March 25, 2020.
(1) This privacy notice aims to give you information on how PocketBook International SA ("PocketBook") collects and processes your personal data on our online services and all related websites, functions and contents.
(2) Please read the definitions in Art. 4 of the General Data Protection Regulation (GDPR) regarding the terms used, e.g. "personal data", or their "processing".
(3) The term "user" means all categories of the persons in respective to data processing. These are business partners, customers, interested parties and other visitors of our online services. The terms of use, e.g. "user", are formulated gender neutrally.
(4) User’s personal data processed under these online services are as follows:
(5) We process personal data about users for the following purposes:
(6) We process your personal data by following strictly to the data protection rules. It means data about the user are processed only when permitted by the applicable law. This is particularly the case where data are processed that we may be able to deliver our services under the contract with you (for example, to process the requests and orders) and where it is required for our online services as well or if it is required by law, the consent from the user is available or based on our legitimate interests. Legitimate interest means the analytics, optimization, security, and commercial operation of our online services, as well.
(7) Please note that the legal basis of the consent is Art. 6 (1) lit. a) and Art. 7 GDPR, the legal basis for data processing to deliver our services and perform our activities under the contract is Art. 6 (1) lit. b) GDPR, legal basis for data processing to perform our obligations under the contract is Art. 6 (1) lit. c) GDPR and legal basis for data processing to protect our legitimate interests is Art. 6 (1) lit. f) GDPR.
(1) According to Art. 32 GDPR and taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. Herewith, the data we process shall be protected, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data. Security measures include the encrypted transfer of personal data between your browser and our Server.
(2) Additionally, we have put in place the procedure to deal with any suspected personal data deletion and threat thereto.
(1) As we disclose the data to other persons and entities (authorized processors or third parties), transmit to them or grant them an access to the data within the framework of our processing, we perform it only based on a lawful permission to do it. This will apply e.g. when the data are transferred to the third party, such as shipping service provider according to Art. 6 (1) lit. b) GDPR, as it is necessary for the performance of a contract provided you have given your consent, a legal obligation stipulates it or it is necessary for our legitimate interests (e.g. if using the authorized persons, web hosters, etc.).
(2) As we share and process the data in a third country (it means outside the European Union or European Economic Area) or it takes place within the framework where we use the services of the third parties or disclose or transmit the data to the third parties, we perform it only when specific terms of Art. 44 ff. GDPR are available. It means we process, for example based on specific guaranties, such as official recognized framework for the adherence to European Union Data Protection laws (e.g. for the USA with "Privacy Shield") or by respecting officially recognized individual obligations (so called "standard contractual clause").
(3) We trust the third parties with data processing based on the so called "contract with an authorized processor" based on Art. 28 GDPR.
(1) Based on our legitimate interests in accordance with Art. 6 (1) lit. f) GDPR we collect the data about each access to the Server where this Service is placed (so called Server log files). These data are technically required to display the relevant website to you and to ensure stability and security. The access data include in particular the name of the website, file, time of the server request, amount of the data transferred, report as to whether the access attempt was successful, browser type/version, operating system used, the previously visited websites and IP address.
(2) Information about log files is retained for reasons of security (e.g. to investigate the fraud or abuse) for a period of maximum thirty days and then erased. Data to be retained for investigation purposes shall be precluded from erasing until the final investigation.
(1) We process the identity, contact and contractual data to perform our contractual obligations and to deliver the services in accordance with Art. 6 (1) lit b) GDPR. The entry fields marked as mandatory in the contact forms are necessary to make a contract.
(2) The users have an option to create a user account where they can see their orders or, provided they are subscribed to Pocketbook Cloud, control and use their e-content (in particular, eBooks). While registering the user is being informed what mandatory data are required. When you cancel your user account, your data related to the user account shall be erased provided the further retention is not prescribed by law, in particular to comply with the commercial and taxation legislation in accordance with Art. 6 (1) lit. c) GDPR. It is incumbent on the users to ensure the security of their data until the contract expires when the data are successfully erased. We are entitled to permanently erase all user data retained during the contract period.
(3) For registering and signing on a new and using our online services we store IP address and the time of the relevant user activity. We store based on our legitimate interests and in order to protect the user from the fraud and other not authorized usage. In general, these data are not transferred to the third parties except this transfer is necessary to pursue our claims or there is a legal obligation in accordance with Art. 6 (1) lit. c) GDPR.
(4) We process the user data (e.g. the visited websites of our online services, interests to our products) and content data (e.g. entries to the contact forms) for the advertising purposes in a user profile to display for the users, for example the product information based on the services used before.
(5) Data necessary to deliver the services under the contract are erased when the guarantee and similar obligations prescribed by law expire. If the law prescribes to archive the data, they shall be erased after the archiving obligation expires (legal obligation to retain data expires in 6 years in compliance with commercial law and in 10 years in compliance with tax law). Data under the user account are retained until they are erased.
If you contact us using the contact form or by email, we process the data you provide for the purpose to process your enquiry and to follow-up in accordance with Art. 6 (1) lit. b) GDPR.
You may rate the products in our online shop. Your assessment will be published with your name along with the relevant product. We recommend you to use a pseudonym instead of your real name. The name and email address are mandatory to enter, the rest of information is voluntarily. When you are posting your product assessment, we store your IP address which we delete in thirty days. The storage is necessarily to protect us against liability claim for the cases where illegal contents are published. We need your email address to contact you if some third party claims your assessment as illegal. The legal basis is Art.6 (1) lit. b) and f) GDPR. The assessments are not moderated before publishing. We reserve the right to delete the comments if the third parties claim them as illegal.
(1) Below we explain you about content of our newsletters and the subscribing and sending procedures and your rights to refuse, as well. By subscribing to our newsletter you declare that you agree to receive the newsletter and understand the procedure.
(2) We will send the newsletter by email or any other e-notice with advertising information only when the receivers give their consent or a law permits to. Our newsletters contain information about our products and services, sales promotions and our company.
(3) You subscribe to our newsletter by so called Double Opt-In procedure. As soon as you have subscribed to the newsletter, you will receive a confirmation email to confirm your subscription. This confirmation is required to preclude the subscription with somebody else’s address. The subscription to the newsletter shall be recorded to prove the subscription is done according to legal requirements. Hereto, the time of the subscription and confirmation and IP address are stored. The purpose of this process is to prove the subscription and to eventually investigate the abuse of your personal data. This is based on Art. 6 (1) lit. f) GDPR.
(4) To subscribe to our newsletter you can only indicate your email address. We store your email address to send the newsletters. The legal basis is Art. 6 (1) lit. a) GDPR.
(5) You have the right to revoke your consent at any time. You find the unsubscribe link at the end of each newsletter. If you has just subscribed to the newsletter and unsubscribed, your personal data will be erased.
(1) For our online services we use the cookie technology. Cookies are small text files which are stored on your device using your browser and which allow certain information to come (here by us). Cookies cannot run any program or bring viruses on your computer. We use cookies to make our websites user-friendly and efficient.
(2) We use temporary and persistent cookies. Temporary cookies are deleted automatically when you close your browser. They include in particular the session cookies. The latter are so called the session ID which attributes different requests of your browser to the common session. They help to remember your device for your repeat visits to our website. The session cookies are deleted when you log out or close your browser. Persistent cookies are stored on your device between the browser sessions so we remember your preferences and activities within our websites. Persistent cookies are deleted after a specified period (here one day). You can delete cookies in the security options of your browser at any time.
(3) Furthermore, we use cookies to measure the reach as explained in clause 10 below about usage of Google Analytics.
(4) You can set your browser configuration according to your preferences and to decline for example the cookies of the third providers or all cookies. However, please note that if you do this, you may not be able to use the full functionality of our online services.
(5) You may refuse the use of cookies for measuring the coverage and displaying the advertising by selecting the deactivation on the Network Advertising Initiative (http://optout.networkadvertising.org/) and additionally on the US website (http://www.aboutads.info/choices) or European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
(1) Based on our legitimate interests (that is the interests to the analytics, optimization, and commercial operation of our online services in compliance with Art. 6 (1) lit. f) GDPR) we use Google Analytics, a web analytics service from Google LLC ("Google"). Google uses cookies. The information generated by the cookies about your use of the online services will be transmitted to and stored by Google on servers in the United States. Google is certified under the Privacy Shield Framework and can ensure they respect the European Data Protection Legislation. (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
(2) Google uses this information on our behalf to analyze your use of our online services in order to compile reports on website activities and provide to us additional services as to our online services and internet usage.
(3) We use Google Analytics only with activated IP anonymization. It means that Google will shorten IP addresses of the users within the Member States of the European Union or in other Member States of the Agreement on the European Economic Area. Only in exceptional cases the full IP address is transmitted to a Google server in the USA and shortened there.
(4) The IP address transmitted by your browser is not merged with other Google data. The users can prevent the storage of cookies by making the proper setting using their browser software. In addition, the users can prevent Google from recording the data related to usage of the data related to our online services generated by the cookies and from processing this data by downloading and installing the browser plugin available at: https://tools.google.com/dlpage/gaoptout?hl=de.
(5) Third party information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of Service: http://www.google.com/analytics/terms/de.html, General overview on privacy principles: http://www.google.com/intl/de/analytics/learn/privacy.html, as well as Google’s Privacy Policy: http://www.google.de/intl/de/policies/privacy.
(1) Based on our legitimate interests to analytics, optimization and commercial operation of our online services and for these purposes we use "Facebook Pixel" tool of social network Facebook which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 ("Facebook"). Facebook is certified according to Privacy Shield Framework and ensures herewith to respect the European Data Protection Law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=A...).
(2) By using Facebook Pixel Facebook allows defining the users of our online services as a target group for displaying the advertising (so called "Facebook Ads"). Accordingly, we use Facebook Pixel to display the Facebook Ads switched on by us only to those Facebook users who are interested in our online services or show some features (e.g. interests in certain topics or products determined based on the visited websites) which we transmit to Facebook (so called "Custom Audiences"). By using Facebook Pixel we want to be sure that our Facebook Ads meet the potential user’s interest and are not annoying. Moreover, with Facebook Pixel we can track the efficiency of Facebook advertising messages for the purposes of statistics and market research by viewing the users go on to click the Facebook advertising (so called "Conversion").
(3) Facebook processes the data within the framework of Facebook’s Data Policy. You can find general information about displaying the Facebook’s Ads in Facebook’s Data Policy: https://www.facebook.com/policy.php. Specific information and details about Facebook Pixel and functions in Help Center on Facebook: https://www.facebook.com/business/help/651294705016616.
(4) You may refuse from collection of your data with Facebook Pixel and usage thereof to display Facebook Ads. To set up the type of advertising to be displayed by Facebook you can open the page established by Facebook and follow the instructions how to set up the customized advertising: https://www.facebook.com/settings?tab=ads. The settings are platform independent, they are picked up by all devices such as desktop computers or mobile devices.
(1) The users are entitled to request and obtain for free information how we process your personal data.
(2) Furthermore, the users have the right to rectify the wrong data, restrict processing and delete their personal data and where applicable have the right to data portability and in the case where the illegal data have been accepted the right to complain to the relevant supervisory authority.
(3) The user may also withdraw their consent with effect for the future.
(1) Data we stored may be deleted whenever they are not required any more for the intended purpose and the deletion thereof will not contradict the retention obligations. Unless the user data are not deleted as they are necessary for other lawful purposes, the processing will be limited. That is, the data are blocked and not processed for other purposes. This shall apply for the data of the user which have to be retained to comply with the commercial and taxation legislation.
(2) In compliance with legislative requirements the retention period shall be 6 years in accordance with § 257 (1) Commercial Code HGB (e.g. for commercial and business papers) and 10 years in accordance with § 147 (1) Taxation Code AO (e.g. for trading books and accounting records).
The users may withdraw their consent to process their personal data in compliance with legal requirements at any time. This withdrawal may be placed in particular because of the processing to the purposes of direct advertising.
The users are asked to see regularly into our Privacy Notice. We amend our Privacy Notice to reflect the changes in our data processing or legislation. We inform you as soon as these changes require cooperation from your side (e.g. your consent) or any other individual notification is required.