Privacy Policy

Gaya Entertainment GmbH – Privacy Policy

 

Preamble:

Thank you for visiting our website. The protection and security of your data are very important to us. That’s why our processes are designed to collect or process as little personal data possible. The following data privacy policy explains which information we may collect when you visit our website and which part of this information is used and in which way. This Privacy Policy applies to the website https://store.overkillsoftware.com .

 

1. Name and Address of Responsible Body

The responsible body in regard to the GDPR, other member state national data laws, and other data protection laws is:

 

Gaya Entertainment GmbH

Hausinger Straße 8

40764 Langenfeld

Germany

 

CEO: André Schmitz

 

Telephone: +49 (0)2173/20421-0

Fax: +49 (0)2173/20421-25

Email: info@gaya-entertainment.de

 

 

2. Data Protection Officer

The data protection officer of the responsible body is:

 

Lawyer

Martin Wagner, LL.M.

Certified Data Protection Officer

Katternberger Str. 24

42655 Solingen, Germany

Telephone: +49 (0)212 – 52088590

Email: gaya(at)datenschutzservice.online

 

 

3. General Notes on Data Processing

3.1. Scope of Processing of Personal Data

We only collect and use the personal data of our users to the extent that this is necessary for the display and functionality of a website and our content and services. The collection and processing of the personal data of our users only occur after the user has given consent. An exception to this are cases where it is not possible to obtain consent for actual reasons and the processing of data is legally permitted.

 

3.2. Legal Basis for the Processing of Personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, art. 6 para. 1 lit. a GDPR serves as the legal basis for the processing of personal data.

Where the processing of personal data is necessary for fulfillment of a contract involving the data subject, art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing processes necessary for the fulfillment of pre-contractual measures.

Insofar as the processing of personal data is necessary for fulfillment of a legal obligation to which our company is subject to, art. 6 para. 1 lit. c GDPR serves as the legal basis.

Where the vital interests of the data subject or another natural person necessitate the processing of personal data, art. 6 para. 1 lit. d GDPR serves as the legal basis.

If processing is required to safeguard a legitimate interest of our company or a third party and the interests, fundamental rights, and freedoms of the data subject do not outweigh such legitimate interest, art. 6 para 1 lit. f GDPR serves as the legal basis for processing.

 

3.3. Data Deletion and Storage Duration

The data subject’s personal data is erased or locked once the purpose of its storage no longer applies. In addition, such storage may take place if provided for by the European or national legislator in EU regulations, laws, or other regulations to which the responsible body is subject. Data is also locked or deleted when a period of storage specified by the aforementioned standards expires, unless continued storage is required for the fulfillment or conclusion of a contract.

 

 

4. Website Provision and the Creation of Log Files

4.1. Description and Scope of Data Processing

Each time our website is accessed, our system automatically collects data and information from the system of the accessing computer.

The following data is collected:

 

(1)  Information about the browser type and version

(2)  The user’s operating system

(3)  The user’s internet service provider

(4)  The user’s IP address

(5)  The time and date of access

(6)  Websites from which the user’s system came to our website

(7)  Websites that are accessed by the user's system through our website

 

Log files contain IP addresses and miscellaneous data that make it possible to identify a user. This could be the case when the link to the website from which the user came to this website or the link to the website that the user navigates to contains personal data. This data is also stored in out system’s log files. This data is not stored together with other personal data of the user.

 

4.2. Legal Basis for the Processing of Data

The legal basis for the temporary storage of data and log files is art. 6 para 1 lit. f GDPR.

 

4.3. Purpose of Data Processing

The temporary storage of IP addresses by the system is necessary to deliver the website to the user’s computer. The user’s IP address must be stored for the duration of their session. It is stored in log files to ensure the website’s functionality. We also use this data to optimize the website and assure the security of our IT systems. The data is not analyzed for marketing purposes in this context. We also have a legitimate interest in processing data for these purposes, as in accordance with art. 6 para 1 lit. f GDPR.

 

4.4. Storage Duration

The data is deleted once it is no longer needed to achieve the purpose for which it was collected. In the case of data being collected for the purpose of providing the website, this is when the respective session ends. In the case of data stored in log files, this is after seven days at the latest. Storage beyond this period is possible. In this case, the user’s IP address is deleted or an anonymized so that it can no longer be associated with the accessing client.

 

4.5. Possibility of Objection and Disposal

The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. No right to object exists for the user.

 

 

5. Use of Cookies

5.1. Description and Scope of Data Processing

Our website uses cookies. Cookies are text files stored in the user’s internet browser or by the internet browser on the user's computer system. When a user accesses a website, a cookie may be stored in the user’s operating system. This cookie contains a string of characters that makes it possible to uniquely identify the browser when it returns to the website.

We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can also be identified even after changing pages. This cookie is particularly needed to offer our shopping cart feature.

Our website also uses cookies for analyzing the surfing behavior of users.

This allows us to determine the frequency with which pages are accessed. The user data collected in this way is pseudonymized by technical means. As a result, it becomes impossible to associate the data with the accessing user. This data is not stored together with other personal user data. When accessing our website, an info banner informs users about the use of cookies for analysis purposes and refers to this Privacy Policy. Users are also notified in this context about they can prevent the storage of cookies through their browser settings. When accessing our website, users are informed about the use of cookies for analysis purposes and their consent to the processing of the personal data used in this context is obtained. They are also referred to this Privacy Policy.

 

5.2. Legal Basis for the Processing of Data

The legal basis for the processing of personal data through the use of cookies is art. 6 para 1 lit. f GDPR. The legal basis for the processing of personal data through the use of technically required cookies is art. 6 para 1 lit. f GDPR. The legal basis for the processing of personal data through the use of cookies for analysis purposes is, upon submission of the user’s consent to this, art. 6 para 1 lit. a GDPR.

 

5.3. Purpose of Data Processing

The purpose of using technically required cookies is to simplify usage of the website for users. Some features of our website cannot be offered without the use of cookies. These require that the browser is recognized even after changing pages. We need cookies to implement language settings. User data collected by technically required cookies is not used to create user profiles.

The use of analysis cookies is for the purpose of improving the quality of our website and its content. Analysis cookies allow us to find out how the website is used, thereby allowing us to improve our offer continually.

Our legitimate interest in the processing of personal data also lies in these purposes, as in accordance with art. 6 para 1 lit. f GDPR.

 

5.4. Duration of Storage, Possibility of Objection and Disposal

Cookies are stored on the user’s computer and transmitted from the computer to our page. This gives you, the user, complete control over the use of cookies. Changing your browser settings allows you to deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be set to happen automatically. If you deactivate cookies for our website, you may not be able to use some or all features.

 

 

 

6. Contact Form and Email Contact

6.1. Description and Scope of Data Processing

Our website has a contact form that can be used for electronic communication. If a user decides to take advantage of this option, the data entered into the form’s fields is transmitted to us and stored by us. This affects the following data:

 

  • Email address
  • Subject
  • First name and last name
  • Telephone number (not mandatory)
  • Form of address
  • Comment/message

 

The following data is stored at the time the message is submitted:

 

  • The user’s IP address
  • The time and date

 

Consent to the processing of the data within the framework of the submission process is collected and this Privacy Policy is referred to.

 

It is also possible to contact us via the email address supplied. In this case, the personal data sent in the email is stored.

 

The data is not shared with any third party in this context. The data is solely used for processing correspondence.

 

6.2. Legal Basis for the Processing of Data

The legal basis for the processing of data is, upon submission of the user’s agreement to this, art. 6 para 1 lit. a GDPR. The legal basis for the processing of data in the context of sending an email is art. 6 para 1 lit. f GDPR. If the purpose of email contact involves the conclusion of a contract, the additional legal basis for the processing of data is art. 6 para 1 lit. b GDPR.

 

6.3. Purpose of Data Processing

The processing of personal data from contact form fields is only used in the course of establishing contact. In the case of contact by email, the required legitimated interest in the processing of data also applies.

Any other personal data processed during submission serves solely to prevent the misuse of the contact form and to ensure the security of our IT systems.

 

6.4. Storage Duration

The data is deleted once it is no longer needed to achieve the purpose for which it was collected. For personal data from the contact form fields and data sent by email, this is the case when the respective correspondence with the user has come to an end. Correspondence is considered concluded when it can be inferred from the circumstances that the respective matter has been clarified conclusively. The additional personal data collected during submission is deleted after a maximum of seven days.

 

6.5. Possibility of Objection and Disposal

The user may revoke consent for the processing of personal data at any time. If the user contacts us by email, they can revoke consent to the storage of their personal data at any time. In such a case, correspondence can no longer be continued. Revocation of consent can be submitted by email or post to the responsible body (see above) at any time. All personal data stored in connection with contacting us will be deleted in this case.

 

 

7. Information in the Context of an Online Order

7.1. Description and Scope of Data Processing

On our website, corporate and private customers may order the goods we offer. To this end, we collect personal data via the input fields, which is then transmitted to and stored by us. Your data is shared with third parties only in the event that this is necessary for contract fulfillment (such as shipping). The following data is collected during the ordering process:

 

  • Distinction between private and corporate customer
  • Form of address
  • First name
  • Last name
  • Email address
  • Telephone number (not mandatory)
  • Date of birth (not mandatory)
  • Street address and town
  • Country
  • If applicable, separate shipping address

 

Corporate customers are additionally asked to provide:

 

  • Company name
  • Department (not mandatory)
  • Sales tax ID (not mandatory)

 

Furthermore, the following data is stored at the time of registration:

 

  • The user’s IP address
  • Time and date of registration

 

7.2. Legal Basis for the Processing of Data

The legal basis for the processing of data is art. 6 para 1 lit. b GDPR. The collection of data serves to fulfill the contractional relationship.

 

7.3. Purpose of Data Processing

The collection of data solely serves the purpose of contract fulfillment.

 

7.4. Storage Duration

The data is deleted once it is no longer needed to achieve the purpose for which it was collected. This is the case for the fulfillment of a contract or for completion of precontractual measures when the data is no longer needed for fulfillment of the contract. Even after contract fulfillment, it may be necessary to store the personal data of the contract partner to fulfill contractual or legal obligations.

 

7.5. Possibility of Objection and Disposal

You are entitled to have your data deleted at any time. Insofar as your data is required for contract fulfillment or for the completion of precontractual measures, the prompt deletion of data is only possible as long as deletion does not contravene contractual or legal obligations.

 

 

8. Customer Account Registration

8.1. Description and Scope of Data Processing

Our website offers users the option to register a personal customer account by submitting personal data. This involves the entry, transmission, and storage of data via input fields. The data is not shared with any third party. The data will only be shared when this is necessary for contract fulfillment (such as payment processing). The following data is collected during the registration process:

 

  • Distinction between private and corporate customer
  • Form of address
  • First name
  • Last name
  • Email address
  • Telephone number (not mandatory)
  • Date of birth (not mandatory)
  • Street address and town
  • Country
  • If applicable, separate shipping address

 

Corporate customers are additionally asked to provide:

 

  • Company name
  • Department (not mandatory)
  • Sales tax ID (not mandatory)

 

The user must also choose a password to safeguard the customer account against access by third parties.

 

Furthermore, the following data is stored at the time of registration:

 

  • The user’s IP address
  • Time and date of registration

 

The user’s consent to the processing of this data is obtained during the registration process.

 

8.2. Legal Basis for the Processing of Data

The legal basis for the processing of data is, upon submission of the user’s agreement to this, art. 6 para 1 lit. a GDPR. If registration serves the purpose of fulfilling a contract with the user as the contract partner, or the completion of precontractual measures, additional legal basis for the processing of data is art. 6 para 1 lit. b GDPR.

 

8.3. Purpose of Data Processing

The provision of a personal customer account requires registration by the user. This allows the user to complete future orders more quickly and enables them to view and manage previous orders.

 

8.4. Storage Duration

The data is deleted once it is no longer needed to achieve the purpose for which it was collected. For the data collected during the registration process, this is the case if the registration on our website is canceled or modified. For the data collected during the registration process for fulfillment of a contract or for completion of precontractual measures, this is the case when the data is no longer needed for fulfillment of the contract. Even after contract fulfillment, it may be necessary to store the personal data of the contract partner to fulfill contractual or legal obligations.

 

8.5. Possibility of Objection and Disposal

You as the user have the right to cancel your registration at any time. You may also modify the data stored on you at any time. If the data is required for contract fulfillment or for the completion of precontractual measures, the early deletion of data is only possible so long as deletion does not contravene contractual or legal obligations.

 

 

 

 

9. Data Subject’s Rights

If your personal data is being processed, you are the data subject within the meaning of the GDPR and have the following rights with respect to the responsible body:

 

9.1. Right to Information

You may demand confirmation from the responsible body as to whether personal data concerning you is being processed by us.

If this is the case, you may demand information about the following from the responsible body:

(1)       The purposes for which the personal data is being processed.

(2)       The categories of personal data that are being processed.

(3)       The recipients and categories of recipients to whom your personal data has been or will be disclosed.

(4)       The intended duration of storage of your personal data or, should no concrete information be possible, the criteria for determining the duration of storage.

(5)       The existence of a right to the correction or deletion of personal data concerning you, a right to the restriction of processing by the responsible body, or a right to object to the processing.

(6)       The existence of a right to file a complaint with a supervisory authority.

(7)       All available information on the origin of data when personal data is not collected from the data subject.

(8)       The existence of automated individual decision-making, including profiling, as in accordance with art. 22 para. 1 and 4 GDPR, and – at least in these cases – meaningful information about the logic used, and the implications and intended effects of such processing for the data subject.

 

You have the right to demand information about whether your personal data is transmitted to a third country or an international organization. In this context, you may demand to be told the appropriate guarantees, pursuant to art. 46 GDPR, in connection with the transmission.

 

9.2. Right to Rectification

You have a right to rectification and/or completion by the responsible body if the personal data concerning you that is being processed is incorrect or incomplete. The responsible body is obliged to implement such corrections immediately.

 

9.3. Right to Restriction of Processing

You may demand the restriction of the processing of your personal data under the following circumstances:

(1)       If you dispute the accuracy of the personal data concerning you for a duration that permits the responsible body to verify the accuracy of the personal information.

(2)       The processing is not legally permitted, you refute its deletion and instead demand restriction of the use of your personal data.

(3)       The responsible body no longer requires the personal data for the purpose of processing, but it is still required to assert, exercise, or defend legal claims.

(4)       If you have objected to the processing in accordance with art. 21 para. 1 GDPR and it is still not certain that the responsible body’s legitimate reasons outweigh your reasons.

If the processing of your personal data has been restricted, this data – excluding its storage – may only be used with your consent or for the purpose of asserting, exercising, or defending legal claims, or for protecting the rights of another natural or legal person, or for reasons of important public interest of the Union or a member state.

If processing is restricted in accordance with the conditions specified above, you will be notified by the responsible body before the restriction is lifted.

 

9.4. Right to Erasure

a)     Obligation to erase

You may demand from the responsible body that your personal data is immediately erased and the responsible body is obliged to erase this data immediately if one of the following reasons applies:

(1)       Your personal data is no longer needed for the purposes for which it was collected or otherwise processed.

(2)       You revoke your consent to the processing of your personal data in accordance with art. 6 para 1 lit. a or art. 9 para. 2 lit. a GDPR and no other legal basis exists for its processing.

(3)       You revoke consent pursuant to art. 21 para. 1 GDPR for the processing and no other overriding legal basis for the processing exists. Or you revoke consent pursuant to art. 21 para. 2 GDPR for the processing.

(4)       Your personal data is being processed illegally.

(5)       The erasure of your personal data is required to fulfill a legal obligation under Union law or the law of the member states that the responsible body is subject to.

(6)       Your personal data has been collected as part of the offered services of the information society in accordance with art. 8 para. 1 GDPR.

b)     Information to third parties

If the responsible body has disclosed your personal data and is obliged to erase it in accordance with art. 17 para. 1 GDPR, it shall, taking into account the technology available and the implementation costs, take appropriate measures, including those of a technical nature, to inform data controllers who process the personal data that you, as the data subject, have demanded the erasure of all links to such personal data or of copies or replicas of such personal data.

c)      Exceptions

The right to erasure does not exist when processing is required

(1)       to exercise the right to the free expression of opinion and information

(2)       to fulfill a legal obligation required by the law of the Union or of the member states to which the controller is subject, or to carry out a task of public interest, or in the exercise of official authority conferred on the responsible body.

(3)       for reasons of public interest in the field of public health in accordance with art. 9 para. 2 lit. h and i and art. 9 para, 3 GDPR.

(4)       for reasons of public interest for archiving purposes, scientific or historical research purposes, or for statistical purposes, as in accordance with art. 89 para 1 GDPR, insofar as the right specified under article a) foreseeably makes the realization of the goals of the processing impossible or seriously impedes them.

(5)       for asserting, exercising or defending legal claims.

 

9.5. Right to Notification

If you have asserted the right to rectification, erasure, or restriction of processing against the responsible body, it is obliged to notify all recipients to whom your personal data has been disclosed about the rectification or erasure of data or of its restricted processing, unless this proves impossible or involves a disproportionate effort.

You have the right to be notified about these recipients by the responsible body.

 

9.6. Right to Data Portability

You are entitled to receive your personal data that you provided the responsible body with in a structured, standard, and machine-readable format. You additionally have the right to transfer this data to another responsible body without hindrance from the responsible body to whom you provided the personal data, provided that

(1)       the processing is based either on consent in accordance with art. 6 para. 1 lit. a GDPR or art. 9 para. 2 lit. a GDPR or a contract in accordance with art. 6 para. 1 lit. b GDPR, and

(2)       the processing is done using an automated process.

By exercising this right, you are also entitled to effect that your personal data is directly transferred from one responsible body to another responsible body if this is technically feasible. The freedoms and rights of other persons may not be affected by this.

The right to data portability does not apply to the processing of personal data necessary to fulfill a task in the public interest or for exercising official authority conferred on the responsible body.

 

9.7. Right to Object

You have the right to object to your personal data being processed in accordance with art. 6 para. 1 lit. e or f GDPR at any time for reasons relating to your particular situation; this also applies to profiling done in accordance with these provisions.

The responsible body will no longer process your personal data unless it can prove compelling grounds for the processing that outweigh your interests, rights, and freedoms, or the processing serves the assertion, exercise, or defense of legal claims.

If your personal data is processed for direct marketing, you have the right to object to the processing of your personal data for such advertising at any time; this also applies to profiling, insofar as it is connected to such direct marketing.

If you object to processing for the purposes of direct marketing, the affected personal data will no longer be processed for these purposes.

You have the option to exercise your right to object in connection with the use of information society services by means of automated procedures that employ technical specifications – Directive 2002/58/EC notwithstanding.

 

9.8. Right to Revoke Consent to Data Privacy Policies

You have the right to revoke your consent to data privacy policies at any time. Revoking consent does not affect the legality of any processing carried out on the basis of consent prior to revocation.

 

9.9. Automated Individual Decision-Making, Including Profiling

You have the right not to be subject to a decision based solely on automated processing (including profiling) that has legal implications for you or significantly affects you in a similar manner. This does not apply if the decision

(1)       is necessary for the conclusion or fulfillment of a contract between you and the responsible body,

(2)       is permitted based on European Union or member state legislation that the responsible body is subject to and that this legislation contains appropriate measures for safeguarding your rights and freedoms as well as your legitimate interests, or

(3)       is made with your express consent.

However, these decisions may not be based on special categories of personal data as per art. 9 para. 1 GDPR, unless art. 9 para. 2 lit. a or g apply and appropriate measures for the protection of rights and freedoms and legitimate interests are in place.

With regard to the cases referred to in (1) and (3), the responsible body shall take appropriate measures to uphold your rights and freedoms and legitimate interests, including at least the right to obtain the intervention of a person on the part of the responsible body to express a position and be heard on the challenge of the decision.

 

9.10. Right to File a Complaint With a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to file a complaint with a supervisory authority, in particular in the member state of its residence, its place of work, or in the place of alleged infringement, if you believe that the processing of your personal data violates the GDPR.

The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under art. 78 GDPR.

 

 

10. Implementation of Google Analytics

This website uses Google Analytics, a web analysis service provided by Google Inc. (Google). Google Analytics uses cookies. These are text files stored on your computer to facilitate analysis of how you use this website.

 

Information created by these cookies about your use of this website is generally sent to and stored on Google’s servers located in the USA. In the event that IP anonymization has been activated on this website, your IP address is shortened by Google within the European Union or in a signatory country of the Agreement on the European Economic Area before transmission. Only in exceptional cases will the complete IP address be sent to a Google server in the USA and shortened there. Google uses this information on behalf of the operator of this website to analyze your usage of this website for the purpose of compiling website activity reports. It is also used for additional services associated with website and internet usage provided by the website operator. Google does not associate the IP address transmitted by your browser with other data within the scope of Google Analytics.

 

You can change your browser setting to prevent the storage of cookies. However, doing so may also prevent you from using some or all features provided by this website. You can prevent Google from collecting and processing data generated by cookies and data related to your use of this website (incl. your IP address) by downloading and installing the browser plugin available from the following link: 

 

https://tools.google.com/dlpage/gaoptout?hl=de

 

This website uses Google Analytics with the extension “_anonymizeIp()” This means that shortened IP addresses are processed and that it is not possible to personally identify you as the user. If the data collected about you facilitates a personal attribution to you, it will be immediately excluded and the personal data will be promptly deleted.

 

We use Google Analytics in order to analyze and regularly improve usage of our website. The statistics we collect allow us to improve our offer and design it to be of greater interest to you as a user. Google has submitted itself to the EU-US Privacy Shield for the exceptional cases in which personal data is transmitted to the USA: https://www.privacyshield.gov/EU-US-Framework.

 

The legal basis for the use of Google Analytics is art. 6 para. 1 sentence 1 lit. f GDPR.

Third-party provider information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.

User terms: http://www.google.com/analytics/terms/de.html,

Overview of privacy protection: http://www.google.com/intl/de/analytics/learn/privacy.html, and privacy policy:http://www.google.de/intl/de/policies/privacy.