- 1. General information about data processing
- 2. Accessing and using the website
- 3. Contact by email and telephone
- 4. Newsletters
- 6. Google Analytics tracking
- 7. Subscription to nomad magazine (print and digital)
- 8. Processing of online orders
- 9. Your rights as a data subject
- 10. Data controller, data protection officer, supervisory authority
- 11. Changes
I. General information about data processing
1. As a general principle, we only process personal data of our website users where necessary for providing a functioning website and our content and services. Regular processing of personal data of our website users is exclusively performed with the consent of the user. Exceptional cases constitute cases where prior consent cannot be obtained for practical reasons and data processing is permitted by law.
2. Where we obtain consent from the data subject for processing personal data, the lawful basis is provided by Art. 6(1) a EU General Data Protection Regulation (GDPR).
3. The lawful basis for our processing of personal data which are required for the fulfilment of a contract and where the data subject is the contractual party is set forth in Art. 6(1) b GDPR. This provision also includes processing which is required for the fulfilment of pre-contractual measures.
4. Where processing of personal data is required for compliance with a legal obligation to which our organization is subject, the lawful basis is provided by Art. 6(1) c GDPR.
5. Where processing of personal data is necessary to protect the vital interests of the data subject or other natural person, the lawful basis is provided by Art. 6(1) d GDPR.
6. If processing is necessary for the purposes of legitimate interests pursued by our organization or by a third party and such legitimate interests override the interests or fundamental rights and freedoms of the data subject, the lawful basis is provided by Art. 6(1) f GDPR.
7. The personal data of the data subject is erased or blocked as soon as the purpose of saving the data no longer applies. The personal data may be stored if such storage was envisaged by European or national legislation in European Union regulations, laws or other provisions to which the data controller is subject. The data may be blocked or erased upon expiry of a time limit for storing the data imposed by the specified standards unless there are grounds for continued storage of the data for the purpose of concluding or fulfilling a contract.
II. Accessing and using the website
1. Every time our website is accessed, our system automatically records data and information about the computer system of the device accessing the website. The following data are collected:
- Information about the browser type and version used
- The user’s operating system
- The user’s Internet service provider
- The user’s IP address
- The date and time of access
- Websites from which the user’s system accessed our website
- Websites accessed via our website by the user’s system
The data are transmitted to our website server and stored on our system temporarily in the form of log files.
2. Temporary storage of the IP address on our system is necessary to enable the website to be provided to the user’s device. To do this, the user’s IP address must be saved for the duration of the session. The data are stored in log files to ensure website functionality. In addition, we use the data to optimise our website and safeguard the security of our IT systems. No analysis of the data for marketing purposes takes place.
3. The lawful basis for temporary storage of the data and log files is Article 6(1) f GDPR. This also constitutes a legitimate interest in accordance with Article 6(1) f GDPR.
4. Your personal data are erased as soon as they are no longer required for the purpose for which they were collected. In the case of personal data collected for the purpose of provision of our website, erasure takes place when the session in question ends. For data stored in log files, this is after seven days at the latest. The data may be stored for a longer period. In this case the users’ IP addresses are deleted or anonymised, thus preventing any association with the device accessing the website.
5. Collection of the data for the purpose of providing the website and storage of the data in log files is essential to enable our website to operate. Given this, users have no recourse to objection.
III. Contact by email and telephone
1. Our website provides email addresses and telephone numbers for the purpose of contacting us. Personal data of users, particularly names and contact details, which are supplied by email or telephone are treated with strict confidentiality.
2. Users’ personal data provided by email or telephone are stored and used solely for processing and responding to the users’ enquiries or issues. We never share personal data with third parties in this context. The data are used exclusively for processing users’ enquiries, queries or communication.
3. The lawful basis for our processing of personal data provided by the user during contact by email or telephone is provided by Art. 6(1) f GDPR. This also constitutes our legitimate interest in processing the data required by the GDPR. If the user’s email contact has the purpose of concluding a contract to which the data subject is a party, the additional lawful basis for our processing of the personal data is set forth in Art. 6(1) b GDPR.
4. The personal data provided by email or telephone are deleted as soon as they are no longer required for the purpose for which they were collected, i.e. when the user’s enquiry or issue has been dealt with or answered. This is also the case where circumstances allow the conclusion that the subject of the enquiry or issue in question has been clarified and no further communication is to be expected in this context.
5. Site users who contact us by email may withdraw their consent to saving their personal data at any time; see Section 9.7. in this respect. In this case the communication cannot continue. All personal data saved during the course of contact are erased.
2. Users’ email addresses are collected for the purpose of mailing the newsletter.
3. The lawful basis for processing these data after signup for receiving the newsletter is provided by the user’s granting of consent in accordance with Article 6(1) a GDPR.
4. Users’ personal data are deleted as soon as they are no longer required for the purpose for which they were collected. Accordingly, users’ email addresses are thus saved as long as users do not withdraw their consent and the newsletter subscription is active.
5. Users can unsubscribe from the newsletter at any time by withdrawing their consent. Every newsletter contains a link to click in order to withdraw consent. Withdrawal of consent can also be effected by submitting a separate statement in accordance with Section 9.8.
2. Cookies may contain data allowing the device used to be recognised. However, many cookies simply contain information about specific settings which cannot be associated with individual users. Cookies are not capable of identifying users directly.
3. Cookies may be session cookies, which are deleted as soon as you close your browser, or persistent (permanent) cookies, which are stored beyond the end of the individual setting. With respect to their functions, cookies fall into the following categories:
- Technical cookies: These cookies are essential for users to move around the website and use basic functions and also ensure the security of the website. They do not collect information about you for marketing purposes or save the websites you have visited.
- Performance cookies: These cookies collect information about how you use our website, the pages you visit and, for example, whether errors occur during your use of the website. They do not collect information that permits you to be identified; all the information they collect is anonymous and used solely for the purpose of improving our website and finding out about our users’ interests.
- Advertising cookies, targeting cookies: These cookies have the purpose of displaying interest-based advertising or offers from third parties on the website and of measuring the effectiveness of these offerings. Advertising and targeting cookies are stored for a maximum of 13 months.
- Sharing cookies: These cookies serve to improve the interactivity of our website with other services (e.g. social networks). Sharing cookies are stored for a maximum of 13 months.
VI. Google Analytics tracking
This website has activated IP anonymisation. Users’ IP addresses are truncated within EU member states and the European Economic Area. This truncation eliminates the possibility of personal identification through your IP address. Under the contract data processing agreement concluded between the website operators and Google Inc., Google Inc. will use the information collected to analyse website use and activity and provide services associated with the website use.
You can prevent cookies from being stored on your device by changing your browser settings accordingly. However, you may not be able to access all functions of the website if your browser does not allow cookies.
You can also use a browser plugin to prevent information collected by cookies (including your IP address) being sent to and used by Google Inc. You can access the plugin at the following link: https://tools.google.com/dlpage/gaoptout?hl=de
For more information about Google Inc.’s use of data, see: https://support.google.com/analytics/answer/6004245?hl=de
VII. Subscription to nomad magazine
1. If you subscribe to nomad magazine in our online shop, we store the following personal data in a password-protected customer account:
- First name, last name
- Billing and delivery address
- Email address
- Billing and payment data
- Telephone number (optional)
- Digital subscribers only: User name and password
2. During the data processing described above, your data will only be shared with the postal service or a mailing service provider for the purpose of delivery of your order. If you have selected credit card or PayPal as payment option, after completion of the order we redirect you to the payment service provider PayPal (in the case of credit card payment, also: PayPal). After logging in with the payment service provider, you can instruct the provider to execute payment. Any other sharing of personal data with third parties is excluded as a general principle.
3. The legal basis for this is provided by Art. 6(1) b GDPR, i.e. you provide us with your personal data on the basis of, or in advance of, the contractual relationship between you and us.
4. If you terminate your subscription, your personal data collected for the purpose of executing your order continue to be stored until expiry of statutory or any contractual limitations on the assertion of rights with respect to the order contract. After expiry of this period, we continue to retain information concerning the contractual relationship which is required under commercial and fiscal law for the statutory periods. During this period (generally ten years after conclusion of contract), the data will only be reprocessed in the event of an audit by the financial authorities or a customer enquiry or query.
VIII. Processing of online orders for the magazine or other goods
1. In the case of a single order of nomad magazine or other goods, we likewise process the data necessary for concluding the sale and executing and delivering the order. These particularly include your
- First name, last name
- Billing and delivery address
- Email address
- Billing and payment data
- Date of birth6. Telephone number (optional)
2. During the data processing described above, your data will only be shared with the postal service for the purpose of delivery of your order. If you have selected credit card or PayPal as payment option, after completion of the order we redirect you to the payment service provider PayPal (in the case of credit card payment, also: PayPal). After logging in with the payment service provider, you can instruct the provider to execute payment. Any other sharing of personal data with third parties is excluded as a general principle.
3. The legal basis for this is provided by Art. 6(1) b GDPR, i.e. you provide us with your personal data on the basis of the contractual relationship between you and us.
4. Your personal data collected for the purpose of executing your order continue to be stored until expiry of statutory or any contractual limitations on the assertion of rights with respect to the order contract. After expiry of this period, we continue to retain information concerning the contractual relationship which is required under commercial and fiscal law for the statutory periods. During this period (generally ten years after conclusion of contract), the data will only be reprocessed in the event of an audit by the financial authorities or a customer enquiry or query.
IX. Your rights as a data subject
In addition to the right of withdrawal of the consents granted to us, you have the following further rights where the relevant legal preconditions are fulfilled:
1. Right to information
You can require us to confirm whether your personal data are processed by us. If this is the case, you may require us to provide the following information:
- The purposes for which the personal data are processed;
- The categories of personal data which are processed;
- The recipient or categories of recipients with which your personal data was or will be shared;
- The intended duration of storage of your personal data or, if no concrete details of this are possible, the criteria used for deciding the duration of storage;
- Information on the existence of rights of confirmation or erasure of your personal data or rights of limitation of processing by us, or information on the right to object to said processing;
- Information on the existence of the right to lodge a complaint with a supervisory authority;
- If personal data for the data subject are not collected, all available information on the origins of the data;
- Information on the existence of automated decision-making, including profiling, as described in Article 22(1) and (4) GDPR and—at least in those cases—meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to request information about whether your personal data has been transmitted to a third country or international organisation. In this context you may request to be informed of any appropriate guarantees under Art. 46 GDPR in connection with the transmission of the data.
2. Right to rectification
You have the right to require us to rectify and/or complete any inaccurate or incomplete personal data concerning you in the data undergoing processing. We shall undertake rectification immediately.
3. Right to restriction of processing
You may request restriction of processing of your personal data under the following conditions:
- Cases where you dispute the accuracy of your personal data for a duration enabling us to verify the accuracy of the personal data;
- Cases where the processing is unlawful and you oppose the erasure of your personal data and request the restriction of their use instead;
- Cases where we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
- Cases where you have objected to processing pursuant to Article 21(1) GDPR pending verification of whether the legitimate grounds of the controller override those of the data subject. If processing of your personal data was restricted, these data—apart from their storage—may only be processed with your agreement or for the purpose of establishing, exercising or defending legal claims or for the protection of rights of another natural or legal person or on grounds of substantial public interest on the part of the European Union or one of its Member States. Where processing of the personal data was restricted under the above conditions, we will inform you prior to lifting of the restrictions.
4. Right to erasure
1. Obligation to erase personal data
You may request us to erase your personal data immediately, and we are obliged to do so if one of the following reasons applies:
- Your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- You withdraw your consent on which processing is based under Art. 6(1) a or Art. 9(2) a GDPR and no further legal grounds for processing apply.
- You lodge an objection to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
- Your personal data have been unlawfully processed.
- Your personal data must be erased for compliance with a legal obligation under European Union or Member State law to which the controller is subject.
- Your personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
2. Information to third parties
If we have made your personal data public and are obliged under Article 17(1) GDPR to erase the personal data in our capacity as controller, while taking account of available technology and the cost of implementation we shall take reasonable steps, including technical measures, to inform other controllers which are processing your personal data that you, as the data subject, have requested the erasure of any links to, or copies or replications of, those personal data
The right to erasure does not apply where processing is necessary
- for exercising rights to free speech and freedom of information;
- for the fulfilment of a legal obligation under which processing is required under European Union or Member State law to which the controller is subject or for performance of a task
- on grounds of public interest in the field of public health pursuant to Art. 9(2) h and i and Art. 9(3) GDPR;
- for the purposes of archiving in the public interest or scientific, academic or historical research or for statistical purposes pursuant to Art. 89(1) GDPR where the rights stated in section a are likely to rule out or severely impair achievement of the objectives of this processing, or
- for the establishment, exercise or defence of legal claims.
5. Right to be informed
If you have exercised your right to rectification or erasure of your personal data or restriction of processing of the data, we are obliged to notify all recipients to which your personal data was disclosed of this rectification or erasure of the data or restriction of its processing unless this proves impossible or unfeasible due to the unreasonable efforts involved. You have the right to be informed by us of these recipients.
6. Right of data portability
You have the right to receive your personal data which you have provided to a controller, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from us where
- the processing is based on consent pursuant to Article 6(1) a GDPR or Article 9(2) a GDPR or on a contract pursuant to Article 6(1) b GDPR, and
- the processing is carried out by automated means.
In exercising this right to data portability, you further have the right to have your personal data transmitted directly from one controller to another where technically feasible, provided transmission does not adversely affect the rights and freedoms of others.
This right does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right of objection
You have the right to object at any time, on grounds relating to your particular situation, to processing of your personal data which is based on Art. 6(1) e or f GDPR, including profiling based on those provisions.
- If you submit an objection, we will cease to process your personal data unless able to provide evidence of compelling and legitimate reasons for processing which override your interests, rights and freedoms or which show that processing is necessary for the establishment, exercise or defence of legal claims
- If your personal data are processed for the purpose of direct advertising, you have the right to object at any time to processing of your personal data for the purpose of advertising of this kind. This right to object also applies to profiling in connection with such direct advertising.
- If you submit an objection to processing of your personal data for the purposes of direct advertising, we will cease to process your personal data for these purposes.
- In the context of the use of information society services and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
8. Right to withdraw a statement of consent under data privacy law
You have the right to withdraw, at any time, any statement of consent under data privacy law that you have submitted to us. Withdrawal of consent does not affect the lawfulness of processing completed on the basis of consent which was granted prior to its subsequent withdrawal.
9. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your current domicile, your place of work or the location of the imputed infringement, if you consider that the processing of your personal data constitutes an infringement of the GDPR.
The authority with which the complaint is lodged informs the complainant of the progress and outcome of the complaint, including any available judicial remedy, in accordance with Art. 78 GDPR.
X. Data controller, data protection officer, supervisory authority
1. The data controller responsible for processing of your personal data in connection with your use of the website www.the-nomad-magazine.com and the services offered and performed there is: hw.design gmbh, Türkenstrasse 55–57, 80799 Munich, Germany, telephone: +49 (0)89 20 25 75 0, email: firstname.lastname@example.org
2. Contact for data privacy and protection issues
If you have any further queries concerning processing of your personal data or concerning data privacy and protection, please contact the data protection officer at hwdesign. The data protection officer can be reached at the above address c/o the data controller or by email at email@example.com.
3. The responsible supervisory authority is the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA) (Bavarian State Data Protection Authority), Promenade 18, 91522 Ansbach, Germany, telephone: +49 (0)981 18 00 93 0, email: firstname.lastname@example.org.