Last update: July 2020
- the above-mentioned Website as well as
- our App.
1. PROCESSING OF DATA RELATED TO THE USE OF OUR WEBSITE
2. PROCESSING OF DATA RELATED THE USE OF OUR WEBSITE (INCLUDING REGISTRATION ON THE WEBSITE / IN THE APP)
If you have decided to register on our Website / App, you must provide certain information allowing us to improve our customer service for you. You have to create a customer account.
The following personal data must be indicated during registration:
- Name & Surname
- Email address
- Phone number
- Product model
- Serial number
- Date of purchase
- Reseller type
- Date of birth of your baby
- Gender of your baby
We require this information in order to improve customer service for you. When registering a product of Swandoo with us, you provide us with a record of your purchase. Therefore we can provide you with better support when you dial our customer service number or our distributors, especially with regards to warranty information. The processing of the data mentioned above is based on your informed, explicit consent (Art 6 para 1 lit a GDPR). The data will also be stored by us, whereby we will only store them for the period reasonably deemed necessary to achieve the purpose and as permitted by applicable law. We store personal data in any case as long as there are legal storage obligations or as long as limitation periods for potential legal claims have not yet expired. If the storage of the data is no longer required for the purposes of the original collection (or within the scope of a legally permissible change of purpose) and if there are no legal provisions to the contrary, we will arrange for it to be deleted.
3. PROCESSING OF DATA RELATED TO THE USE OF OUR APP
You can download our App for free via Apple Store or Google Play; at the moment, the App is available for the iOS platform and Android. By using our App for the first time, you will be asked to register your phone by indicating your name, your email address and your telephone number. Location data will be processed as well. Our processing of these data is based on your informed and explicit consent (Art 6 para 1 lit a GDPR). After a successful registration on the App, you will have various functions at your disposal, for example babytracking functions (breastfeeding timer, bottle timer, expressing milk timer, diaper count, sleep timer, symptoms recorder, weight recorder, size recorder, temperature record). The App will also link to our smart seat which will have functions such as harness detection, temperature detection, accident detection, and leaving baby alone detection. Such transfer is encrypted with TLS (Transport Layer Security) or SSL (Secure Sockets Layer) protocol.
4. TRANSMISSION OF YOUR PERSONAL DATA / RECIPIENTS
Within our organization, those departments or employees who need your data to fulfil their contractual or legal obligations and as a result of data processing based on our legitimate interests, will receive it.
Furthermore, (external) contractors commissioned by us receive your data if they require the data to provide their respective services (whereby access to personal data is sufficient). All contractors are contractually obliged to treat your data confidentially and to process it only within the scope of the provision of services. This includes the following categories of recipients:
- Marketing agency
- Marketing consultants
- Software development company
- IT service providers, etc.
- Social networks (Facebook, Instagram, YouTube) within the scope of the services described in point 10
Furthermore, we constantly engage our subsidiary company SWANDOO GmbH, Nördliche Münchner Strasse 47, 82301 Grünwald, Germany, as our processor to administrate and maintain our Website as well as to handle communication with interested parties and customers to a certain degree. Any processing of your personal data in this context is – in accordance with the legal requirements – based on a data processing agreement pursuant to Art 28 para 3 GDPR as well as our express instructions.
We have a constantly updated list of our recipient categories with regard to data transfers and contract processors.
These recipients serve us as processors under data protection law in order to be able to fulfil our contracts. Our processors are bound by our data protection practice and will treat your personal data as strictly confidential. Under no circumstances will your data be transferred to third parties without your express consent or used for purposes other than the fulfilment of your obligations to us or on the basis of our express instructions.
On our Website at swandoo.com/newsletter you have the possibility to subscribe to the Swandoo newsletter. You will need to provide your name and email address. This data is required in order to send the newsletter (Art 6 para 1 lit b GDPR). Under no circumstances may a newsletter or other electronic advertising be sent without your prior consent. In the event that you no longer wish to receive the newsletter, you can unsubscribe at any time either by clicking on the “unsubscribe newsletter” button in any newsletter email or by sending an email to email@example.com containing your request. The data collected for the sending of the newsletter will be deleted immediately after any cancellation unless otherwise provided by law, and the data is not processed on any other legal basis.
We use the newsletter service MailChimp, which is operated by The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA (hereinafter “MailChimp“). Your voluntarily provided personal data (name, address and e-mail address) will be stored on MailChimp servers in the USA. Your data will only be used to send you the newsletter you have ordered or any other information about our activities in which you are interested. Under certain circumstances, however, your data may also be used for statistical evaluations.
MailChimp is also a participant in the EU-US Privacy Shield, which obliges the company to comply with the agreement and maintain a level of data protection that complies with European data protection standards. The Privacy Shield certification can be viewed at https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active.
6. RIGHTS OF THE DATA SUBJECT
A central aspect of data protection regulations is the implementation of adequate opportunities to allow for the disposition of personal data, even after the processing of said personal data has occurred. For this purpose, a series of rights of the data subject are set in place. We shall comply with your corresponding requests to exercise your rights without undue delay and in any event within one month of receipt of the request. Please address your request to the following address: firstname.lastname@example.org.
Specifically, the following rights are stipulated:
- Should you exercise your right to information, we shall provide you with all relevant information regarding the processing of your personal data by us, permitted to the extent of the law. For this purpose, we will send you (i) copies of the data (emails, database excerpts, etc), as well as information on (ii) concretely processed data, (iii) processing purposes, (iv) categories of processed data, (v) recipients, (vi) the storage period or the criteria for determining it, (vii) the origin of the data and (viii) any further information depending on the individual case. Please note, however, that we cannot hand over any documents that could impair the rights of other persons.
- With the right to rectification you may request that we rectify wrongly recorded data, data that has become inaccurate or incomplete personal data (for the purpose of the respective processing). Your request will then be examined and the data processing affected may be restricted for the duration of the examination upon request.
- The right to (data) erasure may be exercised (i) in the absence of a need with regard to the purpose of processing, (ii) in the event of revocation of a consent given by you, (iii) in the event of special objection, insofar as the data processing concerned is based on the legitimate interests of us, (iv) in the event of unlawful data processing, (v) in the event of a legal obligation to erase, and (vi) in the event data of minors under the age of 14 are processed.
- A right to restriction of processing, after the exercise of which affected data may only be stored, exists (only) in special cases. In addition to the possibility of restricting the duration of data corrections, (i) unlawful data processing (unless deletion is required) and (ii) the duration of the examination of a particular objection request are also covered.
- You also have the right to object to data processing at any time. However, this only applies if the processing is based on our legitimate interests.
- You have the right to lodge a complaint with a relevant national supervisory authority (see point 13).
- A right to data transfer, after the exercise of which the data concerned may be obtained in a structured, common and machine-readable format and communicated to another responsible party.
Please also note that we may be unable to comply with your request due to compelling reasons worthy of protection for the processing (weighing of interests) or a processing due to the assertion, exercise or defense of legal claims (on our part). The same applies in the case of excessive requests, whereby here as well as in the case of descendants of manifestly unfounded requests a fee may be charged.
7. DATA SECURITY, DATA ERASURE
We take all appropriate technical and organizational measures to ensure that only those personal data are processed by default whose processing is absolutely necessary for the business purpose. The measures we have taken cover the amount of data collected, the scope of processing as well as their storage period and accessibility. With these measures, we ensure that personal data are only made accessible to a limited and necessary number of persons through default settings. Other persons will under no circumstances be granted access to personal data without the explicit consent of the person concerned. In addition, Swandoo uses various protection mechanisms (backups, encryption) to secure the appearance of the Website and other systems. This is intended to protect your (personal) data as best as possible against loss or theft, destruction, unauthorized access, alteration and distribution.
All Swandoo employees have been sufficiently informed of all applicable data protection regulations, internal data protection regulations and data security precautions and are obliged to keep secret all information entrusted or made available to them in the context of their professional employment. The requirements of the GDPR are strictly observed and personal data are only made available to individual employees insofar as this is necessary with regard to the purpose of data collection and our obligations arising therefrom. Insofar as contract processors are deployed by us, they are also obliged to comply with all applicable data protection regulations on the basis of specific framework agreements. In addition, when handling your (personal) data, they are strictly bound by our specifications in particular with regard to type and scope.
In accordance with the provisions of the GDPR, all (personal) data collected by us via the Website and the App will only be stored for as long as it is required with regard to the legal basis of the processing, unless longer-term storage is provided for by law. We comply with our obligation to delete data on the basis of our specific internal deletion concept, and we can provide you with further information on request.
If we use contractors, they are also obliged to comply with all applicable data protection regulations on the basis of specific framework agreements. Furthermore, when handling your (personal) data, they are strictly bound to our guidelines, in particular with regard to type and scope.
8. LINKS TO THIRD PARTY SITES
On our Website and on our App we use links to the websites of third parties. These are on the one hand reference links leading to our permanent partners and on the other hand links to social networks (e.g. Facebook, Instagram, YouTube). If you click on one of these links, you will be forwarded directly to the respective page. For the operators of these pages it is only evident that you have accessed our Website.
These links to the websites of third parties do not constitute an approval of their contents by the publisher. No responsibility is taken for the availability or the content of such websites and no liability is accepted for damage or injury resulting from the use of such content, of whatever form. The links to other websites merely provide users with access to the use of the content. For illegal, incorrect or incomplete contents and for damage, which develops from the use, alone the provider of the website, to which one referred, is responsible.
Most browsers automatically accept cookies. However, you have the option to customize your browser settings so that cookies are either generally declined or only allowed in certain ways (e.g., limiting refusal to third party cookies). However, if you change your browser’s cookie settings, our Website may no longer be fully functional. The setting options for the most common browsers can be found under the following links:
Internet Explorer™: http://windows.microsoft.com/de-at/windows-vista/Block-or-allow-cookies
10. SOCIAL PLUGINS
Our Website uses so-called social plugins (“Plugins“) of the social network Facebook as well as the microblogging service Instagram and YouTube. These services are offered by Facebook Inc, Instagram LLC and YouTube LLC (“Providers“). Facebook is operated by Facebook Inc, 1601 Willow Road, Menlo Park, California 94025, USA (“Facebook“). Representative of Facebook within the meaning of Article 27 GDPR and general contact person within the EU is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. An overview of the Facebook plugins and their appearance can be found here: https://developers.facebook.com/docs/plugins. Instagram is operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram“). An overview of the Instagram buttons and their appearance can be found here: https://instagram-press.com/blog/2012/11/21/introducing-instagram-badges/. YouTube is operated by YouTube LLC, a subsidiary of Google LLC, located at 901 Cherry Ave., San Bruno, CA 94066, USA (“YouTube“).
When you visit a page on our Website that contains such a Plugin, your browser establishes a direct connection to the Facebook, Instagram or YouTube servers. The content of the respective Plugin is then by the respective Provider transmitted directly to your browser and integrated into the page. By activating the Plugins, the Providers receive the information that your browser retrieved from the corresponding page of our Website, even if you do not have a profile with Facebook or are not currently logged in. This information (including your IP address) is transmitted directly from your browser to a server of the respective provider in the USA and stored there. If you are logged in to one of the services, the Providers can immediately assign your visit to our Website to your profile on Facebook, Instagram or YouTube. If you interact with the Plugins, e.g. press the “Like” or “Instagram” buttons, the corresponding information is also transmitted directly to a server of the Providers and stored there. The information is also published on the social network, on your Instagram or YouTube account and displayed to your contacts there. For information on the purpose and scope of the data collection by the Providers and your rights and setting options for protecting your privacy, please refer to the data protection information of the Providers.
If you do not want Facebook, Instagram or YouTube to associate the data collected via our Website directly with your profile at the respective service, you must log out of that service before visiting our Website. You can also completely prevent the loading of Plugins with add-ons for your browser, e.g. with the script blocker “NoScript” (http://noscript.net/).
Facebook is also a participant in the EU-US Privacy Shield, which obliges the company to comply with the agreement and maintain a level of data protection that complies with European data protection standards. The Privacy Shield certification can be viewed at https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active. Instagram is a subsidiary of Facebook and consequently covered by this certification as well. YouTube is a subsidiary of the Google LLC and covered by its certification available at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
11. USE OF GOOGLE MAPS
Google is a participant in the EU-US Privacy Shield, which obliges the company to comply with the agreement and to maintain a level of data protection in line with European data protection standards. The Privacy Shield certification can be viewed at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
The following analysis tools are used on our Website and / or in our App, whereby the processing of personal data is carried out on the basis of our overriding legitimate interest in creating cost-efficient website / app access statistics that are easy to use (Art 6 para 1 lit f GDPR):
12.1 GOOGLE ADWORDS
On our Website we use web analysis and online marketing tools from Google, namely “Google AdWords“. When you click on an ad placed by Google, a cookie is placed on your device. These cookies expire after 30 days, do not contain any personally identifiable information, and are not personally identifiable. Neither we nor any third party will receive any information from Google that could identify you as a data subject.
Further information on data protection in connection with Google AdWords and your options in this regard can be found at https://policies.google.com/technologies/ads?hl=en.
12.2 GEO TARGETLY
On our Website we use the Geo-Personalisation Service from V&T Technologies Pty. Ltd, Canning Vale WA 6155, ABN 81 606 826 279, Western Australia, Australia (“V&T“), namely “Geo Targetly redirect“, which enables us to analyze the use of the Website.
When you visit our Website, Geo Targetly will transfer certain data to a server of V&T, which is located in the USA and at the moment hosted in Google Cloud’s US regions. Such data comprise your IP address, the referrer URL, the current browser URL, your browser screen size as well as other available information. The IP address is used to determine your approximate location. The information collected and the location are used to provide geo-personalized content, redirects, pop-ups, notification bars, and other output forms on the Website. On our Website we use Geo Targetly redirect. This geo redirect service allows us to redirect a visitor from one website or page to another website or page based on their geolocation. We redirect visitors of our Website based on their country, state / region, city, latitude-longitude-radius zone and IP address. Redirection is applied on the starting page of the Website. The tool allows to create multiple location segments when redirecting URL pairs so visitors from different locations can be redirected to different websites.
We do not remember the settings of the user. There are no cookies implemented. V&T does not store your data on their servers for longer period of times, as they are only short-term processed allowing V&T to perform their services and have Geo Targetly working properly. The information is solely used to determine the relevant geo-personalised output. In this context, we process your data on the basis of our overriding legitimate interest in compiling easy-to-use website access statistics in a cost-efficient manner (Art 6 para 1 lit f GDPR).
12.3 GOOGLE ANALYTICS
On our Website we use web analysis and online marketing tools from Google, namely “Google Analytics” and the “Google Tag Manager“, which enable us to analyze the use of the Website. Since registration on our Website is not intended or possible, you will only be assigned a client ID when you call it up, which will be regenerated for different end devices, for example. Tracking is performed by the tracking code analytics.js (Java Script). In this context, we process your data on the basis of our overriding legitimate interest in compiling easy-to-use website access statistics in a cost-efficient manner (Art 6 para 1 lit f GDPR).
By using the software, a cookie is set (for the client ID), which is stored on your computer. The information generated by the cookie about your use of the Website will generally be transferred to and stored by Google on servers in the USA. However, due to the activation of IP anonymization on this Website, your IP address will be reduced by Google in advance within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. Google will use this information for the purpose of evaluating your use of the Website, compiling reports on website activity and providing other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google. Your person cannot be identified by Google.
Google is also a participant in the EU-US Privacy Shield, which obliges the company to comply with the agreement and maintain a level of data protection that complies with European data protection standards. The Privacy Shield certification can be viewed at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
With the procedure described under point 9, you can prevent the storage of cookies by a corresponding setting of your browser software (possibly limited to third-party cookies). You can also prevent Google from collecting data generated by cookies and related to your use of the Website (including your IP address) and from processing this data by downloading and installing a browser plug-in (available for Microsoft Internet Explorer 11, Google Chrome, Mozilla Firefox, Apple Safari and Opera) (http://tools.google.com/dlpage/gaoptout?hl=de). Alternatively, you can click here to set an opt-out cookie, which is stored on your device and also prevents Google Analytics from collecting your data. Should you delete your stored cookies, however, this step is required again. However, we would like to point out that you may then not be able to use all the functions of the Website to their full extent.
Further information on data protection in connection with Google Analytics / the Google Tag Manager and your options in this regard can be found at https://www.google.at/intl/de_ALL/analytics/learn/privacy.html or for Google products in general at https://policies.google.com/privacy?hl=de.
For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.
12.5 FACEBOOK CONVERSION TRACKING
Within our offer we use the “Visitor Action Pixel” of Facebook Inc, 1601 Willow Road, Menlo Park, California 94025, USA (“Facebook“). Representative of Facebook within the meaning of Article 27 GDPR and general contact within the EU is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. This allows us to track the behavior of Users after they have clicked on a Facebook ad and been directed to the Website of that offer. This process is used to evaluate the effectiveness of Facebook ads for statistical and market research purposes and may help optimize future advertising efforts. In this context, we process your data on the basis of our overriding legitimate interests to place targeted advertising, to pursue an efficient marketing strategy and to compile easy-to-use website access statistics in a cost-efficient manner (Art 6 para 1 lit f GDPR). Facebook will also link the information collected about your visit to our site with your member account and use it for the targeted placement of Facebook ads, if you are a Facebook member and if you have not disabled such linkage in the privacy settings of your account. A cookie can also be stored on your computer for these purposes. The collected data remains anonymous for Swandoo and does not give us any information about the identity of the User. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook data guideline (www.facebook.com/about/privacy). If you do not want data to be collected from Facebook pixels, you can disable this here: www.facebook.com/settings?tab=ads (you must be logged in to Facebook to do this). If you are not a Facebook member, you can prevent Facebook from processing your data by clicking the deactivation button for the provider “Facebook” on the YourOnlineChoices website of the European Interactive Digital Advertising Alliance: www.youronlinechoices.com/de/praferenzmanagement/ . In addition, you can object to the capture of your data by the pixel (so-called opt-out).
13. RIGHT OF APPEAL
If you take the view that we violate applicable data protection laws when processing your data, you have the right to file a complaint with the relevant national supervisory authority. The requirements for such a complaint in Austria are based on Section 24 DSG. However, we would ask you to contact us in advance in order to clarify any questions or problems. The contact details of the Austrian Data Protection Authority are as follows:
Austrian Data Protection Authority, Barichgasse 40–42, 1030 Vienna, Austria
Phone: +43 1 52 152-0
14. CONTACT DETAILS REGARDING DATA PROTECTION ISSUES
For data protection questions, messages or requests, please use the following contact address:
Reisnerstraße 55-57 Top B3