1) Information regarding the collection of personal data
(1) The following provides information about the collection and processing of personal data in connection with your access to this website. Personal data are all data that can be related to you personally, including for example name, address, email addresses, user behavior.
(2) The controller pursuant to Article 4 (7) of the EU General Data Protection Regulation (GDPR) is NeuroControls GmbH, with primary office at Lichtenbergstr. 8, D-85748 Garching (see also our Legal Notice). You can contact our Data Protection Officer Clemens Saur, at email@example.com or by regular mail at our postal address. Please mark your correspondence “Attention: Data Protection Officer”.
(3) When you contact us by email or via a contact form, the information you provide (your email address and, if applicable, your name and phone number) are stored by us in order to answer your questions. We delete the data that arises in this context once its storage is no longer required, or limit its processing if statutory retention requirements are in effect. Your personal data is only stored as long as the purpose of it’s processing endures.
(4) In the event that we rely on contracted service providers for individual functions of our online offering or wish to use your data for advertising purposes, we will inform you in detail below regarding the respective processes.
2) Your rights
(1) You have the following rights concerning our processing of your personal data:
- right to information (Art. 13 f. GDPR)
- right of access (Art. 15 GDPR)
- right to rectification (Art. 16 GDPR)
- right to erasure (Art. 17 GDPR)
- right to restriction of processing (Art. 18 GDPR)
- right to data portability (Art. 20 GDPR)
- right to object to processing (Art. 21 GDPR)
(2) The above mentioned rights can be exercised in accordance with the rules described in art. 13 – 21 of GDPR, by writing us an e-mail to the address firstname.lastname@example.org. We may refuse to exercise certain rights from those indicated above in a situation where the implementation of a given right would be in conflict with the legitimate purpose of the data we process. For example, we may refuse to delete personal data specified in your order until the expiry of the limitation period for claims under the concluded contract.
3) User account
(1) By creating a user account, you must provide your basic data. You can modify data included in your account at any time using the options available after logging into your account. The legal basis for the processing of personal data included in your account is the performance of the contract on maintaining user’s account, which is concluded with the administrator on the basis of the Terms of Service.
(2) Data included in your account is processed for the period of your account activity, that is, for the duration of the contract on maintaining user’s account referred to above. You can delete your account at any time, which will also result in the removal of your personal data from the database. However, remember that deleting your account does not result in the removal of your placed orders’ details.
4) Placing an order
(1) When placing an order, you must provide data necessary to complete the order. The data provided in the order form will be stored in the database and will be stored there until the expiry of the limitation period for claims under the concluded contract. Each order is recorded in the database as a separate item. The legal basis for collecting and processing this data is Art. 6 para. 1 sentence 1 lit. b GDPR. The above-mentioned principles for data processing also apply in this context.
(2) Payment for the order is made via PayPal or Stripe. In this regard, PayPal and Stripe are an independent personal data administrator.
Payment processing services enable us to process payments by credit card, bank transfer or other means. To ensure greater security, we only shares the information necessary to execute the transaction with the financial intermediaries handling the transaction. Some of our services may also enable the sending of timed messages to you, such as emails containing invoices or notifications concerning the payment.
If we issue an invoice for the placed order, we process your data to the extent necessary to issue the invoice. In this case, the legal basis for the processing of your personal data is the fulfillment of the legal obligation to issue the invoice. In addition, all issued invoices are included in the accounting documentation. As a result your data will be processed as part of this documentation for the period required by law.
6) Objection to or revocation of the processing of your data
(1) If you have given your consent to the processing of your data, you can revoke it at any time. Once you have notified us of your revocation writing us an e-mail to the address email@example.com, this will affect the admissibility of the processing of your personal data.
(2) Insofar as we base the processing of your personal data on a balance of interests, you may raise objection to the processing. This is the case if, in particular, the processing is not required to fulfill a contract with you, which we illustrate in each case in the following description of functions. In the event that you exercise this objection, we ask you to explain the reasons why we should not process your personal data in the manner we have done. If you provide reasonable grounds for objection, we will review the facts and will either discontinue or adjust the data processing or demonstrate our compelling legitimate reasons for continuing our processing.
(3) Naturally, you may object to the processing of your personal data for advertising and data analysis purposes at any time.
(1) If you would like to be informed about our news, offers and technical developments, you can subscribe to our newsletter, with your consent.
(2) We use the double opt-in procedure for newsletter subscriptions. This means that after you register, we will send a confirmation email to the email address you have provided, so you can confirm that you would like to receive our newsletter. We will also store your IP addresses and the time of your registration and confirmation. The purpose of this procedure is to verify your registration and, if necessary, to clarify any possible misuse of your personal data.
(3) We only need your email address to send you the newsletter. After your confirmation, we will save your email address for the purpose of sending you the newsletter. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR. (4) You can withdraw your consent to the delivery of the newsletter and unsubscribe from the newsletter at any time. You can declare your withdrawal by clicking on the email link provided in each newsletter, by sending us an email to the address firstname.lastname@example.org or by sending a message to the contact details listed in the Legal Notice.
(4) Our newsletter contains so-called tracking pixels. A tracking pixel is a miniature graphic embedded in such e-mails, which are sent in HTML format to enable log file recording and analysis. This allows a statistical
analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, we may see if and when an e-mail was opened by a data subject, and which links in the e-mail were called up by data subjects.
Such personal data collected in the tracking pixels contained in the newsletters are stored and analyzed by us in order to optimize the shipping of the newsletter, as well as to adapt the content of future newsletters even better to the interests of the data subject. These personal data will not be passed on to third parties. Data subjects are at any time entitled to revoke the respective separate declaration of consent issued by means of the double-opt-in procedure. After a revocation, these personal data will be deleted. We automatically regard a withdrawal from the receipt of the newsletter as a revocation.
8) Collection of personal data when visiting our website
(1) When you mainly use our website for informational purposes, i.e. if you do not register or otherwise provide information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data which is technically necessary for us to display our website to you and to ensure its stability and security (the legal basis for this is Article 6 (1) (f) GDPR):
- IP address
- date and time of requested access
- time-zone difference from Greenwich Mean Time (GMT)
- content of the request (specific page)
- access status / http status code
- volume of data transmitted
- domain from which the request originates
- operating system and its graphical user interface (GUI)
- language and version of the browser software
You have the right to object to processing in accordance with the rules described in art. 21 of GDPR, by writing us an e-mail to the address email@example.com. This data is only stored as long as the purpose of it’s processing endures.
(2) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive that are assigned to the browser you are using and that provide certain information to the entity that sets the cookie – in this case us. Cookies help make our online offering more user-friendly, effective and secure. Cookies cannot execute programs or transmit viruses to your computer.
- a) This website uses the following types of cookies, whose scope and function are explained below:
- Transient cookies
- Third-party cookies
- Persistent cookies
- b) Transient cookies are deleted automatically when you close your browser. They include in particular session cookies. They save what is known as a session ID, which enable various requests from your browser to be assigned to the shared session. In this way your computer can be recognized the next time you return to the website. Session cookies are deleted when you log off the website or close the browser.
- c) A third-party cookie is a cookie that is linked to a domain that is different from the website where the cookie was set. Third-party cookies are placed via a page object (for example, an advertising element) that comes from an external domain.
- d) Persistent cookies are automatically deleted after a specified period, which can differ depending on the cookie. You can close cookies in the security settings of your browser.
- e) You can configure your browser settings to suit your preferences and for example reject third-party cookies or all cookies. Please note, however, that if you do so you might not be able to use all the functions of this website.
9) Our service partner
We may use the following third-party service providers named below to process and store your data:
For those exceptional cases in which personal data is transferred to the US, these companies are subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework .The legal basis for its use is Article 6 (1) (f) GDPR.
We will not share your personal information with any other third-party unless we have your permission or the law requires us to.
10) Use of Google Analytics
(1) This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses what are known as “cookies”, which are text files that are stored on your computer and that permit the analysis of the use of the website by you. The information generated by the cookie about your use of this website is normally transmitted to a Google server in the USA and stored there. However, in the event of the activation of IP anonymization on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services to the website operator related to usage of the website and internet usage.
(2) The IP address transmitted by your browser in the framework of Google Analytics will not be combined with other data by Google.
(3) You can prevent the storage of cookies by setting your browser software accordingly. However, please note that if you do this you may not be able to fully use all the features of this website. You may also prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en .
(4) This website uses Google Analytics with the extension “anonymizeIp()”. As a result, IP addresses are processed in shortened form, thereby preventing any direct reference to a person. Insofar as the data collected about you is assigned a personal reference, the latter will be immediately excluded and the personal data will thus be deleted immediately.
(5) We use Google Analytics to analyze and regularly improve the use of our website. The statistics we collect enable us to improve our online offering and make it more interesting for you as a user. For those exceptional cases in which personal data is transferred to the US, Google is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework .The legal basis for the use of Google Analytics is Article 6 (1) (f) GDPR.
11) Use of Google AdWords Conversion
(1) We use the Google Adwords service to draw attention to our attractive offers with the help of advertising material (“Google Adwords”) on external websites. This allow us to determine how successful the individual advertising measures are in relation to the data used in the advertising campaigns. This is in line with our desire to show you advertisements that are of interest to you, make our website more interesting to you, and to ascertain a fair calculation of our advertising costs.
(2) These advertising materials are supplied by Google via what are known as ad servers. As part of this process, we use ad server cookies, which can measure certain performance metrics such as ad displays or user clicks. If you access our website through a Google ad, Google Adwords will store a cookie on your PC. These cookies normally lose their validity after 30 days and are not intended to personally identify you. The analysis values typically stored in this cookie are the unique cookie ID, the number of ad impressions per placement (frequency), the last impression (relevant for post-view conversions) and opt-out information (mark that the user no longer wishes to be addressed).
(3) These cookies allow Google to recognize your Internet browser. If a user visits certain pages of an Adwords customer’s website and the cookie stored on his or her computer has not expired, both Google and the customer will be able to detect that the user clicked on the ad and was redirected to that page. Each Adwords customer is assigned a different cookie. As a result, cookies cannot be tracked via the websites of AdWords customers. We ourselves do not collect and process any personal data via the aforementioned advertising measures. We receive only statistical analyses provided by Google. Based on these analyses, we can identify which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising material, and in particular we cannot identify users on the basis of this information.
(4) Due to the marketing tools used, your browser automatically establishes a direct connection to a Google server. We have no control over the extent and the further use of the data collected as a result of the use of this tool by Google, and therefore wish to inform you of the following, in line with our level of knowledge: via the incorporation of AdWords Conversion, Google obtains information that you have accessed a respective portion of our online presence or clicked on an ad from us. If you are registered with a service provided by Google, Google may link the visit with your account. Even if you are not registered with Google or have not logged in, there is a chance that the provider will obtain and store your IP address.
(5) You can prevent participation in this tracking process in several ways:
- a) by setting your browser software accordingly, in particular the suppression of third-party cookies will prevent you from receiving any third-party advertisements
- b) by disabling cookies for conversion tracking by setting your browser to block cookies from the domain “www.googleadservices.com”, https://www.google.de/settings/ads, whereby this setting is deleted when you delete your cookies
- c) by deactivating interest-based advertisements of providers that participate in the “About Ads” self-regulation campaign, via the link https://www.aboutads.info/choices, whereby this setting is deleted when you delete your cookies
- d) by permanently disabling it in your Firefox, Internet Explorer or Google browser at the following link: https://www.google.com/settings/ads/plugin. We point out that if you do this, you may not be able to fully use all of the functions of this website.
(6) The legal basis for the processing of your data is Article 6 (1) (f) GDPR. For more information about privacy at Google, see: https://www.google.com/intl/en/policies/privacy and https://services.google.com/sitestats/en.html . Alternatively, you can visit the Network Advertising Initiative (NAI) website at https://www.networkadvertising.org. Google has committed to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
12) Use of Google AdWords Conversion Tracking
(1) We use the online advertising program “Google AdWords” as well as conversion tracking in the course of Google AdWords. Google Conversion Tracking is an analytics service provided by Google Inc. (“Google”). When you click on an ad served by Google, a conversion tracking cookie is placed on your computer. These cookies lose their validity after 30 days, contain no personal data and are therefore not able to personally identify you. If you visit certain web pages on our website and the cookie has not expired, both Google and we can detect that you clicked on the ad and were redirected to the respective page.
(2) Each Google AdWords customer receives a different cookie. As a result, there is no way that cookies can be tracked via the websites of AdWords customers. The information obtained using the conversion cookie is used to generate conversion statistics for AdWords advertisers who have opted for conversion tracking. As part of this, customers are provided with information on the total number of users who clicked on their ad and were redirected to a page containing a conversion tracking tag. However, they do not receive information that allows users to be personally identified.
(3) If you do not wish to participate in tracking, you can opt out by preventing the installation of cookies by setting your browser software accordingly. As a result, you will not be included in conversion tracking statistics.
(4) The legal basis for the processing of your data is Article 6 (1) (f) GDPR. You can find more information here: https://www.google.com/policies/technologies/ads/.