PRIVACY POLICY

1. Controller and general principles of data protection

We,

BLACKROLL AG
Hauptstrasse 17
CH-8598 Bottighofen 
Switzerland
phone/CH: +41 (0)71 508 5779
phone/DE: +49 (0)7141 309 8853 0
represented by its CEO Marius Keckeisen
commercial registry office: Canton of Thurgau
company identification number (UID) / company number: CHE-228.574.355
support@blackroll.com
www.blackroll.de,

as the provider of the web pages that can be visited at “www.blackroll.de” and “www.blackroll.com” (hereinafter referred to as the “Website”) and of the web shop available on the Website (hereinafter referred to as the “Online Shop”) place great emphasis on the protection and security of your personal data. 

While collecting, processing and using your personal data, the protection of your privacy and compliance with the data protection rules and regulations is of particular importance to us. Therefore, your personal data is exclusively collected, processed and used in compliance with data protection rules and regulation. 

As the controller, it is important to us that you may rely on compliance with data protection rules and regulations at all time when using our Website and the online services. We would like to inform you which personal data will be collected during your visit to our Website and while using our online services and how we process and use this information. The following information is provided for the purpose of keeping you informed. In addition, we would like to inform you which measures we will take to protect your personal data from manipulation, loss, destruction and misuse. 

This Privacy Policy only applies to our Website and the online services made available via this Website, including our Online Shop. In particular, the following paragraphs do not apply to third-party web pages linked by outgoing links or - vice versa - that are linked with our Website by incoming links. Other BLACKROLL web pages and services, e.g., our BLACKROLL App, are exclusively governed by the privacy policy available on such pages and services. 

2. Collection and use of your personal data

Personal data consists of details regarding the personal or material circumstances of an identified or identifiable individual. Consequently, your personal data comprises all information that allows your identification, such as your name, address, phone number or your email account. We will only collect, process and use personal data if and to the extent that you have voluntarily shared this information for a specific collection and/or use of data, a legal provision permits the specific data collection and/or use, or if you have granted your prior express consent. 

Since our headquarters is located in Switzerland and our Website and Online Shop are operated from Switzerland, the collection, processing and use of your personal data is generally carried out in Switzerland, unless otherwise provided in this Privacy Policy. In detail, we collect, process and use your personal data for the following purposes:

a) Creation of customer account and online shopping:

aa) Customer account
We will set up a password-protected direct access to the inventory data (Bestandsdaten) that we have stored on any customer (customer account) who duly registers. This is where you can look up data on your completed, pending and shipped orders and edit your address data and newsletter settings. You agree to keep your personal login data strictly confidential and not to allow access by any unauthorized third party. We cannot accept any liability for passwords that were misused, unless we were responsible for the misuse.

bb) Collection, processing and use of your personal data 
Data protection is very important to us. For this reason, we strictly comply with the statutory data protection rules and regulations during the collection, processing and use of your personal data. 

In our Online Shop, we collect, store and process your data for the entire purchase transaction, including subsequent warranty claims, if any, and the corresponding services, technical administration and, to the extent permissible by virtue of law or a separate consent, for our own marketing purposes. Your personal data will only be provided or transmitted to third parties if required for processing the purchase transaction or for settlement or if you have granted your express prior consent. For example, in the course of the purchase transaction the service providers retained by us (such as carriers, logistics companies, banks) will be provided with the necessary information for processing the purchase order and handling the purchase transaction. The information disclosed for this purpose may only be used by our service providers to complete the tasks assigned to them. Any other use of this information is not permissible and will not occur at any of the service providers retained by us. 

Together with your purchase order we need your accurate name, address and payment details. We need your email account to be able to confirm receipt of your purchase order and for communication with you. We will also use it for identifying you (customer log-in). Furthermore, you will receive our order and shipping confirmation by email.

Your personal data will be deleted when this data is no longer required for the purpose for which it had been stored, unless statutory retention duties provide otherwise, or if its storage is not permissible for other statutory reasons. In these events, you may assert your claim to deletion of personal data.

cc) Collection of claims / payment processing
We use the following payment service providers for payment processing: 
• PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg
• SOFORT GmbH, Theresienhöhe 12, D-80339 Munich, Germany
• credit card payments via PAYMILL GmbH, St.-Cajetan-Strasse 43, D-81669 Munich, Germany
Your payment details will be transferred to the corresponding payment service provider for the purpose of payment processing. 
Please note that the privacy and/or security policy of the corresponding payment service provider will apply: 
• PayPal (Europe) S.à r.l. et Cie, S.C.A., http://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE
• SOFORT GmbH, https://www.sofort.com/ger-DE/kaeufer/su/so-sicher-ist-sofort-ueberweisung/ 
• PAYMILL GmbH, https://www.paymill.com/de/datenschutz 

b) Communication via contact feature or email: 

If you contact us by email, the collection, processing and use of your contact data that you shared voluntarily (e.g., name, email account) will only occur for a certain purpose, either for receiving and, if applicable, for answering your inquiry (inquiries) and for technical administration.

If you use the feature for contacting the advertiser directly, the collection, processing and use of your contact data that you shared voluntarily (e.g., name, email account) will also only occur for a certain purpose, for transmitting your inquiry (inquiries) to the designated recipient and for technical administration. The same applies to the reply to such inquiries by the advertiser. 

Since the communication by email and using the contact feature will not occur via a secured data link, please do not send confidential information such as bank or credit card data, etc. 

c) Publication of job advertisements / online job applications

We will electronically collect and process your application data for the purpose of processing job applications. In the event an employment contract is entered as a consequence of your application, the data you shared may be stored in your personnel file for the purpose of the regular organizational and administration process, provided, however that the applicable statutory provisions are complied with. 

In the event your application is rejected, the data you shared will be automatically deleted within two (2) months from the notice of rejection. This shall not apply, if due to the statutory requirements (e.g., burden of proof in accordance with the General Equal Treatment Act) an extended storage period is required or if you have granted your express consent to a longer storage in our job candidate database. 

d) Collection and use of data for marketing purposes

Furthermore, we will also use your data to communicate with you, subject to the following paragraphs, about products, services and/or marketing campaigns and to suggest products or services that may be of interest to you.

You may object to the use of your personal data for marketing purposes at any time without incurring any other than the transmission charges included in the basic telecommunication rates. Likewise, you have the right to revoke any consent that you may have granted separately. A written notice (e.g., email, letter) to the contact indicated in Art. 8 is sufficient.

aa) Newsletter:
The newsletter is mailed using the so-called double opt-in procedure, i.e., we will not send you a newsletter by email, unless you have expressly confirmed that you wish us to activate the newsletter service. We will then send you an email confirmation and ask you to confirm by clicking on the link contained in that email that you wish to receive our newsletter. Upon completion of this separate double opt-in procedure, you have granted your consent to receiving the newsletter.

In the event the newsletter is subscribed to from within a user account, we may omit the renewed double opt-in, since your email account was verified by a confirmation link during the activation of your customer account. In this case, a simple opt-in (by clicking a check box) in the customer account is sufficient. 

In the event you should decide at a later date that you do not wish to receive our newsletter any more, you may revoke your consent at any time without incurring any other expenses than the transmission charges included in the basic telecommunication rates. A notice in text form (e.g., email, letter) to the contact indicated in Art. 1 is sufficient. Of course, you will find an unsubscribe link in every newsletter. 

The newsletter is mailed using “MailChimp”, a newsletter mailing platform operated by the U.S. provider Rocket Science Group LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, U.S. In this context, data will be processed on our behalf subject to a data processing agreement that we have concluded with MailChimp. In that agreement, MailChimp agrees to protect the data of our users, to process it only on our behalf and, in particular, not to disclose it to any third party

The email accounts of our newsletter recipients and any other data referred to in this notice will be stored on the U.S. based servers of MailChimp. MailChimp will use this information for mailing and analyzing the newsletter on our behalf. Furthermore, according to MailChimp, it may use this data to optimize or improve its own services, e.g., for technical optimization of bulk mailings, the appearance of the newsletter or for economic purposes in order to determine in which countries the recipients are based. However, MailChimp will neither use the data of our newsletter recipients to contact them on its own behalf nor disclose this data to third parties.

We trust in the reliability, IT and data security of MailChimp. MailChimp has been certified in accordance with the U.S.-EU data protection treaty “Privacy Shield” and, thus, undertakes to comply with the EU data protection requirements. 

To review the privacy policy of MailChimp please go to: https://mailchimp.com/legal/privacy/

We would like to draw your attention to the fact that following the mailing of the newsletter your user behavior regarding our newsletter will be analyzed on our behalf. This analysis is based on so-called web beacons, also known as tracking pixels, that are included in the email messages. These are one-pixel image files that are linked with our website and, thus, allow us to analyze your user behavior in connection with our newsletter. This is achieved by collecting technical information, e.g., on your browser, your system, your IP address and the time of download as well as web beacons that are matched with your email account and assigned their own ID. 

Tracking using web beacons is not possible, if you have deactivated the display of images by default in your email browser. However, in that case, the newsletter will not be fully displayed and you may not be able to use all of the features. If you manually download the images, this will enable the tracking described above. 

bb) Market and consumer research:
In addition, we will use your data for market and consumer research. It goes without saying that we will use this data exclusively in an anonymized manner for our own statistic purposes. Answers that you give in inquiries will neither be disclosed to third parties nor published. When you respond to inquiries, we will not store your answers together with your email account or other personal data.

The personal data collected for the purposes described above will only be used for their intended purposes or to the extent required for safeguarding the legitimate interests of BLACKROLL.

Your personal data will be communicated to third parties, if and to the extent required for the intended use. In all other cases, your personal data will not be disclosed to third parties without your prior consent, unless we are obligated to do so in accordance with a court or official order.

3. Server log files

When you visit our Website and use our online services, the following information will be transmitted regarding your browser and temporarily stored in log file: 

− browser type/version and operation system used,
− referrer URL (source of a link to our Website),
− pages / files opened
− IP address of requesting computer,
− date and time of server request

Storage of this information in so-called server log files is required for technical reasons and for ensuring the system security. This data will be anonymized and analyzed exclusively for statistical purposes and for improving the quality of our Website. Neither we nor any third party retained by us will attempt to identify individuals using this data. Likewise, we will not create personal user profiles based on this data. 

4. Cookies 

When you visit our Website and our Online Shop, we may store information in the form of a cookie or using a technology comparable with cookies on the computer or mobile device that you use (hereinafter collectively referred to as: “Cookies”) 

Accepting these Cookies is not a prerequisite for visiting our Website or using the Online Shop. However, please note that some features are only usable if you allow us to place Cookies on your computer or device. 

a) What are Cookies?

Cookies are small files that are stored on your data medium and that store certain settings and data for data exchange with our system via your browser. Generally, there are two different kind of Cookies: the so-called session cookies that are deleted as soon as you close your browser and temporary and/or permanent cookies that are stored on your data medium for an extended or indefinite period. Storing Cookies on your computer enables us to design our Website and Online Shop and the services offered through these channels in a useful way and to make our offers more accessible to you. 

b) Which Cookies do we use?

Most of the Cookies used by us will be automatically removed from your data medium at the end of a session (hence the name “session cookies”). For instance, session cookies are needed to offer you the shopping cart feature across several web pages. Furthermore, we also use Cookies that remain on your computer or device after the end of a session. When you revisit the Website or Online Shop, our system will automatically know that you have visited us before and which settings and input you prefer. These temporary and/or permanent Cookies (life span of one (1) month up to a maximum of two (2) years) will be stored on your data medium. The reference files stored on our web server in connection with these Cookies will be automatically deleted upon the expiration of the predefined period. In particular, these Cookies serve the purpose of making our offer more user-friendly, effective and safer. The sole purpose of these Cookies is to ideally tailor our offer to your needs and to make your visit to our Website and the use of our Online Shop as comfortable as possible. 

c) What data is stored in Cookies?

The Cookies used by us do not store any personal data. The Cookies we use may not be attributed to a certain individual, and, thus, they do not identify you. When a Cookie is activated, it is assigned an identification code. We do not match your personal data with other information. Based on the Cookie technology, we will, at the most, receive pseudonymized information, for example, which of our pages were visited and which of the offered services were used.

d) How can I prevent the storing of Cookies?

You can make settings in your browser to disallow the use of Cookies, unless you agree. If you do not agree on a case by case basis, this constitutes an objection to our use of Cookies. 

If you do not wish us to recognize the computer or mobile device that you operate, you can prevent the storing of Cookies on your data medium by selecting “do not accept Cookies” in your browser settings. For further details please refer to the user manual provided by the producer of your browser. In addition, you can deactivate all Cookies or any other types of tracking (e.g., tracking pixels) using free browser add-ons, e.g., “Adblock Plus” (https://adblockplus.org/de/) in combination with the “EasyPrivacy” list (https://easylist.to/). If you do not accept Cookies, this may result in a limited usability of our offers.

5. Web analysis tools / Google Analytics

In order to continuously improve and optimize our offer we use so-called tracking technologies. In connection herewith, we use the services of Google Analytics.

Google Analytics is a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, U.S. ("Google"). Google Analytics uses "Cookies", i.e., text files that are stored on your computer and that allow us to analyze your use of our offer. The Cookie collects information on the use of our Website (including your IP address), sends them to Google and Google stores them. Note: In our Website, we have amended Google Analytics by the code string “gat._anonymizeIp();”, in order to ensure the anonymized collection of IP addresses (so-called IP masking). This means, we have ensured that only a shortened version of your IP address can be read by Google, which ensures that your IP address is anonymized and no conclusions regarding your identity can be drawn. To this end, your IP address will be shortened by Google within any of the member states of the European Union or in any other countries which are contracting parties to the Agreement on the European Economic Area prior to transfer to the United States. Only in exceptional cases, the full IP address will be transferred to a Google server within the U.S. and shortened afterwards. Google has obtained a Privacy Shield Certification and agreed to compliance with the Privacy Shield Treaty between the EU and the U.S. on the collection, use and storage of personal data from EU member states, as published by the U.S. Department of Commerce. Google will use the information mentioned above to analyze your use of our website in order to create website activity reports for us and to provide additional services to us in connection with the use of websites and the Internet. Google will not combine the IP address forwarded by your browser as part of the Google Analytics activities with other data. Any transfer of this data by Google to third parties will only occur in accordance with statutory provisions or in the course of commissioned data processing. 

You can prevent the storing of Cookies by making the appropriate settings in your browser software. However, please note, that in this case you may not be able to use the full functionality of our Website. In addition, you can prevent the collection of data generated by the Cookie and related to your use of this Website (incl. your IP address) by Google and the processing of this data by Google, by downloading and installing the browser plug-in available from the following link: http://tools.google.com/dlpage/gaoptout?hl=de

For detailed information on Google Analytics and data privacy please refer to https://support.google.com/analytics/answer/6004245?hl=de.

6. Retargeting/remarketing

In our Website and Online Shop we use retargeting/remarketing technologies to optimize our offer.

a) What is retargeting/remarketing?
Our Website uses Cookies/tracking technology to collect data for the optimization of our advertising activities and the entire online offer (so-called retargeting/remarketing). This data will not be used to identify you as an individual, but merely serves the purpose of analyzing the use of our Website and to tailor advertising to users who had already shown interest in our Online Shop and products - both on our Website and on our partners’ websites. The use of this technology allows us and our partners to present ads or special offers and services to you. These contents are based, e.g., on information obtained from the click stream analysis (e.g., advertising that considers the fact that recently only certain items had been looked up in our offer). We are convinced that interest-based advertising is generally more appealing to the user than advertising that is not tailored to the user’s needs. The display of advertising on our Website or on our partners’ websites occurs based on an analysis of the user’s previous browsing behavior. However, user profiles are only created as anonymized and/or pseudonymized profiles. By no means, your tracking data will be combined with the personal data stored on our servers. In the following section of this Privacy Policy, you will learn how to deactivate retargeting/remarketing technologies.

b) Google AdWords Remarketing and Facebook Custom Audience
In this Website, we use the remarketing or “Similar audiences” feature of AdWords offered by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to as “Google”. 

Google uses Cookies/tracking technologies, i.e., text files that are stored on your computer and that allow us to analyze your use of our Website. Information generated by Cookies/tracking technology on your use of this Website (including your IP address) will be transferred to a Google server in the U.S. and stored on that server. After that, that last three digits of the IP address will be deleted by Google so that it is no longer possible to clearly match this IP address with personal data.

Google has obtained a Privacy Shield Certification and agreed to compliance with the Privacy Shield Treaty between the EU and the U.S. on the collection, use and storage of personal data from EU member states, as published by the U.S. Department of Commerce. Google will use this information to analyze your use of the Website, to create website activity reports for the website operators and to provide additional services in connection with the use of the Website and the Internet. Furthermore, Google may transfer this information to third parties, if it is required to do so in accordance with statutory provisions or if third parties process data on behalf of Google.

Third party providers, including Google, place advertisements on websites on the Internet. Third party providers, including Google, use stored Cookies/tracking information to place advertisements based on previous visits of a user on this Website. 

For additional information on the anonymous analysis of your search behavior please refer to: https://support.google.com/analytics/answer/6004245?hl=de
http://www.google.com/policies/technologies/ads/

You may object to data collection and storage for the purpose of remarketing at any time - this objection will be effective for the future, but not retroactively - by deactivating interest-based advertising in Google or by deactivating the services on the website of the Network Advertising Initiative. Note: in that case, you may not be able to use all features of this Website anymore. By using this Website, you grant your consent to the processing of data collected about you by Google in the manner and for the purpose described above.

Furthermore, this Website uses retargeting tags and Custom Audience of Facebook Inc., 1601 South California Avenue, Palo Alto, CA 94304 U.S., hereinafter referred to as “Facebook”.

When you visit our web pages, remarketing tags will build a direct connection between your browser and the Facebook server. This way, Facebook learns that you have visited our web page with your IP address. This will enable Facebook to match your visit of our pages with your user account. The information obtained this way can be used to display Facebook ads. Please note that we as the provider of the web pages do not receive any information on the contents of data transferred and their use by Facebook.

With regard to the use of Custom Audience we would like to point out that Facebook and third parties use cookies, web beacons or similar technologies to collect or gather information on this Website. Based on the data gained we can make our Facebook activities more efficient and, e.g., arrange for contents or ads to be shown only to visitors of our Website. The data collected this way will encrypted and transferred to Facebook and is anonymous for us, e.g., we cannot see personal data of individual users.

For further information on the privacy policy of Facebook and Custom Audience please refer to https://www.facebook.com/about/privacy/ or https://www.facebook.com/business/a/online-sales/custom-audiences-website. If you do not wish your data to be collected via Custom Audience, you can deactivate Custom Audience using this link.

In addition, you can also deactivate Google remarketing, retargeting tags and Facebook Custom Audience as well as any cookies or other types of tracking (e.g., tracking pixels) using free browser add-ons, such as “Adblock Plus” (https://adblockplus.org/de/) in combination with the “EasyPrivacy” list (https://easylist.to/).

7. Security

We take technical and organizational precautions to protect your personal data against coincidental or willful manipulation, loss, destruction or access of unauthorized parties. Our data processing and safety measures will be continuously improved based on the state of the art. 

We transfer personal data that you share during the registration process safely by using encryption. This applies to the registration as well as to the customer log-in. To this end, we use the SSL (Secure Socket Layer) coding system. While it is impossible to guarantee full security, we protect our Website and other systems by technical and organizational measures against the loss, destruction, access, modification and dissemination of your data by unauthorized parties. 

Please note that we are unable to guarantee, in particular, with regard to communication via the contact feature and email, absolute data security. In particular, when confidential data is concerned, we recommend using a safe communication channel, e.g., postal mail.

Our employees are bound to compliance with data secrecy rules and regulations.

8. Retention

Your personal data will be deleted when this data is no longer required for the purpose for which it had been stored, unless statutory retention duties provide otherwise, or if its storage is not permissible for other statutory reasons. In these events, you may assert your claim to deletion of personal data. Instead of deleting data it can also be blocked, if the deletion conflicts with statutory or contractual retention periods, if there is reason to believe interests that objectively warrant protection would be adversely affected by the deletion, or if due to the particular type of storage the deletion is not possible or only with a disproportionate amount of effort.

9. Your rights 

If you should have any questions on the collection, processing and/or use of your personal data by us, we will be glad to provide you with information on the data stored about you - at any time, free of charge and promptly. Please contact us if you wish your data to be corrected, blocked or deleted or if you should have any complaints, inquiries or general questions on the topic of data protection. Please address your letter to Blackroll AG, Hauptstrasse 17, CH-8598 Bottighofen, Switzerland, or send an email to the following account: support@blackroll.com. 

10. Modifications

From time to time it may become necessary to modify, change or amend the content of this Privacy Policy. Therefore, we reserve the right to modify, change or amend it at any time. We will publish the revised version of this Privacy Policy on this same web page. We recommend reading this Privacy Policy before any visit of our Website. 

Last revised: March 2017