Website owner-operator and partner details and how each will interact with your data.
Below are the details of the company that owns the website and the company that operates the website on behalf of the website owner (these may be the one and the same). All financial transactions and product shipping will be completed by the “seller on record” who is the “Website Operator”. All financial transactions will be carried out using secure 128bit encrypted payment solutions provided by Shopify who are a world leader in eCommerce web stores and whose platform this store is built on.
All data collected will be collected by the website operator, shared with the website owner, the partners listed below. All data will be managed as detailed below during the normal course of business to maintain a premium service for our customers, sales and stock management and to help offer users of the web site an ever increasing experience with the Fishermen’s Friend brand. This data sharing will be managed through an “Information Partnership” and “Data Sharing” in line with the ICO (Information Commissioner’s Office) code of practice (available here https://ico.org.uk/media/for-organisations/data-sharing-a-code-of-practice-1-0.pdf).
Data sharing can help public bodies and other organisations to fulfil their functions and deliver modern, efficient services that make everyone’s lives easier. It can help keep the vulnerable safe at times of crisis and help to produce official statistics, research and analysis for better decision-making for the public good.
Rex Brown Ltd
11 Coldbath Square,
Reg no. 05765539 Registered in England and Wales
Rex Brown Ltd
11 Coldbath Square,
Reg no. 05765539 Registered in England and Wales
Impex Management Company Limited
Effective Date November, 2021
1. SUBJECT MATTER AND SCOPE
2. VISITS TO OUR INTERNET PAGES
Each time you visit our website, our system automatically collects data and information from the computer system of the calling computer. In order for the pages to be displayed in your browser, the IP address of the terminal device you are using must be processed. In addition, there is further information about the browser of your end device. Ensuring the confidentiality and integrity of the personal data processed with our IT systems is of great importance to us. The data is also used to correct errors on the websites.
For these purposes, the following data is logged:
- The IP address of the calling computer
- The operating system of the calling computer
- The browser version of the calling computer
- Name of the retrieved file
- Date and time of the retrieval
- Amount of data transferred
- Referring URL
This data is regularly deleted automatically after a few days.
Our websites are hosted by a service provider on the basis of order processing pursuant to Art. 28 GDPR.
The legal basis for this data processing is Art. 6 (1) lit. f) GDPR. Our legitimate interest is the operation of this website and the implementation of the protection goals of confidentiality, integrity and availability of the data.
3. CONTACTING US
If you contact us to request information or documents, the information you provide will be stored for the purpose of processing the request.
We need the information requested in a contact form or chat function on the website in order to process your enquiry, to address you correctly and to send you a reply.
The legal basis for this data processing is Art. 6 (1) lit. f) GDPR. Our legitimate interest is to communicate with our interested parties, visitors and customers.
If the aim of the contract is to conclude a contract, the additional legal basis for the processing is Art. 6 (1) lit. b) GDPR. Enquiries and orders are stored in our CRM system. The CRM system is regularly checked to see whether data can be deleted. If data is no longer required in the context of a customer or interested party relationship or if a conflicting interest of the customer outweighs this, we will delete the data in question, provided that there are no statutory retention obligations to the contrary.
The legal basis for this storage and processing is Art. 6 (1) lit. f) GDPR. Our legitimate interest in the marketing of our products.
For our contact form or chat function on the website, we use an external service provider as an order processor on the basis of an order processing agreement pursuant to Art. 28 GDPR. This may involve the transfer of personal data to a third country outside the EU. There are suitable guarantees for the data transfer in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate guarantees (Standard Contractual Clauses/Standard Data Protection Clauses) at any time upon request. Please contact us for this purpose using the contact details above.
4. CUSTOMER AND SUPPLIER DATA
We process the data of our prospective customers, customers, service providers and suppliers within the framework of the provision of our contractual services. In doing so, we may process inventory data (for example, name, address), contact data (for example, email address, telephone number), content data (for example, photos, videos), contract data (for example, subject matter of the contract, term), payment data and data collected in the course of providing the service and/or processed to provide the service. This data is regularly stored in our CRM system (see also above under "Contacting us") and used for reporting, stock management and to enable the fulfilment of reporting to the 3rd parties noted above in the “Website owner, reporting and data sharing partners” section. The legal basis for this storage and processing is the fulfilment of the contract or the implementation of pre-contractual measures in accordance with Art. 6 (1) lit. b) GDPR.
5.1 Registration for our newsletter
In order to verify that registration for the sending of a newsletter is made by the actual owner of an e-mail address, we use the so-called "double opt-in" procedure. In this process, after registration of an e-mail address, a confirmation e-mail is sent to the registered e-mail address. Registration for the newsletter is only completed when a confirmation link contained in the confirmation e-mail is activated. The IP address of the calling computer and the date and time of activation of the confirmation link is also transmitted to us.
The registration for the newsletter can be terminated at any time by using the unsubscribe link contained in each newsletter or by contacting us at the above contact details.
The legal basis for the processing of data after registration for the newsletter is your consent in accordance with Art. 6 (1) lit. a) GDPR.
5.2 Email newsletter in the context of an existing customer relationship
If you register as a user of our app and provide your e-mail address, this may subsequently be used by us to send you an e-mail newsletter if you have not objected to such use. In such a case, the email newsletter will only be used to send direct advertising for our own similar goods or services. You can object to the use of your e-mail address at any time, without incurring any costs other than the transmission costs according to the basic rates, by using the unsubscribe link contained in every newsletter or by contacting us at the above-mentioned contact details.
The legal basis for sending the newsletter as a result of the sale of goods or services is Art. 5 (1) lit. f) GDPR.
5.3 Newsletter analysis
A statistical analysis of usage data may be carried out for our newsletters. For this purpose, we may record both the openings of the e-mail and the internal clicks. This information serves the purpose of measuring and optimizing the success of our newsletter campaigns by making the newsletter content more relevant to our target group.
5.4 Newsletter service provider
We use an external service provider as a processor for sending and analyzing our newsletter on the basis of an agreement on order processing pursuant to Art. 28 GDPR.
This may involve the transfer of personal data to a third country outside the EU. There are suitable guarantees for the data transfer in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate guarantees (Standard Contractual Clauses/Standard Data Protection Clauses) at any time upon request. Please contact us for this purpose using the contact details above.
When you visit our website, cookies are set that are absolutely necessary for the operation of the website. These essential cookies may be, for example, cookies that are necessary for the display of the website with a content management system, which is used to recognize language settings, or which are used to document whether you have consented to the setting of further (non-essential) cookies or whether you have rejected them.
The legal basis for the processing of personal data using essential cookies is our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR. Our legitimate interest is the operation of our website.
We also use non-essential cookies, for example, to collect additional information about the interests of visitors to our websites or about their usage behaviour, in order to analyze and optimize our website and generally our customer interactions on this basis.
The legal basis for the processing of personal data using such non-essential cookies is your express consent, which we ask you to give when you visit our website before non-essential cookies are set.
7. GOOGLE TAG MANAGER
We use Google Tag Manager on our website. Through this service, website tags can be managed via an interface. The Google Tool Manager only implements tags. This means that no cookies are used, and no personal data is collected. The Google Tool Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If deactivation has been made at the domain or cookie level, it remains in place for all tracking tags, insofar as these are implemented with the Google Tag Manager.
8. WEB ANALYSIS
We use web analytics services on our website or on parts of the website to record how our website is used by its visitors and to optimize the website as a whole and its presentation.
We use the web analytics service Google Analytics with IP anonymization. Google Analytics is a web analytics service provided by Google Ireland Limited ("Google"). Cookies are set as part of Google Analytics. In addition, data is transmitted to Google servers in the U.S.A. Within the scope of IP anonymization, the collected IP address of the user is shortened by Google within the European Economic Area before being transmitted to the USA. Only in exceptional cases, in the event of technical faults in Europe, will the unabbreviated IP address be transmitted to Google in the USA and shortened there. The transmitted IP addresses will not be merged with other data from Google.
When using Google Analytics, personal data may be transferred to a third country outside the EU without an adequate level of data protection. There are suitable guarantees for the data transfer in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate guarantees (Standard Contractual Clauses/Standard Data Protection Clauses) at any time upon request. Please contact us for this purpose using the contact details above.
The legal basis for this data processing is your express consent Art. 6 (1) lit. a) GDPR.
9. FACEBOOK CUSTOM AUDIENCE
We and our partners use the retargeting service Facebook Custom Audiences of Facebook, Inc. Facebook Custom Audiences uses a so-called tracking pixel. When our website is called up, this pixel is called up from a Facebook URL that is provided with certain parameters and transmits information to Facebook, which Facebook uses to play out targeted advertising. However, no individual persons are addressed, but only groups of users who exhibit similar behaviour. Facebook uses a so-called hashing process for this, in which personal data is encrypted in such a way that Facebook can no longer assign it to individual users. You can find more information on this in Facebook's privacy statement at facebook.com/about/privacy.
You can object to the analysis of your usage behaviour by Facebook and the display of interest-based recommendations here: facebook.com/ads/website_custom_audiences.
When using Facebook Custom Audience, personal data may be transferred to a third country outside the EU without an adequate level of data protection. There are appropriate safeguards for the data transfer in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate safeguards (Standard Contractual Clauses/Standard Data Protection Clauses) at any time upon request. Please contact us for this purpose using the contact details above.
The legal basis for this data processing is your express consent Art. 6 (1) lit. a) GDPR.
10. MARKETING SERVICES
Further information on data use by Google, setting and opt-out options can be found here:
- Data use by Google when you use websites or apps of our partners: google.com/intl/de/policies/privacy/partners;
- Data use for advertising purposes: google.com/policies/technologies/ads;
- Manage information Google uses to serve ads to you: google.de/settings/ads.
When using Google's marketing services, there may be a transfer of personal data to a third country outside the EU without an adequate level of data protection. There are appropriate safeguards for the data transfer in accordance with Art. 46 GDPR.
We will be happy to provide you with proof of the appropriate guarantees (Standard Contractual Clauses/Standard Data Protection Clauses) at any time upon request. Please contact us for this purpose using the contact details above.
The legal basis for this data processing is your express consent Art. 6 (1) lit. a) GDPR.
11. SOCIAL MEDIA BUTTONS
Social media buttons of various social media networks (e.g., Twitter, Facebook and Instagram) are integrated on our website.
If you click on one of these social media buttons, you will be redirected to our pages on the respective social media network. In this case, the provider of the respective social media network receives the information that your browser has accessed the corresponding page of our website, even if you do not have a profile with the respective social media network or are not logged in there. This information (including your IP address) is transmitted by your browser directly to a server of the respective provider. If you click on a social media button and are either logged in to the respective social media network or then log in to the page of the respective social media network, the transmitted information can be assigned to your account with the social media network.
For information on the purpose and scope of data collection and processing by the providers of the respective social media network, the provider identification, a contact option and your rights and setting options for data protection, please refer to the respective privacy policies of the providers of the social media networks.
The legal basis for the integration and use of the social media buttons is Art. 6 (1) lit. f) GDPR. Our legitimate interest is the marketing of our offers and our website.
12. SOCIAL MEDIA PAGES ("FANPAGES")
We maintain a publicly accessible profile on various social media networks, for example Facebook, YouTube and/or LinkedIn ("social media pages" or "fan pages").
If you visit our social media pages and are logged in to the respective social media network, the provider of the respective social media network can analyze your usage behavior and assign the information collected to your account with the social media network and enrich it there. Even if you are not logged in or if you do not have an account with the respective social media network, personal data may be collected by the provider of the respective social media network, for example your IP address or data collected via a cookie.
The operators of the social media networks can use this data to create user profiles. Based on your user profile, you can then be shown interest-based advertisements both on the websites of the social media network and on other websites.
If you visit one of our social media pages, we are jointly responsible with the provider of the social media network for the collection and processing of your personal data that takes place there. For information on the collection and processing of your personal data that takes place there, please refer to the privacy policies of the respective social media network. We do not have any further information on this.
We will be happy to provide you with information on the appropriate safeguards for the transfer of data to third countries in accordance with Art. 46 GDPR at any time upon request.
You can assert your data subject rights in accordance with Chapter III of the GDPR (right to information, correction, deletion, restriction of processing, data portability, etc.) both against us and against the provider of the respective social media network. In this context, we would like to point out that we can only influence the processing of personal data and the implementation of data subject rights within the framework of our social media pages within the scope of the possibilities made available to us by the respective provider.
The legal basis for our use of social media pages is Art. 6 (1) lit. f) GDPR. Our legitimate interest is the presence and marketing of our products and services on the Internet.
In order to display the content of our website correctly and in a graphically appealing manner across browsers, we use font and script libraries on this website, e.g. the font library of MyFonts, Inc. Calling up font and script libraries automatically triggers a connection to the operator of the respective library. In the process, it is possible that your personal data, in particular your IP address, will be collected.
When using MyFonts, there may be a transfer of personal data to a third country outside the EU without an adequate level of data protection. There are appropriate safeguards for the data transfer in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate guarantees (Standard Contractual Clauses/Standard Data Protection Clauses) at any time upon request. Please contact us for this purpose using the contact details above.
The legal basis for this data processing when using such libraries is Art. 6 (1) lit. f) GDPR. Our legitimate interest is the analysis, optimization and economic operation of our website and our customer interactions.
When participating in one of our offline or online competitions/sweepstakes, we collect and process the personal data provided by the participant as part of the participation in the competition, usually first name, address and e-mail address.
We collect this data in order to enable participation in the competition, to carry out the competition, to inform the participant of a prize, if applicable, and to send the participant a possible prize.
We process the participants' personal data to conduct the competition and to determine and notify the winners.
Insofar as participants provide information as part of their participation that is not required for participation in the respective competition, this is done on a voluntary basis.
If you do not provide us with the data required to participate in a competition, it will not be possible to participate in the competition or to contact you regarding notification of a prize.
The legal basis for data collection and data processing is Art. 6 (1) lit. b) GDPR.
We collect and process the personal data transmitted to us by an applicant for the purpose of carrying out the application procedure. The data requested as mandatory fields are required for the application process. All other information is voluntary. Applicant data is only made accessible to those persons and positions in our company who prepare the hiring decision or are involved in it.
If we conclude an employment contract with an applicant, the data provided will be processed for the purpose of implementing the employment relationship in compliance with the statutory provisions.
If an employment relationship is established, we store the applicant data for as long as it is required for the employment relationship and to the extent that legal regulations justify an obligation to store it.
If no employment contract is concluded with an applicant, we store the applicant data for a maximum of three months on the basis of our legitimate interest in enabling the defense of claims or a function of preserving evidence in accordance with applicable equal treatment and anti-discrimination laws. After expiry of this period, the application documents are deleted unless the applicant has expressly consented to longer storage.
The legal basis for the processing of application documents is Art. 6 (1) lit. b) GDPR.
If the applicant has given us separate consent, we will store the data submitted as part of the application in our applicant pool for a further 2 years after the end of the application process in order to identify future positions of potential interest to the applicant and, if necessary, contact the applicant in this regard. After this period, the data will be deleted.
Such consent to the storage of application data in our applicant pool can be revoked at any time for the future. To do so, please send us an email to the contact details provided above.
The legal basis for the storage of application documents in our applicant pool is, if applicable, the applicant's consent pursuant to Art. 6 (1) lit. a) GDPR.
This website is not intended or designed for use by children under the age of 16. We do not knowingly collect personal information from or about anyone under the age of 16.
16. RECIPIENTS OF DATA
Within our company, your data will be received by those internal departments or organisational units that need it to fulfil their tasks, where applicable to fulfil contracts with you, to process data with your consent or to protect our (overriding) legitimate interests.
Data will only be passed on to third parties within the framework of legal requirements. We only pass on your data to third parties if this is necessary, e.g., on the basis of Art. 6 (1) lit. b) GDPR for contractual purposes or to protect our legitimate interest in accordance with Art. 6 (1) lit. f) GDPR in the effective performance of our business operations.
Insofar as we use service providers or third-party providers in the context of providing the website and/or providing our services, we take appropriate legal precautions as well as corresponding technical and organisational measures to ensure the protection of your personal data.
If, in the course of providing the website and/or our services, we use content or tools from service providers or third-party providers whose registered office is in a third country, data is regularly transferred to a third country. Third countries are countries in which the GDPR is not directly applicable law, i.e., countries outside the EU or the European Economic Area. The transfer of data to third countries only takes place if either an adequate level of data protection, consent or other legal permission, in particular an appropriate guarantee in accordance with Art. 46 GDPR, exists.
17. YOUR RIGHTS
You have the right to free information about your stored personal data, its origin and recipient and the purpose of the data processing and a right to correction, blocking or deletion of this data. You also have the right to restrict processing and to object to processing.
You also have the right to have your data that we process automatically handed over to you or to a third party in a common, machine-readable format.
To exercise your rights, please contact us using the contact details above.
You also have the right to lodge a complaint with the competent data protection supervisory authority.
18. WITHDRAWAL OF CONSENT
Some data processing operations are only possible with your express consent. You can withdraw your consent at any time. To do so, it is sufficient to send us an informal message by e-mail using the contact details provided above. The legality of the data processing carried out until the withdrawal remains unaffected by the withdrawal.
19. RIGHT TO OBJECT
IN PRINCIPLE, YOU ONLY HAVE THIS RIGHT TO OBJECT IF THERE ARE GROUNDS ARISING FROM YOUR PARTICULAR SITUATION (ART. 21 (1) GDPR). AFTER EXERCISING YOUR RIGHT TO OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE PROCESSED FOR THESE PURPOSES UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR IF THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS.
IF THE PROCESSING IS FOR THE PURPOSES OF DIRECT MARKETING, YOU MAY EXERCISE YOUR RIGHT TO OBJECT AT ANY TIME (ART. 21 (2) GDPR) AND YOUR PERSONAL DATA WILL THEN NO LONGER BE PROCESSED FOR THE PURPOSES OF DIRECT MARKETING, REGARDLESS OF THE GROUNDS FOR THE OBJECTION.
20. MANDATORY DATA
The provision of personal data is not required by law or contract, nor are you obliged to provide personal data, however, the provision of personal information is necessary for the conclusion of a contract in that certain information is mandatory in order to conclude (and perform) a contract.
21. AUTOMATED DECISION MAKING
We do not use automated decision-making including profiling.
22. RETENTION AND DELETION
We adhere to the principles of data avoidance and data economy. We therefore only store your personal data for as long as is necessary to achieve the purposes stated here or as stipulated by the storage periods provided for by law.
If the purpose of storage no longer applies or if a storage period provided for by law expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.
23. DATA SECURITY
We take organisational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of data protection laws are complied with and to protect the data we process against accidental or intentional manipulation, loss, destruction or access by unauthorized persons.
Our website uses SSL encryption for security reasons and to protect the transmission of confidential content, such as orders, enquiries or payment data that you send to us.