Privacy policy
Personal data (hereinafter referred to as “data”) is processed by us only as necessary and for the purpose of providing a functional and user-friendly website, including its content and the services offered there.
Pursuant to Art. 4 no. 1. of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to only as “GDPR”), “processing” shall mean any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
With the following privacy policy, we inform you in particular about the nature, scope, purpose, duration and legal basis of the processing of personal data, insofar as we decide either alone or jointly with others on the purposes and means of processing. In addition, we inform you below about the third-party components we use for optimization purposes and to increase the quality of use, insofar as third parties process data under their own responsibility.
Our privacy policy is structured as follows:
Responsible provider of this website in the sense of data protection law is:
O’ndiki
PO Box 100 563
10565 Berlin
Deutschland
Telefon: +49
Telefax: +49
E-Mail: contact@ondiki.com
With regard to the data processing described in more detail below, users and data subjects have the right to
- to confirmation as to whether data concerning them is being processed, to information about the data being processed, to further information about the data processing and to copies of the data (cf. also Art. 15 DSGVO);
- to correct or complete incorrect or incomplete data (cf. also Art. 16 DSGVO);
- to the immediate erasure of the data concerning them (cf. also Art. 17 DSGVO), or, alternatively, insofar as further processing pursuant to Art. 17 para. 3 DSGVO is required, to restriction of processing in accordance with Art. 18 DSGVO;
- to receive the data concerning them and provided by them and to transfer this data to other providers/controllers (cf. also Art. 20 GDPR);
- to lodge a complaint with the supervisory authority if they are of the opinion that the data concerning them is being processed by the provider in breach of data protection provisions (cf. also Art. 77 GDPR).
In addition, the Provider is obliged to inform all recipients to whom data has been disclosed by the Provider about any correction or deletion of data or restriction of processing that may be required on the basis of Articles 16, 17 para. 1, 18 DSGVO takes place. However, this obligation shall not apply if such notification is impossible or involves disproportionate effort. Notwithstanding this, the user has a right to information about these recipients.
Likewise, according to Art. 21 DSGVO, users and data subjects have the right to object to the future processing of data concerning them, provided that the data is processed by the provider in accordance with Art. 6 para. 1 lit. f) DSGVO are processed. In particular, an objection to data processing for the purpose of direct advertising is permitted.
Your data processed during the use of our website will be deleted or blocked as soon as the purpose of the storage no longer applies, the deletion of the data does not conflict with any statutory retention obligations and no other information on individual processing procedures is provided below.
Server data
For technical reasons, in particular to ensure a secure and stable Internet presence, data is transmitted by your Internet browser to us or to our web space provider. With these so-called server log files, among other things, the type and version of your Internet browser, the operating system, the website from which you have accessed our website (referrer URL), the website(s) of our website that you visit, the date and time of the respective access as well as the IP address of the Internet connection from which the use of our website takes place are collected.
The data collected in this way is stored temporarily, but not together with other data from you.
This storage takes place on the legal basis of Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest lies in the improvement, stability, functionality and security of our website.
The data will be deleted after seven days at the latest, unless further storage is required for evidence purposes. Otherwise, the data is exempt from deletion in whole or in part until final clarification of an incident.
Cookies
a) Session cookies/session cookies
We use so-called cookies with our internet presence. Cookies are small text files or other storage technologies that are placed and stored on your terminal device by the Internet browser you use. Through these cookies, certain information from you, such as your browser or location data or your IP address, is processed to an individual extent.
This processing makes our website more user-friendly, more effective and more secure, as the processing e.g.. enables our website to be reproduced in different languages or to offer a shopping cart function.
The legal basis for this processing is Art. 6 Para. 1 lit b.) GDPR, insofar as these cookies are used to process data for contract initiation or contract execution.
If the processing does not serve to initiate or process a contract, our legitimate interest lies in improving the functionality of our website. The legal basis is then Art. 6 para. 1 lit. f) GDPR.
These session cookies are deleted when you close your internet browser.
b) Third Party Cookies
If necessary, our website also uses cookies from partner companies with whom we work for the purpose of advertising, analysis or the functionalities of our website.
For details on this, in particular on the purposes and legal basis for processing such third-party cookies, please refer to the information below.
c) Possibility of disposal
You can prevent or restrict the installation of cookies by setting your Internet browser. You can also delete cookies that have already been saved at any time. However, the steps and measures required for this depend on the specific Internet browser you are using. If you have any questions, please use the help function or documentation of your Internet browser or contact its manufacturer or support. In the case of so-called Flash cookies, however, the processing cannot be prevented via the browser settings. Instead, you must change the settings of your Flash player in this respect. The steps and measures required for this also depend on the Flash player you are using. If you have any questions, please also use the help function or documentation of your Flash player or contact the manufacturer or user support.
However, if you prevent or restrict the installation of cookies, this may mean that not all functions of our website can be used to their full extent.
contract processing
The data transmitted by you to make use of our range of goods and/or services will be processed by us for the purpose of contract processing and are necessary in this respect. Contract conclusion and contract execution are not possible without providing your data.
The legal basis for processing is Art. 6 para. 1 lit. b) GDPR.
We delete the data upon completion of the contract, but must observe the retention periods under tax and commercial law.
As part of the contract processing, we pass on your data to the transport company commissioned with the delivery of the goods or to the financial service provider, insofar as the transfer is necessary for the delivery of the goods or for payment purposes.
The legal basis for the transfer of the data is then Art. 6 para. 1 lit. b) GDPR.
Customer account / registration function
If you create a customer account with us via our website, we will use the data you entered during registration (e.g. your name, address or e-mail address) exclusively for pre-contractual services, for the fulfillment of the contract or for the purpose of Customer care (e.g. to provide you with an overview of your previous orders with us or to be able to offer you the so-called notepad function) and save. At the same time, we then save the IP address and the date of your registration along with the time. Of course, this data will not be passed on to third parties.
As part of the further registration process, your consent to this processing will be obtained and reference will be made to this data protection declaration. The data we collect is used exclusively to provide the customer account.
If you consent to this processing, Art. 6 para. 1 lit. a) GDPR legal basis for processing.
If the opening of the customer account also serves pre-contractual measures or the fulfillment of the contract, the legal basis for this processing is also Art. 6 para. 1 lit. b) GDPR.
You can revoke the consent given to us to open and maintain the customer account in accordance with Art. 7 para. 3 GDPR revoked at any time with effect for the future. All you have to do is inform us of your revocation.
The data collected in this respect will be deleted as soon as the processing is no longer necessary. In doing so, however, we have to observe tax and commercial law retention periods.
Newsletter
If you register for our free newsletter, the data requested from you, i.e. your e-mail address and – optionally – your name and address will be transmitted to us. At the same time, we save the IP address of the Internet connection from which you access our website as well as the date and time of your registration. As part of the further registration process, we will obtain your consent to the sending of the newsletter, describe the content specifically and refer you to this data protection declaration. We use the data collected in this way exclusively for sending the newsletter – it is therefore in particular not passed on to third parties.
The legal basis for this is Art. 6 para. 1 lit. a) GDPR.
You can consent to the sending of the newsletter in accordance with Art. 7 para. 3 GDPR revoked at any time with effect for the future. All you have to do is inform us of your revocation or click on the unsubscribe link contained in every newsletter.
Contact requests / contact option
If you contact us via the contact form or email, the data you provide will be used to process your request. Providing the data is necessary for processing and answering your inquiry – without providing it, we cannot answer your inquiry at all or only to a limited extent.
The legal basis for this processing is Art. 6 para. 1 lit. b) GDPR.
Your data will be deleted if your request has been answered conclusively and the deletion does not conflict with any statutory retention requirements, such as in any subsequent contract processing.
Google Analytics
We use Google Analytics on our website. This is a web analysis service provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043 USA, hereinafter referred to as “Google”.
Through certification under the EU-US Privacy Shield (“EU-US Privacy Shield”)
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Google guarantees that the data protection regulations of the EU are also observed when processing data in the USA.
The Google Analytics service is used to analyze the usage behavior of our website. The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the analysis, optimization and economic operation of our website.
Usage and user-related information, such as IP address, location, time or frequency of visits to our website are transmitted to a Google server in the USA and stored there. However, we use Google Analytics with the so-called anonymization function. With this function, Google already shortens the IP address within the EU or the EEA.
The data collected in this way is in turn used by Google to provide us with an evaluation of the visit to our website and the usage activities there. This data can also be used to provide other services related to the use of our website and the use of the Internet.
Google states that it does not associate your IP address with other data. In addition, Google entertains
https://www.google.com/intl/de/policies/privacy/partners
further data protection information ready for you, e.g. also about the possibilities of preventing the use of data.
In addition, Google offers under
https://tools.google.com/dlpage/gaoptout?hl=de
a so-called deactivation add-on along with further information on this. This add-on can be installed with the most common Internet browsers and offers you further control over the data that Google collects when you visit our website. The add-on informs the Google Analytics JavaScript (ga.js) that information about the visit to our website should not be transmitted to Google Analytics. However, this does not prevent information from being transmitted to us or to other web analysis services. You can of course also find out whether and which other web analysis services we use in this data protection declaration.
Google Maps
On our website we use Google Maps to show our location and to create directions. This is a service provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043 USA, hereinafter referred to as “Google”.
Through certification under the EU-US Privacy Shield (“EU-US Privacy Shield”)
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Google guarantees that the data protection regulations of the EU are also observed when processing data in the USA.
In order to enable the display of certain fonts on our website, a connection to the Google server in the USA is established when our website is accessed.
If you call up the Google Maps component integrated into our website, Google will store a cookie on your end device via your Internet browser. Your user settings and data are processed in order to display our location and create a route description. We cannot rule out that Google uses servers in the USA.
The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in optimizing the functionality of our website.
Through the connection to Google established in this way, Google can determine from which website your request was sent and to which IP address the directions are to be sent.
If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your Internet browser. You can find details on this under “Cookies” above.
In addition, the use of Google Maps and the information obtained via Google Maps takes place in accordance with the Google Terms of Use https://policies.google.com/terms?gl=DE&hl=de and the terms and conditions for Google Maps https://www.google. com/intl/de_de/help/terms_maps.html.
In addition, Google offers under
https://adssettings.google.com/authenticated
https://policies.google.com/privacy
further information.
Google Fonts
We use Google Fonts to display external fonts on our website. This is a service provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043 USA, hereinafter referred to as “Google”.
Through certification under the EU-US Privacy Shield (“EU-US Privacy Shield”)
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Google guarantees that the data protection regulations of the EU are also observed when processing data in the USA.
In order to enable the display of certain fonts on our website, a connection to the Google server in the USA is established when our website is accessed.
The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the optimization and economic operation of our website.
By connecting to Google when you visit our website, Google can determine from which website your request was sent and to which IP address the display of the font is to be sent.
Google offers under
https://adssettings.google.com/authenticated
https://policies.google.com/privacy
further information, in particular on the possibilities of preventing the use of data.
“Facebook” social plug-in
We use the plug-in of the social network Facebook on our website. Facebook is an internet service provided by facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. In the EU, this service is in turn operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, hereinafter both referred to as “Facebook”.
Through certification under the EU-US Privacy Shield (“EU-US Privacy Shield”)
https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
Facebook guarantees that the data protection regulations of the EU are also observed when processing data in the USA.
The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in improving the quality of our website.
Facebook provides further information about the possible plug-ins and their respective functions
https://developers.facebook.com/docs/plugins/
ready for you.
If the plug-in is stored on one of the pages of our website you visit, your Internet browser downloads a representation of the plug-in from the Facebook servers in the USA. For technical reasons, it is necessary for Facebook to process your IP address. In addition, the date and time of the visit to our website are also recorded.
If you are logged into Facebook while you are visiting one of our websites with the plug-in, the information collected by the plug-in from your specific visit will be recognized by Facebook. Facebook may assign the information collected in this way to your personal user account there. So, for example, if you If you use the so-called “Like” button from Facebook, this information will be stored in your Facebook user account and, if necessary, published on the Facebook platform. If you want to prevent this, you must either log out of Facebook before visiting our website or use an add-on for your Internet browser to prevent the Facebook plug-in from being blocked from loading.
Facebook provides further information about the collection and use of data as well as your rights and protection options in this regard in the
https://www.facebook.com/policy.php
retrievable data protection information.
“Twitter” social plug-in
We use the plug-in of the social network Twitter on our website. Twitter is an Internet service provided by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA, hereinafter referred to as “Twitter”.
Through certification under the EU-US Privacy Shield (“EU-US Privacy Shield”)
https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active
Twitter guarantees that the data protection regulations of the EU are also observed when processing data in the USA.
The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in improving the quality of our website.
If the plug-in is stored on one of the pages of our website you visit, your internet browser downloads a representation of the plug-in from the Twitter servers in the USA. For technical reasons, it is necessary for Twitter to process your IP address. In addition, the date and time of the visit to our website are also recorded.
If you are logged in to Twitter while you are visiting one of our websites with the plug-in, the information collected by the plug-in from your specific visit will be recognized by Twitter. Twitter may assign the information collected in this way to your personal user account there. So, for example, if you If you use the so-called “Share” button from Twitter, this information will be stored in your Twitter user account and, if necessary, published via the Twitter platform. If you want to prevent this, you must either log out of Twitter before visiting our website or make the appropriate settings in your Twitter user account.
Twitter provides further information about the collection and use of data as well as your rights and protection options in this regard
retrievable data protection information.
Jetpack – WordPress Stats
We use Jetpack with the “WordPress Stats” extension on our website. This is a web analytics service provided by Automattic Inc., 132 Hawthorne Street, San Francisco, CA 94107, USA, hereinafter referred to as “Automattic”.
Through certification under the EU-US Privacy Shield (“EU-US Privacy Shield”)
https://www.privacyshield.gov/participant?id=a2zt0000000CbqcAAC&status=Active
Automattic guarantees that the data protection regulations of the EU are also observed when processing data in the USA.
The Jetpack – WordPress Stats service is used to analyze the usage behavior of our website. The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the analysis, optimization and economic operation of our website.
To analyze user behavior, Jetpack – WordPress Stats stores cookies on your end device via your internet browser.
During processing, your IP address, the website(s) of our website that you visit, the website from which you switched to our website (referrer URL), the length of time you spent on our website and the frequency with which one of our websites was accessed websites recorded. The data collected is stored on an Automattic server in the USA. However, your IP address will be anonymized immediately after processing and before it is stored.
If you do not agree to this processing, you have the option of preventing the storage of cookies by making a setting in your Internet browser. See “Cookies” above for more information.
If your personal data is based on legitimate interests pursuant to Art. 6 para. 1 p. 1 lit. f DSGVO are processed, you have the right to object to the processing of your personal data in accordance with Art. 21 DSGVO, provided that there are reasons for this that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which we will implement without specifying a particular situation.
If you would like to make use of your right of revocation or objection, an e-mail to: contact@ondiki.com is sufficient
data security
When you visit our website, we use the widespread SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser. This is usually a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 instead
technology back. You can tell whether an individual page of our website is being transmitted in encrypted form by the closed representation of the key or lock symbol in the lower status bar of your browser.
We also use suitable technical and organizational tools
Security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
Updating and changing this data protection declaration
This data protection declaration is currently valid and has the status of May 2020.
Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection declaration.
Do you have anymore questions?
Please contact us for more information.
Contact