This data protection information applies to data processing by:
ANTELOPE – part of the Beurer group – BEURER GmbH – represented by its management: Marco Bühler, Sebastian Kebbe, Oliver Neuschl
Niddastr. 64 – 60329 Frankfurt/Main, Germany Company headquarters: Ulm – Soeflinger Strasse 218, 89077 Ulm – Germany
Ulm District Court, Registration No.: HRB 722213
Tel.: +49 69 25786744
E-mail: info@antelope.de
Data Protection Officer:
ANTELOPE – part of the Beurer group – BEURER GmbH
Niddastr. 64
60329 Frankfurt am Main, Germany
Tel.: +49 69 25786744
E-mail: datenschutz@beurer.de
If a person wishes to make use of our Company’s services via our website / online shop, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we will always obtain the consent of the person concerned.
The processing of personal data (for example, name, address, e-mail address or telephone number) always takes place in accordance with the General Data Protection Regulation (GDPR) and in accordance with the specific data protection regulations applicable to us.
This data privacy statement aims to provide information about the type, scope and purpose of the personal data collected, used and processed by us. This data privacy statement also informs data subjects about their rights.
As the data controller, we have implemented numerous technical and organisational measures to ensure the fullest possible protection of the personal data processed via our website. However, data transmissions via the Internet can always involve security vulnerabilities and therefore 100% protection cannot be guaranteed. Every data subject can of course also provide personal data to us via an alternative route, for example, over the phone.
This privacy statement is based on the definitions used by the European Regulation and the regulation makers in the adoption of the GDPR (Article 4 GDPR). This privacy statement should be both easy to read and easy to understand for everyone. In order to ensure this, we would first like to explain the terms used.
The following definitions are used in this data privacy statement:
‘personal data’ means any information relating to an identified or identifiable natural person (hereinafter ‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more specific characteristics that express the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
‘data subject’ means any identified or identifiable natural person whose personal data are processed by the controller.
‘processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
‘limitation of processing’ means the marking of stored personal data with the aim of limiting their processing in the future;
‘profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
‘recipient’ means a natural or legal person, public authority, agency or other body to which personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular enquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct responsibility of the controller or processor, are authorised to process the personal data;
‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
When you visit our website, www.antelope.de, the browser on your device automatically sends information to our website server. This information is temporarily stored in a log file.
The following information is collected without your intervention and stored until it is automatically deleted:
We process the aforementioned data for the following purposes:
The legal basis for data processing is Art. 6 (1) 1 f GDPR. Our legitimate interest is based on the purposes of collecting data that are listed above. Under no circumstances will we use data collected to draw conclusions about your identity. In addition, we use cookies and analysis services when you visit our website. More detailed information on this can be found in points 4 and 5 of this data privacy statement.
Information relating to the contents of our newsletter as well as registration, dispatch and statistical evaluation procedures, and your rights of objection is provided below. By subscribing to our newsletter, you indicate your consent to its receipt and agreement with the procedures described.
Newsletter content: We send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter referred to as ‘newsletter’) only with the consent of the recipient or based on legal permission. If the contents of the newsletter are described specifically as part of the registration, these are relevant for the user’s consent.
Double opt-in and logging: Registration for our newsletter takes place through a so-called double opt-in procedure. This means that you will receive an e-mail after you have registered asking you to confirm your registration. Such confirmation is necessary to prevent registration using external e-mail addresses. Registrations for the newsletter are logged in order to be able to prove that the registration process has been conducted in accordance with legal requirements. This includes storage of the registration and confirmation date, as well as the IP address. Likewise, changes to your data stored with the mail service provider are logged.
The recipients of the data are the technical operator and the hosting service provider of our website (see above under C.) as well as the newsletter service provider salesforce.com EMEA Limited (Art. 28 GDPR) based in London.
Furthermore, according to its own information, the mail service provider may use personal data in pseudonymised form, i.e. without assignment to a user, to optimise or improve its own services, for example, for technical optimisation of the mailing and display of the newsletter or for statistical purposes, in order to determine the countries from which the recipients originate. However, the mail service provider will not use the data of our newsletter recipients to write to them itself nor will it pass these data on to third parties.
Registration details: To subscribe to the newsletter, you simply need to enter your e-mail address.
Performance measurement – Our newsletters contain a so-called ‘web beacon’, i.e. a file the size of a pixel, which is retrieved by the server of the mail service provider when the newsletter is opened. Technical data, such as information about the browser and your system, as well as your IP address and date of retrieval, are collected as part of this retrieval procedure. This information is used for the technical improvement of services based on technical data or target groups and their reading behaviour based on their retrieval locations (which can be determined with the help of the IP address) or access dates. Statistical surveys also include determining whether newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our, nor the mail service provider’s intention to monitor individual users. We use these surveys much more to identify the reading habits of our users and to adapt our contents to them or to send different content according to their interests.
Newsletter dispatch and performance measurement are based on the consent of the recipients in accordance with Art. 6 (1) a), Art. 7 GDPR in conjunction with Section 7 (2) 3) of the German Act against Unfair Competition (UWG) or legal permission in accordance with Section 7 (3) UWG.
The registration procedure is logged based on our legitimate interests pursuant to Art. 6 (1) f) GDPR and serves as proof of consent to receive the newsletter.
Cancellation – You can unsubscribe from our newsletter at any time, i.e. withdraw your consent. You will find an unsubscribe link at the end of each newsletter. If users have only subscribed to the newsletter and subsequently cancel their subscription, their personal data will be deleted. Alternatively, you can send your unsubscribe request at any time to datenschutz@beurer.de :
For questions of any kind, we offer you the possibility to contact us via a form provided on the website. In doing so, it is necessary to provide a valid e-mail address so that we know from whom the inquiry originates and so that we can answer it. Further information can be provided voluntarily. The data processing for the purpose of contacting us is based on your voluntarily given consent according to Art. 6 para. 1 p. 1 lit. a DSGVO.
You can either place orders via our website as a guest without registering or register in our store as a customer for future orders. A registration has the advantage for you that you can log in directly with your e-mail address and password in our store in case of a future order without having to enter your contact data again.
Your personal data will be entered into an input mask and transmitted to us and stored. If you place an order via our website, we initially collect the following data both in the case of a guest order and in the case of registration in the store:
These data are collected,
Your consent to the processing of this data will be obtained as part of the ordering process.
Data processing takes place in relation to your order and/or registration and is necessary, in accordance with Art. 6 (1) 1) b) GDPR for the aforementioned purposes, for the appropriate processing of your order and for the mutual fulfilment of obligations arising from the purchase agreement.
The personal data collected by us for the processing of your order will be stored until expiry of the statutory storage period and deleted thereafter unless we are obliged to store them for a longer period of time in accordance with Article 6 (1) 1) c) GDPR, or on account of storage and documentation obligations under commercial and tax law (German Commercial Code (HGB), German Criminal Code (StGB) or German Tax Code (AO)), or you have consented to storage beyond this in accordance with Article 6 (1) 1) a) GDPR.
General information on processing
If an item displayed in our online shop is temporarily out of stock, you can use the notification function to leave an email address to which we will send an automated email notification when the item in question is available again. When using the notification function, the following data is processed:
Providing your data is voluntary. However, if you do not provide this information, we will not be able to provide you with the notification function.
Scope and purposes of processing
We process your personal data in order to process your request and to contact you for this purpose.
Data transmission / recipient
The recipients of the data are the technical operator and the hosting service provider of our website (see above under C.) as well as the newsletter service provider salesforce.com EMEA Limited (Art. 28 GDPR) based in London.
Storage period
We save the data you have given us until we have answered you. If the article in question is not available again within six months, your data will be automatically deleted and no notification will be given.
Legal bases for processing
The processing takes place because it is necessary to carry out pre-contractual measures (Art. 6 Para. 1 b GDPR). Unless it is a pre-contractual matter, the legal basis is our legitimate interest in processing your request. We assume that there are no overriding interests or fundamental rights and freedoms on your part (Art. 6 Para. 1 f GDPR). Upon request, we will provide you with further information about our weighing of interests.
Right to object
You have the right to object to this processing at any time for reasons that arise from your particular situation. We will then no longer process this data for these purposes and may no longer answer your request. You can submit your objection to us using the contact details given under A.
The following additional data will be collected and stored when using our iOS app:
Data processing takes place upon registration in the app and is required, in accordance with Art. 6 (1) 1) b) GDPR for the purposes indicated, for the appropriate use of your ANTELOPE product and thus for the mutual fulfilment of obligations arising from the purchase agreement.
The personal data collected by us for use of the app will be stored until expiry of the statutory storage period and deleted thereafter, unless we are obliged to store them for a longer period of time pursuant to Article 6 (1) 1) c) GDPR, or on account of storage and documentation obligations under commercial and tax law (German Commercial Code (HGB), German Criminal Code (StGB) or German Tax Code (AO)), or you have consented to storage beyond this pursuant to Article 6 (1) 1) a) GDPR.
1. Data protection statement
Please note that the full range of functions of the relevant app are only available if you are logged in with your Beurer account and the app has established a data connection to the Beurer Cloud and, in the case of the Antelope app, you have activated the Bluetooth functionality on the Antelope Booster and linked the product to your mobile device.
The availability of the app may be interrupted for necessary maintenance and repair measures.
1.1 Authorisations and notifications
Apps may notify you of events via push notification on your mobile device. Beurer uses push notifications from Apple or Google to send messages to your mobile device. Beurer can only transmit these messages if it is ensured that:
• the app has been installed in accordance with the instructions,
your Internet access and the Beurer cloud which your system communicates with work without any issues,
• you have allowed messages from the app on your mobile device and in the app,
• and your mobile device has an active data connection.
The following authorisations are required, depending on the functions used:
a) Android – Google
• Camera
This authorisation is required to scan the QR codes of the garments so that they can be registered in the app. Alternatively, the code can be entered manually.
• Find and pair nearby Bluetooth® devices
This authorisation is required to find and pair nearby Bluetooth® devices such as the Antelope Booster.
• Access precise location only when the app is running in the foreground
This authorisation is required for Bluetooth® communication from Android 10.
• Access approximate location only when the app is running in the foreground
This authorisation is required for Bluetooth® communication from Android 10.
• Access location in the background
This authorisation is required for Bluetooth® communication from Android 10, but is not collected or used by Beurer
• Access precise location (GPS and network-based)
This authorisation is required for Bluetooth® communication up to and including Android 9.
• Full network access
This authorisation is required in order to synchronise the measurements with the cloud.
• Access network connections
This authorisation is needed for checking the Internet connection.
• Pair with Bluetooth® devices
This authorisation is required for Bluetooth® communication with the connected devices.
• Connect to paired devices
This authorisation is required to connect to paired Bluetooth® devices.
• Send content to nearby Bluetooth® devices
This authorisation is required for Bluetooth® communication with the connected devices.
• Access Bluetooth® settings
This authorisation is required for Bluetooth® communication with the connected devices.
• Access active apps
This authorisation is required to show messages in the status bar, e.g. an active connection with a device.
b) iOS – Apple
• Camera
This authorisation is required to create a profile picture
• Mobile data
This authorisation is required in order to synchronise the measurements with the cloud
• Access Bluetooth® settings
This authorisation is required for Bluetooth® communication with the connected devices.
For iOS, you are explicitly asked for your approval for certain rights, meaning you can make a decision directly in this case.
1.2 Collection and storage of personal data and the nature and purpose of its use
1.2.1 Registration and login in the Antelope app
You are required to enter your e-mail address (user ID) and a password to register for a Beurer account. The e-mail address you are using for the request is not stored at this point in time. When you log in, you also have the option of entering additional data, such as your first name, surname, sex and date of birth. We also store the date of your login. Optionally, you can provide your mobile phone number to identify yourself to us if you lose access to your e-mail inbox.
Regional deviations in requests for information are possible.
If you store personal data of third parties, you are responsible for complying with data protection regulations.
The legal basis for the described data processing is Article 6(1)(a) GDPR. The purpose of data processing is your consent to create a user account when you register. You can view, rectify or erase your data at any time by logging in via the Beurer Account Manager: https://appsso.beurer.de/login
1.2.2 Use of the app with registration
When using the app, the following data is processed both locally on your mobile device and in the Beurer cloud:
• E-mail address
• Password
• Name
• Date of birth
• Date of registration, date last logged in
• IP address
• App settings (such as device type, consent and authorisation management)
• Registered Antelope products via device ID (Booster and garments)
The IP address is required to establish communication between the location where the data is stored and the device used. The IP address is not stored.
The legal basis for the described data processing is Article 6(1)(a) GDPR. The purpose of data processing is your consent to the use of the app and its functionalities on the basis of the data provided.
In addition, the following health-related data will be processed:
•Training history
• Height
• (Biological) sex
• ECG
• Pulse
• Weight
• Comments you save concerning a measurement
• Type of input measurement
• Manually input measurements
• Training history
• Antelope Booster settings
• Data transfer (which is approved by you) from a product, e.g. blood pressure monitor, to your smartphone
The legal basis for the data processing is Art. 9(2)(a) in conjunction with Article 6(1)(a) GDPR. The purpose of data processing is to support your personal training plan and monitoring as well as your health management with Antelope products.
In principle, the data is stored until the user uninstalls the app and deletes the user account in the Beurer cloud. Users who have not logged into the app for more than 30 days are automatically logged out.
1.2.3 Processing of functionally necessary data when using the app
Information is automatically sent to the server when the app is used. This information is stored temporarily in what is known as a log file. The following information is collected without any action on your part, and stored until it is automatically erased:
• Requests (for login, Firebase or Bluetooth)
• Crash report from the app incl. the control system
• IP address of the requesting mobile device
• Time stamp (date and time of access)
• Status code indicating whether the request was successfully made
We process this data for the following purposes:
• to ensure that a seamless connection to the app can be established
• to ensure the convenient use of our app
• to evaluate system security and stability and
• for other administrative purposes.
The legal basis for data processing is Article 6(1)(f) GDPR. Our legitimate interest arises from the purposes outlined above for data collection and ensuring the functional reliability of the app. Under no circumstances will we use the data collected for the purposes of drawing any conclusions about you. The data will be stored for 14 days. In accordance with Article 21 GDPR, you can object to this data processing at any time (see section 5 of this data protection statement).
1.2.4 Use of the app functionality for body weight
If you have a Beurer body analysis scale and it is linked to your Beurer account, you can give us your consent to process this data in the Antelope app when setting up the app or under “More>Profile.” As a result, you do not have to enter your body weight manually in the app. Consent is voluntary and can be revoked at any time in the app via “More>Profile.” As a result, the body weight will no longer be transferred to the app in the future and it can be entered manually.
The legal basis for processing is Article 6(1)(a) GDPR.
1.2.5 Contact form
You may contact us to submit an enquiry. Should you do so, the following data will be collected:
• First name
• Surname
• E-mail address
• Content of the message you are sending us
• Extended, password-protected log file
You can voluntarily share the extended, password-protected log file with us so that we can offer you even better customer service and support for your enquiry. However, please only send these to us at the request of our employees.
The legal basis for data processing is Article 6(1)(a) GDPR (Consent).
The purpose of the data processing is to respond adequately to your enquiry.
The data will be stored for 1 month.
2. Disclosure of data
Entities within Beurer GmbH that require access to data in order to fulfil contractual and legal obligations receive access to the data.
Beurer GmbH’s external service providers may also receive this data. These service providers may be:
• Affiliated companies, where these are required for the fulfilment of the contract
• Service providers for processing customer service enquiries
• IT service providers, hosting service providers, and service providers for operating the IT system
3. Analysis with Firebase
We use Firebase to better understand and optimise user behaviour in the apps. User data is transmitted to Firebase in anonymised form. In addition, other Firebase functions are also used which enable better user navigation or an evaluation of the causes of errors in the apps as well as push notifications. Firebase is a real-time database that allows you to embed real-time information into your website. Firebase is a subsidiary of Google and is based in San Francisco (CA), USA. You can find Firebase’s privacy policy at https://www.firebase.com/terms/privacy-policy.html. The legal basis for the processing of your data is Article 6(1)(f) GDPR. In accordance with Article 21 GDPR, you can object to this data processing at any time (see section 5 of this data protection statement).
4. Rights of the data subject
You can view, rectify or erase your data at any time by logging in via the Beurer AccountManager: https://appsso.beurer.de/login
You have the right:
• Pursuant to Article 15 GDPR, to request information about your personal data that we process. In particular, you may request information about the purposes of processing, category of personal data, categories of recipients to whom your data have been or will be disclosed, the planned duration of storage, the existence of a right to rectification, erasure, restriction of processing or objection, the right to lodge a complaint, the origin of your data if we did not collect it ourselves, and about the existence of automated decision-making including profiling, and where applicable meaningful information about the details thereof;
• Pursuant to Article 16 GDPR to immediately request the rectification of inaccurate or incomplete personal data relating to you stored by us;
• Pursuant to Article 17 GDPR to request the erasure of personal data relating to you stored by us, unless processing is required for the exercising of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of the public interest, or for the establishment, exercise, or defence of legal claims;
• Pursuant to Article 18 GDPR to request the restriction of processing of your personal data insofar as you dispute the accuracy of the data, or processing is unlawful and you decline their erasure and we no longer need the data but you require them for the establishment, exercise, or defence of legal claims, or you have submitted an objection to processing pursuant to Article 21 GDPR;
• Pursuant to Article 20 GDPR to receive the personal data relating to you that you have provided to us in a structured, commonly used and machine-readable format, or to request the transfer of the same to another controller;
• Pursuant to Article 7(3) GDPR to at any time revoke any consent you have provided to us. This will result in us no longer being permitted to continue the data processing that this consent relates to in the future, and
• Pursuant to Article 77 GDPR to lodge a complaint to a supervisory authority. Generally, you can contact the supervisory authority for your usual place of residence or the registered headquarters of our company for this purpose.
5. Right to object
If your personal data is processed based on legitimate interests pursuant to Article 6(1)(f) GDPR, you have the right to submit an objection to the processing of your personal data pursuant to Article 21 GDPR, provided that there are reasons to do so arising from your particular situation, or if the objection relates to direct advertising. In the latter case, you have a general right to object, which we will implement without requiring a particular situation to be stated.
If you would like to exercise your right to revoke consent or to object, please contact us via the communication methods specified at the top of this Privacy Policy .
6. Data security
We use the popular SSL (Secure Socket Layer) process in conjunction with the highest level of encryption supported by your mobile device. We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or full loss, destruction, or unauthorised access by third parties. Our security measures are continually being improved in line with technological developments.
7. Disclosure of data to third parties
All data collected, processed and stored in the app or on the central systems remains the responsibility of Beurer GmbH. Forwarding may take place within the Beurer Group for the processing of enquiring as well as to service providers committed to data protection for providing the services. Forwarding to any other third parties is excluded.
8. Obligation to make data available
In the context of using the app, you are required to make available personal data that is essential for service provision. Without this data, we are not able to provide the service.
The criterion for the duration of the storage of personal data is the respective statutory retention period. After expiry of this period, the corresponding data will be routinely deleted, provided that it is no longer required to fulfill or initiate a contract.
As part of the appointment booking process via Microsoft Bookings, the following data will be collected and stored additionally:
This data is collected
The legal basis for the processing of your data in relation to the “Microsoft Bookings” service is Art. 6 (1) p. 1 lit f) GDPR (legitimate interest in data processing). The legitimate interest arises from our claim to offer you a user-friendly website with a wide range of functions and to give you the opportunity to make an appointment with our staff quickly and easily at any time if necessary.
Recipients of the data are the technical operator and the hosting service provider of our website (see above under C.) as well as the appointment booking service provider commissioned by us Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521.
For the appointment booking, your entries in the form are transferred to Microsoft. For more information on the handling of user data, please refer to Microsoft Privacy Statement – Microsoft privacy.
Please note that you are not obliged to use Microsoft Bookings to make an appointment. If you do not wish to use the service, please use another of the contact options offered to make an appointment.
A transfer of your personal data from us to third parties takes place exclusively to the service partners involved in the contract processing, such as the logistics company entrusted with the delivery and the credit institution entrusted with payment matters. In cases where your personal data is passed on to third parties, however, the scope of the transmitted data is limited to the necessary minimum and takes place via a secure transmission channel.
PayPal
When paying via PayPal, credit card via PayPal, direct debit via PayPal or “purchase on invoice” via PayPal, we pass on your payment data to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”) as part of the payment processing. PayPal reserves the right to conduct a credit check for the payment methods credit card via PayPal, direct debit via PayPal or “purchase on invoice” via PayPal. Further information on data protection can be found in the PayPal data protection principles:
https://www.paypal.com/us/webapps/mpp/ua/privacy-full
We will only share your personal information with third parties if:
Credit card
If you pay by card, personal data will be required of you. Here you will find details on the processing of your personal data.
If you pay with your card, Beurer GmbH collects personal data via the online shop www.antelope.de/shop. As a result of the transaction, this data is transmitted to the network operator, among others.
The network operator and the respective payment service providers for the acceptance and billing of payment transactions (e.g. acquirer) further process the data. This is done in particular for payment processing, to prevent card misuse, to limit the risk of payment defaults and for legally prescribed purposes, such as anti-money laundering and criminal prosecution. For these purposes, your data will also be transmitted to other responsible parties, such as your card-issuing bank.
Details on the processing of your personal data can be found below.
Network operator for central network operation, processing, recoding, risk assessment and further transmission:
Concardis GmbH, Helfmann-Park 7, 65760 Eschborn, Germany, Tel. 069 7922 0
Data Protection Officer: datenschutzbeauftragter@concardis.com
Responsible data protection supervisory authority: The Hessian Commissioner for Data Protection and Freedom of Information, Gustav-Stresemann-Ring 1, 65189 Wiesbaden.
Acquirer is a payment service provider regulated under the Payment Services Supervision Act (Zahlungsdienstaufsichtsgesetz, ZAG) that carries out the acceptance and billing of payment transactions on behalf of the merchant. Who the acquirer is depends on what kind of card you have used.
a) MasterCard Europe SPRL, for the payment brands MasterCard and Maestro
b) Visa Europe Services LLC, for the payment brands Visa, Visa Electron and V PAY
c) American Express Payment Services Ltd, for the payment brand American Express
What data is used for payment?
Card details (data stored on your card): card number, card type (e.g. VISA, Mastercard, American Express) and expiration date.
Other payment data: amount, date, time, verification data from your card-issuing institution (“EMV data”).
Chargeback: If you dispute a transaction made with your card: In this case, the purchase receipt and, if applicable, further information about you that Beurer GmbH uses to prove your claim (e.g. name and address) may be passed on to the card-issuing institution.
For what purpose and on what legal basis is your data processed?
Beurer GmbH
Network operator:
Acquirer:
Who receives the data?
In addition to Beurer GmbH and the network operator, other bodies require your data in order to make the payment or to comply with legal regulations. Only to this extent will your data be passed on to the following parties:
Is data transferred to a third country or to an international organization?
The acquirer forwards your data to the payment card system (credit card organization) outside the European Economic Area in order to authorize and execute your payment. Regarding the processing of your data by the payment card system, please refer to its privacy policy:
a) MasterCard Europe SPRL, Chaussée de Tervuren 198A, 1410 Waterloo, Belgium, for the payment brands MasterCard and Maestro https://www.mastercard.de/de-de/datenschutz.html
b) Visa Europe Services LLC, registered in Delaware USA, acting through its London branch, 1 Sheldon Square, London W2 6TT, United Kingdom, for the payment brands Visa, Visa Electron and V PAY
https://www.visa.co.uk/privacy/
c) American Express Payment Services Ltd., Frankfurt am Main Branch, Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, for the payment brand American Express
www.americanexpress.de/datenschutz
How long will my data be stored?
If the data are no longer required for the fulfillment of contractual or legal obligations, they will be deleted regularly, unless their (temporary) further processing is necessary for the following purposes:
Fulfillment of retention obligations under commercial and tax law in accordance with the German Commercial Code (HGB), the German Fiscal Code (AO) and the German Money Laundering Act (GwG).
Will my data be used for automated decision-making?
If you want to use your card for payment, the card payment must first be authorized. Authorization is done automatically using your data. In particular, the following considerations may play a role: payment amount, place of payment, previous payment behavior, purpose of payment. Card payment is not possible without authorization. This has no influence on other payment methods (e.g. other cards or prepayment).
Right to object in individual cases
You have the right to object at any time, on grounds relating to your particular situation, to the processing of data carried out on the basis of Article 6 (1)(f) GDPR, i.e. the processing of data on the basis of a balance of interests.
If you legitimately object, your data will no longer be processed on the basis of Article 6 (1)(f) GDPR, with two exceptions:
Your data will be further processed insofar as the responsible party can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, in particular, e.g. in the case of statutory retention obligations and to execute a payment that has already been started at the payment terminal but has not yet been completed.
Your data will be further processed if this serves the assertion, exercise or defense of legal claims.
We use cookies, web analysis services and social media plugins on our website. There is a separate data privacy notice for this.
The links published on our website are researched and compiled by us with the greatest possible care. However, we have no influence on the current and future design and content of linked pages. We are not responsible for the content of linked pages and expressly do not adopt the content of these pages as our own. The provider of the website to which you are referred shall be solely responsible for illegal, incorrect or incomplete content as well as for any damage resulting from the use or misuse of the information. Liability of the party merely referring to a publication via a link shall be excluded. We shall only be responsible for third-party references if we have positive knowledge of them, i.e. any illegal or criminal content, and if it is technically possible and reasonable for us to prevent their use.
The tracking measures listed below and used by us are carried out on the basis of Art. 6 (1) 1) f) GDPR. The tracking measures we use are intended to ensure that our website meets requirements and is continually optimised. We also use these tracking measures to record website use and to evaluate it for you in order to optimise our offering. These interests are considered legitimate within the meaning of the aforementioned provision. The respective data processing purposes and data categories can be found in the corresponding tracking tools.
We use Google Analytics, a web analysis service provided by Google Inc., for the purpose of tailoring our pages to meet your needs and continuously optimising them. (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter referred to as ’Google’). Pseudonymised user profiles are created and cookies (see section 4) are used in this context. The information generated by cookies about your use of our website includes
We only use Google Analytics with IP anonymisation enabled. This means that the IP address of the user is shortened by Google within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.
The IP address transmitted by the user’s browser is not merged with other Google data. Users may refuse the use of cookies by selecting the appropriate settings in their browser, by selecting the appropriate settings on the Google website or by downloading and installing the browser plugin available from the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
This information is used to evaluate website use, to compile reports on website activity and to provide other services relating to website and Internet use for market research purposes and to tailor our website to requirements. This information may also be transferred to third parties if this is required by law or if third parties process such information on behalf of third parties. Under no circumstances will your IP address be merged with other Google data. Further information on data privacy in connection with Google Analytics can be found in the Google Analytics help section (https://support.google.com/analytics/answer/6004245?hl=de).
We also use Google conversion tracking to record the use of our website statistically and to evaluate it for the purpose of optimising our website for you. Google Adwords places a cookie (see number 4) on your computer if you have reached our website via a Google advertisement. These cookies lose their validity after 30 days and are not used for personal identification purposes. If the user visits certain pages on the AdWords customer’s website and the cookie has not expired, Google and the customer will be able to tell that the user clicked on the ad and was directed to that page.
Each Adwords customer receives a different cookie. Cookies can therefore not be traced via the websites of Adwords customers. The information collected using the conversion cookie is used to generate conversion statistics for Adwords customers who have opted for conversion tracking. Adwords customers will know the total number of users who clicked on their ad and were directed to a page tagged with a conversion tracking tag. However, you will not receive any information that personally identifies users. If you do not wish to participate in the tracking process, you can also refuse to set a cookie as required, for example by setting your browser to disable the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser to block cookies from the domain ‘www.googleadservices.com’. Google’s Privacy Policy for conversion tracking can be found here (https://services.google.com/sitestats/de.html).
In order to analyse the user behavior and take corresponding measures to optimise the user experience on our website, we further use the web analytics tool mouseflow. Mouseflow is only used with activated ip-anonymised functionality. It shows an anonymised recording of your activities on our website. If you do wish to be tracked, please use the following opt-out option. mouseflow.com/de/opt-out
By using the opt-out, a corresponding cookie will be placed on your device until it is being deleted.
We use salesforce.com EMEA Limited, a provider of cloud computing solutions for businesses, based in London. Salesforce uses cookies. These are text files that are stored on your computer / device and enable your use of our website to be analyzed. Actions and movements on the website are recorded.
On our behalf, Salesforce and the service providers engaged will process the information collected via the cookie in order to evaluate your use of our website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage.
The information generated by the cookie about your use of our website is usually transmitted to a Salesforce server and stored there.
Currently (as of January 2019) the data is stored in one of the Salesforce data centers mentioned here:
• Chicago, Illinois, United States (USA)
• Dallas, Texas, United States (USA)
• Frankfurt, Germany (GER)
• Kobe, Japan (JPN)
• London, United Kingdom (UK): London, UK (North) & London, UK (West)
• Paris, France (FRA)
• Phoenix, Arizona, United States (USA)
• Tokyo, Japan (JPN)
• Washington, DC, United States (USA)
Further information is available at: https://help.salesforce.com/articleView?id=000257307&language=en_US&type=1
The data is passed on to the service provider PARX Consulting GmbH, An der Alster 62, 20099 Hamburg, Germany, for evaluation.
The storage period is 12 months.
The data processing takes place on the basis of your consent (Art. 6 Para. 1 a GDPR).
You can also control whether tracking cookies are saved via the settings of your browser by rejecting cross-website tracking there.
For the purpose of conducting competitions, Beurer processes the personal data of the participants. Depending on the type of competition, a valid e-mail address, first name, last name, date of birth and gender must be provided by the participants. In individual cases, a telephone number must also be provided if contact at short notice is required (e.g. if concert tickets can be won). If an EMS suit is raffled, the clothing size of the winner must be shared with Antelope by Beurer. If winnings are sent by post or parcel services, we will additionally ask for your postal address in order to enable shipping.
We collect this data to determine whether you are eligible to participate and to determine and notify the winners by e-mail. If you do not provide us with the aforementioned data, participation in the competition or contact regarding a prize notification is not possible. Your address data will be used exclusively for sending prizes. Without this information, it is not possible to send the prize by post.
As a matter of principle, your data will not be disclosed to third parties unless the disclosure is necessary for the implementation of the respective competition or for the dispatch of prizes. If we involve partner companies or service providers in the implementation or carry out actions together with them, we conclude the necessary agreements by way of order processing in accordance with Art. 28 GDPR or joint responsibility in accordance with Art. 26 GDPR.
If the prizes are linked to corresponding hotel accommodation, your contact details (first name, surname, home address and telephone number) will be transmitted to the respective hotel by Beurer for the purpose of making a hotel booking.
If we conduct competitions with partners or if the respective cooperation partner, who provides the prizes, arranges the shipment on his own responsibility, personal data such as address data will be transmitted to the respective cooperation partner.
If we commission service providers to carry out competitions, we select them carefully. The data protection notices of the service providers provide further detailed information on the specific processing by the cooperation partner for the respective survey, competition or promotion.
As part of the competition, we process the data on the basis of Art. 6 para. 1 b) GDPR and transmit it to the respective cooperation partner. For statistical purposes, we anonymously evaluate how many participants have taken part in the respective competition. This evaluation does not allow any conclusions to be drawn about individual participants. The legal basis for this is our legitimate interest pursuant to Art. 6 para. 1 p. 1 lit. f) GDPR. Advertising and newsletter dispatch are expressly carried out only on the legal basis of consent in accordance with Art. 6 para. 1 p. 1 lit. a).
We use social plug-ins of the social networks Facebook, Twitter and Instagram on our website based on Art. 6 (1) 1) f) GDPR, in order to raise the profile of our company and the online shop. The advertising purpose behind this is regarded as a legitimate interest within the meaning of GDPR. Responsibility for operation that is compliance with data protection regulations must be guaranteed by the respective providers. These plug-ins are integrated by us using the two-click method in order to protect visitors to our website in the best possible way.
Social media plugins from Facebook are used on our website to make its use more personal. For this we use the ‘LIKE’ or ‘SHARE’ button. This is an offer from Facebook. If you call up a page on our website that contains such a plugin, your browser establishes a direct connection with the Facebook servers. The content of the plugin is transmitted directly from Facebook to your browser, which integrates it into the website. By integrating the plugins, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook account or are not logged in to Facebook. This information (including your IP address) is transmitted directly from your browser to a Facebook server in the USA and stored there. If you are logged in to Facebook, Facebook can assign your visit to our website directly to your Facebook account. If you interact with the plugins, for example by pressing the ’LIKE’ or ‘SHARE’ button, the corresponding information is also transmitted directly to a Facebook server and stored there. The information is also published on Facebook and displayed to your Facebook friends.
Facebook may use this information for the purposes of advertising, market research and tailoring Facebook pages to your needs. To this end, Facebook creates usage, interest and relationship profiles, for example, to evaluate your use of our website with regard to the advertisements displayed to you on Facebook, to inform other Facebook users about your activities on our website and to provide other services associated with the use of Facebook. If you do not want Facebook to associate the information collected through our website with your Facebook account, you must log out of Facebook before visiting our website. The purpose and scope of data collection and the further processing and use of data by Facebook as well as your related rights and setting options for the protection of your privacy can be found in Facebook’s data privacy policy (https://www.facebook.com/about/privacy/).
Based on our legitimate interests in the analysis, optimisation and economic operation of our online services and for these purposes, the so-called ‘Facebook pixel’ of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are resident in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (‘Facebook’), is used within our online services.
With the help of the Facebook pixel, Facebook is able to determine the visitors to our online offering as a target group for the presentation of ads (so-called ‘Facebook ads’). Accordingly, we use Facebook pixels to display Facebook ads placed by us only to Facebook users who have shown an interest in our online offering or who have certain characteristics (for example, interests in certain topics or products that are determined on the basis of the websites visited) which we transmit to Facebook (so-called ‘custom audiences’). We also want to ensure using Facebook pixels that our Facebook ads match the potential interests of users and are not annoying. We can also use Facebook pixels to track the effectiveness of Facebook ads for statistical and market research purposes by seeing if users were referred to our website after clicking on a Facebook ad (known as ‘conversion’).
Twitter Inc. (Twitter) plugins are integrated into our web pages. You can recognise Twitter plugins (Tweet button) from the Twitter logo on our website. You can find an overview of Tweet buttons here (https://about.twitter.com/resources/buttons). If you access a page on our website that contains such a plugin, a direct connection will be established between your browser and the Twitter server. Twitter receives the information that you have visited our site using your IP address. If you click the Twitter ’Tweet’ button while logged in to your Twitter account, you can link the content of our pages to your Twitter profile. This allows Twitter to assign the visit to our pages to your user account. We would like to point out that, as the provider of the pages, we do not have any knowledge of the content of the data transmitted or its use by Twitter.
If you do not want Twitter to be able to assign visits to our pages, please log out of your Twitter user account. Further information on this can be found in Twitter’s privacy policy (https://twitter.com/privacy).
Our website/online shop also uses social plugins (‘plugins’) from Instagram, operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA (‘Instagram’). The plugins are marked with an Instagram logo, for example in the form of an ‘Instagram camera’.
When you visit a page of our website/online shop that contains such a plugin, your browser establishes a direct connection to Instagram’s servers. Instagram sends the content of the plugin directly to your browser and integrates it into the page. This integration tells Instagram that your browser has accessed the appropriate page on our site, even if you do not have an Instagram profile or are not logged in to Instagram.
This information (including your IP address) is transferred directly from your browser to an Instagram server in the USA and stored there. If you are logged in to Instagram, Instagram can directly associate your visit to our website with your Instagram account. If you interact with the plugins, for example by pressing the ‘Instagram’ button, this information is also sent directly to and stored on an Instagram server. The information is also published to your Instagram account and displayed to your contacts. If you do not want Instagram to directly associate the data collected via our website with your Instagram account, you must log out of Instagram before visiting our website. For more information, see Instagram’s Privacy Policy (https://help.instagram.com/155833707900388).
We use plugins of the video platform YouTube on our Website. YouTube is considered a multimedia hosting site for the content provided on that platform. We use the Youtube channel in order to advertise our company. You will recognise the YouTube Plugin by the Youtube Logo displayed on our pages. Once you open our internet page, on which such a plugin is displayed, a direct connection will be made between your browser and the YouTube Server. Through this, YouTube will receive the information that you have visited our website with your IP-address. If you click on the YouTube Button or watch our videos while being logged in to your account, you will be able to share, link and comment on our content in your account. By doing this, YouTube is able to match your visit on our pages to your personal account. We draw your attention to the fact that we as a supplier have no knowledge on the data being transferred as well as their usage by YouTube.
If you do not want YouTube to match your visit on our websites, you can prevent this at any time by using the sign out function of your Google account or YouTube channel or by changing our cookie settings.
For further information please check the terms and conditions of YouTube by using the following link. https://www.youtube.com/static?gl=DE&template=terms&hl=de
You have the right:
If your personal data are processed on the basis of your consent in accordance with Art. 6 Paragraph 1 lit. a GDPR, you have the right to object to the processing of your personal data in accordance with Art special situation arise or the objection is directed against direct mail. In the latter case, you have a general right of objection, which we will implement without specifying a particular situation. If you would like to exercise your right of revocation or objection, an email to datenschutz@beurer.de is sufficient.
We use the most common SSL (Secure Socket Layer) method in connection with the highest level of encryption supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed representation of the key or lock symbol in the lower status bar of your browser.
We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss or destruction, and against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.
“Usercentrics”. Such processing purposes can include the integration of external elements, the integration of streaming content, statistical analysis, range measurement and personalized advertising. With the help of “Usercentrics” you can give or reject your consent for all processing purposes or you can give or reject your consent for individual purposes or individual third-party providers. You can also change the settings you have made afterwards. The purpose of integrating “Usercentrics” is to allow the users of our website to decide about the setting of cookies and similar functionalities and to offer the option of changing settings that have already been made as part of the further use of our website. In the course of using “Usercentrics”, we process personal data and information from the end devices used. Your data will also be sent to Usercentrics (Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany). The information about the settings you have made is also stored in your device. The legal basis for the processing is Art. 6 Para. 1 S. 1 lit. Otherwise, Article 6 (1) sentence 1 lit.f) GDPR is the relevant legal basis. Our legitimate interests in processing lie in the storage of user settings and preferences with regard to the use of cookies and the evaluation of the consent rates. After twelve months after the user settings have been made, the user will be asked for consent again. The user settings made will then be saved again for this period, unless you delete the information about your user settings yourself beforehand in the end device capacities provided for this purpose.
You can object to the processing insofar as the processing is based on Art. 6 Para. 1 S. 1 lit.f) GDPR. You have the right to object for reasons that arise from your particular situation. You can prevent processing by deleting the history and website data in the settings of your browser software or by opening the browser you are using in “private mode”.
This data privacy statement is valid as of May 2018.
Due to the further development of our website and offers on it or due to new legal or statutory requirements, it may be necessary to amend this data privacy statement. You can access and print out the current data privacy statement at any time on the website at https://www.antelope.de/datenschutz/
Effective date: 3.9.2020