§1 General Information
(1) In the following, we inform you about the collection of personal data when using our website. Personal data is all data related to you personally, for example, name, address, e-mail addresses and user behaviour.
(2) The Data Controller pursuant to article 4 para. 7 of the General Data Protection Regulation (GDPR) is:
Charmant UK Co., Ltd
Unit 1 Kendal Court
Kendal Avenue Acton London W3 0RU
Phone: +44 208 992 9222
Our Data Protection Officer can be reached at:
(3) When contacting us by e-mail or via a contact form, the data you provide (your e-mail address, where required your name and telephone number) will be stored by us in order to answer your questions. The legal basis for processing the data is our legitimate interest in responding to your request pursuant to article 6 para. 1(f) GDPR. If the purpose of your contact is to conclude a contract, the additional legal basis for the processing is article 6 para. 1(b) GDPR. We delete data arising in this context after storage is no longer necessary or restrict processing if there are legal storage obligations.
(4) Should we, for specific supply purposes, wish to use contracted service providers or use your data for advertising purposes, we will inform you below in detail about the respective processes. We will also specify the criteria for the storage period.
§2 Your Rights
(1) You have the following rights with regard to your personal data:
- Right to be informed
- Right to rectification and erasure
- Right to restrict processing
- Right to object to processing
- Right to data portability
(2) You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.
Bavarian State Office for Data Protection Supervision (BayLDA)
91511 Ansbach, Germany
§3 Visiting the Website
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Contents of the request (specific page)
- Access status/HTTP status code
- Amount of data transferred in each case
- Website from which the request originates
- Operating system and interface
- Language and version of the browser software
- Storage of your consent to storage of cookies
We collect and store this data for a limited time period on the basis of our legitimate interest in order to induce derivation of personal data in the event of unauthorised access or attempted access to local servers (article 6 para. 1(f) GDPR).
(1) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive assigned to the browser you are using and through which certain information flows to the location that sets the cookie (in this case here - by us). They serve to make the website more user-friendly and effective.
(2) We distinguish between two categories of cookies: (a) essential cookies, without which the functionality of our website would be restricted and (b) optional cookies for website analysis and marketing purposes.
The use of optional cookies is based on your consent (article 6 para. 1(a) GDPR). Optional cookies are stored for a maximum of three months. Under the following link at the bottom of this page you can adjust the cookie settings at any time.
In the following paragraphs, we describe the optional cookies used on this website in detail:
Use of Google Analytics
a) This website uses Google Analytics, a web analysis service from Google Inc. ("Google"). Google Analytics uses so-called "cookies". The information generated by the cookie about your use of the website is generally transmitted to and stored by Google on servers within the EU. On behalf of the operator of this website, Google uses this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator.
b) The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.
d) This website uses Google Analytics with the extension "anonymizeIP". This means that IP addresses are shortened for further processing and that it is not possible to identify you personally. If the data collected about you is related to a person, this is excluded immediately and personal data is immediately deleted.
e) We use Google Analytics to analyse and regularly improve the use of our website. The statistics obtained allow us to improve our services and make them more interesting for you as a user. The legal basis for the use of Google Analytics is article 6 para. 1(a) GDPR.
f) Information on third-party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.
General information on data protection: policies.google.com/privacy
Integration of YouTube videos
g) On some of our websites we embed Youtube videos that are stored on www.YouTube.com and can be played directly from our website. These are all embedded in the "extended data protection mode", which means that no data about you as a user is transferred to YouTube if you do not play the videos. Only when you give your consent and play the videos will the data referred to in paragraph 2 be transmitted. We have no influence on this data transfer.
h) By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data specified under §3 of this declaration is transmitted. This happens regardless of whether YouTube provides a user account that you are logged in to or whether there is no user account. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your profile to be associated with YouTube, you must log out before activating the button. YouTube stores your data as user profiles and uses it for advertising, market research and/or the design of its website to meet your needs. Such evaluation is carried out (even for users who are not logged in) specifically to provide demand-oriented advertising and to inform other social network users about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right. The legal basis for the use of YouTube is article 6 para. 1(a) GDPR.
i) Information on third-party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.
§5 Online Presence on Social Media
We maintain online presences within social networks in order to inform active users about our services and to communicate directly via the platforms. We are currently represented on the following networks:
- Facebook: www.facebook.com/charmantgroup
- Instagram: www.instagram.com/charmant_eyewear_europe/
- LinkedIn: www.linkedin.com/company/charmant-group
- YouTube: www.youtube.com/user/CharmantGroupInt
All of our social media channels can only be accessed by visitors to the website via an external link. We do not use any plugins or other interfaces on our website that the respective networks provide for embedding on websites.
We have no influence on data collection and data use by the social networks. For example, we do not know to what extent, where or for how long the data will be stored, to what extent the networks will comply with existing deletion obligations, what evaluations and links will be made with the data and to whom the data will be passed on to. We therefore expressly draw your attention to the fact that user data (such as personal information and IP address) is stored by the network operators in accordance with their data usage guidelines and used for business purposes.
We process users' data on social media channels insofar as they contact and communicate with us via, for example, comments or direct messages.
The legal basis for the processing of user data is article 6 para. 1(b) and (f) GDPR.
Special Information on Facebook/Instagram
You can access the social media network Facebook/Instagram via external links on our website. All functions in the social media network are provided by Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA. The Facebook channels can only be accessed via an external link. If you are logged in to Facebook with your own profile and access our social media channel, Facebook can assign your visit to your log-in profile. If you do not want your account to be associated with your IP address, please log out of your Facebook account prior to using our website.
facebook.com/privacy/explanation and our data policywww.charmant.com/e/footer/data-security/
Special Information on LinkedIn
Within our online offer, no functions and contents are offered by the service LinkedIn, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The LinkedIn channels are only accessible via an external link.
If visitors to the website are LinkedIn platform members, LinkedIn can assign the visit to the social media channel to the user's profile if the user visits our LinkedIn profile while logged in. LinkedIn is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law.
We would like to point out that we have no influence on the content, extent of use or data collected by LinkedIn Ireland Unlimited Company. For further information, please visit the LinkedIn Ireland Unlimited Company website at https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv. Please note that you may make changes to your LinkedIn account to protect your privacy.
Special Information on YouTube
You can access the social media network YouTube via external links on our website. All functions in this social media network are offered by YouTube, Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. The YouTube channels are only accessible via an external link.
If you are logged in to YouTube with your own profile and access our social media channel, YouTube can associate your visit with your logged in profile. If you do not wish your account to be associated with your IP address, please log out of your YouTube account prior to using our website.
For further information on the processing of your data, please refer to the general information on data protection provided by Google: https://policies.google.com/privacy?hl=de&gl=de#infocollect
We send email newsletters only with the consent of the recipient or with legal permission.
Double Opt-In Procedure: Registration for our newsletter takes place in principle via a Double Opt-In procedure. This means that you will receive an e-mail after registration asking you to confirm your registration. This confirmation is necessary so that nobody can register with an invalid e-mail address. Registrations for the newsletter are logged in order to be able to prove the registration process according to legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. Likewise the changes to your data stored with the freight forwarder are logged.
Deletion and limitation of processing: We may store deleted e-mail addresses for up to three years on the basis of our legitimate interests before we delete them in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of a possible defence against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed at the same time. In the case of obligations for the permanent observation of objections, we reserve the right to store the e-mail address solely for this purpose in a blackout list.
The logging of the registration procedure takes place on the basis of our legitimate interests for the purposes of proving its correct course. If we commission a service provider to send e-mails, this is done on the basis of our legitimate interest in an efficient and secure dispatch system.
Information on legal basis: The newsletter is sent on the basis of the recipient's consent if and to the extent permitted by law. If we commission a service provider to send e-mails, this is done on the basis of our legitimate interests. The registration process is recorded on the basis of our legitimate interests to demonstrate that it was conducted in accordance with the law.
Content: Information about us, our services, promotions and offers.
Performance Measurement: We would like to point out that when sending a newsletter, we evaluate your user behaviour. For this evaluation, the e-mails sent contain so-called web beacons or tracking pixels, representing one-pixel image files stored on our website or, if we use a dispatch service provider, are retrieved from its server. For evaluations, we link the data mentioned in § 3 and the web beacons with your e-mail address and an individual ID.
This information is used for the technical improvement of our newsletter by means of technical data or target groups and their reading behaviour on the basis of their retrieval locations (which can be determined with the help of the IP address) or access times. This analysis also covers the determination of whether newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can certainly be matched with individual newsletter recipients. However, it is neither our aim nor, if used, that of the dispatch service provider, to observe individual users. Rather, evaluations serve to recognise the reading habits of our users and to adapt our content to them or to send different content according to their interests.
Evaluation of the newsletter and performance measurement are carried out, subject to the express consent of the users, on the basis of our legitimate interests for the purposes of using a user-friendly and secure newsletter system that serves both our business interests and the expectations of the users.
A separate revocation of the performance measurement is unfortunately not possible. In this case, the entire newsletter subscription must be cancelled or consent revoked.
Processed data types: Master data (e.g. names, addresses), contact data, meta/communication data (e.g. device information, IP addresses), usage data (e.g. websites visited, interest in content, access times).
Purposes of processing: Direct marketing by e-mail
Legal basis: Consent (article 6 para. 1 sentence 1(a) GDPR)
Opt-out: You can cancel the receipt of our newsletter at any time, i.e. revoke your consent or object to further receipt. You will find a link for cancellation of the newsletter either at the end of each newsletter or you can otherwise use one of the contact options listed above, preferably e-mail.
Services used and service providers:
E-mail marketing platform; service provider: "Mailchimp" - Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA; website: mailchimp.com; privacy statement: mailchimp.com/legal/privacy/; Privacy Shield: www.privacyshield.gov/participant
§7 Your account and use of our webshop
a) If you wish to order from our webshop, for processing an order-contract you need to provide us with your personal data for the registration of a customer account. Mandatory information required for the processing of contracts is marked separately, additional information is voluntary. We process the data provided by you in order to process your order. For this purpose we can pass on your payment data to our house bank. The legal basis for this is article 6 para. 1(b) GDPR.
b) We may also process the data you provide in order to inform you about other interesting products from our portfolio or to send you e-mails with technical information.
c) We are obliged by commercial and tax regulations to store your address, payment and order data for a period of ten years.
d) To prevent unauthorised access to your personal data by third parties, the order process is encrypted using TLS technology.
§8 Joint responsibility, contact data, company data protection officer:
We are jointly responsible with Facebook/Instagram for the operation of our Facebook/Instagram fan page in accordance with article 26 GDPR. To this end, we have concluded an agreement with Facebook/Instagram to determine who fulfils which data protection obligations. This agreement can be found here (https://www.facebook.com/legal/terms/page_controller_addendum). Facebook/Instagram is primarily responsible for providing the data subject with information about the joint processing and enabling him or her to exercise his or her privacy rights. Irrespective of this, we hereby inform you of your visit to our fan page.
You will find our contact details under §1.
You can reach Facebook at:
Facebook Ireland Ltd.
4 Grand Canal Square,
Grand Canal Harbour,
Dublin 2, Ireland
You can reach Facebook online here (https://www.facebook.com/help/contact/2061665240770586)
You will find the contact details of our company data protection officer under § 1.
You can reach the Facebook Data Protection Officer at: https://www.facebook.com/help/contact/540977946302970.
§9 Collection and storage of personal data as well as type and purpose and their use:
a) Data collected by Facebook/Instagram:
If you do not agree, you can opt-out here.
b) Data we use ("Page Insights") and legal basis:
Facebook/Instagram provides us with statistics and usage data that enable us to analyse the use of our fan page ("Page Insights"). This enables us to continuously improve our Facebook offering. As an operator, we do not make any decisions regarding the processing of insights data and all other information resulting from article 13 GDPR, such as the storage period of cookies on user terminals. The primary responsibility according to GDPR for the processing of insights data lies with Facebook and Facebook fulfils all obligations under GDPR with regard to the processing of insights data.
As a page administrator, we have no other way of evaluating user behaviour on our fan page, not even via user tracking. It is also generally not possible for us to identify the fan page visitor by means of the page insights. In particular, we have no right under the Agreement to require Facebook to disclose individual visitor information. Identification is only possible if we can assign individual profile pictures to "like me" information for the page, but only if our fan page was marked "like me" by the corresponding visitor and the "like me" information is set to "public".
You can find out what information Facebook/Instagram uses to create the page insights here.
The operation of the Facebook/Instagram fan page and the use of the page insights serve our legitimate interest in an effective external presentation and efficient communication with our customers and interested parties. This interest justifies the operation of the site both to the legitimate interests of Facebook/Instagram users and to visitors to our fan page who do not have a Facebook/Instagram account. Accordingly, the legal basis is article 6 para. 1(f) GDPR.
3. Passing Data on to Third Parties:
When Facebook processes data, user data may be transferred outside the European Economic Area (EEA), particularly to the United States. Facebook has therefore submitted to the EU-US Privacy Shield: (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=A...).
4. Right of Objection:
If your personal data is processed on the basis of legitimate interests pursuant to article 6 para. 1(f) GDPR, you have the right to object to the processing of your personal data pursuant to article 21 GDPR if there are reasons for doing so that result from your particular situation or if the objection is directed against direct advertising. In the latter case, you have a general right of objection, which is implemented by us, without stating a particular situation. If you would like to make use of your right of revocation or objection, simply send an e-mail to firstname.lastname@example.org.
5. Rights of Data Subjects:
You have the right to revoke your consent to us at any time. As a result, we may no longer continue the data processing that was based on this consent in the future. In addition, you have the right to access information pursuant to article 15 GDPR, the right to rectification pursuant to article 16 GDPR, the right to erasure pursuant to article 17 GDPR, the right to restriction of processing pursuant to article 18 GDPR, and the right to data transfer pursuant to article 20 GDPR. Furthermore, there is a right of appeal to a competent data protection supervisory authority (article 77 GDPR).
As a matter of principle, you can assert your rights of data subjects against Facebook as well as against us. Since only Facebook has direct access to your user data, you can assert your rights most effectively against Facebook.
If you have any questions about this data protection notice, you can contact us or our Data Protection Officer at any time.
The contents of the Charmant GmbH Europe website are protected by copyright. All rights reserved. With the exception of the downloads offered for use in the original version, the use of the texts and illustrations, even in extracts, without the prior written consent of Charmant GmbH Europe violates the provisions of copyright law and is therefore illegal. This applies in particular to all exploitation rights such as reproduction, translation or use in electronic systems. Registered trademarks, trade names, images and logos are used on our website. Even if these are not marked as such in the respective places, the corresponding legal provisions apply.