1. Purposes of the Data Processing, Legal Bases and Legitimate Interests
1.1. Access to our Websites / Applications
1.1.1. Log Files
At every single access to the Services, an information is sent to the server of our service by the respective internet browser of your respective terminal device and is temporarily stored in log files. The data records stored during this process contain the following data stored until their automatic deletion: access date and time, name of the page accessed, IP address of the requesting device, referrer URL (URL from which our service has been accessed by you), amount of transferred data, loading time, as well as product and version information of the browser which has been used in each case and the name of your access provider.
The legal basis for the processing of the IP address is Article 6 para. 1(f) GDPR. Our legitimate interest results from
- Ensuring a smooth connection,
- Guaranteeing a comfortable use of our Services,
- Evaluating the security and stability of the system.
A direct conclusion on your identity is not possible on the basis of the information and will not be drawn by us. The information will be stored and automatically deleted after the achievement of the aforementioned purposes. The standard deletion periods depend on the criterion related to necessity.
1.1.2. Cookies, Tracking, Social Media Plug-Ins
1.2. Creation, Execution and/or Termination of a Contract
1.2.1. Data Processing on Conclusion of the Contract
If you register for one of our Services and/or conclude another contract with us (e.g. by purchasing a product), we will process the data required for the conclusion, execution or termination of the contract, including the following:
- First and last name
- Invoice and delivery address
- Email address
- Billing and payment data
- Date of birth
- Phone number
- Shop settings
The legal basis for this operation is Article 6 para. 1 a) and b) GDPR, i.e. you provide us with the information on the basis of the respective contractual relationship (e.g. management of the customer / user account, processing of a sales contract) between you and us. In addition, we are legally obliged to process your email address in the event of a purchase via our websites / applications to send you our electronic order confirmation (according to Article 6 para. 1 c) GDPR).
We store the data collected for the contractual processing – unless we use it for our own marketing purposes – for the respective contractual duration and until the expiry of the respective statutory or possible contractual warranty and guarantee rights. After the expiry of the said period, we will retain the information required under commercial and tax law regarding the contractual relationship for the legally specified periods. For this period, the data will be reprocessed only in case of a review by the tax authorities.
For the processing of a sales contract via our Services, the following additional data processing is required:
The payment data will be transferred to the payment service providers commissioned by us for the payment(s) processing. We transfer information on the delivery address to logistics companies and shipping partners commissioned by us for the purpose of the order delivery. To ensure the delivery of goods according to your wishes, we may transfer your email address and, if applicable, your phone number to the logistics company and/or shipping partner commissioned by us to take care of delivery. They may contact you before the delivery to coordinate the delivery details. The respective data will be transmitted solely for the respective purpose. After delivery, they will not be used for other purposes and will be deleted after the expiry of the existing commercial and tax law obligations to keep records.
1.2.2. Data Use for Fraud Prevention Purposes
The information provided by us during your order placement can be used to check whether there is a so-called atypical ordering process (e.g. simultaneous ordering of many goods to the same address by using different customer accounts). In principle, we have a legitimate interest in carrying out such a check. The legal basis of processing is Article 6 para. 1 point f) GDPR.
1.2.3. Transmission of Information to Transport Service Providers / Dispatch Partners
For the purpose of delivering ordered goods we cooperate with logistics service providers / transport companies and/or shipping partners: The following data may be transmitted to them for the purpose of delivering the ordered goods or announcing the shipment: first name, surname, postal address and, if applicable, email address and, if applicable, phone number. The legal basis of processing is Article 6 para. 1 point b) GDPR.
1.3. Data Processing for Advertising Purposes
1.3.1. Postal Advertising
We have a legitimate interest in using certain information for marketing purposes to provide you with relevant offers. In this context, we process the following information for postal advertising for our own marketing purposes as well as for third parties’ marketing purposes: first and last name, postal address, year of birth.
We are also entitled to store your additional personal information collected in compliance with legal requirements for our own and third parties’ marketing purposes. Objective is to provide you with advertising which is solely oriented towards your actual or supposed needs / interests and to avoid bothering you with advertising which is not relevant to you.
The additionally stored data will not be transferred to third parties. In addition, Baltic bait pseudonymizes / anonymizes personal data collected about you for the purpose of using the pseudonymized / anonymized data for its own as well as third parties’ (advertisers’) marketing purposes.
The pseudonymized / anonymized data may also be used for applications related to individualised online advertising, whereby the advertising can be delivered by third party service providers and/or agencies. The legal basis for the use of personal data for marketing purposes is Article 6 para. 1 point f) GDPR.
Note on Right of Objection
You can, at all times, free of charge, resist against the use of your personal information for the aforementioned marketing purposes with effect for the future by writing to firstname.lastname@example.org.
If you file an objection, your data will be blocked for any further commercial data processing. We would like to point out that, in exceptional cases, advertising material may still be sent out temporarily even after our receipt of your objection. This is technically due to the necessary lead time within the selection process and does not mean that we have not implemented your objection.
As part of our Services we offer you the opportunity to subscribe to our newsletter. To ensure that no mistakes are made when entering your email address, we use the so-called Double- Opt-In-Procedure (DOI Procedure): After you have entered your email address in the registration field and have given your consent to receive our newsletter, we will send you a confirmation link to the email address provided by you. Only when you click on this p. 10
confirmation link, your email address will be added to our mailing list for sending our newsletter. The legal basis for this data processing is Article 6 para. 1 point a) GDPR.
Note on the Right of Withdrawal
You can revoke your consent at any time with effect for the future by sending a message to email@example.com or by unsubscribing at the end of each newsletter.
1.3.3. Product Recommendations by Email
As an existing customer you will regularly receive product recommendations from us by email. You will receive these product recommendations from us regardless of whether you have subscribed to a newsletter or not. We will use the email address provided by you during the purchasing process to promote our own goods and/or Services or similar to those you have already purchased from us. The legal basis for this data processing is Article 6 para. 1 point f) GDPR.
Note on the Right of Objection
You can object, at all times, free of charge, to our product recommendations with effect for the future by sending a message to firstname.lastname@example.org or at the end of each product recommendation email.
If you register for / participate in competitions organised by Baltic bait (hereinafter referred to as “Participation”), we will use the data provided by you during the respective Participation for the purpose of implementing the Participation Agreement, in particular for notification of winnings and, if applicable, for advertising our and/or our competition partners’ offers. You will find detailed information in the respective participation conditions of the respective competition. The legal basis for this data processing is Article 6 para. 1 a), b) and f) GDPR.
1.4. Online Presence and Service Optimization
1.4.1. „Google Analytics“
For the purpose of designing our pages to meet your needs and for their continuous optimization, we use Google Analytics, a web analysis service of Google Inc. (hereinafter referred to as “Google”). Google Analytics uses so-called “cookies”, text files which are stored on your computer and enable an analysis of your website use. In this context, pseudonymized user profiles are created, and cookies are used. The information generated by the cookie about your use of this website such as
- Browser type / version,
- Used operating system,
- Referrer URL (the previously visited page),
- Host name of the accessing computer (IP address),
- Time of the server request
1.4.2. Google Conversion Tracking
Furthermore, we use so-called conversion tracking in the context of the use of the Google AdWords service. When you click on an ad placed by Google, a conversion tracking cookie will be placed on your computer/device. These cookies expire after 30 days, do not contain any personal data, and are therefore not used for personal identification. The information collected by using the conversion cookie is used to compile conversion statistics for AdWords customers having opted for conversion tracking.
The legal basis for this data processing is Article 6 para 1 a) GDPR.
1.4.3. Google AdSense
We make use of the online advertising service Google AdSense through which it is possible to present advertising tailored to your interests. We pursue the interest to show you advertisements which may be of interest for you to make our Services more attractive for you. For this purpose, we collect statistical information about you which will be processed by our advertising partners. These advertisements can be identified by the reference “Google Ads” in the respective ad.
Google receives the information that you have visited our website. For this purpose, Google uses a web beacon to place a cookie on your computer. If you are logged in with your Google account, your data can be directly assigned to it. This data may be transferred to contractual partners of Google, third parties and authorities. The legal basis for your data processing is Article 6 para. 1 sentence 1 point a) GDPR.
1.4.4. Social Media Plug-Ins
To increase the acquaintance level of our company, we can use social plug-ins of the social networks Facebook and Twitter in our Services according to Article 6 para. 1 point a) GDPR. The respective providers must guarantee their responsibility for data protection-compliant operation.
The purpose and scope of the data collection and the further processing and use of the data by the respective provider as well as your rights in this regard and setting options for your privacy protection can be found in the respective data protection notices of the provider we will link to in the following.
1.4.5. Facebook Connect / Login
Baltic bait offers the user the option to log in to the service with his Facebook access (so-called Facebook Connect function). Facebook-Connect is a service offered by the social network Facebook, operated by Facebook Inc (1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). In this case, an additional registration with Baltic bait will not be required. For registration, the user is redirected to the Facebook website, where he can log in with his usage data and which links the Facebook profile and the Baltic bait service. Through the link, Baltic bait automatically receives the information from Facebook that the user has consented to receive (e.g. first name, cash on delivery, email address, profile picture, gender, list of friends). We use this information to identify you when you use Baltic bait.
The legal basis for this data processing is Article 6 para. 1 point a) GDPR.
For more information about Facebook Connect and privacy settings, click here: Facebook’s Privacy Notice
1.4.6. Customer / User Account
To provide you with the greatest possible convenience, we offer you the permanent storage of your personal data in a password-protected customer/user account.
The creation of the customer account is basically voluntary. If you create a customer account, the processing of your data collected here will be based on Article 6 para. 1 point b) GDPR. After the creation of a customer account, no new data entry will be required. In addition, you can view and change the data stored about you in your customer account at any time.
Only if you want to place orders through our website / application, the opening of a customer account will be mandatory for contract processing.
In addition to the data requested during the order placement, you must enter a password of your own choice to create a customer account. Together with your email address, this password will be used to access your customer account. Please treat your personal access data confidentially and do not make them available to unauthorised third parties. Please note that even after leaving our website you will remain logged in automatically unless you actively log out.
You can delete your customer account at any time. However, please note that this does not mean that the data visible in the customer account will be deleted after your order placement with us. The deletion of your data is carried out automatically after the expiry of the commercial and tax retention obligations applicable to us. The legal basis for this further data processing is Article 6 para. 1 point c) and point f) GDPR.
You can get in touch with us in several ways: by email, phone, chat, or mail. If you contact us, we will use the personal data you voluntarily provide us with in this context solely for the purpose of contacting you and processing your request.
The legal basis for this data processing is Article 6 para. 1 points a), b), c) and f) GDPR.
We process your payment information for the purpose of payment processing, e.g. if you purchase or use a product and/or service through www.balticbait.com. Depending on the payment method, we may forward your payment information to third parties (e.g. in the case of credit card payments to your credit card provider).
The legal basis for this data processing is Article 6 para. 1 points a), b), and f) GDPR.
During the processing your data, in some areas, we use so-called processors. A processor is a natural or legal person, authority, institution, or other body processing personal data on our behalf, whereby we remain responsible for data processing. Processors do not use the data for their own purposes but carry out the data processing exclusively for the Data Controller.
1.6. Storage Duration and Data Deletion
If you close your customer / user account, we will delete all stored personal information. If a complete deletion is not possible or not needed for legal reasons, we will block this information. A blockage occurs, for example, if commercial or tax law retention obligations, for example according to German Commercial Code (HGB) and German Fiscal Code (AO) apply. In this context, we are obliged to store this information for up to ten years for tax inspections and audits. Even if there is no legal obligation to retain information, we may refrain from immediate deletion in certain legally permitted cases. This applies, for example, if the information in question may still be required for further contract processing, legal prosecution or defence (e.g. in the event of complaints). The decisive criterion for the blocking duration, are the respective legal limitation periods, after which we delete the information.
1.7. Your Rights
In addition to the right to revoke your consent granted, you are entitled to the following additional rights if the respective legal requirements are met:
- the right to obtain information about your personal data stored by us (according to Article 15 GDPR), in particular you can request information about the processing purposes, the category of personal data, the categories of recipients your data has been or will be disclosed to, the planned storage period, the origin of your data, if it has not been collected directly from you;
- the right to rectify incorrect or to complete correct data (according to Article 16 GDPR),
- the right to erase your data stored with us (according to Article 17 GDPR), as long as we have not to comply with legal or contractual retention periods or other legal obligations or rights for further storage,
- the right to restrict the processing of your data (according to Article 18 GDPR) if you dispute data accuracy, the processing is unlawful but you refuse the deletion; if the Data Controller no longer needs the data but you need it to assert, exercise or defend legal claims or if you have lodged an objection to the processing according to Article 21 GDPR,
- the right to data portability according to Article 20 GDPR, i.e. the right to have selected data stored by us about you transferred in a structured, machine-readable format, or to demand its transmission to another data controller
- the right to appeal to a supervisory authority. As a rule, you can contact the supervisory authority at your usual place of residence or work or at our company headquarters.
You can assert the aforementioned rights you are entitled to at email@example.com
1.7.2. Right of Objection
Under the conditions of Article 21 para. 1 GDPR, data processing may be objected to for reasons arising from the specific situation of the data subject.
1.7.3. Right of Withdrawal
Insofar as we process data based on your consent, you are entitled to revoke the consent given at any time. The consent revocation does not result in the ineffectiveness of the consent-based data processing carried out up to the time of revocation.