The linked pages were checked for possible legal infringements at the time of linking. Illegal contents were not recognizable at the time of linking. However, permanent monitoring of the content of the linked pages is unreasonable without concrete evidence of a violation of the law. If we become aware of any infringements, we will remove such links immediately.

Our website may contain partnerships with various service providers. Our website enables our users to access the offers and services of partner companies in individual cases. Users of the website may enter into a contractual relationship with the respective service provider by using the services of the latter, for which the corresponding contractual conditions of the service provider then apply. The legal and content responsibility of SAXOPRINT for the services offered on the websites of the partner companies lies solely with the respective partner companies whose contents are accessed via our homepage. When using the services of a third-party service provider, contractual relationships are established exclusively with the respective partner company and the user in accordance with the conditions applicable to this contractual relationship. This should be stated on the relevant website or in the Terms of Use or Privacy Policies. SAXOPRINT has no control over the content or operation of third-party websites and is not responsible for the information contained on these websites.

Similarly, SAXOPRINT is neither responsible for the fulfilment of orders or services ordered via such a website, nor is SAXOPRINT responsible for the data protection guidelines ("Privacy Policies") of such websites and the data that are expressly or automatically collected there.

In the event of difficulties or other problems in connection with third-party websites, we would ask you to contact these third parties directly and not SAXOPRINT.

Deployment of the website

Website in general

Description and scope of data processing

Every time you visit our website, our system automatically collects data and information from the computer system of the calling computer. The following data is collected:

(1) Information about the browser type and version used;
(2) The user's operating system;
(3) The IP address of the user;
(4) Date and time of access;
(5) Websites from which the user's system reaches our website;
(6) Websites accessed by the user's system via our website.

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

Legal basis for data processing

The legal basis for data processing and temporary storage of data and log files is article 6, section 1 subsection f of the GDPR

Purpose of data processing

The temporary storage of IP addresses by our system is necessary to enable the website to be transmitted to the user's computer. For this, the IP address of the user must remain stored for the duration of the session

The data is stored in log files to ensure the operation of the website. In addition, the data serves us to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

Our legitimate interest in data processing is in accordance with article 6, section 1, subsection f of the GDPR.

Duration of storage

The data will be deleted as soon as it is no longer needed to fulfil the purpose for which it was collected.

In the case of the collection of data for the provision of the website, this will occur when the respective session has ended.

If the data is stored in log files, this will happen after seven days at the latest. Any further storage is done only by deleting or altering the IP addresses of the users, so that an assignment of the calling browser is no longer possible.

Possibility of objection and elimination

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

Use of cookies on the website

Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. If a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic character string that enables a unique identification of the browser when the website is called up again.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.

The following data is stored in the cookies and transmitted to us every time a page is accessed:

(1) Language settings;
(2) Session information, e.g. items in the shopping cart;
(3) Log-in information.
We also use cookies on our website which enable an analysis of the user's browsing behaviour.
In this way, the following data can be determined:
(1) Entered search terms;
(2) Frequency of page views;
(3) Use of website functions;
(4) Type of use (device type, screen resolution, speed, language).

The user data collected in this way is made anonymous by technical safeguards. Therefore, it is no longer possible to assign the data to the calling user. The data will not be stored together with other personal data of the users.

When you visit our website, an information banner informs you about the use of cookies for analytical purposes and refers you to this data protection statement. In this context, there is also a note on how the storage of cookies can be prevented in the browser settings.

Legal basis for data processing

The legal basis for the processing of personal data using cookies is article 6, section 1, sub-section f of the GDPR.

Purpose of data processing

The purpose of using cookies, which are technologically necessary, is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For this it is necessary that the browser is recognized even after a page change.

We need cookies for the following applications:

(1) Language settings;
(2) Session information, e.g. items in the shopping cart;
(3) Log-in information.

The user data collected by cookies, which are technically necessary, are not used to create user profiles.

The cookies are used to improve the quality of our website and its content. Through the cookies we learn how the website is used and can thus continuously optimise our services.

Further information can also be found in the chapter " The use of analysis services ". For these purposes, our legitimate interest also lies in the processing of personal data in accordance with article 6, section 1, subsection f of the GDPR.

Duration of storage, possibility of objection and elimination

Cookies are stored on the user's computer and transmitted to our website. Therefore, as a user, you also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.

Integration of third-party services and content

Within our online offer, we use content or service offers of third parties based on our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online services in accordance with article 6, section 1, sub-section f of the GDPR) in order to integrate their content and services, e.g. videos or fonts (hereinafter uniformly referred to as "content"). In all cases, the third-party providers of this content must be able to see the IP address of the user, as they would not be able to send the content to the user's browser without the IP address. The IP address is therefore required for the display of this content. We strive to only use content for which the respective providers use the IP address to deliver content.

Third-party providers may also use so-called "pixel tags" (invisible graphics, also known as "web beacons", "web bugs") for statistical or marketing purposes. Pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The anonymous information may be stored in cookies on the user's device and may contain technical information about the browser and operating system, linking websites, visiting time and other information about the use of our online services, and may also be linked to such information from other external sources.

Further information can also be found in the chapters "Use of analysis services" and "Online advertising and targeting".

Electronic payment providers ("ePayment")

Paypal

When paying via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment by installment" via PayPal, we pass your payment data on to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"), in the context of payment processing. The transfer takes place in accordance with article 6, section 1, sub-section b of the GDPR and only insofar as necessary for payment processing.

PayPal reserves the right to carry out credit checks for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment by instalments" via PayPal. For this purpose, your payment data may be passed on to credit agencies on the basis of PayPal's legitimate interest in determining your solvency according to article 6, section 1, sub-section f of the GDPR. PayPal uses the result of the credit assessment in relation to the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The credit report can contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognised mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. For further information on data protection law, including the credit agencies used, please refer to PayPal's data protection declaration: https://www.paypal.com/uk/webapps/mpp/ua/privacy-full

You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.

SOFORT banking

If you select the "SOFORT banking" payment method, payment will be processed by the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter " SOFORT banking "), to whom we will pass on your information provided during the order process together with the information about your order in accordance with article 6, section 1, subsection b of the GDPR. SOFORT GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). Your data will only be passed on for the purpose of payment processing with the payment service provider SOFORT banking and only insofar as it is necessary for this. For more information about the privacy policy of SOFORT banking, visit: https://www.klarna.com/sofort/datenschutz

Credit card

Credit card payments are processed by the payment provider, Ingenico Payment Services GmbH (hereinafter "Ingenico"), one of the leading European payment service providers. Your payment data is transmitted to the Ingenico server via a secure https connection. Ingenico is certified according to the Payment Card Industry Data Security Standard (PCI DSS), the international security standard for credit card payments on the Internet. You can obtain the detailed data protection statement during the payment process by clicking on the data protection statement on Ingenico's website.

Registration

Description and scope of data processing

On our website we offer you the opportunity to register by providing personal data. The data is entered into an input field and transmitted to us and saved. The data will not be passed on to third parties. The following data is collected during the registration process:

(1) Title;
(2) Address;
(3) Platform name;
(4) Telephone numbers/email addresses;
(5) First name/last name;
(6) Allocation to customer categories (business customer/private customer, etc.).

At the time of registration, the following data is also stored:

(1) Date and time of registration,
(2) Customer number.

In the course of the registration process, consent to the processing of this data is obtained.

Purpose of data processing

Registration is required to fulfill a contract with you or to carry out pre-contractual measures.

The personal data is collected for the purpose of contract fulfilment (sale/manufacturing/shipment) of printed (related) products.

Duration of storage

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected.

This is the case for the data collected during the registration process to fulfil a contract or to carry out pre-contractual measures when the data is no longer required to carry out the contract. Even after conclusion of the contract, it may still be necessary to store personal data of the contractual partner in order to fulfil contractual or legal obligations.

Possibility of objection and elimination

You can cancel your registration at any time. You can change the data stored about you at any time If the data is required to fulfil a contract or to carry out pre-contractual measures, premature deletion of the data is only possible insofar as there are no contractual or statutory obligations to the contrary.

Ordering and payment

Description and scope of data processing

The following data is collected in the course of the order, in addition to registration:

(1) Delivery addresses;
(2) Payment data, if required (e.g. SEPA direct debit mandate);
(3) Customer-specific/input data (print data uploads).

At the time of ordering, the following data is also stored:

(1) Date and time of order;
(2) Product order number/Order number/Stock basket number;

Within the scope of the order process, the user's consent to the processing of this data is obtained.

Purpose of data processing

The personal data is collected for the purpose of fulfilling the contract.

Duration of storage

The data will be deleted as soon as it is no longer needed to fulfil the purpose for which it was collected.

This is the case for the data collected during the order process to fulfill a contract when the data is no longer required for the execution. Even after conclusion of the contract, it may still be necessary to store personal data of the contractual partner in order to fulfil contractual or legal obligations.

Possibility of objection and cancellation

If the data is required to fulfil a contract or to carry out pre-contractual measures, premature deletion of the data is only possible insofar as there are no contractual or statutory obligations to the contrary.

Contact form and e-mail contact

Description and scope of data processing

There is a contact form on our website which can be used for electronic contact. If you take advantage of this option, the data entered in the input mask will be transmitted to us and saved. This data is:

(1) Title,

(2) Telephone numbers/email addresses,

(3) First name/last name,

(4) Order/customer number (optional, if available).

At the time the message is sent, the following data is also stored:

(1) Date and time.

Your consent is obtained for the processing of the data within the scope of the submission process and reference is made to this data protection declaration. Alternatively, you can contact us via the email address provided by us. In this case, the user's personal data transmitted by email will be stored. In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.

Legal basis for data processing

The legal basis for the processing of data is article 6, section 1, sub-section a of the GDPR if the user has given his or her consent.

The legal basis for the processing of data transmitted in the course of sending an email is article 6, section 1, sub-section f of the GDPR. If the email contact seeks the closure of a contract, additional legal basis for the processing is article 6, section 1, sub-section b of the GDPR.

Purpose of data processing

The processing of the personal data from the input mask is used solely to enable us to contact you. In the event of contact by e-mail, this also constitutes the necessary legitimate interest in the processing of the data.

Duration of storage

The data will be deleted as soon as it is no longer needed to fulfil the purpose for which it was collected. For the personal data from the input mask of the contact form and those that were sent by email, this is the case when the particular conversation with the user is finished. The conversation is terminated when it can be deduced from the circumstances that the issue in question has been finally clarified.

Possibility of objection and eliminationstrong>

The user can revoke his consent at any time by e-mail, letter or telephone.

In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us will be deleted in this case.

Rights of the data subject

If we handle your personal data, you are covered by the GDPR and you have the following rights with regard to the responsible persons:

Right of access by the data subject

You can ask the responsible person to confirm whether personal data concerning you will be processed by us.

If such processing has taken place, you can request the following information from the person responsible:

(1) the purposes for which the personal data is processed;
(2) the categories of personal data being processed;
(3) the recipients or categories of recipients to whom the personal data concerning you have been or are still being disclosed;
(4) the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
(5) the existence of a right to rectification or deletion of personal data concerning you, a right to limitation of processing by the controller or a right to object to such processing;
(6) the existence of a right of appeal to a supervisory authority;
(7) all available information on the origin of the data if the personal data is not collected from the individual concerned;

You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees in accordance with article 46 of the GDPR in connection with the data transfer.

Right to rectification

You have a right of rectification and/or completion with respect to the responsible persons if the personal data processed concerning you is incorrect or incomplete. The person responsible shall make the correction without delay.

Right to restriction of processing

Under the following conditions, you may request that the processing of personal data concerning you be restricted if:

(1) you dispute the accuracy of the personal data concerning you for a period of time that enables the data controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
(3) the responsible persons no longer requires the personal data for the purposes of the processing, but you do need them to assert, exercise or defend legal claims, or
(4) you have filed an objection to the processing pursuant to article 21, section 1 of the GDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your reasons.

If the processing of personal data concerning you has been restricted, this data may only be processed - apart from storage - with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State.

If processing has been restricted according to the above conditions, you will be informed by the responsible persons before the restriction is lifted.

Right to erasure

Deletion duty

You may request that the responsible persons to delete the personal data concerning you without delay and the responsible person is obliged to delete this data immediately if one of the following reasons applies:

(1) The personal data concerning you is no longer needed for the purposes for which it was collected or otherwise processed.
(2) You revoke your consent, on which the processing was based in accordance with article 6, section 1, sub-section a or article 9, section 2, sub-section a of the GDPR, and there is no other legal basis for the processing.
(3) You file an objection against the processing pursuant to article 21, section 1 of the GDPR and there are no legitimate grounds for the processing, or you file an objection against the processing in accordance with article 21, section 2 of the GDPAR.
(4) The personal data concerning you has been processed unlawfully.
(5) The deletion of personal data relating to you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the responsible persons are subject.
(6) The personal data concerning you was collected in relation to provided services of the IT society in accordance with article 8, section 1 of the GDPR.

Information to third parties

If we have made the personal data concerning you public and we are obliged to delete it in accordance with article 17, section 1 of the GDPR, we will take the appropriate measures, including technical measures. We will take the necessary measures to inform those responsible for data processing, taking into account the available technology and the implementation costs, that you as the concerned party have requested the deletion of all links to this personal data or of copies or replications of this personal data.

Exemptions

The right to cancellation does not exist insofar as the processing is necessary

(1) to exercise freedom of expression and information;
(2) for the performance of a legal obligation required for processing under the law of the Union or of the Member States to which the person responsible is subject, or for the performance of a task in the public interest or in the exercise of official authority conferred on the person responsible;
(3) for reasons of public interest in the field of public health pursuant to article 9, section 2, sub-sections h and i and article 9, section 3 of the GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to article 89, section 1 of the GDPR, insofar as the right mentioned in section (1) is likely to make it impossible or seriously impair the attainment of the objectives of such processing, or
(5) to assert, exercise or defend legal claims.

Right to information

If you have exercised your right to have the data controller correct, delete or limit the processing, he/she is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort.

The person responsible has the right to be informed about these recipients.

Right to data portability

You have the right to receive the personal data concerning you that you have provided to the person responsible in a structured, common and computer-readable format. In addition, you have the right to pass this data on to another person in charge without obstruction by the person in charge to whom the personal data was provided, provided that

(1) processing is based on consent pursuant to article 6, section 1, sub-section a of the GDPR or article 9, section 2, sub-section a of the GDPR or on a contract under article 6, sub-section 1, sub-section b of the GDPR, and
(2) processing is carried out by means of automated methods.
In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one data controller to another data controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to transferability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the controller.

Right to object

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you, which is based on article 6, section 1, sub-section e or f of the GDPR.

The data controller no longer processes the personal data concerning you, unless he or she can provide conclusive evidence worthy of the protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct marketing.

If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility to exercise your right of objection in connection with the use of ISS services by means of automated procedures using technical specifications, notwithstanding Directive 2002/58/EC.

Right to revoke the data protection declaration of consent

You have the right to revoke your data protection declaration of consent at any time. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.

Automated individual decision-making

You have the right not to be subject to a decision based exclusively on automated processing that has legal effect against you or significantly impairs you in a similar manner. This does not apply if the decision

(1) is necessary for the conclusion or performance of a contract between you and the person responsible,
(2) the legislation of the Union or of the Member States to which the person responsible is subject is admissible and that legislation contains appropriate measures to safeguard your rights, freedoms and legitimate interests; or
(3) with your express consent.
However, these decisions may not be based on special categories of personal data in accordance with article 9, section 1 of the GDPR, unless article 9, section 2, sub-section a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests. In the cases referred to in (1) and (3), the person responsible shall take reasonable measures to safeguard your rights, freedoms and legitimate interests, including at least the right to obtain the intervention of a person by the person responsible, to state his own position and to challenge the decision.

Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you are staying, working or suspected of infringing, if you believe that the processing of personal data concerning you is contrary to the GDPR. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.


Up-to-date status and changes to this data protection declaration

This data protection policy is currently valid and as of May 2018.

You can view this data protection policy at any time on our website, save it permanently as a PDF and view or print the file offline at any time. As we continue to develop our website and offers above it or as a result of changes in legal or official requirements, it may become necessary to amend this data protection policy.

You can view this data protection declaration at any time on our website, save it permanently as a PDF and view or print the file offline at any time.

Download the Data Protection Policy (PDF) of SAXOPRINT Limited