Data Protection Declaration (English) – GDPR
The following data protection declaration applies to the processing of personal data processed by BUY MY BOOKS LDA, info (at) kamuicosplay.com, as data protection officer in the context of the initiation of contracts and the fulfillment of services from the online shop at https://www.kamuicosplay.com/.
The BUY MY BOOKS LDA can be reached via the e-mail address firstname.lastname@example.org
1. We process the following data to fulfill our obligations:
- inventory data (e.g. names, addresses).
- Contact details (e.g. e-mail, telephone numbers).
- Contract data (e.g. subject matter of the contract, duration, customer category).
- Payment data (for example, bank details, invoices, payment history).
2. We process these data for the following purposes:
- Office and organizational procedures.
- Contact requests and communication.
- Contractual performance and service.
- Management and response to requests.
The following legal bases from the basic data protection regulation apply to the processing of personal data: Art. 6 para. 1 sentence 1 lit. a DSGVO, Art. 6 para. 1 sentence 1 lit. b. DSGVO, Art. 6 para. 1 sentence 1 lit. c. DSGVO and Art. 6 para. 1 sentence 1 lit. f. DSGVO
We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to achieve an adequate level of data protection.
In order to fulfill our own obligations, such as the preparation of tax returns, we transfer data to persons who are expressly bound to secrecy and who guarantee the same level of data protection as we ourselves contractually guarantee. For this purpose, transfers of data from our shop system can be transferred in CSV format.
We do not pass on data to third parties, unless we are expressly entitled to do so without the user’s consent or the user expressly agrees to this.
We are entitled to use your data, as far as permitted, for our own marketing purposes and to contact you, for example, for further services or our own marketing. In this case you have the right to object to further use for marketing purposes.
3. Revocation and Opposition (opt-out)
Depending on whether the processing takes place on the basis of consent or legal permission, you have the possibility to revoke a given consent at any time, provided that permission does not entitle us to further storage.
4. Commercial and business services
We process the data of contractual and business partners, e.g. customers and interested parties within the scope of contractual and comparable legal relationships as well as associated measures and within the scope of communication with the contractual partners (or pre-contractual), e.g. to answer enquiries.
We process these data for the fulfillment of our contractual obligations, for securing our and the purposes of the administrative tasks associated with these data as well as for the business organization.
We delete data after expiry of legal warranty and comparable obligations or as long as they have to be kept for legal reasons of archiving. We shall delete data that is disclosed to us by the contractual partner within the scope of an order after the end of the order.
5. Data processing
5.1 Making Contact
When contacting us, the data of the inquiring persons will be processed to the extent necessary to answer the contact requests and possible requested measures.
The answering of contact requests within the framework of contractual or pre-contractual relations is carried out in order to fulfill our contractual obligations or to answer (pre)contractual requests and otherwise on the basis of the legitimate interest in answering the requests.
- Processed data types: inventory data such as name or address, contact data such as e-mail or telephone numbers and content data.
- Persons concerned: Communication partners.
- Purposes of the processing: contact requests and communication.
- Legal bases: Fulfillment of contract and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b. DSGVO), legitimate interests (Art. 6 para. 1 sentence 1 lit. f. DSGVO)
5.2 Payment Providers
Personal data is only stored on the server and system of PayPal. On our system there is only a message by automated system that a payment was successfully made.
- Purposes of processing: fulfillment of contractual obligations
- Legal bases: Fulfillment of contract and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b. DSGVO), legitimate interests (Art. 6 para. 1 sentence 1 lit. f. DSGVO)
5.3 Social Media Plugins
Plugins of the social network Facebook (Facebook Inc., 1601 Willow Road, Menlo Park, California, 94025, USA) are integrated on our pages in order to share content.
If you do not want Facebook to be able to assign visits to our pages to your Facebook user account, please log out of your Facebook user account.
Functions of the Twitter service are integrated on our pages. These functions are offered by Twitter Inc, Twitter, Inc. 1355 Market St, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the “Re-Tweet” function, the websites you visit are linked to your Twitter account and made known to other users. Data is also transferred to Twitter.
You can change your privacy settings on Twitter in the account settings at http://twitter.com/account/settings
Integration of YouTube videos
Integration of Instagram
5.4 Amazon Partner Program
5.5 User tracking
Google is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAItatus=Active).
Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with further services associated with the use of this online offer and the use of the Internet. The processed data can be used to create pseudonymous user profiles of the users.
We only use Google Analytics with activated IP anonymisation. This means that the IP address of users is shortened by Google within member states of the European Union or in other states that are parties to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there.
The IP address transmitted by the user’s browser is not merged with other data from Google. Users can prevent the storage of cookies by adjusting their browser software accordingly; users can also prevent the collection of data generated by the cookie and related to their use of the online offer to Google and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
Cookies” are small files that are stored on the user’s computer. Different information can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after his visit to an online offer. Temporary cookies, or “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online offer and closes his browser. In such a cookie, for example, the contents of a shopping cart in an online shop or a login jam can be stored.
If you do not want users to have cookies stored on your computer, you are asked to deactivate the corresponding option in the system settings of your browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional limitations of this online offer.
We inform you about cookies by means of a cookie banner and give you the possibility to deactivate or activate not purely functional cookies before visiting our pages. If you select the option that only functional cookies should be set, our website does not set any marketing cookies.
5.7 Third party services
Within our online offer, we set the following priorities on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. DSGVO), we use content or service offers from third parties in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”).
This always assumes that the third party providers of this content are aware of the IP address of the users, as without the IP address they would not be able to send the content to their browsers. The IP address is therefore necessary for the display of this content. We make every effort to use only such content whose respective providers use the IP address only to deliver the content. Third party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain technical information on the browser and operating system, referring web pages, visiting time and other details on the use of our online offer, as well as being linked to such information from other sources.
We send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter “newsletters”) only with the consent of the recipients or a legal permission. If the contents of the newsletter are specifically described in the context of a registration for the newsletter, they are decisive for the consent of the users. Furthermore, our newsletters contain information about our services and us.
The registration to our newsletter is done in a so-called double opt-in procedure. This means that after registration you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that nobody can register with foreign e-mail addresses. The registrations for the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes the storage of the time of registration and confirmation as well as the IP address. Changes to your data stored with the delivery service provider are also logged.
To subscribe to the newsletter, it is sufficient to enter your e-mail address. Optionally, we ask you to enter a name for personal contact in the newsletter.
Germany: The dispatch of the newsletter and the associated measurement of success is based on the consent of the recipients in accordance with Art. 6 Para. 1 lit. a, Art. 7 DSGVO in conjunction with § 7 Para. 2 No. 3 UWG or on the basis of the legal permission in accordance with § 7 Para. 3 UWG.
The registration procedure is recorded on the basis of our legitimate interests in accordance with Art. 6 para. 1 lit. f DSGVO. We are interested in the use of a user-friendly and secure newsletter system that serves our business interests and meets the expectations of the users and also allows us to prove that they have given their consent.
Cancellation/revocation – You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. You will find a link to cancel the newsletter at the end of each newsletter. We may store the unsubscribed e-mail addresses for up to three years on the basis of our legitimate interests before we delete them for the purpose of sending the newsletter, in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the former existence of a consent is confirmed at the same time.
You can cancel your subscription to the newsletter at any time. Please send your cancellation to the following e-mail address: Info@kamuicosplay.com or use the “unsubscribe” function at the end of the newsletter. We will then immediately delete your data in connection with the newsletter dispatch.
If you leave comments or other contributions, your IP addresses may be stored based on our legitimate interests. This is done for our security, you leave in illegal content. Furthermore, we reserve the right to process the information provided by users for the purpose of spam detection on the basis of our legitimate interests.
5.10 User account
You can create a user account. During the registration process, you will be provided with the required mandatory data and processed for the purpose of providing the user account on the basis of contractual obligations. The processed data includes in particular the login information (name, password and an e-mail address). The data entered during registration is used for the purpose of using the user account and its purpose.
When using our online accounts, the IP address and other necessary data are saved. The storage is based on our legitimate interests and for the purpose of contract processing.
The hosting services we use serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services as well as technical maintenance services which we use for the purpose of operating this online offer.
In doing so, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors of this online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer in accordance with Art. 6 para. 1 lit. f DSGVO in conjunction with Art. 28 DSGVO (conclusion of contract processing agreement).
6. Modification and updating of the data protection declaration
We ask you to inform yourself regularly about the content of our data protection declaration. We will adapt the data protection declaration as soon as changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes make it necessary for you to cooperate (e.g. consent) or to receive other individual notification.
7. Rights in the USA
The law of the European Union is exclusively applicable to Kamui Cosplay GbR.
We would like to point out the following in purely declaratory terms:
7.1 California Online Privacy Protection Act
7.2 According to CalOPPA, we agree with the following:
Users can visit our website anonymously.
– On our data protection page
You can change your personal data:
– By e-mail to us
– By logging into your account
How does our website deal with the “Don’t Track” signals?
We honor “Don’t Track” signals and “Don’t Track”, implant cookies or use advertising when a “Don’t Track” browser mechanism (DNT) is present.
Does our website allow third parties to track behavior?
It is also important to note that we do not allow any third party tracking of behavior.
7.2 COPPA (Children’s Internet Privacy Protection Act)
When it comes to collecting personal information from children under 13, the Children’s Online Privacy Protection Act (COPPA) has parental control. The Federal Trade Commission, the United States consumer protection agency, enforces the COPPA rule, which sets out what operators of websites and online services must do to protect the privacy and safety of children online.
We do not market specifically to children under the age of 13.
7.3 Fair information practices
The Principles for Fair Information Practices are the backbone of data protection law in the United States, and the concepts contained therein have played an important role in the development of data protection legislation worldwide. Understanding the principles of fair information practices and how they should be implemented is critical to compliance with the various privacy laws that protect personal information.
In order to comply with the principles of fair information practice, we will take the following measures in the event of a data breach:
We will notify you by e-mail
– Within 1 working day
We notify users via on-site notification
– Within 1 working day
We also agree with the principle of individual redress, which requires that individuals have the right to enforce enforceable rights against data collectors and processors who fail to comply with the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals take legal action in the courts or government agencies to investigate and/or prosecute non-compliance by data processors.
7.4 Can-Spam Act
The CAN-SPAM Act is a law that sets the rules for commercial e-mail, sets requirements for commercial messages, gives recipients the right to stop sending e-mail, and provides severe penalties for violations.
We collect your e-mail address to record it:
– send information, respond to inquiries and/or answer other inquiries or questions
– process orders and send information and updates regarding the orders
– send you additional information about your product and/or service
– Promote to our mailing list or continue to send emails to our customers after the original transaction has taken place.
To be in accordance with CANSPAM, we agree to the following:
– Not to use false or misleading subject lines or email addresses.
– To reasonably identify the message as advertising.
– To indicate the physical address of our office or location.
– Monitor third party email marketing services for compliance if one is used.
– Respond quickly to requests to unsubscribe or cancel subscriptions.
– Allow users to unsubscribe using the link at the bottom of each email.
8. Your data subject rights
As data subjects, they are entitled to various rights under the DSGVO, which result in particular from Art. 15 to 18 and 21 DSGVO:
- Right of objection: You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6 paragraph 1 letter e or f of the DPA; this also applies to profiling based on these provisions. If the personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing, including profiling, insofar as it is linked to such direct marketing.
- Right of withdrawal in case of consent: You have the right to revoke consents given at any time.
- Right of access: You have the right to obtain confirmation as to whether or not data in question are being processed and to be given access to such data and to receive further information and copies of the data in accordance with the law.
- Right of rectification: You have the right to request the completion of data concerning you or the rectification of incorrect data concerning you, in accordance with the law.
- Right to erasure and restriction of processing: You have the right to request that data concerning you be erased immediately in accordance with the law or, alternatively, to request a restriction of processing of the data in accordance with the law.
- Right to data transferability: You have the right to receive data concerning you which you have provided to us in a structured, common and machine-readable format in accordance with the legal requirements or to request that it be transferred to another responsible party.
- Complaining to the supervisory authority: You also have the right, in accordance with the law, to complain to a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you is in breach of the DPA.
9. Google AdSense
Our website uses Google AdSense. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google AdSense integrates advertisements and sets cookies. Cookies are small text files that your web browser stores on your device in order to analyze the use of the website. Google AdSense also uses web beacons. Web beacons are invisible graphics that allow an analysis of visitor traffic on our website.
Information generated by cookies and web beacons is transmitted to Google servers and stored there. The server is located in the USA. Google can pass this information on to contractual partners. However, Google will not merge your IP address with other data stored about you.
The storage of AdSense cookies takes place on the basis of Art. 6 Para. 1 lit.f GDPR. As a website operator, we have a legitimate interest in analyzing user behavior in order to optimize our website and advertising.
With a modern web browser you can monitor, restrict and prevent the setting of cookies. Deactivating cookies can restrict the functionality of our website. By using our website, you declare that you consent to the processing of the data collected about you by Google in the manner described above and for the purpose stated above.