Data protection

Eye-Able® Privacy Policy

The use of the Internet pages of Eye-Able under www.eye-able.com is generally possible without any specification of personal data.

However, if a data subject wants to use special services of our enterprise via our website, processing of personal data could become necessary. If processing of personal data is necessary and if there is no legal basis for such processing, we will generally obtain the consent of the data subject.

The processing of personal data shall always be in line with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to Eye-Able®.

As the processing controller, Eye-Able® has implemented numerous technical and organizational measures to enable the best possible protection of personal data processed through this website.

With our data protection declaration we inform you about the type, scope and purpose of the personal data collected, processed and used by us, as well as about your rights in connection with the processing of your personal data by us.

1. name and contact details of the responsible party

The websites eye-able.com are operated by

Web Inclusion GmbH

Gartenstraße 12c

97276 Margetshöchheim Germany

[email protected]

Managing Director: Oliver Greiner

 

We are responsible for the collection, processing and use of your personal data, which may be collected from you during your visit to our websites. If you have any questions about this, please feel free to contact us using the contact details provided.

2. Your rights

If we process your personal data, you have the right to information, correction, deletion, restriction of processing, and data portability. In addition, you have a right of objection and a right of appeal.

To exercise your rights, please contact us or our data protection officer, using the contact details provided above.

In detail, you are entitled to the following rights:

2.1. Das Recht auf Bestätigung und auf Auskunft, Artikel 15 DSGVO

You can request confirmation as to whether we are processing personal data about you. If we process personal data from you, you are entitled to information about the following points:

  • the purposes of processing
  • the categories of personal data that are processed
  • the recipients or categories of recipients to whom the personal data are disclosed, in particular in the case of recipients in third-party countries or international organizations
  • if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
  • the existence of a right to rectify or erase the personal data concerning you or to restrict the processing by the responsible party, or a right to object to such processing
  • the existence of a right of appeal to a supervisory authority
  • if the personal data are not collected from the data subject, any available information on the origin of the data
  • the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

2.2 The right to rectification, Article 16 GDPR

You have the right to request that we correct any inaccurate personal data concerning you without undue delay.

Furthermore, taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data - also by means of a supplementary declaration.

2.3 The right to deletion, Article 17 GDPR

You may request us to delete personal data concerning you without undue delay. In this case, we are obliged to delete personal data immediately if one of the following reasons applies:

  • the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  • you withdraw your consent on which the processing was based and there is no other legal basis for the processing;
  • you object to the processing and there are no overriding legitimate grounds for the processing, or you object to the processing;
  • the personal data have been processed unlawfully;
  • the deletion of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which we are subject;
  • the personal data have been collected in relation to information society services offered in accordance with Article 8(1) of the GDPR.

The right to deletion does not exist in exceptional cases, if the processing serves

  • to exercise the right to freedom of expression and information;
  • for compliance with a legal obligation which requires processing under Union or Member State law to which we are subject, or for the performance of a task carried out in the public interest, or in the exercise of official authority vested in us;
  • for reasons of public interest in the field of public health;
  • for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Article 89(1) of the GDPR, insofar as the right to erasure is likely to render impossible or seriously prejudice the achievement of the purposes of the processing, or
  • for the assertion, exercise or defense of legal claims.

Sind wir nach den vorgenannten Grundsätzen zur Löschung verpflichtet, und haben wir Ihre personenbezogenen Daten öffentlich gemacht, so werden wir unter Berücksichtigung der verfügbaren Technologie und der Implementierungskosten angemessene Maßnahmen, auch technischer Art, ergreifen, um die anderen für die für die Datenverarbeitung Verantwortlichen, die die personenbezogenen Daten verarbeiten, darüber zu informieren, dass Sie von diesen die Löschung aller Links zu diesen personenbezogenen Daten oder von Kopien oder Replikationen dieser personenbezogenen Daten verlangt haben.

2.4 The right to restriction of processing, Article 18 GDPR

Under the following conditions, you have the right to request us to restrict the processing of your personal data, namely if:

  • the accuracy of the personal data is disputed by you for a period of time that allows us to verify the accuracy of the personal data;
  • the processing is unlawful and you object to the deletion of the personal data and request instead the restriction of the use of the personal data;
  • we no longer need the personal data for the purposes of processing, but you need them for the assertion, exercise or defense of legal claims, or
  • you have objected to the processing as long as it has not yet been determined whether our legitimate grounds outweigh yours.

2.5 The right to data portability, Article 20 GDPR

You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format.

In addition, you have the right to transmit these data to another responsible party without hindrance from the responsible party to whom the personal data were provided, given that

  • the processing is based on consent or on a contract and
  • the processing is carried out with the help of automated procedures.

When exercising your right to data portability, you have the right to ensure that your personal data be transferred directly from one responsible party to another responsible party, to the extent that this is technically feasible.

2.6. Right to object to data processing, Article 21 DSGVO

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of your consent or on the basis of our legitimate interest; this also applies to profiling.

After your objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

 

Direct advertising

If personal data are processed for the purpose of direct advertising, you have the right to object at any time to processing of personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is related to such direct advertising. If you object to processing for direct advertising purposes, the personal data will no longer be processed for these purposes.

You have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out for scientific or historical research purposes, or for statistical purposes, unless the processing is necessary for the performance of a task carried out in the public interest.

2.7 Right to revoke consent

If you have given us your consent to process your personal data (e.g. for sending newsletters), you also have the right to revoke this consent at any time with effect for the future. The revocation does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

The revocation can be made informally.

2.8 Right of appeal to a supervisory authority, Article 77 GDPR

In addition, you also have the right to file a complaint against us with a data protection supervisory authority, in particular in the member state of your habitual residence, place of work, or place of the alleged infringement, if you believe that our processing of your personal data violates applicable data protection law.

The supervisory authority responsible for us is the

Bavarian State Office for Data Protection Supervision, Promenade 27 (Schloss), 91522 Ansbach, Germany, phone: +49 (0) 981 53 1300, fax: +49 (0) 981 53 98 1300, e-mail: [email protected]

3. Data processing when visiting our websites

The use of our website is generally possible without the active provision of personal data. However, every time our website is accessed, i.e. even for purely informational use, various data and information are collected by us for technical reasons and stored in so-called log files or server log files of our server. These are only the personal or personally identifiable data that your browser transmits to our server.

Recorded and stored are:

  • the IP address (Internet Protocol address),
  • the date and time of access to our website,
  • the browser software/browser types (computer programs for displaying web pages) used to access our website, as well as their versions and language,
  • das System, von dem aus auf unser System zugreifende Betriebssystem und dessen Version,
  • the internet service provider of the accessing system,
  • Content of the request (content of the specific pages accessed),
  • Access status/HTTP status code (response delivered by the server to each HTTP request, representing the status of the request),
  • the website from which our website is accessed,
  • Time zone difference from Greenwich Mean Time (GMT).

The storage of the IP address - even if only for a short time - is technically necessary due to the way the internet works. However, before we process and store your IP address, it is shortened and used only in this unrecognizable (anonymous) form. A storage of the complete IP address does not take place. An allocation to you is no longer possible after the shortening.

The other information and data mentioned above will also not be used by us to draw conclusions about you and/or to identify you. Data that make it possible to identify you personally will be anonymized as soon as possible.

The data and information listed above are collected by us exclusively in order to display our websites to you, to ensure their stability and security, and to optimize our websites in this respect. The collection of the aforementioned data thus serves the purpose of improving the data security of the programs and systems we use. In addition, we use the data for the anonymous, statistical evaluation of your movements on our websites.

The log files are stored separately from your other personal data, which you may have provided to us yourself during your visit to our pages, and are not merged with them. The log files are deleted after 7 days.

The legal basis for the collection of the aforementioned data is our legitimate interest (Article 6 (1) (f) GDPR) in the functionality and security of our websites. In addition, we have a legitimate interest in using the anonymous or anonymized data to evaluate user behavior on our pages in order to evaluate the effectiveness of our website design and structure.

4. Cookies

We use so-called cookies on our websites. Cookies are small text files that are sent to your browser by our server together with the requested web page when you or your browser access our website for the first time. Your browser stores the cookie(s) on the hard drive of your device.

Cookies cannot be used to transfer malware or viruses to your terminal, run programs or open pop-up windows. They are also not used to send spam. Rather, cookies are used to obtain certain information.

We distinguish between technically necessary cookies, which enable the operation of the website in the first place, and voluntary cookies. The setting of voluntary cookies takes place exclusively with your consent. Please note that if you only allow the technically necessary cookies, some functionalities of the websites are limited or not usable.

4.1. Technically necessary cookies

We use these data and the technically necessary cookies to make our website more effective, safer and more user-friendly overall, and, for example, to find out which items are already in your shopping cart or whether a pop-up window has already been displayed.

4.1.1. Mode of use

We use the following technically necessary cookies:

Name ExpireDescription PurposeDescription
__cflb 1 day Registriert, welcher Server-Cluster den Besucher bedient. Dies wird im Zusammenhang mit dem Lastausgleich verwendet, um die Benutzererfahrung zu optimieren.
CookieConsent 1 year Stores the user's consent status for cookies on the current domain.
elementor Persistent Wird im Zusammenhang mit dem WordPress-Theme der Website verwendet. Mit dem Cookie kann der Website-Eigentümer den Inhalt der Website in Echtzeit implementieren oder ändern.
wc_cart_created Session Necessary for the shopping cart functionality on the website. 
wc_cart_hash_# Persistent  
wc_fragments_# Session  
woocommerce_cart_hash Session Necessary for the shopping cart functionality on the website to remember the selected products - This also allows the website to promote related products to the visitor, based on the content of the shopping cart. 
woocommerce_items_in_cart Session Necessary for the shopping cart functionality on the website to remember the selected products - This also allows the website to promote related products to the visitor, based on the content of the shopping cart. 
wp_woocommerce_session_# 1 day  
rc::a Persistent Dieser Cookie wird verwendet, um zwischen Menschen und Bots zu unterscheiden. Dies ist vorteilhaft für die Webseite, um gültige Berichte über die Nutzung ihrer Webseite zu erstellen.
rc::c Session This cookie is used to distinguish between humans and bots.
__cflb 1 day Registriert, welcher Server-Cluster den Besucher bedient. Dies wird im Zusammenhang mit dem Lastausgleich verwendet, um die Benutzererfahrung zu optimieren.
     

We use the following cookies for statistical purposes:

Name ExpireDescription PurposeDescription
_ga 2 years Registers a unique ID that is used to generate statistical data about how the visitor uses the website.
_gat 1 day Used by Google Analytics to limit the request rate
_gid 1 day Registers a unique ID that is used to generate statistical data about how the visitor uses the website.
woocommerce_recently_viewed Session Enthält Daten zu den letzten Produkten, die der Besucher angesehen hat. Wird vom Webmaster für interne Statistiken verwendet.

We use the following cookies for marketing purposes:

Name ExpireDescription PurposeDescription
GoogleAnalytics 30 Tage We store this cookie to show you only the content that you are definitely interested in.
GoogleTagManager 30 Tage We store this cookie to show you only the content that you are definitely interested in.
yt.innertube::nextId Persistent Registers a unique ID to keep statistics of the videos from YouTube that the user has watched.
yt.innertube::requests Persistent Registers a unique ID to keep statistics of the videos from YouTube that the user has watched.
yt-remote-cast-installed Session Saves the user settings when retrieving a Youtube video integrated on other websites
yt-remote-connected-devices Persistent Saves the user settings when retrieving a Youtube video integrated on other websites
yt-remote-device-id Persistent Saves the user settings when retrieving a Youtube video integrated on other websites
yt-remote-fast-check-period Session Saves the user settings when retrieving a Youtube video integrated on other websites
yt-remote-session-app Session Saves the user settings when retrieving a Youtube video integrated on other websites
yt-remote-session-name Session Saves the user settings when retrieving a Youtube video integrated on other websites

4.1.2.  Legal basis for the use

We have a legitimate interest (Article 5 (1) lit. f DSGVO) in the use of cookies. This applies to cookies that are required for the use of the functions of our websites (e.g. shopping cart function), as these are necessary for the functionality and best possible provision of our services.

4.2. Voluntary cookies

4.2.1. Legal basis

The setting of voluntary cookies takes place exclusively with your consent (Article 6 (1) a GDPR). Please note that if you only allow the technically necessary cookies, some functionalities of the websites are limited or not usable.

4.3 Further possibilities to influence the setting of cookies by means of settings in your browser

If you do not wish cookies to be stored in general, or do not wish individual cookies to be stored on your device, you can configure your browser settings to suit your preferences using the corresponding menu item.

At this point, we would like to point out that this may result in not all functions of our websites being available or usable.

Cookies that are stored on your terminal device beyond the respective session can also be removed from your device - in addition to the option of blocking them - regardless of whether their use is time-limited or unrestricted.

To do this, you can access the corresponding functions in your browser and delete the chronicle.

Flash cookies can be prevented by installing an appropriate "add-on", e.g. "Better Privacy" for Mozilla Firefox or the Adobe Flash Killer Cookie for Google Chrome.

By selecting private mode on your browser, you can prevent HTML5 Storage Objetcs from being set or used.

In general, we recommend that you delete your browsing history and cookies on a regular basis.

5. Data processing when using the contact form

You have the option to send us a request via our contact form.

5.1. Use of the contact form

If you use this option, only the personal data provided by you in the context of your request will be collected. Whereby the specification of your e-mail address is required information, without which it is unfortunately not possible to send your request to us. You are also welcome to provide us with your first name, surname or title (Ms/Mr) so that we can address you correctly in our reply.

5.2 Data processing

Die Verarbeitung Ihrer Daten, die Sie im Rahmen Ihrer Anfrage über unser Kontaktformular zur Verfügung stellen, erfolgt aufgrund der Einwilligung zur Verarbeitung (Artikel 6 Abs. 1 lit. a DSGVO), die Sie der Web Inclusion GmbH mit der Zusendung Ihrer Anfrage erteilen, bzw. aufgrund unseres berechtigten Interesses (Artikel 6 Abs. 1 lit. f DSGVO) an der Möglichkeit zur Beantwortung an uns gerichteter Anfragen.

If a contractual relationship should be established between us as a result of you contacting us, the data processing will be carried out for the implementation of pre-contractual measures (Article 6 para. 1 lit. b GDPR).

5.3 Storage duration

We store the data we receive from you via the contact form until your request has been fully processed. Subject to your consent to store your data for further purposes (e.g. newsletter mailing), we will delete your data after completing the processing of your request, unless a contractual relationship between us has been established as a result of the contact. In this case, we store the data, as far as necessary, until the expiry of the retention periods under commercial and tax law.

Right of revocation of data storage

You can revoke this consent at any time with effect for the future. Your revocation does not lead to the lawfulness of the processing of your personal data ceasing to apply until your revocation.

In the event that a contract should come into being between us and you as a result of contacting us, the data storage is based on contract or on necessary pre-contractual measures.

Zur Ausübung Ihres Widerrufsrechts schreiben Sie uns einfach eine kurze E-Mail oder wählen Sie eine andere Form der Kontaktaufnahme. Die Kontaktdaten finden Sie im Impressum bzw. zu Beginn dieser Erklärung.

 

6. Data processing for inquiries by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, we collect and process the personal data that you provide to us in this context (name, request, telephone number, e-mail address, fax number, and, if applicable and provided as part of the request, e.g. e-mail signature, your address). We use your personal data exclusively for processing your request. The data will not be passed on to third parties without your consent.

6.1 Data processing

The processing of your data, which you provide as part of your inquiry via our contact form, is based on the consent to processing (Article 6 (1) a) GDPR), which you give us by sending us your inquiry, or on our legitimate interest (Article 6 (1) f) GDPR) in the possibility to respond to inquiries directed to us.

Should a contractual relationship (membership) be established as a result of you contacting us, the data processing is carried out for the implementation of pre-contractual measures (Article 6 para. 1 lit. b) GDPR).

6.2 Storage duration

We store the data we receive from you via the contact form until your request has been fully processed. Subject to your consent to store your data for further purposes (e.g. newsletter mailing), we will delete your data after completing the processing of your request, unless a contractual relationship between us has been established as a result of the contact. In this case, we store the data, as far as necessary, until the expiry of the retention periods under commercial and tax law.

6.3. Right to revoke consent

You can revoke the consent to data processing at any time with effect for the future. Your revocation does not lead to the lawfulness of the processing of your personal data ceasing to apply until your revocation.

To exercise your right of revocation, simply write us a short e-mail or choose another form of contact. You will find the contact details in our imprint or at the beginning of this statement.

7. SSL or TLS encryption

On our websites, through which personal data can be entered (in particular the ordering process, login to the customer account, registration for our newsletter), we use the encryption technology TLS (Transport Layer Security). This is a protocol for encrypting data transmissions in order to prevent unauthorized access by third parties to your personal data, in particular your banking or financial data. You can recognize the encryption by the designation "https://".

8. Google Webfonts and Google Material Icons

On our websites, we use so-called web fonts and material icons in order to display the content on our websites in an appealing, correct and consistent manner across browsers. The appealing and correct display of our content constitutes a legitimate interest.

The web fonts and material icons we use are web fonts and material icons of Google LLC (Google), Amphitheatre Parkway, Mountain View, CA 94043, USA.

Web fonts and material icons make it possible to use fonts and icons that are not stored on the PC of the visitor to our site or on the device used to visit our site.

The fonts and icons used on the website you are visiting are loaded into your browser cache by your browser when you visit this page, so that the content (texts and characters, icons) is displayed correctly. During this process, the browser you are using establishes a connection with Google's servers. Within the scope of this connection between your browser and Google, Google receives knowledge that your IP address has accessed our website. According to Google's account, however, there is no merging between otherwise known personal data (e.g. if you are logged into your Google account at the time of accessing our website) and the fact that your IP address is transmitted to Google when you access a website.

According to Google, CSS (Cascading Style Sheets - a programming or stylesheet language used to give the content on our site its appearance, for example, the color display of individual words or paragraphs) are stored in the cache for 24 hours.

According to Google, the font files and icons themselves are stored in the cache for one year. You can find more information about data storage and Google Web Fonts under the following link: https://developers.google.com/fonts/faq.

Further information on data use by Google can be found here:
https://policies.google.com/privacy?hl=de.

If your browser does not support Google Web Fonts or if access is prevented, the content is displayed in a standard font that is stored on the device you are using.

9. Definition of terms

The basis for the following definitions is the General Data Protection Regulation (GDPR) of the European Union (Regulation EU 2016/679 of the European Parliament and of the Council).

9.1 "Responsible party"

The responsible party is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the responsible party or the specific criteria for its designation may be determined in accordance with Union or Member State law.

Thus, the responsible party is in principle the natural person or the company which, alone or together with others, determines the reason and the manner of the processing of personal data.

9.2 "Personal data"

Personal data are any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal data are, in addition to the first and last name, address, telephone number, email address, date of birth, etc., also the IP address used, information about the devices used by you, voice recordings, your customer card number, your account data, your credit card numbers, as well as, for example, physical characteristics, such as your gait or your appearance.

9.3. "Processing"

Verarbeitung ist jeder mit oder ohne Hilfe automatisierter Verfahren ausgeführten Vorgang oder jede solche Vorgangsreihe im Zusammenhang mit personenbezogenen Daten wie das Erheben, das Erfassen, die Organisation, das Ordnen, die Speicherung, die Anpassung oder Veränderung, das Auslesen, das Abfragen, die Verwendung, die Offenlegung durch Übermittlung, Verbreitung oder eine andere Form der Bereitstellung, der Abgleich oder die Verknüpfung, die Einschränkung, das Löschen oder die Vernichtung. Eine Verarbeitung Ihrer Daten erfolgt zum Beispiel auch dann, wenn Sie Ihre Kundenkarte im Rahmen des Bezahlvorganges an der Kasse vorlegen oder mit der EC-Karte eine Zahlung leisten.

9.4 "Third party"

Third party is a natural or legal person, public authority, agency or other body, other than the data subject, the responsible party, the processor and the persons authorized to process the personal data under the direct responsibility of the responsible party or the processor.

9.5 "Restriction of processing"

Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.

9.6 "Pseudonymization"

Die Verarbeitung personenbezogener Daten in einer Weise, dass die personenbezogenen Daten ohne Hinzuziehung zusätzlicher Informationen nicht mehr einer spezifischen betroffenen Person zugeordnet werde können, nennt man Pseudonymisierung.  Darüber hinaus sind technische und organisatorische Maßnahmen zu ergreifen, die gewährleisten, dass die personenbezogenen Daten nicht einer identifizierten oder identifizierbaren natürlichen Person zugewiesen werden.

9.7. "Consent"

Consent is understood to be any voluntary expression of will in the form of a declaration or other explicit affirmative action, given for the specific case, in an informed manner and unambiguously, by which the data subject indicates that they consent to the processing of personal data relating to them.