Privacy Policy

Date: Jan 26 2024

1. Information on the collection of personal data

1.1 Personal data

This section provides details on the processing of personal data when you use our website. "Personal data" refers to any information that can be personally associated with you, such as your name, address, email addresses, and user behavior. We aim to keep you informed about our data processing practices and to fulfill our legal obligations, particularly those set forth in the EU General Data Protection Regulation (GDPR).

1.2 Data controller

The responsible party (data controller) as defined by Article 4(7) of the GDPR is: OBLights, Email: service@oblights.com.

2. Processing of personal data when visiting our website

When you visit our website for informational purposes only—that is, if you view the site without registering or submitting any additional information—we process the personal data that your browser sends to our servers. The following data is technically necessary for us to display our website to you and to guarantee both stability and security. The processing of this data is therefore essential. The legal basis for this processing is found in Article 6(1)(f) of the GDPR:

(A) IP Address

(B) Date and time of the request

(D) Volume of data transmitted

(E) Browser type and version

3. Further functions and offers of our website

3.1 Overview of Services

Beyond the basic informational use of our website, we provide various services that you may engage with if interested, such as registering an account or purchasing goods. We also implement additional functionalities to facilitate sales, such as payment method selection, and to analyze or market our offerings. More details on these services are provided in Sections 4 and 5. To utilize these services, you may need to provide additional personal data, which we process to deliver the respective services. The data processing principles outlined previously apply universally across all described purposes.

3.2 Utilization of External Service Providers

In certain instances, we employ external service providers to manage your data—this includes payment processors and shipping companies, further elaborated in Sections 5 and 6. These providers are meticulously selected, obliged to follow our directives, and are subject to regular evaluations to ensure compliance.

3.3 Engagement with Additional Third Parties

Additionally, we may share your personal data with third parties not previously specified within this privacy policy when offering access to special promotions, competitions, contractual agreements, or similar services alongside our partners. Depending on the service, these partners may also independently collect data under their own authority. You will be provided with more detailed information at the point of data submission or within the description of the specific offerings.

3.4 Partners Outside the EEA

Should any of our service providers or partners be located outside the European Economic Area (EEA), we will specifically inform you about the implications of this arrangement within the offer description.

4. Processing of Personal Data for Communication and Account Registration

When you reach out to us via email or through a contact form, we store the data you provide—such as your email address, name, and if applicable, your telephone number—to respond to your inquiries. Upon registering a customer account with us, we collect only the information that you voluntarily provide. This may include:

(A) Your first and last names, and potentially your title or username.

(B) Login details: your email address and a password of your choosing.

(D) Any additional personal details and interests you choose to share with us.

5. Processing of personal data when you make a purchase with us

5.1 Shopping information

When you make a purchase from our online store, we collect data related to your shopping activity. This shopping data varies depending on the type of purchase you make and the current status of your order. The details we gather include:

(A) Information about the items you purchase, such as name, price, and model.

(B) Your order number.

(D) Status of delivery and payment, for example, whether they are "completed" or "dispatched."

(E) Communications related to your purchases, including any complaints or messages to customer service.

(F) The status of any returns, such as "ongoing."

(G) Details about the service providers involved, like the shipment tracking numbers from parcel services.

5.2 Payment details

We offer various payment options, including credit card, PayPal, and others. To process your payment, we collect the payment details you provide. We also obtain additional payment information from external payment service providers and credit agencies with whom we work to execute payments and perform credit checks. The information shared with our payment service providers is limited to what is necessary for processing payments.

The collected payment details typically include:

(A) Billing addresses.

(B) Your chosen payment method.

(D) Credit card information.

Additional details used in the payment processing and credit checking, such as a PayPal ID when using PayPal.

5.3 Transfer of data on outstanding debts to collection service providers

If there are outstanding invoices that remain unpaid despite repeated reminders, we may either pass on the necessary data to a collection service provider to recover the debt or sell the debt to a collection agency that will then pursue the claim in its own name.

Legal Basis:

The transfer of data for the purpose of fiduciary debt collection is based on Article 6(1)(b) of the GDPR.

Data transfer for the purpose of selling debt is based on Article 6 (1) f GDPR.

6. Cookie

6.1 Overview of Cookie Usage

We utilize cookies, tags, web pixels, and similar technologies to automatically gather information on our Services. These tools, primarily bits of code, are implemented by our technology partners and typically collect non-personally identifiable information. Where legally required, we will seek your consent prior to deploying cookies or similar tracking technologies. This section outlines our cookie usage and offers you control options, particularly for advertising-related purposes. We commit to not using cookies or similar tracking technologies that process your personal data, except for those deemed Strictly Necessary, unless you explicitly consent via our site’s cookie banner or consent manager. You can withdraw your consent or modify your preferences at any time through the “Manage Cookies” link located in the website footer.

6.2 Types and Purposes of Cookies

Cookies are small files transferred to your device’s hard drive through your web browser, enabling the site or service provider’s systems to recognize your browser and capture and remember certain information.

We utilize cookies in the following ways:

Strictly Necessary Cookies: These are crucial for the operation of our Services, such as accessing secure areas. Without them, certain functionalities cannot be provided. These cookies do not collect information for marketing purposes and cannot be disabled.
Functional Cookies: These cookies store your preferences and tailor our Services to enhance functionality and personalization. For instance, they may remember your name or preferences on our site. Functional cookies are not used for direct marketing, and disabling them may affect the functionality of our Services.
Performance or Analytic Cookies: These cookies help us understand how you engage with our Services by collecting passive information about your activities, such as visited pages and clicked links. The insights gained are used to optimize our Services. These cookies are not used for marketing and can be disabled.
Advertising or Targeting Cookies: Used to enhance the relevance of advertising messages. They help avoid the repeated appearance of the same ad, ensure ads are correctly displayed, and sometimes choose ads based on your interests. Our third-party advertising partners may utilize these cookies to create a profile of your interests and deliver pertinent ads on other sites. You can disable these cookies if you choose.

Each type of cookie serves a specific function, from ensuring the proper functionality of our Services to enhancing user experience and optimizing service performance. Your control over these cookies is facilitated through easy-to-navigate consent settings, ensuring a personalized and compliant browsing experience.

6.3 Your Choices Regarding Cookies

You have control over how cookies are handled via your browser settings. Most browsers provide a 'Help' feature that explains how to stop accepting new cookies, how to receive notifications for new cookies, how to disable cookies, and how to set when cookies should expire. If you choose to block all cookies, neither we nor any third parties can transfer cookies to your browser. However, this may mean you'll need to manually adjust certain settings each time you visit websites, and some services and functionalities may not work properly.

6.4 Use of Web Pixels

We employ conversion pixels and web pixels to track user interactions on our website. Conversion pixels trigger a snippet of code when users perform specific actions like clicking buttons or filling out forms, helping us record these events. Web pixels assist in analyzing usage patterns, enabling us to track visits to specific pages and gather data on how our site is accessed by various devices and browsers.

6.5 Analytics Services

To monitor and analyze the performance of our Services, we engage third-party service providers. Currently, we utilize Google Analytics, a service that helps us track and report on traffic across our Site. For detailed information on how Google handles privacy, please visit their Privacy & Terms web page at: Google Privacy & Terms. For those wishing to opt out of their data being used by Google Analytics, Google offers an Opt-out Browser Add-on, available here: Google Analytics Opt-out.

6.6 Behavioral Remarketing

We employ remarketing strategies to present advertisements on third-party websites after you have visited our Services. This process involves grouping visitors based on certain behaviors on our Services, such as the duration of a visit, to better understand your preferences and subsequently display personalized ads to you, even when you are browsing other sites within the Google advertising network.

Tools and Services for Remarketing:

Google Ads: This remarketing service is provided by Google. If you prefer not to participate, you can opt out by visiting the Google Ads Settings page: Google Ads Settings.

Should Google Ads involve the collection of personal data, the responsibility lies with Google Ireland Ltd., located at Gordon House, Barrow Street, Dublin 4, Ireland.
Bing Ads: Operated by Microsoft Ireland Operations Limited, located at One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. For details on Microsoft’s data handling practices, visit their privacy statement at Microsoft Privacy. Upon engaging with our site through Bing Ads, a cookie will be placed on your device. Our site also integrates a Universal Event Tracking tag that, in collaboration with the cookie, captures details of your site usage, such as visit duration, accessed sections, and the pathways leading to our site. Microsoft may also perform cross-device tracking to monitor your activities across various devices. This data is sent to a Microsoft server in the USA. If Bing Ads collects personal data, you will have the option to consent via the cookie banner on our Services.
Facebook Ads: Through Facebook Business Tools, we display interest-based advertisements when you use Facebook. To adjust your ad preferences or disable personalized ads by Facebook, visit Facebook's Ad Preferences. Your personal information is not shared with Facebook. Additionally, we may target ads to audiences with similar traits to yours by encrypting and uploading a list of email addresses to Facebook, which then creates a lookalike audience and removes the list. We do not access identities within this lookalike audience unless they interact with our ads.

6.7 Additional Tracking Technologies

In addition to standard cookies, we utilize various Tracking Technologies to gather "clickstream" data, which can include information such as the domain name of your Internet service provider, the type of device you use, the IP address of your computer, your browser type and version, operating system and platform, the length of time you spend on our Site, the pages you view, the content you search for, and access times. We also assign unique identifiers to the devices or credentials used to access our Site to facilitate the same tracking purposes.

Our Site incorporates Java scripts, which are small pieces of code embedded in different parts of websites and applications to perform tasks like speeding up the refresh rate of specific features or monitoring the usage of various online components. We also use entity tags, HTTP code mechanisms that help your browser "cache" parts of websites for faster performance, and HTML5 local storage, which stores data from websites in your browser to enhance and speed up your experience during subsequent visits.

6.8 Do Not Track Settings

Some web browsers, such as Internet Explorer, Firefox, and Safari, offer the option to send "Do Not Track" (DNT) signals. However, as there is no standardized approach to DNT signals, our Site does not currently recognize or respond to DNT signals.

6.9 Managing Location Information

You have the option to control the sharing of your physical location information through your device's settings. You can prevent us or third parties from accessing this information by:

(a) Turning off location services in your device settings.
(b) Adjusting your mobile device or browser settings to deny certain websites or apps permission to access location information.

7. Transfer of data to third parties

7.1 Conditions for Data Transfer

We transfer your data to third parties only when it is permissible under German or European law. We collaborate closely with specific service providers, such as customer service operators (e.g., hotline services), technical service providers (e.g., data centers), and logistics companies (e.g., DHL, UPS, USPS, YunExpress). These providers are generally permitted to process your data on our behalf only under stringent contractual conditions. When processing orders, these service providers are given access to your data only within the scope and duration necessary to provide their services. If you make a purchase through one of our partners, we may share necessary shopping information with that partner—such as your name and delivery address—to facilitate the delivery of your order.

7.2 Engagement with Technical Service Providers

To deliver our services effectively, we engage with various technical service providers. These include companies that manage our data infrastructure, among others. If these providers process your data outside the European Union, it may be subject to a different data protection standard than that of the European Union. In such instances, we take measures to ensure that these service providers adhere to an equivalent level of data protection, whether through contractual agreements or other means. This ensures that your personal information remains protected, regardless of geographic boundaries.

7.3 Payment service providers and credit agencies

We provide a variety of payment options, including advance payment, credit card, PayPal, and payment on invoice. To facilitate these transactions, we may transfer your payment data to the payment service providers we partner with. Detailed information on how these payment service providers process personal data can be found in their respective privacy policies.

7.4 Shipping companies

We collaborate with external shipping companies to fulfill orders. To ensure accurate delivery, we provide them with the necessary information:

(A) Your name
(B) Your delivery address
(C) Your postal number, if applicable (for deliveries to locations such as DHL packing stations)
(D) Your email address, if applicable (to notify you of the provisional delivery date)

7.5 Authorities and other third parties

In cases where we are required by law, such as through an official or judicial order, or for the purposes of legal proceedings, we may disclose your data to law enforcement or other relevant third parties. This action is taken only when necessary to comply with legal obligations or to assist in law enforcement efforts.

8. Retention and erasure of data

We retain your personal data for as long as necessary to fulfill the purposes outlined in this Privacy Notice, particularly to meet our contractual and legal obligations. We may also retain your data for additional purposes if permitted by law, such as for defending against legal claims.

Upon closure of your customer account, we will delete all data associated with your account unless legal stipulations necessitate that we retain or block it for further processing. In cases where data cannot be completely deleted due to legal requirements, we implement technical and organizational measures to ensure that access to such data is restricted. Access is limited to a select group of employees who need to know this data for specific purposes, such as during a tax audit.

Specific scenarios for data retention or blocking include:

(A) Legal Retention Obligations: Certain data, like order and payment details, may fall under retention obligations mandated by laws such as the Commercial Code (Handelsgesetzbuch, HGB) and the Tax Code (Abgabenordnung, AO). We are required to keep this data for up to ten years for tax and financial audits before it can be permanently deleted.
(B) Initial Blocking Instead of Deletion: In some cases, even if there is no legal retention requirement, we might opt to initially block the data rather than delete it immediately. This is particularly relevant when the data may be needed for further contractual obligations, or for legal defense or prosecution (e.g., in the case of complaints). The duration of this blocking is typically governed by the applicable statutory limitation periods. Once these periods have expired, the data will then be permanently deleted.

Furthermore, deletion of data may be deferred as permitted by law if making the data anonymous or pseudonymous removes or significantly impedes its utility for scientific research or statistical purposes.

9. Data Protection Measures

We employ robust technical and organizational safeguards to protect your personal data. Specifically, we secure data transmitted during order placement and through your customer login using SSL (Secure Socket Layer) encryption, ensuring that your personal information is transmitted safely.

10. Your rights

10.1 Rights as a Data Subject

As a data subject, you have specific rights regarding the personal data that we hold about you:

(A) Right to information,
(B) Right to rectification or erasure,
(C) Right to restrict processing,
(D) Right to object to processing,
(E) Right to data portability,
(F) Right to withdraw consent, if consent was the basis for the data processing.

10.2 Handling Information Requests

To safeguard your information from unauthorized access during information requests, please provide adequate proof of your identity when making such requests.

10.3 Withdrawing Consent

You may withdraw your consent to the processing of your personal data at any time. This withdrawal will affect the legality of processing your data after your notification but does not impact the processing that occurred prior to your withdrawal.

10.4 Objection to Processing Based on a Balancing of Interests

(A) If we process your personal data based on a balancing of interests, you have the right to object. This right is applicable particularly when the processing is not essential for fulfilling a contract with you. In your objection, please explain why we should not process your data as proposed. We will then reassess the situation and either stop the data processing, adjust it, or demonstrate compelling legitimate grounds to continue processing.
(B) You may object to the processing of your data for purposes of advertising and data analysis at any time. To opt-out of advertising, please use the contact details provided.

Additionally, you have the right to lodge a complaint with a data protection supervisory authority concerning our processing of your personal data. You can contact an authority in any EU member state, ideally in your place of residence, which will then coordinate with the appropriate supervisory body.

11. Changes to this Privacy Policy

As our website evolves or as changes in legal or regulatory frameworks occur, we may need to update this Privacy Notice. We recommend that you review this document periodically to stay informed about how we are protecting your data.

12. Data Protection Officer

Should you have any questions regarding your personal data or need further assistance regarding data protection, please contact our Data Protection Officer. You can reach out by sending an email to service@oblights.com with the subject line 'Data Protection Officer'.