Data protection policy for the services of MyPostcard.com GmbH
With this data protection policy, we, MyPostcard.com GmbH, Hohenzollerndamm 3, 10717 Berlin (hereafter "MyPostcard" or "we"), undertake to inform you of all data protection aspects of the offering on the mypostcard.com website (the "Website") and our mobile app ("App") (collectively "Services") We collect, process and use your personal data only in accordance with the following data protection policy. Personal data in this sense are all individual details about personal or factual circumstances of a specific or identifiable natural person, such as, for example, your name, telephone number, address, and any other information you provide to us when registering, using our services or contacting us ("Personal Information").
I. Responsibility for data processing
MyPostcard is responsible for data processing in accordance with Article 4 No. 7 of EU Regulation 2016/679 ("GDPR").
II. Collection and storage of personal data and the nature and purpose of their use
1. Processing data for the use of our services
If you access the website via your browser or the app via your mobile device, we only collect personal data that your browser or mobile device automatically transmits to enable you to visit our website or app and the stability and to ensure safety. This can be specifically
- your IP address,
- your device identifier, i.e. the unique number of the terminal,
- content, date and time of the request,
- the time zone of the requesting computer or mobile terminal,
- the website from which the request was forwarded,
- the requested page,
- the http status code,
- the transferred amount of data,
- browser ID,
- your operating system,
- language and version of the browser software as well as
- mobile device identifier (IDFA, IDFV and AAID).
- ensure a smooth connection of the website,
- the display of our services and products,
- the usability of our services,
- the evaluation and system security and stability as well as
- further administrative purposes.
2. Processing of data when using the contact form
We offer you the opportunity to contact us via a form provided on the website. To use it, you must enter your name and a valid e-mail address. The processing of this data serves our legitimate interest in answering your contact requests properly and is therefore based on Art. 6 para. 1 sentence 1 lit. f GDPR.
3. Processing of data for the use of our services and the purchase of our products
If you want to use our services and products, you may be asked at various times to provide us with personal data such as
- Your name,
- Your date of birth,
- Your address,
- Your email address,
- Your telephone number or mobile phone number,
- Photographs and to provide payment information.
Your personal data is processed by us for the following purposes and is necessary for these:
- pursuant to Art. 6 para. 1 p. 1 lit. b GDPR for the fulfilment of contractual obligations or for the performance of pre-contractual measures: to process your purchases, process your payments and to be able to offer you customer service, to correspond with you, to process claims by you or by us, to ensure the technical administration of our website and to manage our customer data;
- pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR on the basis of legal requirements or pursuant to Art. 6 para. 1 sentence 1 lit. e GDPR in the public interest: to protect you and us (including our affiliated companies) against fraud;
- pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR on the basis of your consent, insofar as you have given us permission to access contacts (surname, first name, address and, if applicable, date of birth and email address) on your end device in order to save them in your address book in the app. You can revoke your consent at any time by revoking the authorisation to access saved contacts in the settings on your end device;
- pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR on the basis of your consent to receive push notifications on your terminal device to remind you of upcoming birthdays of your contacts. Insofar as you have added the date of birth to your contacts in your address book in the app or this has been transferred to your address book within the scope of accessing your contacts with your consent in accordance with the above, we will send you push notifications on your end device to remind you of upcoming birthdays of your contacts in the address book, but only insofar as you have expressly consented to receive such push notifications. You can revoke your consent at any time by deactivating the push notifications in the app;
- pursuant to Art. 6 para. 1 p. 1 lit. f GDPR on the basis of our legitimate interest to send reminders of upcoming birthdays by email. Insofar as you have added the date of birth to your contacts in your address book in the app or this has been transferred to your address book in the course of accessing your contacts with your consent in accordance with the above, we will remind you of your contacts' upcoming birthdays by e-mail. We have a legitimate interest in making existing customers aware of our greeting card and postcard service by sending them reminders of their contacts' upcoming birthdays. You can object to the processing of your data for the purpose of sending the reminders by e-mail at any time, e.g. by unsubscribing from these reminders by clicking on the unsubscribe link contained in each such e-mail.
Note: If you are the recipient of a postcard or greeting card sent by one of our customers, we will inform you about the processing of your personal data in accordance with the legal provisions (Art. 14 GDPR) in a separate data protection declaration. You can find this here.
III. Disclosure of your data to processors and third parties
To process your data, we use specialized external service providers such as payment service providers, server management providers, IT service providers, online marketing providers, providers of ecommerce / webshop software, digital support systems, marketing automation solution providers, and web analytics tool providers, etc.. These are carefully selected and commissioned by us, are bound by our instructions and are checked regularly. Furthermore, we may pass on your personal data to third parties (such as shipping companies, cooperation partners, etc.) if this is necessary for the execution of a contract closed with you under Art. 6 para. 1 sentence 1 lit. b or in order to safeguard our legitimate interests under Art. 6 para. 1 sentence 1 lit. f GDPR is required. Finally, we transfer your information to our affiliate, MyPostcard.com Inc., 433 Broadway, 2nd Floor, 10013 NY, New York, USA, to the extent necessary to protect our legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. 1 GDPR is required. These interests include, in particular, support services in the context of processing of your order, customer support and the guarantee of smooth business operations. Incidentally, your personal data will only be forwarded to third parties if you have previously consented and submitted them in accordance with Art. 6 para. 1 sent. 1 lit. a GDPR or a legal permission in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR is present.
IV. Transfer of personal data abroad
Insofar as we transfer personal data to countries outside the European Economic Area, we ensure that the recipient of the data guarantees an adequate level of data protection in accordance with Art. 45 GDPR. In the absence of an adequacy agreement, MyPostcard will ensure that the recipients of the data have provided suitable guarantees in accordance with Art. 46 GDPR and, in particular, use the standard European Union model contracts for the transfer of data to other EU countries, as amended.
V. Use of cookies
MyPostcard uses so-called "cookies" on the website i.e. smaller files with text information stored on your hard drive while the offer is being retrieved ("Cookies"). Bits of information are stored in the cookie, each resulting in connection with the specific terminal used. However, this does not mean that we immediately receive your identity details. On the one hand, we use cookies to make the navigation and use of our website as user-friendly as possible. We need the cookies in order to identify and authorize you after successfully logging in for the entire duration of your visit. These cookies are automatically deleted from your hard drive after the end of the browser session (session cookies). In addition, we also use cookies that remain on your hard drive for a certain period after the browser session (persistent cookies). These cookies make it easier for you to use our website and our services and products, for example by saving certain entries and settings in such a way that you do not have to constantly repeat them. In addition, these cookies enable us to statistically record the use of our website, to optimize our offer and to make our websites and our offers more personal for you (see also section VII of this data protection policy). The persistent cookies are stored on your hard drive and are deleted by the browser after a given time, which may differ depending on the cookie. The cookies may also be third party cookies since we use a few advertisers to help make the internet offer and website more interesting to you (see also section VII of this data protection policy).With the exception of necessary cookies, which are required for the operation of our services, we only use cookies for advertising and analysis purposes as described in more detail below in Section VII. To be specific, only with your prior and express consent (Art. 6 Para. 1 S.1 lit a GDPR). When you visit our website for the first time, we will inform you about the use of cookies in our cookie banner, where you can voluntarily give your consent for unnecessary cookies or choose an individual selection. In section VII. below you will find a list of the analysis and tracking services used on our website or in our app. You can withdraw your consent and prevent the use of cookies at any time with effect for the future by clicking on ‘Cookie Settings’ in the footer of our website and changing your individual settings as desired and / or by deleting cookies and refusing to accept cookies in your browser settings. You can also set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, accept cookies for certain cases or generally exclude them and activate the automatic deletion of cookies when closing the browser. In this case, you may not be able to utilize all the benefits of our services. Instructions for making such changes can be found at www.allaboutcookies.org/manage-cookies/.
VI. Use of Mobile Device Identifier (IDFA, IDFV and AAID)
We use so-called “Mobile Device Identifiers” on our app. These are unique, but non-personalized and non-permanent identification numbers for a specific device that are provided by iOS or Android. The data collected via Mobile Device Identifier are not linked to any other device-related information. We use mobile device identifiers to provide you with personalized advertising and to evaluate your usage. If you activate the option “No ad tracking” in the iOS or Android settings under “Data protection” - “Advertising”, we can only take the following measures: Measurement of your interaction with banners by counting the number of times a banner was displayed without being clicked on (“frequency capping”), click rate, determination of unique use (“unique user”) as well as security measures, fraud prevention and error elimination. You can delete the respective Mobile Device Identifier in the device settings at any time ("Reset Ad-ID"). A new Mobile Device Identifier will then be created which will not be merged with the previously collected data. We would like to point out that you may not be able to use all functions of our app if you restrict the use of the respective mobile device identifier.
1. Google Analytics
For the purpose of customizing and continually optimizing our pages, we use Google Analytics, a Google Inc. advertising analytics service, 1600 Amphitheater Parkway Mountain View, CA 94043, USA ("Google"). In this context, pseudonymised user profiles are created and cookies (see section V of this data protection policy) are used. The information generated by the cookie about your use of our services (such as your IP address, browser type / version, operating system used, referrer URL, time of server request) is transmitted to a Google server in the USA and stored there. However, on our website and app, your IP address will be shortened by Google beforehand within member states of the European Union or other parties under the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. Google will use this information on our behalf to evaluate your use of our services, to compile reports about the website and app activities for us, and to provide us with other services related to website and app usage and internet usage. This information may also be transferred to third parties if required by law or if third parties process this data in the order. Google will not merge your IP address with other Google data. However please note that, based on our current state of knowledge, we cannot rule out that data from Google in the USA could be linked with other user data such as search history, personal accounts, usage data from other devices and other existing user data that Google has access to. You can prevent the storage of cookies by a corresponding setting of your browser software. In addition, you may prevent the collection by Google of the data generated by the cookie and related to your use of our services (including your IP address) and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en. For more information about data protection related to Google Analytics, please see the following link in the Google Analytics Help Center: http://google.com/intl/en/analytics/privacyoverview.html.
2. Google Ads Conversion Tracking
To statistically record the use of our website and to evaluate it for the purpose of optimizing our website, we also use Google conversion tracking. This is a service provided by Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043, USA ("Google"). Google places a cookie on your computer (see section V of this data protection policy) if you have reached our website via a Google ad. These cookies lose their validity after 30 days and are not used for personal identification. If you visit one of our pages and the cookie has not expired yet, we and Google may recognize that you have clicked on the ad and have been redirected to our site. Each Ads customer receives a different cookie, so that the cookies are not tracked through the websites of Ads customers. The information generated by the conversion cookie about your use of our services, including your IP address, is transmitted to and stored by Google on servers in the United States. However, on our website and app, your IP address will be shortened by Google beforehand within member states of the European Union or other parties under the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. Google will use this information on our behalf to create visitor statistics for our website. These visit statistics are used by us to determine the total number of users who have been sent to us through Ads ads, thereby optimizing our Ads ads. This information may also be transferred to third parties if required by law or if third parties process this data in the order. Neither we nor any other Google Ads advertiser receives any information from Google that could personally identify you. You can prevent the storage of cookies by a corresponding setting of your browser software; however, we point out that in this case you may not be able to use all the functions of our services in full. You may also object to Google's interest-based advertising. To do this, you must go to the link www.google.com/settings/ads from each of the internet browsers you use and set the desired settings there. For more information about Google's privacy policy, please visit the following links: http://google.com/intl/en/policies/privacy and https://www.google.com/privacy/ads/.
3. Google Tag Manager
We also use Google Tag Manager. This service allows website tags to be managed through a single interface. Tags are small code elements that serve, among other things, to measure traffic and visitor behavior. Google Tag Manager only implements tags. As a result, no cookies are used and consequently no personal data is collected. Google Tag Manager triggers other tags, which may collect data. However, Google Tag Manager does not access this data. If deactivated at the domain or cookie level, it will remain in effect for all tracking tags as far as they are implemented with the Google Tag Manager.
4. Pinterest Conversion Tracking
We use the Remarketing feature of Pinterest Inc., 808 Brannan St., San Francisco, CA 94103, USA, which is offered and operated ("Pinterest"). With the Pinterest Remarketing feature, we can engage you with Pinterest platform advertising based on your interests. For this Pinterest uses so-called "tags". Through this tag, website visits and data on use of the website are recorded in a non-personal, non-personal form. If you visit Pinterest below, advertisements will be displayed based on your interests. Pinterest receives thereby et al. the information from your browser that our website received from your device. We point out that we have no influence on the extent of the transmitted data and their further use by Pinterest and therefore inform you according to our knowledge: By the inclusion of tags Pinterest receives the information that you have accessed the corresponding website of our internet presence. If you are registered with a Pinterest service, Pinterest may associate the visit with your account. Even if you are not registered with Pinterest or have not logged in, there is a possibility that the vendor may discover and store your IP address and other identifying features. The information generated by the tags about your use of our services is transmitted to and stored by a server of Pinterest in the USA. Pinterest supports the Do Not Track (DNT) option. Alternatively, you can disable the use of cookies for interest-based advertising through the Network Initiative by following the instructions at https://networkadvertising.org/managing/opt_out.asp. For more information about Pinterest Remarketing and Pinterest's privacy policy, visit https://policy.pinterest.com/privacy-policy.
5. Reddit Conversion Tracking
Our website also uses "Reddit Conversion Pixel", an analysis service of Reddit Inc., 520 Third Street, Suite 305, San Francisco, CA 94107, USA ("Reddit"). For this tool so-called tracking pixels are integrated on our sides. When you visit our pages, this tracking pixel establishes a direct connection between your browser and the Reddit server. Reddit receives thereby et al. the information from your browser that our website received from your device. We point out that we have no influence on the extent of the transmitted data and their further use by Reddit and therefore inform you according to our knowledge: Through the use of Reddit Conversion pixels Reddit receives the information that you have accessed the corresponding website of our internet presence or have clicked on an ad from us. If you are registered with a Reddit service, Reddit may associate the visit with your account. Even if you are not registered with Reddit or have not logged in, there is a chance that the vendor will discover and store your IP address and other identifying features. For more information about privacy and how it works, visit https://www.redditinc.com/policies/privacy-policy.
6. Facebook Advertising Tracking
We also use Facebook's "Custom Audiences" remarketing feature, 1 Hacker Way, Menlo Park, CA 94025, USA, ("Facebook"). As a result, users of our website can be shown interest-based advertisements ("Facebook Ads") as part of their visit to the social network Facebook or other websites that also use the process. For this marketing function, we use "Facebook pixels" on our websites, i.e. on our sides so-called tracking pixels are integrated. When you visit our pages, the tracking pixel establishes a direct connection between your browser and the Facebook server. This gives Facebook et al. the information from your browser that our website called from your device. We point out that we have no influence on the extent of the data transmitted and their further use by Facebook and therefore inform you according to our knowledge: Through the integration of Facebook Custom Audiences, Facebook receives the information that you have visited the corresponding website of our internet presence or have clicked on an ad from us. If you are registered with a service of Facebook, Facebook can assign the visit to your account. Even if you are not registered with Facebook or have not logged in, there is a chance that the provider will find out and store your IP address and other identifying features. You may object to the use of Facebook Website Custom Audiences at any time in the future through https://www.facebook.com/settings/?tab=ads and http://www.youronlinechoices.com/preferencemanagement/. For more information about privacy and your related options, visit https://www.facebook.com/settings/?tab=ads and https://www.facebook.com/about/privacy.
7. Bing Ads Tracking
We use the Microsoft Bing Ads online advertising program of Microsoft Online Inc., 6100 Neil Road, Reno, NV 89511 USA ("Microsoft"). This technology will redirect users who have already visited our sites through targeted advertising on the Microsoft Partner Network pages and Microsoft search results pages. The advertising is shown by the use of cookies (see section V of this data protection policy), with the help of which the user behavior when visiting the website can be analyzed and subsequently used for targeted and interest-based advertising. The information collected is transmitted to Microsoft servers in the United States. In addition, through cross-device tracking, Microsoft may be able to track your usage behavior across multiple of your electronic devices, enabling it to display personalized advertising on or in Microsoft websites and apps. You can disable this behavior at http://choice.microsoft.com/en-us/opt-out. You can prevent the collection of data generated by the cookie and related to your use of the website as well as the processing of this data by deactivating the setting of cookies. This may limit the functionality of the site. More information about privacy at Microsoft can be found at https://privacy.microsoft.com/en-us/privacystatement.
8. Twitter Conversion Tracking
We use a service from the social network Twitter (Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA) on our website to position target group-based online advertising and for conversion tracking. We have implemented a Twitter tag on our website for this purpose. Due to this tag, when you visit the website, a direct connection to the Twitter servers is established and the fact that you have visited our website as well as data on your use of our website is recorded and transmitted. In this way, based on your previous page views and activities, we can place targeted advertisements on Twitter that may be of interest to you (remarketing). The data processed by Twitter does not allow us to identify you personally. We do not link this pseudonymous information to any other information about you. If you are registered with a Twitter service, Twitter can assign your visit to our website to your account. Even if you are not registered with Twitter or have not logged in, there is a possibility that the provider will be able to find out and save your IP address and other identification features. The information generated by the tags about your use of our services is transmitted to a Twitter server in the USA and stored there.
You can find further information here: https://help.twitter.com/en/safety-and-security/privacy-controls-for-tailored-ads. You can deactivate the collection of data by Twitter at the following address: https://twitter.com/settings/account/personalization.
9. Apple Search Ads
We use the Apple Search Ads marketing service, a service provided by Apple Inc. 1 Infinite Loop, Cupertino, California, USA, 95014. Apple Search Ads is a service that displays advertisements for our app that appear in the Apple App Store . We use this service to show targeted advertisements to certain customer segments in the App Store, i.e. for people with similar characteristics, whereby Apple guarantees that targeting is not carried out individually for a customer. To determine a customer segment - each consisting of at least 5,000 Apple customers - Apple uses your Apple account data, App Store data (search history, downloads and surfing activities in the App Store), data from app transactions (in-app purchases, downloaded apps) and context information (Device type, iOS version as well as time, location and specific search query). We do not receive any personal information from you via the advertisements placed in the App Store, only aggregated data on clicks and conversions in the form of registrations (e.g. downloads of our app). Apple does not follow / track people as part of Apple Search Ads, which means that Apple does not associate any user or device data from Apple apps with user or device data collected by third parties for the purpose of targeting or measuring advertising measures.
You can find the Apple Search Ads privacy policy at https://searchads.apple.com/en/privacy/. You can change your settings for personalized advertising in the Apple App Store at https://support.apple.com/de-de/HT202074 or deactivate personalized advertising at any time.
10. Hotjar
We also use the Hotjar Ltd web analytics service Hotjar Ltd, Level 2, St Julian's Business Center, 3, Elia Zammit Street, St Julian's STJ 1000, Malta, Europe ("Hotjar") to better understand your usage patterns and to optimize our services accordingly. In particular, Hotjar uses cookies (see section V of this Data Protection Policy) to collect information about user behavior and user devices (in particular the IP address of a device, screen size, device type, browser information, geographic information, and the preferred language used to display our website). Hotjar stores this data in a pseudonymous user profile. Neither Hotjar nor we will use this information to identify you. Nor will Hotjar or we merge the data with other data about individual users. You may object to the creation of user profiles, the storage of data on your use of our website by Hotjar and the use of tracking cookies by Hotjar on other sites at any time at the following link: https://www.hotjar.com/opt-out. More information about Hotjar's privacy can be found at https://www.hotjar.com/privacy.
11. Use of Technologies from Branch Metrics, Inc. in our App
Our sites also use the Branch.io app analytics service Branch Metrics, Inc., 1400 Seaport Blvd, Building B, 2nd Floor, Redwood City, CA 94063, USA ("Branch") to analyze app usage. When using the app Branch collects on our behalf installation and usage data. We use this information to understand how you interact with our app. Branch uses your IDFA or Android ID as well as your IP or Mac address. An identification of your person is not possible. The analyzes are used exclusively for the purposes of our own market research as well as the optimization and needs-based design of our app. The information collected is transmitted to Branch servers in the United States. They may object to the use of Branch at any time by setting the slider for anonymous statistics in the app under "Settings". For more information about Branch's privacy, please visit the following link: https://branch.io/policies/#privacy. You can deactivate the collection of data by Branch at any time at https://branch.app.link/optout or change your settings.
12. Use of Google Analytics for Firebase and Crashlytics in our app
Our app also uses the Google Firebase technologies of Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google"). Google Firebase is part of the Google Cloud Platform and offers the following services in addition to a real-time database: Firebase Analytics allows you to analyze the use of our offer. This information about the use of our app are collected, transmitted to Google and stored there. Google uses the advertising ID of the device. Google will use the information provided to evaluate the use of our app anonymously and to provide us with other services related to the use of apps. In Device Settings, you can restrict the use of the Advertising ID (iOS: Privacy / Advertising / No Ad Tracking, Android: Account / Google / View). Firebase Cloud Messaging is used to deliver push messages or so-called in-app messages (messages that are only displayed inside the app). In this case, the mobile terminal is assigned a pseudonymized push reference, which serves as the destination for the push messages or in-app messages. The push messages can be deactivated in the settings of the mobile device at any time and also reactivated. Google Firebase uses servers located in the EU for these services wherever possible. However, it can not be ruled out that data will also be transmitted to the USA. For more information about Google's privacy policy, please visit the following link: https://policies.google.com/privacy/update?hl=en.
We also use the function of the Google Firebase service, Crashlytics, in our app. With the help of this tool, analysis of crashed apps can be carried out in order to enable us to react more quickly to errors and bugs and to continuously improve the stability of our app. Only aggregated and anonymized data is transmitted to Firebase in the form of real-time crash reports with information on codes and device information- never personal data.
13. Amplitude
We use the analytical service, “Amplitude” of Amplitude, Inc., 631 Howard Street, San Francisco, California 94105, USA. Amplitude enables us to better understand and optimize user behavior. As a result, technical errors can be remedied faster and potential for target group-oriented improvement can be identified. For this purpose, Amplitude stores usage data such as device and browser type in use by the user, button click behaviour, and the occurrence of input errors. Amplitude processing is limited to pseudonymous personal data. Further information can be found in the Amplitude privacy policy: https://amplitude.com/privacy
14. Leanplum
In the context of our app, we use Leanplum, a service of Leanplum Inc. which has its European headquarters at TOO Herengracht 280, 1016 BX Amsterdam, The Netherlands. Leanplum helps to build long-term and sustainable customer relationships. Leanplum focuses on a personalized customer approach and data analysis to do so. We also use Leanplum for A / B testing. The user-friendliness of our app is tested by showing our users, who we divide into segments, different variations (e.g. of functionalities) within the app and, through the interaction of the users with the variations, we can understand which variation within the app is being received better by the users. The collected usage data are processed as pseudonymized, IP addresses are deleted after their collection and data is only linked with your personal data with us internally when you have logged into the app. Information regarding use of our app is transmitted to Leanplum servers in the USA. For more information regarding privacy, please refer to the Leanplum Privacy Policy: https://www.leanplum.com/privacy/
15. Use of the SalesViewer® technology
SalesViewer® technology from SalesViewer® GmbH is used on this website to collect and store data regarding your consent (Article 6 (1) (1) (a) GDPR) based on the legitimate interests of the website operator (Article 6 (1) (f) GDPR) for marketing, market research and optimization purposes. A JavaScript-based code is used for this purpose, which collects and uses company-related data. The data collected with this technology is encrypted using a non-recalculable one-way function (so-called hashing). The data is immediately pseudonymized and not used to personally identify the visitor to this website. The data stored in the context of Salesviewer will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention requirements. The collection and storage of data can be objected to at any time with effect for the future by clicking this link https://www.salesviewer.com/opt-out in order to prevent future collection by SalesViewer® within this website. An opt-out cookie for this website will be stored on your device. If you delete your cookies in this browser, you will have to click on this link again.
VII. Use of social plug-ins
We use so-called social plug-ins of social networks (e.g. Facebook, Instagram, YouTube, Pinterest, Twitter and Tumblr) on our website (Facebook, Instagram, YouTube, Pinterest, Twitter and Tumblr, together "social networks" and the corresponding plug-ins total "plug-ins"). Through these plug-ins we offer you the opportunity to interact with social networks and other users so that we can improve our offer and make it more interesting for you while giving us the opportunity to make our company better known. The legal basis for the use of the social plug-ins is Art. 6 (1) sentence 1 lit. f GDPR. The responsibility for the privacy-compliant operation is to be guaranteed by the respective provider. We use plug-ins of the network Facebook, such as the "Like" button. These plug-ins are offered and operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook") and are clearly marked with the Facebook logo. We also use Instagram plug-ins operated by Instagram LLC, 1601 Willow Rd, Menlo Park, CA 94025, USA ("Instagram") and marked with the Instagram logo. We also use plug-ins from the YouTube network, which belongs to Google Inc., San Bruno, California, USA ("YouTube") and is recognizable by the YouTube logo. We also use plug-ins from the Pinterest network, which is offered and operated by Pinterest Inc., 808 Brannan St., San Francisco, CA 94103, USA (\“Pinterest\”) and are marked with the "pin-it" button. Finally, Twitter's plug-ins are included, offered and operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA ("Twitter"), and feature the Twitter logo or the addition, "Tweet". If you visit one of our websites containing such a plug-in, your browser establishes a direct connection to the servers of the respective social network. The content of the plug-in is transmitted from the corresponding social network directly to your browser and integrated into the webpage, without our having any influence on the content of the plug-in. Regardless of whether you have an account on the social network or are logged into the respective social network, websites containing social network plug-ins transmit and transfer information to the appropriate social network in the US, including your operating system and its version, browser type and version, IP address, domain name and / or date / time stamp for your visit. The respective social network sets a cookie with an identifier that is valid for two years each time the website is called up. Since your browser sends this cookie automatically every time you connect to a server, the social network would be able to create a profile of the web pages accessed by the user of the identifier. As long as you are logged in parallel to the respective social network, the corresponding social network can assign the profile to your local account and thus to your person. But even if you are not logged into the respective social network at the time of using our website, such an assignment - for example, in a later log in to the appropriate social network - not excluded. If you interact with the plug-ins, for example, the "Like" - or press the "Tweet" button or leave a comment, the information is transmitted from your browser directly to the appropriate social network and stored there, the extent of which we have no influence. The information will also be published on the social network and displayed to your contacts there. The social network can use the obtained information for the purpose of advertising, market research and needs-based design of the pages of the social network. For this purpose, the social network generates usage, interest and relationship profiles, e.g. to evaluate your use of our website with regard to the advertisements displayed on the social network, to inform other users of the social network about your activities on our website and to provide other services related to the use of the social network. We point out that we do not receive any final knowledge of the content of the transmitted data and their use by the social network. For more detailed information on the nature, purpose and extent of further processing and use of your data by the respective social network, please refer to the privacy policy of the corresponding social network (for Facebook: http://de-de.facebook.com/policy.php for Instagram: https://help.instagram.com/519522125107875?helpref=page_content; for YouTube: https://policies.google.com/privacy?hl=en; for Pinterest: https://policy.pinterest.com/en/privacy-policy; for Twitter: http://twitter.com/privacy, where you can also learn more about your rights and settings options for protecting your privacy. As a user, in order to prevent a social network from collecting information about you during your visit to our website, you may log out of the respective social network at the beginning of your visit to the website, delate any existing cookie of the corresponding social network from your browser and choose "Block third-party cookies" in your browser settings. In this case, your browser will not transfer cookies to embedded servers of other third-party content. However, such settings could mean that in addition to plug-ins, under certain circumstances, other cross-page features may also no longer be available.
VIII. Registration for our website / app with Facebook, Google or Apple
Alternatively, we offer you the option of registering for our website / app via your Facebook (website / app), Google (website / app) or Apple user account (app only), provided you have a user account on Facebook, Google or Apple and would like to register through one of these services. After entering your login data for the respective service and following confirmation from you, you can log in to our website / app using your Facebook, Google or Apple log-in data.
If you decide to register for our website / app using your Facebook, Google or Apple log-in data, we will receive
- from Facebook only your email address and your public information name, gender and profile picture on Facebook. “Public” in this context means that everyone outside of Facebook can see this data. You can get an overview of which data you have released for which applications at www.facebook.com/settings?tab=applications. We can't post about it on Facebook.
- from Google we only receive your Google user ID, your email address / email verified status, name, language and picture. Further information on logging in with your Google account and an overview of which data you have shared with which applications can be found at www.myaccount.google.com/permissions and at www.support.google.com/accounts/answer/3466521?hl=en.
- We receive your email address and your name from Apple. However, you can decide yourself whether it is your real email address or whether you want to use a random email address suggested by Apple in which your real email address is hidden. For more information about logging in with your Apple account and an overview of which data you have shared with which applications, please visit www.support.apple.com/en-us/HT210318 and www.support.apple.com/en-us/HT210426.
Please note that when you register with one of the aforementioned third-party services, we do not receive or save your login data (especially passwords). The link is only required to enable the desired log-in. The legal basis for processing data as described above for the purpose of creating a user account is Article 6 Paragraph 1 Sentence 1 Letter a) GDPR (processing data based on the consent of the person concerned). You can revoke your consent at any time, e.g. by sending a message to the contact details provided in our legal notice. In this case you would have to register again for the website / app, if you want to continue using the website / app.
Please also note that we have no influence on the data collected by Facebook, Google or Apple when logging in. If you do not want Facebook, Google or Apple to collect data about you via your log-in and use it for their own purposes, we recommend that you do not register for our website / app by logging in to Facebook, Google or Apple . Further information on data protection on Facebook, Google and Apple can be found in the respective data protection provisions of the respective service.
IX. Integration of YouTube videos
We have integrated YouTube videos on our website, which are stored on https://www.YouTube.com and can be played directly from our website. These are integrated in the "extended data protection mode", i.e. no cookies are set by YouTube if you do not play the videos. It’s only when you play the videos that the data mentioned in the following paragraph will be transmitted. We embed YouTube videos on our website in order to make the use of our website as user-friendly as possible by allowing you to view videos without having to leave our website. The legal basis is Article 6, Paragraph 1, Clause 1 f) GDPR (processing is necessary to safeguard the legitimate interests of the person responsible).
Even if videos have been embedded in a website in "extended data protection mode", we would like to point out that navigating to the website leads to a connection to YouTube and YouTube receives the information that the user has navigated to the corresponding subpage of our website. We would also like to point out that when the video is played, YouTube saves your data as a user profile and uses it for advertising, market research and / or needs-based design of the YouTube website. You have the right to object to the creation of these user profiles, although you must contact YouTube to exercise this right.
Further information on the purpose and scope of data collection and its processing by YouTube can be found in Google's data protection declaration. You will also find further information on your rights and settings options to protect your privacy here: https://www.google.de/intl/en/policies/privacy.
X. Newsletter / Marketing
With your consent, which you may submit as part of your registration on our website, we will send you newsletters or marketing about our products and services or the products and services of our affiliates that we consider could be of interest to you by e-mail or telephone. You may opt-out of the use of your data for direct marketing purposes at any time and unsubscribe from the newsletter by clicking on the link provided in each newsletter e-mail or by emailing us at newsletter@mypostcard.com. We reserve the right, even without your consent by e-mail, to send you offers for products or services similar to those already purchased by you. (The legal basis for this is Art. 6 Paragraph 1 Sentence 1 lit. f GDPR in conjunction with Section 7 Paragraph 3 UWG) You have the right to object to the processing of your data for promotional purposes at any time by sending an e-mail to newsletter@mypostcard.com or via a link in our newsletter, without any costs other than transmission costs according to the basic rates. The legal basis for the processing of your data for the purpose of sending newsletters is Art. 6 para. 1 sentence 1 lit. a or lit. f GDPR. We use Leanplum Inc. (USA) with their European headquarters in TOO Herengracht 280, 1016 BX Amsterdam, the Netherlands as well as MailChimp, a newsletter shipping platform owned by Rocket Science Group, LLC, 675 Ponce De Leon Ave. NE # 5000, Atlanta, GA 30308, USA ("MailChimp"), to send email and newsletters. Your personal data will be transmitted to servers of MailChimp and Leanplum in the USA and stored there. The newsletters contain a so-called "web-beacon", i.e. a pixel-sized file that is retrieved from the MailChimp server when the newsletter is opened. This call will initially collect technical information, such as information about the browser and your system, as well as your IP address and time of retrieval. This information is used to improve the technical performance of services based on their specifications or audience and their reading habits, based on their locations (which can be determined using the IP address) or access times. Statistical surveys also include determining if the newsletters will be opened, when they will be opened, and which links will be clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our desire nor that of MailChimp or Leanplum to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users. MailChimp and Leanplum use this information to send and evaluate the newsletters on our behalf. Furthermore, MailChimp and Leanplum may, according to their own information, use this data to optimize or improve their own services, e.g. for the technical optimization of the dispatch and the presentation of the newsletter or for economic purposes, to determine from which countries the recipients come. However, neither MailChimp nor Leanplum use your data to write to you or pass it on to third parties. The privacy policy of MailChimp can be found here: https://mailchimp.com/legal/privacy. The privacy policy of Leanplum can be found here: https://www.leanplum.com/privacy.
XI. Sending push and text messages
1. Sending push messages through the website
To keep you up-to-date on current topics, we offer a service to receive push messages through our website. For this purpose, an anonymous ID is stored in order to analyze the use of the push service. If you would like to prevent the receipt of push notifications and thus the associated data collection for the future, you can block the notifications in the website settings of your internet browser for this website.
2. Sending push messages in the app
To send push messages to Android and iOS apps, the services of Leanplum, a program of Leanplum Inc. (USA) with their European headquarters in TOO Herengracht 280, 1016 BX Amsterdam, Niederlande („Leanplum“), as well as OneSignal, a program used by OneSignal, 2194 Esperanca Avenue, Santa Clara, CA 95054, USA ("OneSignal") are used. Leanplum stores data under an anonymized ID about the use of the app, but no personal data. If you do not want to receive push notifications in the Android or iOS app, you can prevent them from being sent in the system settings of your mobile device. In the app, you can prevent appropriate tracking for the future by selecting the item "Privacy" in the menu and set the slide switch accordingly ("Disagree data processing"). For more information about Leanplum’s Privacy Policy, please visit: https://www.leanplum.com/privacy/. For more information on OneSignal's privacy policy, visit https://onesignal.com/privacy_policy.
3. Sending text messages via the website
You can have a link to our MyPostcard app sent to you via text on our website; all you need to do is provide your mobile phone number. For the purpose of sending the desired SMS, we use the text dispatch service provider, Twilio’s service (Twilio Inc., 375 Beale St # 300, San Francisco, CA 94105, USA) as part of order processing. Twilio will only use your telephone number as part of our instructions to send the desired SMS from MyPostcard, but not for Twilio's own messages. Further information on data protection from Twilio can be found here: https://www.twilio.com/legal/privacy#how-twilio-processes-your-end-users-personal-information.
XII. Duration of storage
We store your personal data as long as this is necessary to achieve the respective storage purpose. Subsequently, your data will be deleted by us, unless, according to Art. 6 para. 1 p. 1 lit. c GDPR we are obliged to retain it for a longer period of time due to tax, commercial or other statutory storage or documentation obligations or you have agreed to further storage in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
XIII. Your rights
You are entitled at any time according to Art. 15 GDPR to disclosure of information about your personal data stored with us. In particular, you may demand disclosure of information about the purposes of processing, the categories of data we have stored about you, the categories of recipients of such data, the planned duration of storage, your right to rectification, cancellation, limitation of processing or opposition, the existence of a right of appeal to a regulatory authority, the source of your data, if not collected from you, and the existence of an automated decision-making process including profiling and, where appropriate, meaningful information about their details. In addition, according to Art. 16 GDPR, you may request the correction of incorrect data and, pursuant to Art. 17 GDPR, the deletion of personal data, as far as the processing of the exercise of the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
Furthermore, you have the right to demand, pursuant to Art. 18 GDPR, blocking or restriction of the processing of your personal data, in so far as the accuracy of the data is disputed by you, the processing is unlawful, you reject its deletion and we no longer need the data, however you need them for the assertion, exercise or defense of legal claims or you have objected to the processing in accordance with Art. 21 GDPR. Furthermore, according to Art. 20 GDPR, you have the right to receive the personal data that you have provided to us in a structured, common and machine-readable format or to request its transfer to another person responsible. If your personal data are based on legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit., in accordance with Art. 21 GDPR, you have the right to object to the processing of your personal data at any time if there are reasons for this arising from your particular situation or the objection is directed against processing for direct marketing purposes. In the latter case, you have a fundamental right of objection, which is implemented by MyPostcard without specifying any particular situation. If you believe that the processing of your personal data by us is not in accordance with applicable law, you may file a complaint with a supervisory authority pursuant to Art. 77 GDPR. If the processing of your data relies on a consent granted by DGSVO according to Art. 6 para. 1 lit, you have the right to revoke this consent at any time with future effect.
XIV. Data security
When visiting our services, we use the common SSL method in conjunction with the highest encryption level supported by your browser. Incidentally, we use appropriate technical and organizational security measures to protect your data against manipulation, loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
XV. Your contact for data protection
If you have any questions about the collection, processing or use of your personal data, information, correction, blocking or deletion of data and revocation of granted consent, please contact our data protection officer at privacy@mypostcard.com.