1. Contact details of the data controller and the data protection officer
PPE UK Compare Ltd t/a PPE Compare (hereinafter also referred to as “PPE Compare”, “we” or “us”) offers you the opportunity to use various services free of charge via our website “ppecompare.co.uk” (hereinafter collectively referred to as “services”).
We are the data controller in accordance with the General Data Protection Regulation (GDPR). Our contact details are as follows:
7 Bell Yard
London WC2A 2JR
In the following we provide you with comprehensive information about the purposes for which and scope within which we process your personal data during the use of the PPE Compare website.
2. Collection and processing of personal data
You can generally use the website services – for which no payment or registration is required – without providing personal data. In certain cases, we will collect the personal data listed in Section 3. This fundamentally only occurs when necessary for the provision of our content and services. Furthermore, we process personal data in connection with the use of PPE Compare where you provide this data voluntarily, e.g. in the context of registration, a competition, an enquiry sent to us, or because there is another legal basis for this (see Section 4).
3. Categories of data processed
As soon as you visit ppecompare.co.uk our system automatically collects certain technical information. This can include:
- Information about the browser type and version used
- Operating system of the device from which the request originates
- Mobile device ID
- Date and time of access
- Web analysis data / pseudonymised user profile (cookie ID, ad ID etc., see below for more information)
- website from which the user got to our website
- website accessed by the user from our website
Furthermore, we process the following personal data where a contractual relationship exists between you and us, or where you have communicated the data to us in another manner:
- Personal master data (name, address, date of birth)
- Communication data (telephone number, email address)
- Contract master data (contractual relationship, product or contract interest)
- Login data with password
- Comments, reviews etc.
4. Occasions, reasons for and content of processing: The PPE Compare website and services in general
We always process your data on the basis of one or more legal permissions or with your consent.
a) Submission of reviews and comments
Personal data is collected by PPE Compare when you as a customer submit your review of a product, service, service provider or retailer (hereinafter also referred to as “online shop”), or participate in a survey. In this context, PPE Compare collects the data specified in the respective form and the IP address assigned to the device used by you at the relevant point in time.
Information about you will only be published on PPE Compare when this is indicated in the field of the form. In the case of opinions about Vendors/Suppliers, the customer or order number specified by you is also shared with the specific Vendor/Supplier; this is an integral part of our review and comment function, because only then can the online shop be notified of your comments and opinions. We collect and process the data you provide in order to be able to publish your review or comment as desired (Art. 6 para. 1 point b GDPR). In particular, we also require your email address, so we can contact you in the event of complaints and give you the opportunity to respond (Art. 6 para. 1 point c GDPR).
b) Shopping and direct checkout function
Based on Art. 6 para. 1 point b) of the GDPR, we additionally collect personal data when you as a customer directly submit a contractual offer for specific products listed on the PPE Compare website without leaving PPE Compare and being redirected to the website of the online shops offering these products (the “shopping function” and “direct checkout function”). PPE Compare collects this data in order to initiate the contract and process your order or booking, as well as for the invoicing of the respective online shop for our brokerage service.
PPE Compare transmits this personal data to the respective online shop, where this is required for the conclusion and processing of your contract. If PPE Compare and/or the online shop utilises the services of third parties as service providers for the completion and processing of the contract or the service booked, e.g. for the execution of the order, the processing of the payment or the shipping of goods (hereinafter referred to as “service providers”), the required data will only be shared with these third parties of the fulfilment and processing of your order. During the process of handling your order or purchase, you will also receive emails to the email address you provided from the respective online shop (e.g. order or purchase confirmation) and, if applicable, from service providers (e.g. payment confirmation or information about the shipping process).
c) Forms, comparison calculator and payment services for the shopping and direct checkout function:
Unless otherwise indicated, PPE Compare itself will collect the data you enter in the respective contact forms.
When you enter data in contact forms, we will only use the data for the purpose of conducting the communication with you and/or to provide the service you request; this constitutes our legitimate interest. The processing takes place in accordance with Art. 6 para. 1 point B of the GDPR.
d) Emails and Newsletter
We may use the email address you provided when registering or initiating a buying contract to contact you in relation to goods and services, your purchases and bookings or general information about PPE Compare. The processing of email addresses takes place on the basis of our legitimate interest in advertising our goods and services in accordance with Art. 6 para. 1 point f GDPR.
We will use your email address to send you our newsletter, provided that you have subscribed to it and consented to receiving it, including potential advertisements. In this case we will process your email address for the purposes of sending the newsletter as requested (Art. 6 para. 1 point b GDPR). You can object to the use of your email address for such purposes at any time in writing or via email (firstname.lastname@example.org).
The content of our newsletters is partly selected based on your prior use of the PPE Compare website and your expressed interest in products and content. This enables us to tailor the respective newsletter specifically to you and your interests. For example, if you have previously searched for face masks on the PPE Compare website, we would rather present you with face masks in our newsletter than other product groups. For this purpose, we also process data that we have collected via our cookies (for more information about these cookies, see paragraph 9 c. below), and link them to your email address. The legal basis for this data processing and the display of content relevant to you is Art. 6 para. 1 point f GDPR. However you can object to this data processing at any time (see section 16 a).
e) IP addresses
On the internet, every device needs a clear address in order to transmit data. This is known as its IP address. It is a technical requirement for the IP address to be saved, at least temporarily, in order to facilitate the delivery of the internet page to the user’s device.
a) Log files
For security purposes, our servers save the IP address in so-called log files for 14 days. Reasons for this include being able to determine what happens if an attack (DoS) is made on PPE Compare website, or if illegal analysis of our databases occurs. This is based on Art. 6 para. 1 point f GDPR.
b) Geolocalisation etc.
Before any further or other processing, we shorten the IP addresses, then process them in an anonymised state. Unabbreviated IP addresses are not processed further.
The processing of the (abbreviated) IP addresses allows us to display content with regional relevance on all PPE Compare website that are accessed from within a certain region. This so-called geolocalisation, or basing the appearance of a website on the location from which it is accessed takes place exclusively on the basis of anonymised IP addresses, and only to a regional level. Under no circumstances can the geographical information obtained, in this manner be used to determine the specific location of a user.
5. Occasions, reasons for and content of processing: My Wishlist and Price Alert
PPE Compare offers you the possibility of creating your own customer account free of charge. To use the “My PPE Compare” customer account, you must register with a valid email address and a password. We then use this data to provide you with the customer account, to manage it and to enable its use. This processing is based on Art. 6 para. 1 point b GDPR.
When registering for the “My PPE Compare” customer account, you consent to PPE Compare using cookies to collect information about your use of PPE Compare and connecting this information to your customer account for the purpose of personalised emails. Usage data is collected and saved whenever you search for or view products, add products to My Wishlist, purchase products using the buy function or use the Price Alert function. On the basis of your usage behaviour, PPE Compare creates a list of potential interests, which it uses to select content specifically tailored to you and display this content on PPE Compare pages, thus offering you the full range of functions available with the “My PPE Compare” customer account. This processing of data and, in particular the linking of data with your account, is based on Art. 6 para. 1 point a GDPR. Furthermore, this data processing and display of content relevant to you constitutes a legitimate interest in connection with Art. 6 para. 1 point f GDPR.
Based on this data, we also send you product-related and PPE Compare-related messages that we assume will be of interest to you to the email address associated with your customer account. The aim of these messages is to help you find the products and services that are right for you. Product recommendations and price information is typically included in the product-related emails. In this way, we will send you mails regarding price decreases for products you have searched for or viewed, as well as mails regarding suitable product alternatives or accessories. We will also inform you about price drops for products in My Wish List (see “My Wishlist” below) and for products for which you have set a Price Alert (see “Price Alerts” below). PPE Compare-related messages are also sent via email and typically refer to promotions, marketing campaigns and news (e.g. new discounts, voucher codes and competitions). In addition, PPE Compare-related messages serve to provide you with information regarding new features and usage possibilities both for general use of PPE Compare and for use of your PPE Compare customer account.
Alongside the services described above, the “My PPE Compare” customer account also offers you the following functions described below:
a) My Wishlist
You can “save” PPE Compare products by adding them to “My Wishlist”. You are identified as the owner of your “My Wishlist” list by the cookies that are used. The “My Wishlist” list allows you to compare products with one another in terms of their specifications and to access the Price Alert function. The “My Wishlist” list will be added to by PPE Compare with any products for which you have accessed the checkout screen but not completed the purchase using PPE Compare’s “shopping function”. Based on your “My Wishlist” list, you will receive product recommendations via email, for example if the prices of the products you have saved change. The legal basis here is Art. 6 para. 1 point b GDPR.
b) Price Alerts
You have the option of setting up a Price Alert for products, e.g. if you wish to purchase them for a lower price. You then enter your desired target price for each respective product using the Price Alert function. When you use the Price Alert function, PPE Compare saves your products and target prices together along with your email address, so that we can inform you in the event of price changes. At the same time, a value (“true” or “false”) is saved in the local storage of your browser, which helps us to decide whether to offer you suggestions for Price Alerts in the form of a pop-up. You can find an overview of the saved Price Alerts in your customer account. The legal basis here for processing is also Art. 6 para. 1 point b GDPR.
c) Order history
If you use the buy function, we provide an order history on the basis of Art. 6 para. 1 point b GDPR, provided that you were logged in to your “My PPE Compare” account at the time of purchase or booking. Your order or booking is linked to the pseudonymous user ID stored by us. In the order history you receive an overview of your completed purchases, as well as the processing and shipping status of current orders. You also have access to a contact form which you can use to make enquiries about your orders to PPE Compare customer service. When submitting the form, an email with the email address given at the time of purchase will be sent to noreply@PPECompare.co.uk
d) Account settings
You can change your password or delete your account in the customer account settings.
6. Location of processing
We ourselves do not transfer your personal data to countries outside of the European Economic Area (“EEA”), except in cases where it is permitted under the GDPR. Whether third parties, with whom you have your own contractual relationship (such as with Facebook, if you have a Facebook account) transfer data to countries outside of the EEA, is beyond our knowledge and influence.
Some of our contractual partners also process data in countries outside of the EEA. In order to also ensure the protection of your personal rights in the context of these data transfers, we use the standard contractual clauses of the EU Commission pursuant to Art. 46 para. 2 point c GDPR when drafting contractual relationships with recipients in third countries.
7. Disclosure of your data to third parties
We will only disclose your personal data to third parties where such a transmission is necessary in order to fulfil our legal obligations to you, and where this is visibly done by or together with another provider (e.g. in the case of cooperation agreements), where we are otherwise legally entitled or obliged to disclose the data, or where you have provided us with the relevant consent.
In certain cases, we also use external service providers or affiliated companies, which we have contracted to process data for us in accordance with our instructions. Such service providers are contractually bound by us as data processors in compliance with the strict provisions of the GDPR, and are not permitted to use your data for any further purposes. Data processors used by us perform in particular the following services: data centre, newsletter distribution and web/app analysis.
This disclosure of data to data processors takes place on the basis of Art. 28 para. 1 GDPR, or alternatively on the basis of our legitimate interest in the economic and technical benefits associated with the use of specialised data processors, Art. 6 para. 1 point f GDPR.
Where we are legally obliged to do so, or where this is permitted under data protection law, we will disclose personal data to public authorities, e.g. to police or the state prosecutor’s office (Art. 6 para. 1 point c GDPR). The disclosure of this data takes place on the basis of our legitimate interest in combating abuse, the prosecution of crimes, and in safeguarding, asserting and enforcing claims, which are not considered to be outweighed by your rights and interests in the protection of your personal data, Art. 6 para. 1 point f GDPR.
8. Cookies and other technologies
In order to ensure the full functionality of the PPE Compare website, PPE Compare and the third parties named below will save files to your device that amongst other things collect information regarding the use of a website or app, as well as additional data such as the IP address of the computer and information about the software being used (see above).
This typically involves the use of so-called cookies. Cookies are small files that your browser saves on your device in a folder created especially for this purpose. These allow it to be determined, for example, whether you have ever visited a website before. If you decide to stay logged into your user account despite leaving the PPE Compare website, cookies can also be used to save your login data e.g. for the user account, so that you do not need to enter this data every time you access the site.
Many cookies contain a unique identifier known as a cookie ID. This code consists of a sequence of characters that allow website and servers to be mapped to the specific internet browser in which the cookie has been saved. This enables the website visited to differentiate the individual browser of a specific user from other internet browsers that contain different cookies. This data is not collated with any other data sources.
You can prevent us from using cookies at any time by adjusting the corresponding setting in your internet browser, and thus permanently opt out. Furthermore, you can delete existing cookies at any time using your internet browser or other software programs. This is possible in all conventional internet browsers. If you deactivate cookies in the internet browser you use, you may not be able to make full use of all the functions of our website. In addition, you have the opportunity to object to analysis cookies and services (i.e. you can opt out; see Sections 9 and 10).
b) Web storage (session storage and local storage)
Web storage provides two data objects, the session storage and the local storage. The entries in session storage are removed automatically after the browser or app is closed. You can erase the entries in local storage (“Recently Viewed”) at any time by deleting the history in your browser.
The session storage saves information in order to recognise your browser or device from previous visits, and thus provide you with easier access to our services. You can prevent the use of web storage by changing the corresponding setting in your browser, which may restrict the functionality of the PPE Compare website.
The processing of data in web storage takes place on the basis of Art. 6 para. 1 point f) GDPR. Our legitimate interest lies in the purposes of processing as described above.
c) PPE Compare cookies
Cookies created by PPE Compare allow the collection of information regarding browser type/version, resolution, previous/new display variant, URL clickstream (order of the pages of our website that you have visited previously), time of visit(s) to the website, the reference in the PPE Compare database for the products/services added to “My Wishlist”, and the cookie number, but not personal details such as name, address or email address. We use these cookies for purposes of advertising, market research and when required, for the design of our services in conjunction with user needs. The cookies of PPE Compare are valid for a maximum of two years, unless you delete them sooner. The processing of data is justified in this case by Art. 6 para. 1 point f) GDPR, however you can object to this processing with effect for the future by emailing email@example.com. The subsequently set opt-out cookie and your objection remain valid as long as you do not delete your browser cookies.
9. Web analysis services, marketing
In order to continuously improve our content and adapt it to the interests of our users, and to display usage-based online advertising, we use a number of services that collect data from our website and the app, and analyse this data for us. Where these service providers are not themselves the data controller with specific regard to data protection legislation, they are always bound by instructions when processing the pseudonymised user data on the basis of a data processing agreement. The legal basis for this processing is always Art. 6 para. 1 point f GDPR.
Not all access to the PPE Compare pages is carried out via a web browser. In cases where users access PPE Compare from a mobile device, disabling cookies or changing web browser settings may not be possible.
You can find details of the analysis services and marketing partners we use:
a) Facebook Conversion Pixel
You can object to this processing of data via the Facebook Conversion Pixel with effect for the future by emailing firstname.lastname@example.org.
b) Google AdSense
We have integrated Google AdSense on this website. Google AdSense is an online service that allows the mediation of advertising on third-party website. Google AdSense is based on an algorithm that selects advertisements for third-party website based on the content of the respective third-party website. Google AdSense permits interest-oriented targeting of internet users, which is implemented by generating individual user profiles.
The operating company of the Google AdSense component is Alphabet Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA.
The purpose of the Google AdSense component is the integration of advertisements into our website. Google AdSense saves a cookie to your browser. The definition of cookies is available above. Saving the cookie allows Alphabet Inc. to analyse the use of our website. Each time one of the individual pages of this website, which we operate and on which a Google AdSense component has been integrated, is visited, the internet browser on your device is automatically prompted by the respective Google AdSense component to send data to Alphabet Inc. for the purposes of online advertising and the invoicing of commissions. Within the framework of this technical process, Alphabet Inc. receives knowledge of personal data, such as the IP address of the data subject, which is used by Alphabet Inc., amongst other things, to determine the origin of the visitor and the clicks, and subsequently to facilitate commission invoicing.
You can prevent cookies from being used by our website at any time, as already described above, by adjusting the corresponding setting in the internet browser used, and thus permanently opt out.
Activating this setting in the internet browser would also prevent Alphabet Inc. from saving a cookie on the information technology system of the data subject. Furthermore, you can delete any cookie saved by Alphabet Inc. at any time using your internet browser or other software programs.
Google AdSense additionally uses so-called tracking pixels. A tracking pixel is a miniature graphic that is embedded into website in order to allow log file recording and log file analysis, which allows a statistical analysis to be performed. This embedded tracking pixel means Alphabet Inc. can recognise when a website was opened by a data subject, and the links that the data subject clicked. Tracking pixels are used, amongst other things, to analyse the visitor traffic of a website.
Google AdSense sends personal data and information, including the IP address, which is necessary for the creation and invoicing of the displayed adverts, to Alphabet Inc. in the USA, where it is saved and processed. Under certain circumstances, Alphabet Inc. may disclose the personal data collected using this technical process to third parties.
Google AdSense is explained in greater detail at this link https://www.google.co.uk/intl/en/adsense/start/#/?modal_active=none and https://policies.google.com/technologies/partner-sites?hl=de. More information and options for the deactivation of this advertising placement can be found at https://adssettings.google.com/u/0/authenticated?hl=en.
c) Google AdWords
We have integrated Google AdWords on this website. Google AdWords is an online advertising service that allows advertisers to place advertisements both in the search results of Google and in Google’s advertising network. Google AdWords allows an advertiser to predefine certain keywords, by means of which an advertisement is displayed in the search results of Google exclusively when the user of the search engine accesses search results related to the keyword. In the Google advertising network, the advertisements are distributed to thematically relevant website using an automated algorithm with reference to the predefined keywords. The operating company of the services of Google AdWords is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA. The purpose of Google AdWords is to promote our website by displaying interest-based advertising on the website of third-party companies and in the search results of the Google search engine, as well as displaying third-party advertising on our website. If you come to our website via a Google advertisement, Google saves a so-called conversion cookie to the information technology system of the data subject. The definition of cookies is available above. A conversion cookie becomes invalid after thirty days and is not used to identify the data subject. Until the conversion cookie expires, it is used to determine whether certain sub-pages, for example the shopping basket of an online shop system, are accessed on our website. The conversion cookie allows both us and Google to track whether a data subject that comes to our website via an AdWords advertisement generates sales, i.e. whether a purchase has been completed or aborted.
The data and information collected by the conversion cookie is used by Google to create visitor statistics for our website. In turn, these are used by us to determine the total number of users that have accessed PPE Compare via AdWords advertisements, and thus to determine the success or failure of the respective AdWords advertisements, and to optimise these for the future. Neither our company nor any other advertising customers from Google AdWords receive information from Google that could allow the data subject to be identified.
The conversion cookie saves personal information, for example the website visited by the data subject. For each visit to our website, personal data is sent to Google in the USA, including the IP address of the internet connection used by the data subject. This personal data is saved by Google in the USA. Under certain circumstances, Google may disclose the personal data collected using this technical process to third parties.
The data subject can prevent cookies from being used by our website at any time, as already described above, by adjusting the corresponding setting in the internet browser used, and thus permanently opt out. Activating this setting in the internet browser in use would also prevent Google from saving a conversion cookie on the information technology system of the data subject. Furthermore, you can delete any cookie saved by Google AdWords at any time using your internet browser or other software programs.
The data subject also has the option of withdrawing consent for the display of interest-based advertising from Google. To do this, the data subject should access the link https://adssettings.google.com/u/0/authenticated?hl=en and change the desired settings in each internet browser that they use.
You can also deactivate or opt out of Google advertisements https://privacy.google.com/?hl=gb#google-experience wholly or in part.
You can also object to this processing of data by AdWords with effect for the future by clicking here.
d) Google Analytics
We have integrated Google Analytics (with anonymisation function). Google Analytics is a web analysis service. Web analysis is the recording, collection and evaluation of data regarding the behaviour of visitors to website. A web analysis service collects data, amongst other things, about the website from which a data subject arrived at another website (known as the referrer), which sub-pages of the website were accessed, or how often and for how long a sub-page was viewed. A web analysis is predominantly used for optimisation of a website and for the cost-benefit analysis of online advertising.
The operating company of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA.
For the web analysis via Google Analytics we use the suffix “_gat._anonymizeIp”. This suffix means that the IP address of the internet connection used by the data subject is abbreviated and anonymised by Google if the access to our website originates in a Member State of the European Union or from another signatory state to the Treaty on the European Economic Area.
The purpose of the Google Analytics component is the analysis of visitor traffic on our website. Google uses the data and information obtained, amongst other things, to analyse the use of our website, in order to compile online reports for us which identify the activities on our website, and in order to provide additional services relating to the use of our website.
Google Analytics saves a cookie to the information technology system of the data subject. The definition of cookies can be found above. Saving the cookie allows Google to analyse the use of our website. Each time one of the individual pages of this website, which we operate and on which a Google Analytics component has been integrated, is visited, the internet browser on the information technology system of the data subject is automatically prompted by the respective Google Analytics component to send data to Google for the purposes of online analysis. Within the framework of this technical process, Google receives knowledge of personal data, such as the IP address of the data subject, which is used by Google, amongst other things, to determine the origin of the visitor and the clicks, and subsequently to facilitate commission invoicing.
We use the Google Analytics feature “Demographic and Interests Reporting”. In order to compile these statistical reports, Google makes use of data that Google has collected in connection with interest-based advertising and visitor data (e.g. age, gender and interests) from third-party providers. PPE Compare cannot associate this data with a specific person or a specific user ID, but Google may be able to do so. You can opt out of data collection by Google by turning Google “ad personalisation” off at the following link: https://adssettings.google.com/authenticated
We also use the Google Analytics feature “Google Signals”. This feature provides aggregated reports on cross-device user counts as well as different groups of users based on the different device combinations they use. This information is not associated for us with a specific person or a specific user ID. However, in order to compile these reports, Google uses the data of its users who have the “ad personalisation” option turned on in their Google account settings. For this reason, we assume that Google can associate the data with specific users who have Google accounts. You can opt out of the collection of data via Google Signals by turning Google “ad personalisation” off in your Google account: https://support.google.com/ads/answer/2662922?hl=en.
You can also object to this processing of data via Google Analytics with effect for the future by clicking here.
e) Marketing networks (contact with PPE Compare users)
We work with the following affiliate marketing partners for the purpose of marketing our pages. Affiliate marketing is an internet-based form of referred business which enables the commercial operators of website, so-called merchants or advertisers, to place adverts on the website of third parties, marketing partners or so-called affiliates or publishers, usually on a commission per click or commission per sale basis. The merchant provides a form of advertising, such as a banner or another suitable means of internet advertising, via the affiliate network, which is then incorporated by an affiliate into its own website or advertised via other channels such as keyword advertising or email marketing.
For the purposes of measuring success and invoicing between the merchant and the affiliate for purchases made via the affiliate network, so-called cookies and conversion pixels from the respective affiliate partner are saved. These tracking cookies at no point store any personal data. The only data that is stored is the identification number of the affiliate who is forwarding a potential customer on to the merchant, as well as the order number of the website user and the advert on which the website user clicked. The legal basis for this data collection and storage is our interest in the marketing of PPE Compare pages in accordance with Art. 6 para. 1 point f GDPR.
AWIN AG, Stralauer Allee 2, 10245 Berlin, Germany
In addition, we use the AWIN conversion pixel to measure the success of our advertising. You can object to this processing of date via the AWIN conversion pixel by clicking here.
ii) Commission Junction
ValueClick Deutschland GmbH, Rosenheimer Straße 145e-f, 81671 Munich, Germany
iii) Performance Horizon
Performance Horizon Group Limited, Level 8, West One, Forth Banks, Newcastle Upon Tyne, NE1 3PA, United Kingdom
Tradedoubler GmbH, Herzog-Wilhelm-Straße 26, 80331 Munich, Germany
TradeTracker Deutschland GmbH, Eiffestraße 426, 20537 Hamburg, Germany
ad pepper media GmbH, Frankenstraße 150 C, Franken Campus, 90461 Nuremberg, Germany.
More information about all of the cookies used by Webgains along with useful tips on how you can remove them can be accessed at: http://www.webgains.com/public/de/datenschutzerklaerung/.
10. Social networks
Each time one of the individual pages of this website, on which a social network component (Facebook plug-in, LinkedIn plug-in, Pinterest plug-in, Twitter plug-in, YouTube plug-in) has been integrated, your internet browser is automatically prompted by the respective component of the social network to download a display of the corresponding component. Further information about the technical integration of each respective network can be accessed at the following links: Facebook: https://developers.facebook.com/docs/plugins/?locale=en_US, LinkdeIn: https://developer.linkedin.com/plugins, Pinterest https://developers.pinterest.com/, Twitter: https://about.twitter.com/de/resources/buttons, Xing: https://dev.xing.com/, Youtube: https://developers.google.com/youtube/. Within the scope of this technical process, the respective network receives concrete information about which subpages of our website you have visited.
Every time you access our website and are simultaneously logged into a social network, the social network in question detects which specific subpage of our webpage you have visited for the entire duration of each respective stay on our website. This information is collected by the respective component of the social network and associated with your account on the network. If you click on one of the social network buttons integrated on our website, post a comment or make a recommendation, the social network then assigns this data and information to the personal user account of the social network and stores the personal data. Google, for example, connects this personal data with other Google services, citing an optimisation of their services as the reason for doing so.
The network is sent information via the respective network component that you have visited our website, provided that you are logged into the network at the time our website is accessed; this occurs regardless of whether you click the component or not. If you do not wish for this information to be transmitted to the respective social network, then you can prevent this transmission by logging out of your respective social network account before accessing our website. However, the social network also records your page views regardless of whether you are logged into the social network when you visit PPE Compare pages.
We have integrated components of Facebook on this website. Facebook is a social network.
A social network is a place for social meetings on the internet, an online community which usually allows users to communicate with each other and interact in a virtual space. A social network may serve as a platform for exchanging opinions and experiences, or enable the internet community to provide personal or business-related information. Facebook allows social network users to create private profiles, upload photos and socialise by making friend requests, amongst other options.
Facebook is operated by Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States. If a data subject lives outside of the United States or Canada, the controller responsible for processing personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Under the following URL, we use Facebook fan pages, for which we share data protection responsiblities as joint controllers with Facebook (Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland):
We analyse how our fan pages (so-called Page Insights) are used in joint responsibility with Facebook. The information required by the GDPR about this data processing in connection with Page Insights can be found on Facebook, currently at https://www.facebook.com/privacy/explanation. Facebook also publishes the relevant contents of its contract with us, currently available at https://www.facebook.com/legal/terms/page_controller_addendum.
PPE Compare only receives anonymised data within the scope of Page Insights – we have no access to personal data that is processed by Facebook. This processing of anonymised data by us is based on legal regulations which allow us to process personal data because we have an overriding legitimate interest in gaining a better understanding of the interests of visitors to our fan pages (Art. 6 para. 1 point f GDPR).
We have integrated components of Twitter on this website. Twitter is a multilingual, publicly accessible microblogging service on which users may publish and spread so-called “tweets” (i.e. short messages) which are limited to 280 characters. These short messages are accessible to everyone, including those who are not logged into Twitter. The tweets are also displayed to the so-called followers of the respective user. Followers are other Twitter users who follow a user’s tweets. Furthermore, Twitter allows users to address a wider audience via hashtags, links or retweets.
Twitter is operated by Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
11. Payment providers
Should you use a paid service or purchase something via our website/app, we offer a variety of different payment methods. If you decide to use one of these payment service providers, you will leave our site. This payment service provider then collects and processes all data. No personal data, in particular no bank or credit card data, is disclosed to us. We are only informed about successful payment transactions. The following payment service providers are available:
We have integrated the PayPal payment method on this website. PayPal is an online payment service provider of PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg. Payments are processed via so-called PayPal accounts, which represent virtual private or business accounts. PayPal is also able to process virtual payments through credit cards when a user does not have a PayPal account. A PayPal account is managed using an email address, so there are no classic account numbers. PayPal makes it possible to prompt online payments to third parties or to receive payments. PayPal also acts as trustee and offers buyer protection services. If the data subject selects “PayPal” as the payment option during the ordering process in the online shop, the data subject’s data is automatically transmitted to PayPal. By selecting this payment option, the data subject agrees to the transmission of personal data required for payment processing. The personal data transmitted to PayPal typically includes the first name, last name, address, email address, IP address, telephone number, mobile phone number or any other data necessary for payment processing. Concluding the purchase contract also requires personal data related to the respective order. The purpose of transmitting data is to process the payment and prevent fraud. In particular, we shall transmit personal data to PayPal if a legitimate interest in the transmission exists. The personal data exchanged between PayPal and us shall be transmitted by PayPal to credit reporting agencies. This transmission is intended for identity and creditworthiness checks. PayPal will, if necessary, pass on personal data to affiliated companies and service providers or subcontractors to the extent that this is necessary to fulfil contractual obligations or if the data is to be processed on behalf of PayPal. The data subject can revoke at any time his/her consent from PayPal to handle personal data. A revocation shall not have any effect on personal data which must be processed, used or transmitted for the (contractual) processing of payments.
12. Retention period
We only store personal data as long as we are legally entitled to do so and as long as the purpose for processing data is still valid. Data will then be erased after a short period of time.
- If you have a customer account (see above for more information), your orders and purchases will be stored on your account until it is deleted. Any transactions that were made more than four years prior to the account being deleted will be deleted immediately; more recent transactions are deleted on a rolling basis when four years have passed since the purchase was made. If you use the buy function as a guest, the data collected during the process is deleted four years after the purchase or booking. Any other data associated with the customer account will be stored until you delete your account or until you have not logged into your account for more than 13 months.
- Data shall only be processed based on your consent and the data shall only be stored until you revoke your consent.
- The exact retention period of a cookie can be found in the respective cookie by displaying this cookie in your browser.
- Applicable laws also provide for certain minimum retention periods. It is, however, not always possible for us to specify the exact retention period for all data or categories of data. In regards to the retention period, we strictly adhere to the law. If, for example, it is still possible to make claims in regards to a contract, we retain the corresponding data and, when Art. 6 para. 1 point f GDPR is applied, your interests and/or basic rights and fundamental freedoms limit the retention period to be implemented and play a significant role in determining it once the requirements of the law are taken into consideration.
13. Repetition of notices of consent
Below you will find the notices of consent PPE Compare uses on its website and which you have issued to PPE Compare if required. PPE Compare records these statements of consent where appropriate. You may revoke your statement(s) of consent at any point in time, with effect for the future.
Registration for the “My PPE Compare” customer account:
Consent to receive email advertising:
- PPE Compare informs you of special shop offers and PPE Compare services. You can withdraw your consent to this at any time.
14. Contact data and your rights as the data subject
If you have any questions or suggestions regarding data protection or how to exercise your rights as the data subject, please contact us (immediately) at any time:
160 City Road
London EC1V 2NX
a) Revocation of consent/Objection to the processing of data
You may revoke your previously given consent at any point in time, with effect for the future, by contacting the address provided above. You may object to your email address being used for the purpose of sending out the newsletter at any time with effect for the future by contacting us either electronically or by post at email@example.com or 160 City Road, London EC1V 2NX, without incurring any costs other than the postage costs in accordance with the basic tariff.
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you, which is carried out on the basis of a legitimate or public interest. This also applies to profiling based on these provisions. In the event of an objection, we will no longer process personal data unless we can prove compelling and legitimate reasons for processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
If we process personal data for direct marketing purposes, you have the right to object at any time to the processing of the personal data for the purpose of such advertising by contacting us at the aforementioned contact address. This also applies to profiling, insofar as it is associated with such direct marketing. In addition, you have the right, on grounds relating to your particular situation, to object to the processing of personal data concerning you for scientific or historical research purposes, or for statistical purposes, unless such processing is necessary for the performance of a task carried out for reasons of public interest.
b) Art. 15 GDPR – right of access for the data subject
You have the right to request confirmation from us as to whether personal data relating to you is processed and, if so, what data this entails as well as the specific circumstances surrounding the processing of data.
c) Art. 16 GDPR – right to rectification:
You have the right to request that we immediately rectify any incorrect personal data concerning you. Taking into account the purposes of the processing, you also have the right to request that incomplete personal data concerning you be completed, also by means of a supplementary declaration.
d) Art. 17 GDPR – right to erasure:
You have the right to request that we immediately erase personal data concerning you if and to the extent the legal requirements to this regard are met.
e) Art. 18 GDPR – right to the restriction of processing:
You have the right to restrict the processing if and to the extent the legal requirements are met.
f) Art. 20 GDPR – right to data portability:
If data is processed by virtue of consent or in order to fulfil a contract, you have the right to receive the personal data that you have provided to us in a structured, common and machine-readable format, and in so far that it is technically feasible, to transmit this data to another controller without us impeding this process or to have this data directly transferred to another controller.
g) Art. 77 GDPR in connection with Section 19 of the Federal Data Protection Act (BDSG) (new) – right to lodge a complaint with a supervisory authority:
If you’re not satisfied with the way any complaint you make in relation to your personal information is handled by us, then you may be able to refer your complaint to the relevant data protection regulator. In the UK, this is the Information Commissioner’s Office.
h) Existence of automated decision-making
We refrain from automatic decision-making including profiling according to Art. 22 GDPR.
Issued on: 12th June 2020