Data Protection

Welcome to our website.

Since the protection and security of your personal data is our top priority, we would like to provide you with comprehensive information in this data protection declaration about the type, scope and purpose of the collection, use, storage and transfer of your personal data by us, inform you about your rights and provide you with information about the data processing procedures. We also explain in this privacy statement what information we automatically collect when you visit our website.

1. who is responsible for data protection?

The responsible party is the EU General Data Protection Regulation (DS-GVO):

spotsize GmbH
Hafenstrasse 25-27
68159 Mannheim
Phone: +49 621 150283-05
Germany

You can reach our data protection officer at:

spotsize GmbH
Hafenstrasse 25-27
68159 Mannheim
Germany
Phone: +49 621 150283-05
info@spotsize.io

2. what data is protected by data protection law?

Data protection law regulates the handling of personal data, particularly in the European General Data Protection Regulation and the German Federal Data Protection Act.

„Personal data“ is any information relating to an identified or identifiable natural person, also in particular name, age, address, telephone number, e-mail address, bank information such as credit card number, etc. also information about diseases, diagnoses, allergies or other health-related information about you is personal data. In addition, certain usage data, such as information about when you visited our website and the browser you used, may also be personal data and therefore subject to data protection law. However, anonymized data, including data that do not allow any conclusions to be drawn about you, are not subject to data protection.

Which data we collect, store, use or pass on, and when and in what way, is explained in this data protection declaration.

3. in brief: For what purposes and on what basis is personal data collected?

We operate an online platform that allows body measurements and dimensions to be recorded and stored. In doing so, we use information to help users select a size and to help manufacturers and suppliers better customize their products. We collect, store and use personal data. We record personal data as part of the measurement. This data includes also true depth and image data stored and processed in order to recommend the shoe size. In particular, no facial data is collected, disclosed, retained or shared. In addition this personal data is used ensure and improve the quality of the measurement. We do not share personal data with any third party.

We may only process certain data if you explicitly consent to the explicit data processing beforehand. If we require your prior consent to data processing, you will clearly recognize this visually and linguistically as a declaration of consent under data protection law and will receive all necessary information from us (on the scope of the declaration, your rights, the consequences, etc.) in this regard.

4. what data is automatically transmitted/ logged when visiting our website?

Informative use

You can visit our website without providing any personal information.

In the case of merely informative use of our website, we only collect the so-called server log files listed below, which are technically necessary for us to display our website to you and to ensure the stability and security of the website (legal basis is Art. 6 para. 1 p.1 lit. f DSGVO):

– IP address

– Date and time of the visit

– Time zone difference to Greenwich Mean Time (GMT)

– Content of the request (specific page)

– Access status/HTTP status code

– Amount of data transferred in each case

– Web page from which the request comes

– browser

– Operating system and its interface

– language and version of the browser software

These server log files are transmitted and stored by the respective Internet browser and collected by us only for the purpose of statistical evaluation and to ensure trouble-free operation of our website. We cannot assign this data to a specific person. We store the IP address transmitted by your web browser for a usual period of time for traceability for technical analyses and in the event of a technical error or blocking of security rules. After these storage periods have expired, we delete the IP address. In addition, so-called cookies are used.

When using our contact form

For questions of any kind, we offer you the opportunity to contact us via a form provided on the website. In doing so, it is necessary to provide a valid e-mail address so that we know from whom the inquiry originates and so that we can answer it. Further information can be provided voluntarily.

Data processing for the purpose of contacting us is carried out in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO on the basis of your voluntarily given consent. You can revoke this consent at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.

The personal data collected by us for the use of the contact form will be automatically deleted after completion of your request. We do not pass on this data without your consent. Mandatory legal provisions – in particular retention periods – remain unaffected.

5 Are cookies used?

Yes. In order to make visiting our website more attractive and to enable the use of certain functions, we use so-called cookies on our website. These are small text files that serve to control the Internet connection during your visit to our website and contain information that enables us to adapt our website to the needs of our visitors. They also simplify and accelerate the control of your visit to our website. Cookies are stored on your terminal device and are either deleted again after the end of the browser session (so-called session cookies) or stored by your browser to enable your browser to be recognized the next time you visit (permanent cookies / login cookies).

As a rule, browsers are set to accept cookies automatically. However, you can also set your browser so that you are informed in advance about the setting of cookies and can decide on their acceptance individually or exclude the acceptance of cookies for certain cases or altogether. If you do not agree to the use of cookies, the functionality of our website may be partially limited.

6. will my data be passed on?

We will only pass on your personal data to third parties if:

– You have given your express consent to do so in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO,

– the disclosure is necessary according to Art. 6 para. 1 p. 1 lit. a DSGVO 6 para. 1 p. 1 lit. a 1 p. 1 lit. f DSGVO for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,

– in the event that disclosure is necessary for the assertion, exercise or defense of legal claims pursuant to Art. 1 (1) f DSGVO and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data, 6 (1) p. 1 c DSGVO a legal obligation exists, as well as this is legally permissible and in accordance with

– Art. 6 para. 1 p. 1 lit. c DSGVO a legal obligation exists, as well as this is legally permissible and required according to 1 para. 1 p. 1 lit. b DSGVO for the processing of contractual relationships with you.

7. which processors do we use?

Google Analytics

We use Google Analytics, a web analytics service provided by Google Inc, (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus analyze a user’s activities across devices. The legal basis for the use of Google Analytics is Art. 6 para. 1 p. 1 lit. f DSGVO.

Google Analytics uses text files (so-called cookies, see above), which are stored on your computer and which enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. In the event that IP anonymization is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. However, the IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. Our legitimate interest in data processing also lies in these purposes. Sessions and campaigns are terminated after a certain period of time. By default, sessions are terminated after 30 minutes without activity and campaigns after 6 months. The time limit for campaigns can be a maximum of two years.

For more information on terms of use and privacy, please see the following link:

. https://www.google.de/analytics/terms/de.html You can prevent the storage of cookies by selecting the appropriate settings on your browser software. However, we would like to point out that in this case you may not be able to use all functions of our website to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).

Google Cloud

We use Google Cloud and G Suite. Google Cloud and G Suite are technologies of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA („Google“). In the event that personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield.

The legal basis for the aforementioned data processing is Art. 6 (1) f) DSGVO based on our legitimate interest. We want to provide you with the technical infrastructure to offer our products and services. We also want to use it to improve our products and services.

For more information, please see Google’s privacy policy: https://policies.google.com/.

Google reCAPTCHA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

8. how is my personal data protected?

The protection of your personal data is very important to us.

We have secured both our website and our and other systems by technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons. This includes, for example, the use of special encryption technology, which ensures that your data is protected against loss, destruction, manipulation, disclosure or unauthorized access by third parties in the best possible way. Within the website visit, we use the widespread SSL procedure (Secure Socket Layer) in conjunction with the highest encryption level supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.

Our security procedures are regularly reviewed and adapted to technological progress. Our employees are committed to maintaining confidentiality.

9. How long will your personal data be stored?

In principle, we only store anonymized data, delete your personal data if previously consented, if there is no longer a legitimate interest in the processing and if there are no longer any legal retention periods (e.g. from commercial and tax law).

10. brief overview: What rights do you have as a user?

As a user, you have the following rights with regard to the personal data concerning you:

– Right to information,

– Right to correction or deletion,

– Right to restriction of processing,

– Right to data portability,

– Right to object to processing,

– Right to lodge a complaint with the supervisory authority.

In addition, you have the right to revoke a declaration of consent already given: If the processing is based on a declaration of consent given by you, you have – as explained above – the right to revoke this consent. A revocation has no effect on the permissibility of the processing of your data carried out before your revocation. You can address your objection to info@spotsize.io.

We will subsequently explain what exactly the above rights mean (cf. Section 12).

11. in detail: What rights do you have in detail?

Right to information: In accordance with Art. 15 DSGVO, you have a right to free information about the data stored about you at any time. Please direct corresponding requests to info@spotsize.io.

Right to rectification or deletion: In addition, you have the right to request the rectification of inaccurate or incomplete personal data stored by us without undue delay in accordance with Art. 16 DSGVO. You also have the right, pursuant to Art. 16 DSGVO, to request without undue delay the rectification of inaccurate 17 DSGVO the right to request that we delete without undue delay the personal data concerning you, provided that one of the following reasons applies:

– The personal data is no longer necessary for the purposes for which it was collected or otherwise processed.

– You withdraw your consent on which the processing was based and there is no other legal basis for the processing.- You object to the processing (and there are no overriding legitimate grounds for the processing) or the personal data have been processed unlawfully.

– The erasure of the personal data is necessary for compliance with a legal obligation under Union law or the law of the Member State to which we are subject.

Right to restriction of processing: In addition, pursuant to Article 18 of the GDPR, you have the right to request that we restrict processing if one of the following conditions is met:

– The accuracy of the personal data is contested by you for a period of time which allows us to verify the accuracy of the personal data,

– The processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;

– We no longer need the personal data for the purposes of processing, but you need it for the assertion, exercise or defense of legal claims; or

– You have objected to the processing as long as it has not yet been determined whether our legitimate grounds outweigh your interests.

Right to data portability: You also have the right, pursuant to Article 20 DSGVO, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller.

Right to object to processing: to the extent that we base the processing of your personal data on the balance of interests, you may object to the processing. This is the case, for example, if the processing would not be necessary for the performance of a contract with you. After you have exercised your right to object, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the purpose of asserting, exercising or defending legal claims. This does not apply if the processing is for direct marketing purposes. Then we will not further process your personal data for this purpose.

Right of appeal: Information on the right of appeal to the competent data protection supervisory authority can subsequently be found under Section 13. The responsibilities of the data protection authorities are based on the registered office of the controller. However, you can also contact the data protection authority in your place of residence, which will then forward your complaint to the competent authority.

12. Where can you complain if you believe that we are violating data protection regulations?

Of course, we are happy for you to contact us first with a data protection concern so that we can review your concern and take action if necessary. However, you have the right to complain to the competent supervisory authority at any time if you believe that the processing of personal data concerning you violates data protection regulations.

13. can the data protection provisions change?

This privacy policy is currently valid and is as of October 2019.

From time to time, we must – for example due to changes in the law – adapt our data protection provisions. Your rights under this privacy policy will not be restricted by this without your express consent. If we make changes to the collection, use or disclosure, of the personal data provided to us by you, we will make them by a clear notice.

14. whom can you contact with questions?

We will be happy to answer any questions you may have about this privacy policy. You can reach us

by telephone: +49 621 150283-05

by e-mail: info@spotsize.io