Privacy policy of Playmobil® UK Ltd.

Last update: Juni 2023


We welcome you to our website and are pleased about your interest in our company. We take the protection of your personal data very seriously. We process your data in accordance with the applicable legal provisions for the protection of personal data, in particular the EU General Data Protection Regulation (EU-GDPR) and the country-specific implementation laws applicable to us. With the help of this privacy policy, we would like to inform you comprehensively about the processing of your personal data by Playmobil® UK Ltd. and of your rights.


Personal data means the information that makes it possible to identify a natural person. This includes, in particular, your name, date of birth, address, telephone number and email address but also your IP address.


Data are anonymous if no personal reference to the user can be established.



Controller and Data Protection Officer

Address (summonable address of the company):

Playmobil® UK Ltd.

Reg No. 1493033 (Wales)

Registered Office: Regency House

1 Miles Gray Road

Basildon

Essex

SS14 3RW


Contact information:

www.playmobil.com

Phone 01268 490 184

Fax (01268)548181


Contact details of the Data Protection Officer:

dataUK@playmobil.de




Your rights as the data subject

First of all, we would like to inform you about your rights as the data subject. These rights are set out in Art. 15 - 22 EU GDPR. This includes:


  • 1. The right to information (Art. 15 EU GDPR),
  • 2. The right to erasure (Art. 17 EU GDPR),
  • 3. The right to correction (Art. 16 EU GDPR),
  • 4. The right to data portability (Art. 20 EU GDPR),
  • 5. The right to restrict data processing (Art. 18 EU GDPR),
  • 6. The right to object to data processing (Art. 21 EU GDPR).


To exercise these rights, please contact us at: dataUK@playmobil.de. The same applies if you have any questions about data processing in our company or wish to revoke any consent you have given. You also have a right to lodge a complaint with a data protection supervisory authority.




Rights of objection

Please note the following in connection with your rights of objection:

If we process your personal data for the purpose of direct advertising, you have the right to object to this data processing at any time without giving reasons. This also applies to profiling, insofar as it is related to direct advertising.

If you object to processing for direct advertising purposes, we will no longer process your personal data for these purposes. The objection is free of charge and can be made informally, if possible to: dataUK@playmobil.de.

In the event that we process your data to protect legitimate interests, you can object to this processing at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions.

We will then no longer process your personal data unless we can prove compelling reasons for processing worthy of protection that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims.




Purposes and legal bases of data processing

When processing your personal data, the provisions of the EU GDPR and all other applicable data protection regulations are observed. The legal basis for data processing is derived in particular from Art. 6 EU GDPR.

We use your data for business initiation, to fulfil contractual and legal obligations, to implement the contractual relationship, to offer products and services and to strengthen the customer relationship, which may also include analyses for marketing purposes and direct advertising.

Your consent also constitutes a permission under data protection law. Here we inform you about the purposes of data processing and your right of withdrawal. Should your consent also refer to the processing of special categories of personal data, we will expressly point this out in the consent declaration.

Processing of special categories of personal data in the sense of Art. 9 para. 1 EU GDPR is only carried out if this is necessary due to legal provisions and there is no reason to assume that your legitimate interest in excluding processing outweighs your legitimate interest in protection.




Transfer to third parties

We will only pass on your data to third parties within the framework of the legal regulations or with the appropriate consent. Otherwise the data will not be passed on to third parties, unless we are obliged to do so by mandatory legal provisions (passing on to external bodies such as supervisory authorities or law enforcement agencies).




Recipients of the data / categories of recipients

Within our company, we ensure that only those persons receive your data who need it to fulfil contractual and legal obligations.

In many cases, service providers support our specialist departments in fulfilling their tasks. These service providers support our specialist departments, for example in credit checks, data analysis, newsletter dispatch, etc. The necessary data protection agreements have been concluded with all service providers.

To process shipping orders with UPS, the name, address, telephone number, and email address of the recipient are recorded. This information is passed to UPS for the purpose of shipping this order. After the data has been transferred, the recipient receives a shipment confirmation email from UPS with tracking information.




Data Transmission to Third Countries/Intention of Data Transmission to Third Countries

Data transmission to third states (outside the European Union or the European Economic Area) will take place only if it is technically necessary, required to implement contractual obligations, prescribed by law or you have given us your consent.


Third Country Transmission to Salesforce

We will transmit your personal data to Salesforce (US States and Asia-Pacific), a service provider with group companies outside the European Economic Area. This transmission will take place as part of order processing based on standard privacy clauses and within the Salesforce group via Salesforce's Processor Binding Corporate Rules (BCR). These are binding company-specific privacy policies which were approved by EU Data Protection Authorities and are subject to a continuous reporting process.

Salesforce's Data Policy can be found at: https://www.salesforce.com/company/privacy/


Third Country Transmission to Cloudflare

To safeguard our website, we are using a service provided by Cloudflare Inc. For further information about data processing, please see: Securing our website through Cloudflare (Art. 6 para. 1 f) EU GDPR). . Services provided by Cloudflare Inc. are used as part of order processing based on standard privacy clauses. In the context of the use of these services, we ensure – where required – that the European data protection level is complied with and that data is protected from access, using the relevant guarantees.


Third Country Transmission to Google

If you have given us your consent for the services of Google (see Conversion Tracking and Remarketing with Google Ads (Art. 6 para. 1 lit. a EU GDPR), we transmit data to Google. The transmission of the data takes place within the framework of order processing on the basis of the standard data protection clauses (see also: https://privacy.google.com/businesses/processorterms/mccs/).


Third Country Transmission to Microsoft

If you have given us your consent for the services provided by Microsoft (see Microsoft Bing Ads (Art. 6 para. 1 a) EU GDPR)), we will transmit data to the Microsoft Corporation. Transmission of data to Microsoft will take place as part of order processing based on standard privacy clauses.



Data storage duration

We store your data for as long as they are needed for the respective processing purpose. Please note that numerous retention periods require that data continue to be (must be) stored. This concerns in particular commercial or tax retention obligations (e.g. German Commercial Code, Tax Code, etc.). Provided that there are no further storage obligations, the data are routinely deleted after the purpose has been achieved.

In addition, we may retain data if you have given us permission to do so or if legal disputes arise and we use evidence within the scope of legal limitation periods, which can be up to thirty years; the regular limitation period is three years.




Secure transfer of your data

In order to protect the data stored with us against accidental or intentional manipulation, loss, destruction or access by unauthorized persons in the best possible way, we use appropriate technical and organisational security measures. The security levels are continuously reviewed in cooperation with security experts and adapted to new security standards.

The data exchange from and to our website is always encrypted. We offer HTTPS as the transfer protocol for our website, in each case using the latest encryption protocols.

In addition, we offer our users content encryption as part of the contact forms. Only we can decrypt these data. It is also possible to use alternative means of communication (e.g. by post).




Obligation to provide the data

Various personal data are necessary for the establishment, execution and termination of the debt relationship and the fulfilment of the contractual and legal obligations associated therewith. The same applies to the use of our website and the various functions it provides.

We have summarised details of this for you in the above point. In certain cases data must also be collected or made available due to legal regulations. Please note that it is not possible to process your enquiry or perform the underlying contractual relationship without providing these data.




Categories, sources and origin of data

Which data we process is determined by the respective context: This depends on whether you place an order online, for example, or enter an inquiry in our contact form.

Please note that we may also provide information for special processing situations separately in a suitable place, e.g. in case of a contact request.


When you visit our website, we collect and process the following data:

1. Name of the internet service provider

2. Information about the website from which you visit us

3. Web browser and operating system used

4. The IP address assigned by your internet service provider

5. Requested files, transferred data volume, downloads/file export

6. Information about the web pages that you access on our website including date and time

7. We process further data via cookies and tools, see here: Visit to our website (Art. 6 para. 1 f) EU GDPR) and the following points


When you establish contact, we collect and process the following data:

1. Name, first name

2. Address

3. Email address

4. Salutation

5. Information about requests and interests


Within the scope of the ordering process, we process the following data:

1. Salutation

2. Name, first name

3. Company name

4. Date of birth

5. Delivery address

6. Billing address

7. Email address

8. Phone number

9. Data that may legitimately be processed from other sources


For newsletters, we collect and process the following data:

1. Name, first name

2. Email address

3. Salutation

4. Postcode

5.Tracking data from newsletter evaluation (we analyse, among other things, the click and open rate of the newsletter, as well as the purchasing behaviour of our newsletter subscribers via our service provider Salesforce Marketing Cloud)


For competitions, we collect and process the following data:

1. Name, first name

2. Address

3. Email address

4. Date of birth

5. Country


We process the following data within the framework of the catalogue dispatch:

1. Salutation

2. Name, first name

3. Street & house number

4. Postcode

5. City

6. Country

7. Email address

8. Phone number




Visit to our website (Art. 6 para. 1 f) EU GDPR)

When our website is called up, the following data are automatically recorded by our web server: Name of your internet service provider, information about the website from which you are visiting us, the web browser and operating system used, the IP address assigned by your internet service provider, files requested, data volume transferred, downloads/file exports and information about the websites you visit from our website, including date and time.

This data processing is technically necessary so that the contents of our website can be delivered to your end device. Your IP address must therefore also necessarily be collected and stored for the duration of the respective session. The same applies to other data whose processing is necessary for the correct display of our website. The storage of data in the so-called log files also serves to further optimise the site, to ensure its functionality, to guarantee the security of our applications and for legal protection (e.g. recognition and defence of attacks on our website).

The legal basis for this data processing and temporary data storage is our legitimate interest as a website operator (Art. 6 para. 1 f) EU GDPR).

The storage period of the data is limited and deletion takes place as soon as the data no longer need to be kept for processing purposes. In the case of the survey for the correct display of our website, this is the case after the end of the session. When the data are stored in log files, the data are deleted or made anonymous after 37 days.




Securing our website through Cloudflare (Art. 6 para. 1 f) EU GDPR)

On our website we use the content delivery network service of Cloudflare Inc. (101 Townsend St San Francisco, CA 94107). Technically speaking, the connection from your device to our website is routed through Cloudflare's network. With it, Cloudflare is, for example, able to recognise attacks on our website. However, Cloudflare has no access to the data you enter due to the TLS encryption, which is always activated on our website. When you access our website, Cloudflare cookies are set in your web browser. Cloudflare collects statistical data about the visit to this website. The access data include: name of the website accessed, file, date and time of the call, amount of data transferred, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited site), IP address and the requesting provider. Cloudflare uses the log data for statistical evaluations for the purpose of operation, security and optimisation of the offer (e.g. for the identification and defence of mass abusive access in the context of Denial of Service attacks (DDoS) or for the identification of several legitimate accesses of different devices using one IP address). Please read also the data protection regulations of Cloudflare which can be found here https://www.cloudflare.com/de-de/privacypolicy/ are retrievable. We use this service to ensure the availability of our website, to protect ourselves from attacks and to optimise the loading times of our website.

The use of the tool is based on our legitimate interest according to Art. 6 para. 1 f) EU GDPR. Your data will be transferred to Cloudflare for evaluation and thus to a third country. See here: Third country transfer / Third country transfer intention We have concluded a corresponding agreement with Cloudflare based on the EU GDPR for order processing. Cloudflare is used by Salesforce to ensure the smooth operation of the online shop.




Fraud detection via ARVATO's Profile Tracking Solution (Art. 6 para. 1 b) EU GDPR and Art. 6 para. 1 f) EU GDPR)

We use the Fraud Detection Tool of Arvato Financial Solutions (Arvato infoscore GmbH, RheinstraĂźe 99, 76532 Baden-Baden, Germany) for the ordering process of our online shop. The profile tracking solution tool uses a JavaScript code and a tracking pixel to assign a unique device ID to your device based on the device information it determines. The tracking tag is set when the checkout process starts, i.e. when the address data are entered.

The following data are recorded: IP address, browser used, screen resolution, browser add-ins, operating system used and language settings. These are converted into a hash ID. It is also possible that your end device will be recognised with a certain probability on further visits (by comparing the generated Hash-ID). Separately, your personal data (object of purchase, name, postal address, email address, delivery address, method of payment and bank details, etc.) are recorded. These data form the basis for an automated analysis to identify suspicious activities. We use this tool exclusively to protect ourselves and our customers from fraudulent activities and fraudulent acts. We do not process these data for any other purpose. If there is a suspicion of misuse, one of our employees checks the results of the automated evaluation and the underlying indications. If the conclusion of a contract is refused, we will inform you of this and, on request, the main reasons for the decision. You will then be given the opportunity to make your point of view known here dataUK@playmobil.de, whereupon we will review the decision once again by a member of staff.

The use of the tool is based on our legitimate interest according to Art. 6 para. 1 f) EU GDPR and is also required for the fulfilment of the contract in the case of payment on account.

Your device and purchase data are processed to infoscore Consumer Data GmbH, RheinstraĂźe 99 76532 Baden-Baden. There is no transfer to third countries. We have concluded corresponding contract processing agreements (AVV) with the companies involved. The data obtained via this procedure are deleted as soon as they are no longer required for our purposes.

See also: Payment systems (Art. 6 para. 1 a), b) EU GDPR), credit assessment (Art. 6 para. 1 f) EU GDPR) and Automated individual case decisions




Online shop functions of Salesforce (Art. 6 para. 1 b) EU GDPR)

Our website uses services from Salesforce Commerce Cloud (formerly Demandware) (salesforce.com Germany GmbH, Erika-Mann-Str.31, 80636 Munich). This safeguards the functionality of our online shop (display of the correct currency, shopping basket function, wish list function). For this purpose, it is necessary for cookies to be set in your browser, which assign an individual ID to you and save corresponding actions (placing articles in the shopping basket, placing articles on the wish list). The data are only stored in your browser. A link to your customer data will only be made after you have logged in with your user account.

The use of this procedure is necessary to ensure the basic technical functions of the online shop and is required for the implementation of pre-contractual measures Art. 6 para. 1 b) EU GDPR.

Data will not be transferred to third parties within the scope of providing the basic functionality of the online shop. A third country transfer is also carried out in this respect (unlike for the performance of the obligation, see: Third country transfer / Third country transfer intention). The data obtained via this procedure are deleted as soon as they are no longer required for our purposes. The storage period of the cookie for user information, shopping basket contents and e-commerce-related information is 6 months.




Marketing function Salesforce Einstein (Art. 6 para. 1 a) EU GDPR)

We use the marketing tool Salesforce-Einstein from Salesforce Commerce Cloud (formerly Demandware) (salesforce.com Germany GmbH, Erika-Mann-Str.31, 80636 Munich, Germany) on our website. Salesforce-Einstein collects, stores, and systematically evaluates data on the customer's purchasing behaviour. The following data, among others, are recorded: Products viewed or added to the shopping basket and articles read; we also record social media activities. We use this tool to offer you attractive and individual shopping experiences. This enables us, for example, to give you personalised (product) recommendations on the basis of the information collected and to provide you with even better advice when selecting products in our online shop.

The tool is used on the basis of your consent pursuant to Art. 6 para. 1 a) EU GDPR. You can revoke your consent at any time by clicking here . The revocation only applies to the device and the web browser on which it was set, please repeat the process on all devices if necessary. If you delete the opt-out cookie, you will be asked again for your consent to the transfer of data. Your data are transferred to Salesforce for analysis. A transfer to a third country takes place (see: Third country transfer / Third country transfer intention). The data obtained via this procedure are deleted as soon as they are no longer required for our purposes. In our case this is the case after 13 months.



Marketing function Salesforce Interaction Studio

We use the tool Salesforce Interaction Studio (formerly Evergage) (salesforce.com Germany GmbH*,* Erika-Mann-Str.31, 80636 Munich) on our website. It enables us to display personalised content based on website actions (e.g. click, viewing time, entry of a search term, shopping cart) and to better understand the needs of our website visitors. This allows us, for example, to show you product recommendations that you might like or to send you a notice by e-mail (if you are registered with your e-mail address) if you have forgotten products in the shopping cart. We pass on the collected data for processing to the respective internal departments as well as to external service providers, contract processors (e.g. platform, hosting, support and analysis service providers) in accordance with the necessary purposes (to carry out web analysis). Transfers to third countries are possible. Standard contractual clauses have been established with these service providers as suitable guarantees in accordance with. Art. 46 EU GDPR, see: Third country transfer/intention to transfer to third country


The Salesforce Interaction Studio cookies set on our website are deleted after 180 days. The personal data collected by the cookies will be deleted after the purpose has ceased to apply or after 2 years at the latest.


The use of the tool is based on your consent in accordance with Art. 6 para. 1 lit. a EU GDPR, Section 25 para. 1 Telecommunications-Telemedia Data Protection Act - TTDSG) You may withdraw your consent at any time by clicking here . The withdrawal applies only to the device and the web browser on which the cookie was placed; please repeat the process where necessary on all devices. If you delete the opt-out cookie, you will be asked again for your consent to the data transfer.


Salesforce's privacy policy can be found here: https://www.salesforce.com/company/privacy/




Web tracking method Piwik PRO (Art. 6 para. 1 lit. a EU GDPR)

On the basis of your consent (Art. 6 Para. 1 S. 1 lit. a EU GDPR, Section 25 Para. 1 TTDSG) Piwik PRO. Piwik PRO uses so-called "cookies" in this configuration. Cookies. These are text files that are stored on your device and that enable an analysis of your use of the website.

With Piwik PRO we evaluate information about your visits to our website (e.g. online identifiers, including IP address, session identifiers, cookies, geographical origin,

Length of stay, interaction with the website or, if applicable, origin) for analysis purposes. The purpose is to analyse your visitor behaviour in order to improve the user experience or to better understand the performance of marketing campaigns. The information collected by Piwik PRO about the use of this website is stored on the provider's server (server location France). The IP address is anonymised before it is stored.

 

As part of the use of a user account, Piwik PRO carries out cross-device tracking by transmitting the user ID and thereby creates a user profile. As a result, for example, different and more appropriate content is displayed on mobile devices than on a desktop PC, for example, depending on the user's preferences.

 

You can withdraw your consent at any time with effect for the future. To do this, simply call up our consent banner and deselect the corresponding consent. Please note that the change in the consent banner settings must be made individually for each device. The data collected will be kept by default for 12 months.

 

We have concluded an order processing agreement with Piwik PRO. Piwik PRO does not share the data about you with other sub-processors or third parties and does not use it for its own purposes. Further information can be found in the privacy policy of Piwik PRO at https://piwik.pro/privacy-security/




Jentis Tag Manager (Art. 6 para. 1 lit. a EU GDPR)

We use JENTIS as a tag manager. JENTIS Tag Manager is a tool of JENTIS GmbH ("JENTIS") (Schönbrunner Straße 231, 1120 Vienna). The legal basis for the use is your consent (Art. 6 para. 1 lit. a EU GDPR, Section 25 para. 1 TTDSG) The tool is designed to run third-party technologies on the website. First-party cookies allow JENTIS to collect and store the data on its own servers in the EU. For this purpose, data is transmitted to JENTIS, which JENTIS evaluates on our behalf in anonymised form on the server side. These data help us to analyse visitor behaviour, to carry out marketing analyses and to optimise our website. JENTIS only processes data that cannot be traced back to a person by JENTIS. The IP address is shortened before storage in such a way that the personal reference is omitted. Further data will be pseudonymised if necessary. The control over the data flow lies completely with us. The JENTIS systems are hosted on the EU servers of IONOS, a German ISO 27001-certified cloud provider, to ensure that the data of website visitors is collected and processed in the EU. JENTIS does not transfer any data to the USA. The necessary data protection agreement has been concluded with JENTIS.

 

You can withdraw your consent at any time with effect for the future. To do this, simply call up our consent banner and deselect the corresponding consent.

 

We have concluded the necessary contract with JENTIS. The privacy policy of JENTIS and further information about JENTIS can be viewed at the following link: https://www.jentis.com/en/privacy-policy/



Conversion tracking with Google Ads (Art. 6 para. 1 lit. a EU GDPR)

We use the advertising service Google Ads (formerly Google AdWords) of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). If you are a resident of the European Economic Area or Switzerland, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is the controller of your data collected in these procedures. The types of display network, shopping and search that are active with us are used to measure your interactions with advertisements placed on Google. For this purpose, when you click on one of our advertisements placed by Google, a cookie is stored in your browser. This is used to track your further activity on the product advertised in the ad (conversion tracking). We use this data to measure the effectiveness of our advertising campaigns. The following data is collected from you: a unique ID, the number/frequency of advertisements (ad impressions) delivered to you and the actions/clicks you perform.

 

We also use the remarketing function within the Google Ads service. With the remarketing function, we can connect users of our website to other websites within the Google advertising network (in Google Search or on YouTube, so-called “Google Ads” or on other websites) present advertisements based on their interests. For this purpose, the interaction of users on our website is analysed, e.g. which offers the user was interested in, in order to be able to display targeted advertising to users on other pages even after visiting our website. For this purpose, Google stores a number in the browsers of users who visit certain Google services or websites in the Google Display Network. This number, known as a "cookie", is used to record the visits of these users. This number is used to uniquely identify a web browser on a specific device and not to identify a person.

 

The use of Google tools is based on your consent in accordance with Art. 6 para. 1 lit. a EU GDPR, Section 25 para. 1 Telecommunications-Telemedia Data Protection Act - TTDSG) You can revoke your consent at any time by clicking https://adssettings.google.com . The withdrawal applies only to the device and the web browser on which the cookie was placed; please repeat the process where necessary on all devices. If you delete the opt-out cookie, you will be asked again for your consent to the data transfer.

You can also configure your browser accordingly to prevent third-party ads. You can also permanently prevent Google tracking via a corresponding plug-in for the common web browsers, which you have to download and install here: https://support.google.com/ads/answer/7395996 Your data will be transmitted to Google for evaluation. If you have an account with Google, Google can also merge the data obtained from the tracking. Data are transferred to third countries; see: Transfer of data to third countries/intention to transfer data to third countries. We have concluded a corresponding order processing agreement with Google on the basis of the EU GDPR.

The data captured through this procedure will be deleted as soon as we no longer require them for our purposes. In our case, this is after 24 months.

For more information about Google and Google's privacy policy, please visit: www.google.com/privacy/ads/




Microsoft Bing Ads (Art. 6 para. 1 a) EU GDPR)

We use Bing-Ads, an advertising service from Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, USA) on our website. For this purpose, three cookies are set in your browser, which are used for targeted advertising to you and measure valid clicks on advertisements of the Microsoft network. The following data are collected: a universal ID for event tracking, a Microsoft Bing Ads ID to measure your interactions with the ads. We use this tool to promote our products and measure the effectiveness of our advertisements.

The tool is used on the basis of your consent pursuant to Art. 6 para. 1 a) EU GDPR. You can revoke your consent at any time by clicking here https://choice.microsoft.com/de/opt-out. The revocation only applies to the device and the web browser on which it was set, please repeat the process on all devices if necessary. If you delete the opt-out cookie, you will be asked again for your consent to the transfer of data. Your data will be transferred to Microsoft for evaluation (see Third country transfer / Third country transfer intention). Together with Microsoft we are jointly responsible for data processing. A so-called joint control agreement was concluded.

The data obtained via this procedure are deleted as soon as they are no longer required for our purposes. In our case this is the case after 180 days.



Facebook custom audiences ("Visitor Action Pixels")

This website uses the so-called "Facebook pixel" of the social network Facebook, which is operated by Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are resident in the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

The data processing is based on the legal basis of your consent in accordance with Art. 6 para. 1 a) GDPR.

If necessary, Facebook Inc. will transfer personal data to the USA. However, Facebook commits itself to comply with the EU's data protection standards).

On the one hand, the Facebook pixel enables Facebook to determine the visitors of our online offer as a target group for the presentation of ads (so-called "Facebook ads"). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook or Instagram users who have also shown an interest in our online offering or who exhibit certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transfer to Facebook (so-called "Custom Audiences").

The Facebook pixel is integrated directly by Facebook when you call up our websites and can store a so-called cookie on your device. If you subsequently log in to Facebook or when logged in, your visit to our online offer will be noted in your profile. This information can be assigned to your person with the help of other information that Facebook has stored about you, e.g. due to the ownership of an account on the social network "Facebook".

The Facebook pixel also allows us to track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users have been redirected to our website after clicking on a Facebook ad (so-called "Conversion").

The information collected via the pixel or cookie can also be aggregated by Facebook and the aggregated information can be used by Facebook for its own advertising purposes as well as for advertising purposes of third parties. For example, Facebook can infer certain interests from your online behaviour on this website and also use this information to advertise offers from third parties. Facebook may also combine the pixel or cookie information with other information that Facebook has collected about you from other websites and/or in connection with your use of the "Facebook" social network, so that a profile about you can be stored with Facebook Ireland Limited. This profile can be used for advertising purposes.

The Facebook pixel can also be used to track your behaviour across multiple web pages after you see or click on a Facebook ad. This process is used to evaluate the effectiveness of Facebook ads for statistical and market research purposes and can help optimise future advertising efforts.

Furthermore, when using the Facebook pixel, we use the additional function "extended matching". Here, data for the formation of target groups ("Custom Audiences" or "Look Alike Audiences") is transferred to Facebook in encrypted form.

We also use the "Custom Audiences from File" procedure of the social network Facebook. In this case, the email addresses of the newsletter recipients are uploaded to Facebook. The upload process is encrypted. The upload is used solely to determine recipients of our Facebook ads. We do this to ensure that the ads are only displayed to users who have an interest in our information and services.

The processing of the data by Facebook is carried out within the framework of the Facebook Data Use Policy https://www.facebook.com/policy. Specific information about the Facebook pixel and how it works can be found here https://www.facebook.com/business/help/651294705016616.

You may opt out of the collection by the Facebook pixel and use of your information to display advertisements. https://www.facebook.com/settings?tab=ads .



Consent tool OneTrust (Art. 6 para. 1 lit. f EU GDPR)

We use the cookie consent tool from OneTrust Technology Limited, 82 St John St, Farringdon, London EC1M 4JN, United Kingdom (UK) to obtain effective user consent for cookies and cookie-based applications that require consent.

 

By integrating it, users are shown a consent banner when they visit the page, in which consent can be given for certain cookies and/or cookie-based applications by ticking the box. In doing so, the tool blocks the setting of all cookies requiring consent until the respective user gives appropriate consent. This ensures that such cookies are only set on your respective device if you have given your consent. In order for the cookie consent tool to be able to clearly assign page views to individual users and to individually record, log and store the consent settings you have made for a session, certain user information is collected by the cookie consent tool when you visit our website, transmitted to the provider's server and stored there. The server location is Germany. Transfer of data to the USA has been deactivated. The date and time of the visit, browser information, information on consent, device information and the IP address of the requesting device are recorded and processed. This data processing is carried out in accordance with Art. 6 para. 1 lit. f EU GDPR, Section 25 para. 2 TTDSG on the basis of our legitimate interest in a legally compliant, user-specific and user-friendly consent management for cookies and thus in a legally compliant design of our website. As the responsible party, we are subject to the legal obligation to make the use of cookies that are not technically necessary dependent on the respective user consent. Further information on the use of data by the provider of the cookie consent tool can be found in its privacy policy, available at https://www.onetrust.com/privacy-notice/



Contact form / contact by email (Art. 6 para. 1 a), b) EU GDPR)

There is a contact form on our website which can be used for electronic contact. If you write to us via the contact form, we process the data you provide in the contact form to contact you and answer your questions and requests.

Here the principle of data economy and data avoidance is observed, in that you only have to provide the data that we absolutely need to contact you. These are your email address, salutation, first name, last name, subject and the message field itself. In addition, your IP address is processed for technical reasons and for legal protection. All other data are voluntary fields and can be entered optionally (e.g. to answer your questions more individually).

If you contact us by email, we will process the personal data provided in the email solely for the purpose of processing your request.



Newsletter (Salesforce Marketing Cloud) (Art. 6 para. 1 lit. a EU GDPR)

You can subscribe to a free newsletter on our website. The e-mail address provided when registering for the newsletter and your name will be used to send the personalised newsletter. The postal code is used for regionally interesting newsletters.


The principle of data economy and data avoidance is observed, as only the e-mail address is marked as a mandatory field. For technical reasons and for legal protection, your IP address will also be processed when you order the newsletter.

Of course, you can cancel the subscription at any time via the unsubscribe option provided in the newsletter and thus withdraw your consent.

For sending newsletters by e-mail, we use the so-called double opt-in procedure. This means that you will only receive advertising by e-mail if you have previously expressly confirmed that you want us to activate the newsletter service. We do this by sending you a notification e-mail and asking you to confirm that you wish to receive our newsletter to this e-mail address by clicking on a link contained in this e-mail.

Through integrated tracking pixels, we measure the opening rate of our newsletters and your interaction with our newsletter mails (e.g. clicks). If you click on one of the links contained in the newsletters, this will also be recorded by tracking mechanisms of the Salesforce Marketing Cloud (Erika-Mann-Str. 31, 80636 Munich). The data collected is stored on servers in Frankfurt and Paris. Transfers to third countries are possible. Standard contractual clauses have been established with these service providers as suitable guarantees in accordance with. Art. 46 EU GDPR, see: Transfer of data to third countries/intention to transfer data to third countries. The use of this function is based on your consent in accordance with Art. 6 para. 1 lit. a EU GDPR, which you submitted when ordering the newsletter. You can withdraw your consent at any time. All you have to do is unsubscribe from receiving the newsletter.

 


Competition / advertising consent (Art. 6 para. 1 a), b) EU GDPR)

On our website you have the option to participate in our competition. If you fill out the competition form, we process the data provided there exclusively for the purpose of carrying out the competition.

The principle of data economy and data avoidance is observed, in that you only have to provide the data that we absolutely need to carry out the competition and notify you of winning. This is e.g. your name, email address, title, address and country.

The mandatory fields are marked with an (*). For technical reasons and for legal reasons, your IP address is also processed. The remaining fields are optional and can be filled in if you wish. Without the mandatory fields we unfortunately cannot carry out the competition. Participation is then not possible.

Within the framework of the competition screen, you also have the option to give us your advertising consent. Of course, it is also possible to participate in the lottery without giving the advertising consent. If you give us your consent by ticking the respective checkbox, we will also process your data to provide you with information and offers about our products / services (products and (exclusive) offers of the brand PLAYMOBIL of geobra Brandstätter Stiftung & Co. KG) by mail.

You can withdraw your consent at any time without giving reasons by calling 0911/9666-0, by email to gewinnspiele@playmobil.de or by post to geobra Brandsätter Stiftung & Co.KG, Brandstätter Str. 2-10, D - 90513 Zirndorf.




Online shop (Art. 6 para. 1 b) EU GDPR)

We process the data you provide in the order form only for the purpose of implementing or processing the contractual relationship, unless you agree to further use.

The principle of data economy and data avoidance is observed in that you only have to provide us with the data that we absolutely need in order to execute the contract or to fulfil our contractual obligations (i.e. your name, address, email address and the payment data required for the selected payment method) or that we are legally obliged to collect.

In addition, your IP address is processed for technical reasons and for legal protection. Without these data, we will unfortunately have to refuse to conclude the contract, as we will then not be able to carry it out or may have to terminate an existing contract. Of course, you can also provide more data of your own accord if you wish.

For further processing within the online shop see: Fraud detection via ARVATO's Profile Tracking Solution (Art. 6 para. 1 f) EU GDPR), Online shop functions of Salesforce (Art. 6 para. 1 b) EU GDPR)



Registration / Customer account (Art. 6 para. 1 a), b) EU GDPR)

On our website we offer users the option to register by providing personal data. The advantage is that you can view your order history in particular and that the data you entered for the order form is saved. With your next order, you do not have to enter these again.

Registration is therefore either necessary or possible for the fulfilment of a contract (via our online shop) with you or for the implementation of pre-contractual measures, if guest access is also provided.

The principle of data economy and data avoidance is observed, as only the data required for registration are marked with an asterisk (*) as a mandatory field. These are e.g. the email address and password including password repetition.

For the order in our online shop, we also need information on the billing address (title, first name, last name, address, telephone number) for delivery. If the delivery address differs from the invoice address, the above-mentioned information for the delivery address must also be provided.

By registering on our website, the user's IP address, the date and the time of registration are also saved (technical background data). By clicking the button "Register now", you give your consent to the processing of your data.

Please note: The password you have assigned is stored by us in encrypted form. Employees of our company cannot read this password. Therefore they cannot give you any information if you have forgotten your password.

In this case, use the "Forgot password" function, which will send you an automatically generated new password by email. No employee is authorised to request your password from you by telephone or in writing. Therefore please never give your password if you receive such requests.

With the completion of the registration process, your data is stored with us for the use of the protected customer area. As soon as you log on to our website using your email address as your user name and password, these data are made available on our website for actions you carry out (e.g. for orders in our online shop). Completed orders can be tracked in the order history. You can change the billing or delivery address here.

Registered persons are free to make changes / corrections to the billing or delivery address in the order history independently. Our customer service will also be happy to make changes / corrections if you contact them. Of course you can also cancel or delete the registration or your customer account (under "My customer account", "Delete customer account").




Payment systems (Art. 6 para. 1 a), b) EU GDPR), credit assessment (Art. 6 para. 1 f) EU GDPR)

In our online shop you can pay by invoice, credit card, PayPal or direct debit (SEPA direct debit). For this purpose, the respective payment-relevant data are collected in order to be able to process your order and payment. In addition, your IP address is processed for technical reasons and for legal protection.

The principle of data economy and data avoidance is observed by requiring you to provide us only with the data that we absolutely need to carry out the payment processing and thus the execution of the contract or that we are legally obliged to collect.

Without these data, we will unfortunately have to refuse to conclude the contract, as we will not be able to carry it out.

The payment system used by us uses TLS encryption for the protected transfer of your data.


Note on payment on account:

If you select the payment method "on account" by phone or in our online shop, we will perform a credit check. For this purpose, Arvato obtains the relevant information that is necessary to determine your creditworthiness and risk of default. The credit check is only carried out in those countries where payment on account is possible, i.e. Germany, Austria and Switzerland.


The Arvato companies differ as follows:

Germany: informa Solutions GmbH

Austria: Experian Austria GmbH

Switzerland: Intrum AG



Privacy policy for Arvato:

We transfer your data (name, address and, if applicable, date of birth) for the purpose of credit assessment, obtaining information to assess the risk of non-payment based on mathematical-statistical methods using address data, and to verify your address (check for deliverability), to infoscore Consumer Data GmbH, Rheinstr. 99, 76532 Baden-Baden; if your order was placed from Austria or Switzerland to Experian Austria GmbH or Intrum AG.


The legal basis for these transfers is Art. 6 para. 1 b) and Art. 6 para. 1 f) GDPR. Transfers on the basis of these provisions may only take place to the extent that this is necessary to safeguard the legitimate interests of our company or third parties and does not outweigh the interests of the fundamental rights and freedoms of the persons concerned, which require the protection of personal data. Detailed information on the ICD in the sense of Art. 14 European General Data Protection Regulation ("EU GDPR"), i.e. information on the business purpose, the purposes of data storage, the data recipients, the right of self-disclosure, the right to deletion or correction, etc., can be found in the Annex or under the following link (https://finance.arvato.com/icdinfoblatt), https://www.experian.at/art-14-dsgvo-info and under www.intrum.ch.

If the conclusion of a contract is refused, we will inform you of this and, on request, the main reasons for the decision. You will then be given the opportunity to make your point of view known here dataUK@playmobil.de, whereupon we will review the decision once again by a member of staff.

Technical background information can be found here: Fraud detection via ARVATO's Profile Tracking Solution (Art. 6 para. 1 f) EU GDPR)


Note on credit card payment:

As usual with credit card payments, the credit card details are checked and a credit assessment is carried out.


Note about PayPal:

PayPal is a company which is part of PayPal (Europe) S.Ă  r.l. et Cie, S.C.A. 22-24 Boulevard Royal , L-2449 Luxembourg. If the data subject selects "PayPal" as a payment option in our online shop during the ordering process, data of the data subject is automatically transferred to PayPal.

By selecting this payment option, the data subject consents to the transfer of personal data required for the processing of payments. Personal information submitted to PayPal is typically the first name, last name, address, email address, IP address, phone number, mobile phone number, or other information necessary to process payment.

For the processing of the sales contract, personal data which relate to the respective order are also necessary. Details about PayPal's privacy policy can be found at:

https://www.paypal.com/de/webapps/mpp/ua/privacy-prev


Note on direct debit procedure:

As usual with direct debit, your account details (IBAN, account holder) are collected to debit the corresponding amount from your account.




Mailing of catalogues by post/email (Art. 6 para. 1 a), b) EU GDPR)

We process the data you provide in the order form only for the purpose of carrying out or processing the dispatch of the catalogue, unless you agree to further use.

Here the principle of data economy and data avoidance is observed, in that you only have to provide us with the data that we absolutely need to carry out the order (i.e. salutation first name, surname, shipping address, email address, telephone number).

In addition, your IP address is processed for technical reasons and for legal protection.




Advertising purposes - existing customers (Art. 6 para. 1 f) EU GDPR)

The geobra Brandstätter Stiftung & Co. KG is interested in maintaining the customer relationship with you and to send you information and offers about our products / services (catalogues and newsletter). Therefore we process your data to send you corresponding information and offers by email and post.

If you do not wish this, you can at any time object to the use of your personal data for the purpose of direct advertising; this also applies to profiling, insofar as it is related to direct advertising. If you object, we will no longer process your data for this purpose.

The objection can be made free of charge and without form and without giving reasons and should be sent to 0911/9666-0, by email to service@playmobil.de or by mail to geobra Brandstätter Stiftung & Co. KG, Brandstätterstraße 2 - 10, D - 90513 Zirndorf, Germany.



Automated case-by-case decisions

We use purely automated processing to make decisions in the following cases:

If you select the payment method "on account" by phone or in our online shop, we will perform a credit check. For this purpose, Arvato obtains the relevant information that is necessary to determine your creditworthiness and risk of default. You can find further information here: Fraud detection via ARVATO's Profile Tracking Solution (Art. 6 para. 1 f) EU GDPR)

If the conclusion of a contract is refused, we will inform you of this and, on request, the main reasons for the decision. You will then be given the opportunity to make your point of view known here dataUK@playmobil.de, whereupon we will review the decision once again by a member of staff.

You can read Arvato's privacy policy here: https://finance.arvato.com/de/datenschutz/

If you have any questions regarding this process or would like to speak to us about the results, please contact us at dataUK@playmobil.de.



Information about privacy in social media

The company geobra Brandstätter Stiftung & Co. KG maintains various appearances in social media in order to communicate with the users registered there and to inform them about our services.

We wish to point out that you are responsible for your use of these platforms and their included features. This applies in particular to your specific usage behaviour on these platforms. This is especially the case if you use interactive features (e.g. commenting, sharing, rating).

With regard to the processing of your personal data, however, we have a shared responsibility with Facebook towards all existing customers, prospective customers and users. We are aware of this responsibility and the protection of your data is important to us. Unfortunately, we are unable to fully meet our responsibilities in this context because Facebook does not provide us with the necessary transparency and the information required to fulfil the above-mentioned information obligations. Nevertheless, we strive to take all necessary measures to protect your data.

We further point out that when you use these platforms, your data may be processed outside the European Union. Please note that in the case of data transfer to so-called third countries outside the EU (e.g. USA), there may not be a level of protection there that complies with the EU Data Protection Regulation. It may therefore be possible for security authorities to access your data without you having any legal protection against this.

In addition, your usage and user-related information may be processed for market-research and promotional purposes. For example, user profiles may be generated on the basis of your usage behaviour and associated interests. This makes it possible to activate ads both within and outside these platforms. As a general rule, cookies are stored on your device for this purpose. Regardless of this, the usage profiles may also be used to store data that is not collected directly from your device (especially if you are a member of the respective platforms and are logged in to them).

In addition, as the provider of this information service, we do not collect and process data resulting from your use of our service.

Our processing of users' personal data is based on our legitimate interest in effectively informing and communicating with users in accordance with. Art. 6 (1f) GDPR. If you are asked to consent to data processing by the respective providers (e.g. by checking a box or clicking on a button), the legal basis for the processing is Art. 6 (1a) and Art. 7 GDPR.


Right of objection

If you are a member of a social network and do not want the network to collect information about you via our website, or to link it to your stored membership data on the respective network, you must

log out of the respective network before visiting our website

delete the existing cookies stored on your device and

close and reopen your browser.

The next time you log in, however, you will be recognised by the network again as a specific user.

For a detailed description of the respective processing and your right of objection (opt-out), please refer to the provider's information via the links below.

Should you wish to submit requests for information or to assert your rights as a data subject, we wish to point out that you should contact the providers directly. This is because only the providers have access to users' data and can respond directly to your requests and provide information. However, should you still need assistance, then please feel free to contact us.


Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland) – Datenschutzerklärung: https://www.facebook.com/about/privacy/, Opt-Out: https://www.facebook.com/settings?tab=ads und https://www.youronlinechoices.com.


Google / YouTube (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) – Datenschutzerklärung: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated.


Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) – Datenschutzerklärung/ Opt-Out: https://instagram.com/about/legal/privacy/.


Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) – Datenschutzerklärung: https://twitter.com/de/privacy, Opt-Out: https://twitter.com/personalization.



Notice regarding copyright law and artists' rights

Should you wish to publish images, texts, plans, videos, music, etc. on our website, please be aware that you may be required to assign all associated usage rights to the network, which could ultimately have legal consequences for you if you are not the author or rights holder.



Online offers for children

Persons under 16 years of age may not transfer any personal data to us or submit a declaration of consent without the consent of a parent or guardian. We encourage parents and guardians to actively participate in their children's online activities and interests.



Links to other providers

Our website also contains - clearly visible - links to the websites of other companies. As far as links to websites of other providers are available, we have no influence on their contents. Therefore, no guarantee and liability can be assumed for these contents. The respective provider or operator of these sites is always responsible for the contents of these sites.

The linked pages were checked for possible legal violations and recognisable infringements at the time of linking. Illegal contents were not recognisable at the time of linking. A permanent control of the contents of the linked pages is not reasonable without concrete evidence of a violation of the law. If we become aware of any infringements, such links will be removed immediately.


To reset all cookies from this website, click here