XIII. Contact form, email contact, contact via WhatsApp and Skype

1. Description and scope

XIII. Contact form, email contact, contact via WhatsApp and Skype

1. Description and scope of data processing

Our website includes a contact form that can be used to contact us electronically. If a user chooses to do so, the data entered in the input mask will be transmitted to us and stored. These data are:

 

Mandatory information includes:

• First name

• Last name

• Email address

• Question or request

•  

Optional information includes:

• Customer number

• Street address

• Postcode and city

• Country

• Telephone

 

At the time of sending the message, the following data is also stored:

 

• the user's IP address

• Date and time of sending the message

•  

For the processing of the data, reference is made to this data protection declaration as part of the sending process and your consent is obtained for sending your message and processing the voluntary information.

 

Alternatively, you can contact us via the email address provided or via Skype or the WhatsApp messaging service. In this case, the user's personal data transmitted by email, Skype or WhatsApp message will be stored.

The data will not be passed on to third parties in this context. The data will be used exclusively for the purposes of the conversation.

We would like to point out that information that you send to us unencrypted by email, WhatsApp or by using our contact form may be read by third parties during transmission. As a rule, we are also unable to verify your identity and do not know who is behind an email address. Therefore, legally secure communication via simple email, WhatsApp or the contact form is not guaranteed. For the transmission of messages worthy of protection, we recommend that you send your request by conventional mail.

Persons under the age of 16 should not transmit any personal data to us unless they have the consent of their legal guardians. The consent must then be explicitly stated in the message. We do not request personal data from children and young people. We do not knowingly collect such data.

 

2. Legal basis for data processing

The legal basis for the processing of the data is the consent of the user in accordance with Article 6 (1) (a) of the GDPR.

 

The legal basis for the processing of data transmitted in the course of sending an e-mail, Skype or WhatsApp message is Art. 6 para. 1 lit. f DSGVO. If the e-mail/Skype contact or the WhatsApp message is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.

 

3. Purpose of data processing

We process the personal data from the input mask solely for the purpose of processing the contact. If you contact us by email, Skype or WhatsApp, this also constitutes the necessary legitimate interest in processing the data.

 

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

 

4. Duration of storage

The data are deleted as soon as they are no longer required for the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by email, Skype or WhatsApp, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

 

5. Right to object and right to erasure

The user has the right to withdraw their consent to the processing of personal data at any time. If the user contacts us by email, Skype or WhatsApp, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

 

To do so, contact our data protection officer. You can reach them as follows:

 

The Royal Monkey

Johann-Schäfer-Str. 4

53909 Zülpich

Germany

 

Tel.: +49 (0) 2256 / 9399489

 

E-Mail: info@theroyalmonkey.net

 

All personal data stored in the course of establishing contact will be deleted in this case.

​

XIV. Disclosure of data to service providers

1. Wix

a) Description and scope of data processing

Our website offers users the opportunity to contact us via live chat. If a user takes advantage of this option, the content of the conversation is transmitted to us but not stored by us.

 

At the time of sending the message, the following data is also stored by us:

 

· The user's IP address

· Date and time of the chat

· Name of our employee with whom the chat is conducted

 

The live chat is provided by the host provider Wix.

The following data may be stored in the process:

· The entire content of the chat

· Chat language

· Duration

· Start URL on which the chat was started

· URL on which the chat was ended

· Name of the employee with whom the user is chatting

 

The data is used exclusively for processing the conversation. However, we expressly point out that Wix stores the data directly during the live chat.

 

b) Legal basis for data processing

The legal basis for processing the data is the consent of the user in accordance with Article 6 (1) (a) of the GDPR.

 

An additional legal basis for the processing of personal data is Art. 6 (1) (f) GDPR.

 

c) Purpose of data processing

The other personal data processed by us during the use of the live chat serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

 

Regarding the data collected by our service provider – Wix – we refer to the privacy policy of Wix.

d) Duration of storage

The data will be deleted as soon as it is no longer required for the purpose for which it was collected.

 

The additional personal data collected by us during the use of the live chat will be deleted after a period of seven days at the latest.

 

The data collected by Wix will be deleted after a period of one month.

 

e) Right to object and right to erasure

The user has the right to revoke their consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

 

To do so, contact our data protection officer. You can reach them as follows:

 

The Royal Monkey

Johann-Schäfer-Str. 4

53909 Zülpich

Germany

 

Tel.: +49 (0) 2256 / 9399489

 

E-Mail: info@theroyalmonkey.net

 

All personal data stored in the course of establishing contact will be deleted in this case.

​

XV. Google Online Marketing Services

1. Google Analytics

With your consent in accordance with Art. 6 Para. 1 lit. a. DSGVO Google Analytics, a web analysis service provided by Google Ireland Limited (“Google”), a company incorporated and operated under Irish law (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google uses cookies. The information generated by the cookie about your use of our website (including your IP address) will be transmitted to and stored by Google on computers. It cannot be ruled out that the data processing will take place outside the scope of EU law.

Google will use this information on our behalf to evaluate your use of our website, to compile reports on the activities within this online offering and to provide us with further services associated with the use of this online offering and the internet. Pseudonymous user profiles may be created from the processed data. We only use Google Analytics with activated IP anonymization. This means that the user's IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. The IP address provided by the user's browser will not be merged with other Google data. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent the collection of data generated by the cookie and related to their use of the online offer to Google and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de. Further information on the use of data by Google, setting and objection options, can be found in Google's privacy policy (https://policies.google.com/technologies/ads) and in the settings for the display of advertising by Google (https://adssettings.google.com/authenticated). Users' personal data will be deleted or anonymized after 14 months.

 

We use Google Analytics to display ads placed within Google and its partners' advertising services only to users who have also shown an interest in our online services or who exhibit certain characteristics (e.g., interests in certain topics or products determined based on the websites visited) that we transmit to Google (so-called “remarketing” or “Google Analytics audiences”). With the help of remarketing audiences, we also want to ensure that our ads match the potential interest of users.

 

2. Google Tag Manager

Google Tag Manager is a solution that allows us to manage so-called website tags through a single interface (and thus integrate Google Analytics and other Google marketing services into our online offering, for example). The Tag Manager itself (which implements the tags) does not process any personal data of the users. With regard to the processing of users' personal data, please refer to the following information about Google services. Usage guidelines: https://www.google.com/intl/de/tagmanager/use-policy.html.

 

3. Google AdWords and conversion measurement

With your consent, we use the services of Google Ireland Limited (“Google”), a company incorporated and operated under Irish law (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

 

We use the online marketing tool Google “AdWords” to place ads on the Google advertising network (e.g. in search results, in videos, on websites, etc.) so that they are displayed to users who have a presumed interest in the ads. This allows us to display ads for and within our online offering in a more targeted manner so that we only present users with ads that potentially match their interests. For example, if a user is shown ads for products that he has shown an interest in on other websites, this is referred to as “remarketing”. For these purposes, when you visit our and other websites on which the Google advertising network is active, Google directly executes a code from Google and (re)marketing tags (invisible graphics or code, also known as “web beacons”) are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user's device (comparable technologies can also be used instead of cookies). This file records which websites the user visits, which content the user is interested in and which offers the user has clicked on, as well as technical information about the browser and operating system, referring websites, visit times and other information about the use of the online offer.

 

Furthermore, we receive an individual “conversion cookie”. The information obtained with the help of cookies is used by Google to create conversion statistics for us. However, we only see the anonymous total number of users who clicked on our ad and were redirected to a page with a conversion tracking tag. However, we do not receive any information that can be used to personally identify users.

 

User data is processed pseudonymously within the Google advertising network. This means that Google does not store and process, for example, the name or email address of the user, but processes the relevant data cookie-related within pseudonymous user profiles. This means that, from Google's point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has explicitly allowed Google to process the data without this pseudonymization. The information collected about the users is transmitted to Google and stored there. It is not out of the question that the data processing will take place outside the scope of EU law.

 

You can find more information about Google's use of data, settings and opt-out options in Google's privacy policy (https://policies.google.com/technologies/ads) and in the settings for Google's display of advertisements (https://adssettings.google.com/authenticated).

 

4. Google Re/Marketing Services

With your consent, we use the marketing and remarketing services (“Google Marketing Services” for short) of Google Ireland Limited, a company incorporated and operated under Irish law (registration number: 368047), with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Marketing Services allow us to better target ads for and on our website so that we only show users ads that potentially match their interests. For example, if a user is shown ads for products that he has shown an interest in on other websites, this is referred to as “remarketing”. For these purposes, when our and other websites on which Google marketing services are active are accessed, Google directly executes a code from Google and (re)marketing tags (invisible graphics or code, also known as “web beacons”) are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user's device (comparable technologies may also be used instead of cookies). The cookies may be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which websites the user has visited, which content they are interested in and which offers they have clicked on, as well as technical information about the browser and operating system, referring websites, visit duration and other information about the use of the online offer. The user's IP address is also recorded. In the context of Google Analytics, we would like to point out that the IP address is shortened within member states of the European Union or in other states that are party to the Agreement on the European Economic Area and only in exceptional cases is it transferred in full to a Google server in the USA and shortened there. The IP address will not be merged with data of the user within other Google offers. The above information may also be linked by Google to such information from other sources. If the user subsequently visits other websites, they may be shown ads tailored to their interests. User data is processed pseudonymously as part of Google Marketing Services. This means that Google does not store and process the names or email addresses of users, for example, but processes the relevant data on a cookie-related basis within pseudonymous user profiles. This means that, from Google's perspective, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has explicitly allowed Google to process the data without this pseudonymization. The information collected by Google marketing services about users is transmitted to Google and stored there. It is not excluded that the data processing takes place outside the scope of EU law. The Google marketing services we use include, among other things, the online advertising program “Google AdWords”. In the case of Google AdWords, each AdWords customer receives a different “conversion cookie”. Cookies cannot therefore be tracked across the websites of AdWords customers. The information obtained using the cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. The AdWords customers find out the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that could be used to personally identify users. We may include third-party advertisements based on the Google marketing service “AdSense”. AdSense uses cookies that enable Google and its partner websites to serve ads based on users' visits to this site or other sites on the Internet. We may also use “Google Tag Manager” to integrate and manage Google analytics and marketing services on our website. For more information about Google's use of data for marketing purposes, please visit the overview page: https://www.google.com/policies/technologies/ads. Google's privacy policy is available at https://www.google.com/policies/privacy. If you wish to object to interest-based advertising by Google Marketing Services, you can use the settings and opt-out options provided by Google: http://www.google.com/ads/preferences.

 

XVI. Integration of third-party content

After you have given your consent in accordance with Art. 6 (1) point a GDPR, we may use content from third-party providers to integrate their content and services, such as videos (hereinafter referred to as “content”). This always requires that the third-party providers of this content see the IP address of the user, since without the IP address they would not be able to send the content to the user's browser. The IP address is therefore required for the presentation of this content. We endeavor to use only content from providers who use the IP address solely for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may include, but is not limited to, technical information about the browser and operating system, referring web pages, visit times, and other information regarding the use of our online services. It may also be linked to such information from other sources.

 

1. Google Maps

We integrate maps from the “Google Maps” service provided by Google Ireland Limited (“Google”), a company incorporated and operated under Irish law (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The data processed may include, in particular, users' IP addresses and location data, which are not collected without their consent (usually as part of their mobile device settings). It cannot be ruled out that the data processing will take place outside the scope of EU law. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

 

XVII. Social media

We maintain an online presence within social networks and platforms in order to communicate with customers, interested parties and users who are active there and to inform them about our services.

 

We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce user rights.

 

Furthermore, user data is generally processed for market research and advertising purposes. For example, user profiles can be created from the user behavior and the resulting interests of the users. The user profiles can in turn be used to place advertisements inside and outside the platforms that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the usage behavior and the interests of the users are stored. Furthermore, data can also be stored in the user profiles independently of the devices used by the users (in particular if the users are members of the respective platforms and are logged in to them).

 

The processing of users' personal data is based on our legitimate interests in effectively informing users and communicating with users in accordance with Art. 6 (1) point f. If users are asked by the respective providers for consent to data processing (i.e. to declare their consent, for example, by ticking a checkbox or confirming a button), the legal basis for the processing is Art. 6 para. 1 lit. a., Art. 7 DSGVO.

 

For a detailed description of the respective processing and the opt-out options, please refer to the following linked information from the providers.

 

We would also like to point out that requests for information and the assertion of user rights can be most effectively asserted with the providers. Only the providers have access to the user data and can take appropriate measures and provide information directly. However, if you need help, you can contact us.

 

• Facebook, -Pages, -Groups, (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) based on an agreement on joint processing of personal data - privacy policy: https://www.facebook.com/about/priv acy/, specifically for pages: https://www.facebook.com/legal/terms/information_about_page_insights_data , opt-out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com

• Google/ YouTube (Google Ireland Limited (“Google”), a company incorporated and operated under the laws of Ireland (registration number: 368047), with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (“Google”)) – Privacy Policy: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated

• Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) – Privacy Policy/ Opt-Out: http://instagram.com/about/legal/privacy/.

• Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) - Privacy Policy: https://twitter.com/de/privacy, Opt-Out: https://twitter.com/personalization

• Pinterest (Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA) – Privacy Policy/ Opt-Out: https://about.pinterest.com/de/privacy-policy.

• Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany) - Privacy Policy/Opt-Out: https://privacy.xing.com/de/datenschutzerklaerung.

XVIII. Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

 

1. Right of access

You have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed by us.

 

If such processing has taken place, you can request the following information from the controller:

a) the purposes for which the personal data are processed;

b) the categories of personal data that are processed;

c) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;

d) the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the storage duration;

e) the existence of a right to correction or deletion of your personal data, a right to restriction of processing by the controller or a right to object to such processing;

f) the existence of a right of appeal to a supervisory authority;

g) all available information about the origin of the data if the personal data is not collected from the data subject;

h) the existence of automated decision-making, including profiling, in accordance with Art. 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended impact of such processing on the data subject.

 

You have the right to request information about whether your personal data is being transferred to a third country or to an international organization. In this context, you can request information about the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transfer.

 

This right of access may be restricted to the extent that it is likely to render impossible or seriously impair the achievement of research or statistical purposes and the restriction is necessary for the fulfillment of research or statistical purposes.

 

2. Right to rectification

You have the right to request the data controller to rectify and/or complete the data if the processed personal data concerning you is incorrect or incomplete. The data controller must carry out the rectification without delay.

 

Your right to rectification can be restricted to the extent that it is likely to make it impossible or seriously impair the realization of research or statistical purposes and the restriction is necessary for the fulfillment of research or statistical purposes.

 

3. Right to restriction of processing

You have the right to obtain from the controller restriction of processing where one of the following applies:

a) you contest the accuracy of the personal data, for a period enabling the controller to verify the accuracy of the personal data;

b) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;

c) the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defense of legal claims; or

d) you have objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override your grounds.

 

Where processing of personal data concerning you has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

 

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

 

Your right to restriction of processing may be limited to the extent that it is likely to render impossible or seriously impair the realization of research or statistical purposes and the limitation is necessary for the fulfillment of research or statistical purposes.

 

4. Right to erasure

a) Erasure obligation

You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller has the obligation to erase personal data without undue delay where one of the following grounds applies:

aa) the personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed

bb) you withdraw your consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing

cc) You object to the processing in accordance with Art. 21 (1) GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Art. 21 (2) GDPR.

dd) The personal data concerning you has been processed unlawfully.

ee) The deletion of personal data concerning you is required to fulfill a legal obligation under Union or national law to which the controller is subject.

ff) The personal data concerning you has been collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.

 

b) Information to third parties

If the person responsible has made the personal data concerning you public and is obliged to delete it in accordance with Art. 17 Para. 1 GDPR, he shall take appropriate measures, taking into account the available technology and the implementation costs, including those of a technical nature, to technical means, to inform controllers which are processing the personal data that you, as the data subject, have requested the deletion of all links to, or copies or replications of, those personal data.

 

c) Exceptions

The right to erasure does not apply to the extent that processing is necessary

aa) for exercising the right of freedom of expression and information;

bb) to fulfill a legal obligation that requires processing under the law of the Union or of the Member States to which the controller is subject, or to carry out a task that is in the public interest or in the exercise of official authority that has been transferred to the controller;

cc) for reasons of public interest in the area of public health in accordance with Art. 9 para. 2 lit. h and i as well as Art. 9 para. 3 GDPR;

dd) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

ee) for the assertion, exercise or defense of legal claims.

 

5. Right to information

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort.

You have the right to request that the data controller inform you about these recipients.

 

6. Right to data portability

You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where

 

a) the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR and

b) the processing is carried out by automated means.

 

In exercising this right, you also have the right to have the personal data concerning you transferred directly from one controller to another, insofar as this is technically feasible. The freedoms and rights of other persons must not be adversely affected by this.

 

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

 

7. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(f) GDPR, including profiling based on those provisions.

 

The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

 

Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.

 

You have the option, in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, of exercising your right to object by automated means using technical specifications.

 

You also have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out for the purposes of scientific or historical research or for statistical purposes in accordance with Article 89 (1) of the GDPR.

 

Your right to object can be restricted if it is likely to make it impossible or seriously impair the realization of research or statistical purposes and the restriction is necessary for the fulfillment of research or statistical purposes.

 

8. Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

 

9. Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision

a) is necessary for entering into, or performance of, a contract between you and the data controller;

b) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or

c) with your express consent.

However, these decisions must not be based on special categories of personal data according to Art. 9 (1) GDPR, unless Art. 9 (2) a or g GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

In the cases referred to in (1) and (3), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

 

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.

Data processing

Our website includes a contact form that can be used to contact us electronically. If a user chooses this option, the data entered in the input mask will be transmitted to us and stored. These data are:

 

Mandatory information includes:

• First name

• Last name

• Email address

• Question or request

 

Optional information includes:

• Customer number

• street and house number

• postcode and city

• country

• telephone

 

At the time of sending the message, the following data is also stored:

 

• the user's IP address

• the date and time the message was sent.

 

During the sending process, reference is made to this data protection declaration for the processing of the data, and your consent is obtained for sending your message and processing the voluntary information.

 

Alternatively, you can contact us via the email address provided or via Skype and the messaging service WhatsApp. In this case, the user's personal data transmitted by email, Skype or WhatsApp message will be stored.

The data will not be passed on to third parties in this context. The data will be used exclusively for the purpose of processing the conversation.

We would like to point out that information that you send to us unencrypted by email, WhatsApp or by using our contact form may be read by third parties during transmission. As a rule, we are also unable to verify your identity and do not know who is behind an email address. Therefore, legally secure communication via simple email, WhatsApp or the contact form is not guaranteed. For the transmission of messages worthy of protection, we recommend that you send your request by conventional mail.Persons under the age of 16 should not transmit any personal data to us unless they have the consent of their legal guardians. The consent must then be explicitly stated in the message. We do not request personal data from children and young people. We do not knowingly collect such data.

2. Legal basis for data processingThe legal basis for the processing of the data is the consent of the user in accordance with Article 6 (1) (a) of the GDPR.

The legal basis for the processing of data transmitted in the course of sending an e-mail, Skype or WhatsApp message is Art. 6 para. 1 lit. f DSGVO. If the e-mail/Skype contact or the WhatsApp message is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.

3. Purpose of data processingWe process the personal data from the input mask solely for the purpose of processing the contact. If you contact us by email, Skype or WhatsApp, this also constitutes the necessary legitimate interest in processing the data.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of storageThe data are deleted as soon as they are no longer required for the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by email, Skype or WhatsApp, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

5. Right to object and right to erasureThe user has the right to withdraw their consent to the processing of personal data at any time. If the user contacts us by email, Skype or WhatsApp, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

To do so, contact our data protection officer. You can reach them as follows:

The Royal MonkeyJohann-Schäfer-Str. 453909 ZülpichGermany

Tel.: +49 (0) 2256 / 9399489

E-Mail: info@theroyalmonkey.net

All personal data stored in the course of establishing contact will be deleted in this case.​XIV. Disclosure of data to service providers1. Wixa) Description and scope of data processing

Our website offers users the opportunity to contact us via live chat. If a user takes advantage of this option, the content of the conversation is transmitted to us but not stored by us.

At the time of sending the message, the following data is also stored by us:

· The user's IP address· Date and time of the chat· Name of our employee with whom the chat is conducted

The live chat is provided by the host provider Wix.The following data may be stored in the process:· The entire content of the chat· Chat language· Duration· Start URL on which the chat was started· URL on which the chat was ended· Name of the employee with whom the user is chatting

The data is used exclusively for processing the conversation. However, we expressly point out that Wix stores the data directly during the live chat.

b) Legal basis for data processingThe legal basis for processing the data is the consent of the user in accordance with Article 6 (1) (a) of the GDPR.

An additional legal basis for the processing of personal data is Art. 6 (1) (f) GDPR.

c) Purpose of data processingThe other personal data processed by us during the use of the live chat serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

Regarding the data collected by our service provider – Wix – we refer to the privacy policy of Wix.d) Duration of storageThe data will be deleted as soon as it is no longer required for the purpose for which it was collected.

The additional personal data collected by us during the use of the live chat will be deleted after a period of seven days at the latest.

The data collected by Wix will be deleted after a period of one month.

e) Right to object and right to erasureThe user has the right to revoke their consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

To do so, contact our data protection officer. You can reach them as follows:

The Royal MonkeyJohann-Schäfer-Str. 453909 ZülpichGermany

Tel.: +49 (0) 2256 / 9399489

E-Mail: info@theroyalmonkey.net

All personal data stored in the course of establishing contact will be deleted in this case.

​XV. Google Online Marketing Services1. Google AnalyticsWith your consent in accordance with Art. 6 Para. 1 lit. a. DSGVO Google Analytics, a web analysis service provided by Google Ireland Limited (“Google”), a company incorporated and operated under Irish law (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google uses cookies. The information generated by the cookie about your use of our website (including your IP address) will be transmitted to and stored by Google on computers. It cannot be ruled out that the data processing will take place outside the scope of EU law.

Google will use this information on our behalf to evaluate your use of our website, to compile reports on the activities within this online offering and to provide us with further services associated with the use of this online offering and the internet. Pseudonymous user profiles may be created from the processed data. We only use Google Analytics with activated IP anonymization. This means that the user's IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. The IP address provided by the user's browser will not be merged with other Google data. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent the collection of data generated by the cookie and related to their use of the online offer to Google and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de. Further information on the use of data by Google, setting and objection options, can be found in Google's privacy policy (https://policies.google.com/technologies/ads) and in the settings for the display of advertising by Google (https://adssettings.google.com/authenticated). Users' personal data will be deleted or anonymized after 14 months.

We use Google Analytics to display ads placed within Google and its partners' advertising services only to users who have also shown an interest in our online services or who exhibit certain characteristics (e.g., interests in certain topics or products determined based on the websites visited) that we transmit to Google (so-called “remarketing” or “Google Analytics audiences”). With the help of remarketing audiences, we also want to ensure that our ads match the potential interest of users.

2. Google Tag ManagerGoogle Tag Manager is a solution that allows us to manage so-called website tags through a single interface (and thus integrate Google Analytics and other Google marketing services into our online offering, for example). The Tag Manager itself (which implements the tags) does not process any personal data of the users. With regard to the processing of users' personal data, please refer to the following information about Google services. Usage guidelines: https://www.google.com/intl/de/tagmanager/use-policy.html.

3. Google AdWords and conversion measurementWith your consent, we use the services of Google Ireland Limited (“Google”), a company incorporated and operated under Irish law (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

We use the online marketing tool Google “AdWords” to place ads on the Google advertising network (e.g. in search results, in videos, on websites, etc.) so that they are displayed to users who have a presumed interest in the ads. This allows us to display ads for and within our online offering in a more targeted manner so that we only present users with ads that potentially match their interests. For example, if a user is shown ads for products that he has shown an interest in on other websites, this is referred to as “remarketing”. For these purposes, when you visit our and other websites on which the Google advertising network is active, Google directly executes a code from Google and (re)marketing tags (invisible graphics or code, also known as “web beacons”) are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user's device (comparable technologies can also be used instead of cookies). This file records which websites the user visits, which content the user is interested in and which offers the user has clicked on, as well as technical information about the browser and operating system, referring websites, visit times and other information about the use of the online offer.

Furthermore, we receive an individual “conversion cookie”. The information obtained with the help of cookies is used by Google to create conversion statistics for us. However, we only see the anonymous total number of users who clicked on our ad and were redirected to a page with a conversion tracking tag. However, we do not receive any information that can be used to personally identify users.

User data is processed pseudonymously within the Google advertising network. This means that Google does not store and process, for example, the name or email address of the user, but processes the relevant data cookie-related within pseudonymous user profiles. This means that, from Google's point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has explicitly allowed Google to process the data without this pseudonymization. The information collected about the users is transmitted to Google and stored there. It is not out of the question that the data processing will take place outside the scope of EU law.

You can find more information about Google's use of data, settings and opt-out options in Google's privacy policy (https://policies.google.com/technologies/ads) and in the settings for Google's display of advertisements (https://adssettings.google.com/authenticated).

4. Google Re/Marketing ServicesWith your consent, we use the marketing and remarketing services (“Google Marketing Services” for short) of Google Ireland Limited, a company incorporated and operated under Irish law (registration number: 368047), with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Marketing Services allow us to better target ads for and on our website so that we only show users ads that potentially match their interests. For example, if a user is shown ads for products that he has shown an interest in on other websites, this is referred to as “remarketing”. For these purposes, when our and other websites on which Google marketing services are active are accessed, Google directly executes a code from Google and (re)marketing tags (invisible graphics or code, also known as “web beacons”) are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user's device (comparable technologies may also be used instead of cookies). The cookies may be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which websites the user has visited, which content they are interested in and which offers they have clicked on, as well as technical information about the browser and operating system, referring websites, visit duration and other information about the use of the online offer. The user's IP address is also recorded. In the context of Google Analytics, we would like to point out that the IP address is shortened within member states of the European Union or in other states that are party to the Agreement on the European Economic Area and only in exceptional cases is it transferred in full to a Google server in the USA and shortened there. The IP address will not be merged with data of the user within other Google offers. The above information may also be linked by Google to such information from other sources. If the user subsequently visits other websites, they may be shown ads tailored to their interests. User data is processed pseudonymously as part of Google Marketing Services. This means that Google does not store and process the names or email addresses of users, for example, but processes the relevant data on a cookie-related basis within pseudonymous user profiles. This means that, from Google's perspective, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. [...] [...] [...] [...] [...] [...]

[...] [...] The pseudonymous information may also be stored in cookies on the user's device and may include, but is not limited to, technical information about the browser and operating system, referring web pages, visit times, and other information regarding the use of our online services. It may also be linked to such information from other sources.

1. Google MapsWe integrate maps from the “Google Maps” service provided by Google Ireland Limited (“Google”), a company incorporated and operated under Irish law (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The data processed may include, in particular, users' IP addresses and location data, which are not collected without their consent (usually as part of their mobile device settings). It cannot be ruled out that the data processing will take place outside the scope of EU law. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

XVII. Social mediaWe maintain an online presence within social networks and platforms in order to communicate with customers, interested parties and users who are active there and to inform them about our services.

We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce user rights.

Furthermore, user data is generally processed for market research and advertising purposes. For example, user profiles can be created from the user behavior and the resulting interests of the users. The user profiles can in turn be used to place advertisements inside and outside the platforms that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the usage behavior and the interests of the users are stored. Furthermore, data can also be stored in the user profiles independently of the devices used by the users (in particular if the users are members of the respective platforms and are logged in to them).

The processing of users' personal data is based on our legitimate interests in effectively informing users and communicating with users in accordance with Art. 6 (1) point f. If users are asked by the respective providers for consent to data processing (i.e. to declare their consent, for example, by ticking a checkbox or confirming a button), the legal basis for the processing is Art. 6 para. 1 lit. a., Art. 7 DSGVO.

For a detailed description of the respective processing and the opt-out options, please refer to the following linked information from the providers.

We would also like to point out that requests for information and the assertion of user rights can be most effectively asserted with the providers. Only the providers have access to the user data and can take appropriate measures and provide information directly. However, if you need help, you can contact us.

XVIII. Rights of the data subjectIf your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

1. Right of accessYou have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed by us.

If such processing has taken place, you can request the following information from the controller:a) the purposes for which the personal data are processed;b) the categories of personal data that are processed;c) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;

d) the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the storage duration;e) the existence of a right to correction or deletion of your personal data, a right to restriction of processing by the controller or a right to object to such processing;f) the existence of a right of appeal to a supervisory authority;

g) all available information about the origin of the data if the personal data is not collected from the data subject;h) the existence of automated decision-making, including profiling, in accordance with Art. 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended impact of such processing on the data subject.

You have the right to request information about whether your personal data is being transferred to a third country or to an international organization. In this context, you can request information about the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transfer.

This right of access may be restricted to the extent that it is likely to render impossible or seriously impair the achievement of research or statistical purposes and the restriction is necessary for the fulfillment of research or statistical purposes.

[...]

[...]

[...]

[...]

[...]

[...]

[...]

[...]

[...]

[...]

[...] technical means, to inform controllers which are processing the personal data that you, as the data subject, have requested the deletion of all links to, or copies or replications of, those personal data.

c) ExceptionsThe right to erasure does not apply to the extent that processing is necessaryaa) for exercising the right of freedom of expression and information;

bb) to fulfill a legal obligation that requires processing under the law of the Union or of the Member States to which the controller is subject, or to carry out a task that is in the public interest or in the exercise of official authority that has been transferred to the controller;cc) for reasons of public interest in the area of public health in accordance with Art. 9 para. 2 lit. h and i as well as Art. 9 para. 3 GDPR;

dd) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; oree) for the assertion, exercise or defense of legal claims.

5. Right to informationIf you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort.

You have the right to request that the data controller inform you about these recipients.

6. Right to data portabilityYou have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where

a) the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR andb) the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data concerning you transferred directly from one controller to another, insofar as this is technically feasible. The freedoms and rights of other persons must not be adversely affected by this.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to objectYou have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(f) GDPR, including profiling based on those provisions.

The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.Where you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.

You have the option, in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, of exercising your right to object by automated means using technical specifications.

You also have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out for the purposes of scientific or historical research or for statistical purposes in accordance with Article 89 (1) of the GDPR.

Your right to object can be restricted if it is likely to make it impossible or seriously impair the realization of research or statistical purposes and the restriction is necessary for the fulfillment of research or statistical purposes.

8. Right to revoke the declaration of consent under data protection lawYou have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

[...]

[...]

[...]

In the cases referred to in (1) and (3), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authorityWithout prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.

• Facebook, -Pages, -Groups, (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) based on an agreement on joint processing of personal data - privacy policy: https://www.facebook.com/about/priv acy/, specifically for pages: https://www.facebook.com/legal/terms/information_about_page_insights_data , opt-out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com

• Google/ YouTube (Google Ireland Limited (“Google”), a company incorporated and operated under the laws of Ireland (registration number: 368047), with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (“Google”)) – Privacy Policy: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated

• Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) – Privacy Policy/ Opt-Out: http://instagram.com/about/legal/privacy/.

• Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) - Privacy Policy: https://twitter.com/de/privacy, Opt-Out: https://twitter.com/personalization

• Pinterest (Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA) – Privacy Policy/ Opt-Out: https://about.pinterest.com/de/privacy-policy.

• Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany) - Privacy Policy/Opt-Out: https://privacy.xing.com/de/datenschutzerklaerung.