Country Selection
Charmant high-quality fashion eyewear

DATA SECURITY

I Responsible Entity

The entity responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) and other data protection provisions is:


CHARMANT GmbH Europe
Zielstattstraße 34
81379 Munich
Link to the legal notice: https://www.charmant.com/de/footer/impressum

Data Protection Officer
You can reach our Data Protection Officer at:
Bugl & Kollegen Gesellschaft für Datenschutz und Informationssicherheit mbH
Alexander Bugl
Eifelstraße 55
93057 Regensburg
Germany
Email: kontakt(at)buglundkollegen.de

II Rights of Data Subjects

As a data subject, you are entitled to the following rights under the EU General Data Protection Regulation (GDPR):

Right of access (Art. 15 GDPR)
You have the right to request information about which personal data concerning you is stored, for what purpose it is processed, from which recipients it was obtained or to whom it was disclosed, and how long it will be stored.

Right to rectification (Art. 16 GDPR)
You may request the immediate correction of inaccurate personal data or the completion of incomplete personal data.

Right to erasure (“right to be forgotten”) (Art. 17 GDPR)
Under certain conditions, you may request the deletion of your personal data, for example if it is no longer necessary for the purposes for which it was collected or if you have withdrawn your consent.

Right to restriction of processing (Art. 18 GDPR)
You have the right to request the restriction of the processing of your personal data, for example if you contest the accuracy of the data or if the processing is unlawful but you request restriction instead of deletion.

Right to data portability (Art. 20 GDPR)
You may request that the personal data concerning you which you have provided to us be transmitted to you in a structured, commonly used and machine-readable format – or that we transmit this data directly to another controller.

Right to object (Art. 21 GDPR)
You have the right to object at any time to the processing of your personal data if the processing is based on the legitimate interests of our company or on a task carried out in the public interest. In the event of a justified objection, we will cease processing unless there are compelling legitimate grounds for the processing.

Withdrawal of consent (Art. 7 GDPR)
If you have given us your consent, you may withdraw it at any time without giving reasons for the future.

Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
Without prejudice to other administrative or judicial remedies, you have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your residence, your place of work or the place of the alleged infringement.

III Hosting and Server Log Files

The hosting services we use (services for operating and providing the website) serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services, and technical maintenance services that we use for the purpose of operating this online offering.

In this context, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors of this online offering on the basis of our legitimate interests in an efficient and secure provision of this online offering in accordance with Art. 6 para. 1 lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of data processing agreement).

IV Contact

You have the option to contact us by email, telephone, contact form or letter, whereby personal data may be processed. We process your data for the handling and processing of your request. We will not pass on your data to third parties without your consent.

The legal basis for processing is our legitimate interest in the effective handling of your request in accordance with Art. 6 para. 1 lit. f GDPR.

When contacting us by email, we store your email address as well as the information contained in the email. In the case of the contact form, in addition to the information provided in the contact form, your IP address is recorded in pseudonymized form. In the case of contact by letter, your sender address and the content of the letter are stored. In the case of contact by telephone, personal data is recorded depending on the individual case.

We store your data until you request deletion or the processing purpose (the handling of your request) has been fulfilled.

Duration of storage
When using our website for informational purposes only, we store your personal data only for the duration of your visit. After leaving the website, this data is automatically deleted.

In the case of active use, e.g. for contacting us, we initially store your personal data for the duration of processing your request. In addition, we retain the data for as long as this is necessary to safeguard or enforce possible legal claims. The regular limitation period is 12 to 36 months, but in individual cases it may be up to 30 years.

After expiry of the limitation period, your data will be deleted unless statutory retention obligations prevent this. Such obligations arise in particular from the German Commercial Code (§§ 238, 257 para. 4 HGB) or the German Fiscal Code (§ 147 para. 3, 4 AO) and generally amount to between two and ten years.

Categories of recipients
In the course of our business activities, we cooperate with various external parties. Personal data will only be disclosed to these recipients if this is necessary for the fulfillment of contractual obligations, if we are legally obliged to do so (e.g. to tax authorities), if there is a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR, if you have given your consent in accordance with Art. 6 para. 1 lit. a GDPR, or if another legal basis permits the data transfer.

If we use service providers as processors, personal data will only be disclosed on the basis of a valid data processing agreement. In the case of joint controllership, an agreement on joint processing in accordance with Art. 26 GDPR will be concluded.

Data transfer to third countries
Personal data will only be transferred to countries outside the European Union (EU) or the European Economic Area (EEA) if this is necessary or legally permitted, if you have given us your explicit consent, or in the context of data processing.

If service providers are used in a third country, we oblige them through appropriate safeguards – generally the EU Standard Contractual Clauses – to comply with the level of data protection applicable in the EU. If an adequacy decision of the European Commission exists, we base the data transfer on this. Further information can be obtained via the contact options provided above.

V Matomo Cloud

We use the service “Matomo Cloud” on our website to analyse user interactions. The provider is Matomo (InnoCraft Ltd), 150 Willis St, 6011 Wellington, New Zealand.

The legal basis for the use of Matomo is our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR to analyse user interactions and improve the performance and user-friendliness of our website.

The data processed by Matomo Cloud includes your IP address, location data, visit time, device and browser information, pages visited as well as interactions on the website; Matomo Cloud may also set cookies to collect this information.

The purpose of data processing is the statistical analysis of website usage and the creation of anonymized user profiles to improve the website.

Further information on Matomo’s data protection provisions can be found at: https://matomo.org/matomo-cloud-privacy-policy/

VI CCM19 Cloud

We use the service “CCM19 Cloud” on our website to manage users’ consent for cookies and tracking technologies in a data protection compliant manner. The provider is Papoo Software & Media GmbH (“Papoo”), Auguststr. 4, 53229 Bonn, Germany.

The legal basis for the use of CCM19 is the fulfillment of a legal obligation in accordance with Art. 6 para. 1 lit. c GDPR.

The data processed by CCM19 Cloud includes your IP address, browser information, date and time of access, consent settings and cookies are set to store your consent preferences.

The purpose of data processing is the management of user consent regarding cookies and tracking technologies.

Further information on CCM19’s data protection provisions can be found at: https://www.ccm19.de/en/datenschutzerklaerung.html

VII Social Media Profiles

We maintain online profiles on the following social networks (hereinafter “social media”) in order to communicate with customers, interested parties and the public and to draw attention to our services:

• Instagram (Meta Platforms, Inc.)
• Facebook (Meta Platforms, Inc.)
• LinkedIn (LinkedIn Ireland Unlimited Company)

For the scope and purpose of data processing, please refer to the respective applicable privacy policies of the networks:

• Instagram: (https://privacycenter.instagram.com/policy)
• Facebook: (https://www.facebook.com/privacy/policy/?entry_point=facebook_page_footer)
• LinkedIn: (https://de.linkedin.com/legal/privacy-policy?)
 

Processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR, as we have a legitimate interest in modern public relations. If consent is required, processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR.

If you transmit additional data to the services (e.g. personal messages), your consent is generally required for this. Please note that we have no influence on data processing by the social media providers. If you have any questions or wish to assert your rights as a data subject (e.g. access, deletion), please contact the respective platform operator directly.

You can subscribe to or unsubscribe from our social media profiles at any time. If you do not want operators of social media services to collect data about your visit to our profiles, please use the deactivation options (e.g. logging out, ad tracker blocking) in your user account or install appropriate browser add-ons.