Product added to your basketGo to your basket
Name: Urbanara GmbH
Address: Gormannstraße 22
Postcode, City, Country: 10119 Berlin, Germany
Commercial Registration No: HRB 136641
Managing Director: Alexander Sailer
Contact for privacy-related matters: Dr. Robert Wagner
E-mail address: firstname.lastname@example.org
Data protection agency:
Name: ePrivacy GmbH
Contact person: Prof. Dr. Christoph Bauer
Address: Große Bleichen 21
Postcode, City, Country: 20354, Hamburg, Germany
1.2. The terms "Personal Data" or data "processing" correspond to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
1.3. Users’ personal data that is collected and processed within the context of URBANARA’s online services includes inventory data (e.g. names and addresses of customers), contract data (e.g. services used, names of contact persons, payment information), usage data (e.g. websites visited in relation to our online services, interest in our products) and content data (e.g. information submitted in contact forms).
1.4. The term “user” covers all categories of persons affected by data processing. These include our business partners, customers, interested parties, and other visitors to our Website. The terms “Users” are to be considered gender-neutral.
1.5 . We process users’ personal data only in compliance with the relevant data protection regulations. This means that the data of the users will only be processed if there is legal permission. That is, the data processing is necessary for the provision of our contractual services (e.g. order processing) and/or online services, or is legally required, and a user's consent is present, as well as on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation and security of our online services as stipulated by Article 6, paragraph 1 lit. F. GDPR, especially in the range measurement, creation of profiles for advertising and marketing purposes, and the collection of access data and use of third-party services.
1.6. Please note that the legal basis for this consent is Article 6 (1) lit. A. and Article 7 GDPR; the legal basis for processing data for the performance of our services and implementation of contractual measures is Article 6 (1) lit. B. GDPR; the legal basis for processing data to comply with our legal obligations is Article 6 (1) lit. C. GDPR, and the legal basis for processing data in order to safeguard our legitimate interests is Article 6 (1) lit. F. GDPR.
2.1. We employ state-of-the-art organizational, contractual and technical security measures to ensure that the regulations of the data protection laws are adhered to, and thus the data processed by us is protected against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons.
2.2. Security measures include, in particular, the encrypted transfer of data between your browser and our server from the shopping cart to the checkout and checkout success pages.
3. Transfer of data to third parties and third-party providers
3.1. Data will only be passed on to third parties in accordance with the legal requirements and/or regulations. For example, we only pass on users’ data to third parties if this is, for example, compliant with Article 6 (1) lit. b) GDPR, is required for contractual purposes or on the basis of legitimate interest in accordance with Article 6 (1) lit. F. GDPR, and required for economic and effective operation of our business operations.
3.2. In the case we use subcontractors to provide our services, we take appropriate legal measures and technical and organisational steps to ensure the protection of all personal data is in accordance with the relevant legal regulations.
4. Provision of contractual services
4.1. We process inventory data (e.g. names and addresses as well as contact data of users), contract data (e.g., services used, names of contact persons, payment information) in order to fulfil our contractual obligations and services according to Article 6 (1) lit b. GDPR.
4.2. Users can create an optional user account, in particular to view their orders. As part of the registration process, the required mandatory information is communicated to the users. The user accounts are not public and cannot be indexed by search engines. If users terminate their user account, their data will be deleted with respect to the user account, subject to necessity of data retention corresponding to commercial or tax reasons according to Article 6 (1) lit. C GDPR. It is the responsibility of the users to save their data in the event of termination before the end of the contract. We are entitled to permanently delete all data stored by the user during the duration of the contract.
4.3. As part of the registration, re-registration, and use of our online services, the IP address and the active time of the respective user will be saved. The storage takes place on the basis of our legitimate interests, as well as the user's protection against misuse and other unauthorized use. This data is not passed on to third parties unless it is necessary for the pursuit of our claims or there is a legal obligation according to Article 6 (1) lit. (c) GDPR.
4.4. We process usage data (e.g. websites visited in relation to our online services, interest in our products) and content data (e.g. information submitted in contact forms) for advertising purposes in a user profile to inform the user, e.g., to display product recommendations based on previously-used services.
5.1. When contacting us (via contact form or email), the information provided by the user to process the contact request and its processing is undertaken according to the regulations set forth in Art. 6 (1) lit. b) GDPR.
5.2. The user information is stored in our Customer Relationship Management system ("CRM system") or similar request organization.
5.3. We use the CRM system "Zendesk", (Zendesk Inc., 1019 Market St, San Francisco, CA 94103, USA) based on legitimate interests (the efficient and rapid processing of user inquiries). For this purpose, we have entered into a contract with Zendesk with so-called standard contractual clauses, in which Zendesk commits itself to processing user data only in accordance with our instructions and compliance with the EU data protection standard. Zendesk is also certified under the Privacy Shield Agreement, providing an additional guarantee to comply with European privacy legislation.
6. Collection of Access data and log files
6.1. Based on our legitimate interests as held in accordance with Article 6 (1) lit. F. GDPR, we collect data about each instance the server is accessed on which our service resides (henceforth “server log files”). The access data includes the name of the retrieved Web page, file, date and time of retrieval, transferred data quantity, message about successful retrieval, browser type and version, the operating system of the user, referrer URL (the previously-visited webpage), IP address, and the requesting providers.
6.2. Log file information is stored for a maximum of 52 weeks for security reasons (e.g. for the investigation of misuse or fraud) and then deleted. Data for which further storage is required for evidence is exempt from deletion until final clarification of the respective incident.
7. Cookies & Reach Measurement
7.1. Cookies are information that are transmitted by our Web server or third-party Web servers to the users’ browsers and stored there for later retrieval. Cookies can be small files or other types of information storage.
8. Google Analytics
8.2. Google is certified under the Privacy Shield Agreement and provides a guarantee to comply with European data protection law.
8.3. Google will use this information on our behalf to evaluate the use of our online service by users, to compile reports on the activities within this online service, and to provide us with further services related to the use of this online service and the internet usage. In this case, pseudonymous usage profiles of the users can be created from the processed data.
8.4. We use Google Analytics to display the ads that are distributed by Google’s and its affiliates’ advertising services. We only submit to Google only those users who have also shown an interest in our online service (called "remarketing" or "Google Analytics audiences"), or who have certain characteristics (e.g. interests in certain topics or products that are determined by the websites you visit). With the help of the remarketing audiences, we aim to ensure that our advertisements correspond to users’ potential interests and are not considered harassing or annoying.
8.5. We only use Google Analytics with IP anonymization enabled. This means that the user’s IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the United States and shortened there.
8.6. The IP address transmitted by the user's browser is not merged with other data from Google. Users can prevent the storage of cookies by amending the appropriate setting of their browser software or by amending the appropriate setting of their cookie consent through the Cookie Bot tool. Users may also prevent Google from collecting the data generated by the cookie and data related to their use of the online server, as well as the processing of such data, by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
8.7. For more information about Google's use of data, settings, and opposition, please visit Google's Web pages: https://www.google.com/intl/de/policies/privacy/partners ("Data use by Google when you use websites or apps of our partners "), http://www.google.com/policies/technologies/ads ("Data usage for advertising purposes"), and http://www.google.de/settings/ads("Manage information that Google uses to show you advertising").
9. Google Remarketing Services
9.1. On the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online service in compliance with Article 6 (1) lit. F. GDPR), we use the marketing and remarketing services provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"), (henceforth called "Google Marketing Services").
9.2. Google is certified under the Privacy Shield Agreement and provides a guarantee to comply with European data protection law.
9.3. Google Marketing Services allows us to better target advertisements for and on our website, so that we only present ads to users that potentially match their interests. For example, if a user is shown ads for URBANARA products on other websites which he or she has shown an interest in, this is called "remarketing". For these purposes, when Google and other websites accessing Google Marketing Services are directly accessed by Google, a code will be executed by Google and so-called (re)marketing tags (invisible graphics or code, also called “Web Beacons”) are incorporated into the Website. Through Web Beacons, the user is assigned an individual cookie, i.e. a small file (instead of cookies, comparable technologies can also be used). The cookies can be set by different domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file is used to indicate which Web pages the user is interested in, which content he or she has clicked, as well as technical information about the browser and operating system, referring Web pages, visiting time, and other information about use of the online service. The user’s IP address is also recorded, whereby, in the context of Google Analytics used within member states of the European Union or other member states of the Agreement on the European Economic Area, it is anonymised. Only in exceptional cases will the full IP address be transferred to a Google server in the United States and shortened there. The IP address will not be aggregated with user data obtained via other Google Services. The above information may also be linked by Google with such information from other sources. When the user then visits other Web pages, he or she can view the ads that are matched to his or her interests.
9.4. The user's data is processed under the Google Marketing Services pseudonym; i.e. Google does not store and process the name or email address of the users, but processes the relevant cookie-related data within anonymous user profiles. That is, from the perspective of Google, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has explicitly allowed Google to process the data without this pseudonymisation. The information collected about users through Google Marketing Services is sent to Google and stored on Google's servers in the United States.
9.5. Included among the Google Marketing Services used by URBANARA is the online advertising program "Google AdWords". In the case of Google AdWords, each AdWords customer receives a different "conversion cookie". As a result, cookies cannot be tracked through AdWords advertisers' websites. The information obtained through the cookie is used to generate conversion statistics for AdWords advertisers who have opted into conversion tracking. Advertisers will see the total number of users who clicked on their ad and were redirected to a tagged conversion tracking page. Advertisers do not receive any information that allows them to personally identify users.
9.6. In addition, we may use the "Google Tag Manager" to integrate and manage the Google Analytics and Marketing Services on our website.
10. Facebook social plugins
10.1. On the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online service in compliance with Article 6 (1) lit. F. GDPR), we use social plugins ("plugins") of the social network facebook.com, which operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland ("Facebook"). The plugins can represent interaction elements or content (e.g. videos, graphics, or text contributions) and can be recognized by one of the Facebook logos (white “f” on blue tile, the terms “Like”, or a “thumbs up” sign) or are identified as a “Facebook Social Plugin”. The list and appearance of Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/.
10.2. Facebook is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European data protection law.
10.3. When a user initiates a function of our online service that contains such a plugin, their device establishes a direct connection to the Facebook servers. The content of the plugin is transmitted directly by Facebook to the user’s device and is incorporated into the online service. In the process, user profiles can be created from the processed data. We therefore have no influence over the amount of data that Facebook captures through this plugin, and therefore can merely inform the user according to our own information.
10.4. By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the online service. If the user is logged in to Facebook, Facebook can assign the visit to his Facebook account. If users interact with the plugins, for example by pressing the “Like” button or leaving a comment, the information is transmitted from your device directly to Facebook and stored there. If a user is not a member of Facebook, there is still the possibility of discovery by Facebook, who may in turn save their IP address. According to Facebook, only anonymous IP addresses are stored in Germany.
10.6. If a user has a Facebook account and does not want Facebook to collect data about him or her via our Website and link it to his/her Facebook-stored profile data, s/he must log out of Facebook and delete his/her cookies before using our Website. Further information regarding settings and inconsistencies regarding Facebook’s use of data for advertising purposes are available within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US-American site http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/. The settings are platform independent, i.e. they apply to all devices, such as desktop computers or mobile devices.
11. Facebook, Custom Audiences and Facebook Marketing Services
11.1. On the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online service in compliance with Article 6 (1) lit. F. GDPR), we use the "Facebook pixel" provided by the social network Facebook, by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025 , USA, or, if you are located in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland ("Facebook"), on our Website.
11.2. Facebook is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European data protection law.
11.3. The Facebook pixel enables Facebook to determine visitors to our Website as a target group for the display of advertisements (henceforth "Facebook ads"). Accordingly, we use the Facebook pixel to display the Facebook ads that are connected to us only to those Facebook users who have also shown an interest in our online service, or who have certain characteristics (e.g. interests in certain topics or products, determined by the websites they visited) that we transmit to Facebook (so-called "custom audiences"). With the help of the Facebook pixel, we aim to tailor our Facebook ads according to the potential interest of users, so they are not irrelevant or pose an an annoyance. With the help of the Facebook pixel, we can also better understand the effectiveness of our Facebook ads for statistical and market research purposes, through which we see whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").
11.4. The Facebook pixel is integrated when visiting our Website directly through Facebook, and can same a small file on your device (so-called “cookie”). If you subsequently log in to Facebook or visit Facebook in the logged-in state, your visit to our Website will be noted in your profile. The data collected about you are anonymous to us, and therefore do not give us any personal information about the identity of the users. The data is however stored and processed by Facebook so that a connection to the respective user profile is established. This connection can be used by Facebook for its own market research as well as for its own advertising purposes. If we should send data to Facebook for comparison purposes, they will be encrypted locally in the browser and then sent to Facebook via a secure HTTPS connection. This is done solely with the purpose of establishing a comparison with the data equally encrypted by Facebook.
11.4. Furthermore, when using the Facebook pixel, we use the additional function "Advanced matching" (e.g. data such as phone numbers, email addresses, or Facebook user IDs) to create target groups ("Custom audiences" or "Lookalike audiences") on Facebook, which are encrypted. For more information about "Advanced matching": https://www.facebook.com/business/help/611774685654668).
11.6. Also, based on our legitimate interests, we use the "Custom Audiences from File" method of the Facebook, Inc. In this case, the email addresses of newsletter recipients are uploaded to Facebook. The upload process is encrypted. The upload is used alone to identify recipients of our Facebook ads. We use this method to ensure that our ads are only displayed to users who are interested in our information and services.
11.7. Data processing by Facebook is part of Facebook's data usage policy. Accordingly, general information on the display settings of Facebook Ads is available in Facebook's Data Usage Policy: https://www.facebook.com/policy.php. For specific information and details about the Facebook Pixel and how it works, visit the help section of Facebook: https://www.facebook.com/business/help/651294705016616.
11.8. Should you object to the collection and use of your data by the Facebook Pixel to display Facebook Ads, follow the instructions to change usage-based advertising settings, and review and set which types of ads you see within Facebook, via the following Facebook page: https://www.facebook.com/settings?tab=ads. The settings are platform independent, i.e. they apply to all devices, such as desktop computers or mobile devices.
11.9. To prevent the collection of your data via the Facebook pixel on our Website, click here to change your cookie settings (marketing cookies must be rejected).
12.1. The following will detail the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedures as well as your right to unsubscribe. By subscribing to our newsletter, you agree to the reception and the procedures described here forthwith.
12.2. Content of the newsletter: We send out newsletters, emails and other electronic notifications with promotional information (hereinafter "newsletter") only with the consent of the recipient or a legal permission. If the contents are specifically described in the context of an application for the newsletter, they are decisive for the consent of the users. In addition, our newsletters contain information about our products, offers, promotions and our company.
12.3. Double opt-In and protocols: the registration for our newsletter is done in a “double-opt-in” procedure; that is, after you have registered, you will receive an email asking you to confirm your registration. This confirmation is necessary so that no one can register with an unauthorised email address. Registrations for the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes the storage of the login and confirmation date, as well as the IP address. Likewise, changes to your data stored with the email service provider will be logged.
12.4. Product Recommendations: If we receive your email address in connection with the sale of a product or service, and you have not objected, we reserve the right to send you regular offers on similar products from our online assortment, such as those already purchased, via email. You may at any time opt-out of this use of your email address by sending a message to the contact option described below, or via a dedicated link in the promotional mail, without incurring any costs other than the transmission costs according to basic tariffs.
12.5. Delivery: The newsletter is sent by “Broadmail”, Episerver GmbH, Wallstreet 16, 10179 Berlin, a Newsletter delivery service provider.
12.6. Furthermore, the delivery service provider may, according to their own information, transmit these data in a pseudonymous form – i.e. without assigning personal user information – to optimize or improve their own services, for example for the technical optimization of the dispatch and the presentation of the newsletters, or to determine the location of recipients for statistical purposes. The delivery service provider does not collect our newsletter recipients’ data or pass them on to third parties.
12.7. Registration information: To sign up for the newsletter, it is sufficient to provide your email address. Optionally, we ask you to provide a name for personal address in the newsletter.
12.8. Statistical survey and analysis: The newsletters contain a so-called "Web beacon", i.e. a pixel-sized file that is retrieved from the delivery service provider's server when the newsletter is opened. This will initially collect technical information, such as information about the browser and your system, as well as your IP address and time of retrieval. This information is used to improve the technical performance of services based on their specifications or audience and their reading habits, based on their locations (which can be determined using the IP address) or access times. Statistical surveys also include determining if the newsletters will be opened, when they will be opened, and which links will be clicked. This information can be assigned to the individual Newsletterempfängern for technical reasons. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our endeavor nor that of the delivery service provider to observe individual users. The evaluations serve us rather to recognise the reading habits of our users and to adapt our content to them, or to send different content according to users’ individual interests.
12.9. The use of the delivery service provider, the execution of the statistical surveys and analyses, as well as the logging of the registration procedure, are carried out on the basis of our legitimate interests according to Article 6 (1) lit. F GDPR. Our interest is to use a user-friendly and secure newsletter-module that serves both our business interests and the expectations of our users.
12.10. Unsubscription: You can revoke your consent for us to contact you via email for marketing purposes, i.e. unsubscribe from our newsletter, at any time. An unsubscribe link can be found at the end of each newsletter. You can also contact us to confirm your unsubscription by emailing email@example.com.
13. Integration of third party services and content
13.1. On the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Article 6 (1) lit. f. GDPR), we incorporate content and services from third-party providers such as videos or fonts (henceforth “content”) within our Website content or online service. This always presupposes that the third-party providers of this content perceive the IP address of the users, since they could not send the content to their browser without the IP address. The IP address is therefore required to display this content. We only endeavour to use such content, whose provider uses the IP address only to deliver the content. We endeavor to use only content whose respective providers use the IP address solely for the delivery of the content. Third parties may also use so-called pixel tags (invisible graphics, also referred to as "Web Beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of our Website. The pseudonymous information may also be stored in cookies on the user's device and may include, but is not limited to, technical information about the browser and operating system, referral Websites, visit time, and other information regarding the use of our online services.
13.2. The following provides an overview of our use of third parties and their content, along with links to their data protection declarations, which contain further information on the processing of data and – in some cases already mentioned here – opt-out possibilities:
• If our customers use the payment services of third parties (e.g. PayPal or direct debit), their Terms and Conditions and the data protection notices of the respective third parties, can be accessed within the respective websites or transactional applications.
14. Rights of users
14.1. Users have the right, upon request, to receive information free of charge about the personal data that we have stored about them.
14.2. In addition, users have the right to correct inaccurate data, limit the processing and deletion of their personal data, assert their rights to data portability when applicable, and, in the event of unlawful processing, file a complaint with the appropriate regulatory authority.
14.3. Likewise, users can revoke consent, generally for future effect.
15. Deletion of data
15.1. The data stored with us are deleted as soon as they are no longer necessary for their purpose and the deletion does not conflict with any statutory storage requirements. If the data of the users are not deleted because they are necessary for other and legally permissible purposes, their processing is restricted; i.e. the data is locked and not processed for other purposes. This applies, for example, for data of users that must be kept for commercial or tax reasons.
15.2. According to legal requirements, storage takes place for 6 years in accordance with § 257 (1) HGB (trading books, inventories, opening balance sheets, annual accounts, trade letters, accounting documents, etc.) and for 10 years pursuant to § 147 (1) AO (books, records, management reports, Accounting documents, commercial and business letters, documents relevant for taxation, etc.).
16. Right to Object
16.1. Users may, at any time, object to the future processing of their personal data in accordance with the legal requirements. The opposition may in particular be against processing for direct marketing purposes.