Data Protection Policy

Version: June 15, 2018

cosnova GmbH (hereinafter referred to as "we" welcome your interest in our company and our L.O.V. products. It is therefore our concern that you feel safe with respect to the protection of your personal data when visiting our website lov.eu (hereinafter referred to as "website").

With this Data Protection Policy, we inform you about the type, scope and purpose of the personal data collected, used and processed when using our website. Personal data includes all data personally related to you, such as name, address, email addresses and user behaviour.

You can principally use our website without revealing your identity. If you wish to avail yourself of certain services on our website, e.g. if you like to order from our shop, the processing of your personal data is required. Via the following links, you can connect directly with the respective topics to find out how we use your personal data. You can also read, save and print this Data Protection Policy as an entire document.

Content of the Data Protection Policy: 
1. Information on the responsible data protection controller, data protection officer
2. Collection of personal data when visiting our website
3. Use of Google Analytics
4. Usage of our web shop
5. Incorporation of YouTube videos
6. Incorporation of Google Maps
7. Information regarding the newsletter
8. Our presence in social media
9. Your rights as data subject
10. Updating of the Data Protection Policy
11. Your contact to us, data processing when contacting us

1. Information on the responsible data protection controller, data protection officer

(a) The controller in terms of the Basic Data Protection Regulations and other national Data Protection Acts of the member states as well as other provisions according to the Data Protection Act is:
cosnova GmbH
Am Limespark 2
65843 Sulzbach
Phone: +49(0) 6196 / 76156-0
Fax: +49(0) 6196 / 76156-1298
Email: info@cosnova.com

More information about us is available in the imprint under [https://lov.eu/de-de/impressum-cms-page.imprint]

(b) The data protection officer of the controller is:
Moritz Görmann
CTM-COM GmbH
Wilhelm-Leuschner-Straße 33
64380 Roßdorf
Phone: 06154 - 57605-0
Fax: 06154 - 57605-29
www.ctm-com.de

2. Collection of personal data when visiting our website

(a) During the mere informational usage of the website, i.e. if you do not otherwise transmit information to us, we only collect the personal data transmitted to our server by your browser. If you wish to view our website, we collect the following data, which is technically necessary for us to display to you our website and to ensure stability and security (legal basis is Article 6 (1) S. 1 lit. f GDPR):
  • IP address
  • Date and time of enquiry
  • Content of requirement (specific page)
  • Website from which the enquiry originates
  • Browser
  • Operating system
The above-mentioned data is erased immediately if they are no longer required for the above-mentioned purposes, however maximally 30 days after we have collected the data.

(b) In addition to the previously specified data, Cookies are stored on your computer during the usage of our website. Cookies are small text files which are stored on your hard drive allocated to the browser used by you and through which the location which places the Cookie (in this case we) receives certain information. Cookies cannot execute programs or transfer viruses to your computer. The serve to make the overall internet offer more user-friendly and effective.

(c) Use of Cookies:

(aa) This website uses the following types of Cookies; their extent and functionality is explained below:

Transient Cookies (see bb)
Persistent Cookies (see cc). 

(bb) Transient Cookies are automatically deleted as soon as you close the browser. They particularly include the session Cookies. These store a so-called session ID, with which different requests of your browser can be assigned to the common session. As a result, your computer can be recognised when you return to our website. The Session Cookies are deleted when you log out our close the browser. Such a Cookie can, e.g., store the content of a shopping cart in an online shop or a log-in status.

(cc) Persistent Cookies are automatically deleted after a specified duration, which may vary depending on the Cookie. You can delete the Cookies at any time in the security settings of your browser.

(dd) You can configure your browser setting in accordance with your desires and, for example, reject the acceptance of Third-Party Cookies or all Cookies. Saved Cookies can be deleted in the systems settings of the browser. Please be aware that in this case you may not be able to use all functions of this website.

3. Use of Google Analytics

(a) This website uses Google analytics, a web analysis service of Google Inc. ("Google"). Google analytics uses so-called "Cookies", text files which are stored on your computer and permit the analysis of your usage of the website. The information regarding your usage of this website created with the Cookie is generally transmitted to a server of Google in the USA and stored there. However, if IP anonymization is activated on this website, your IP-address is initially limited within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Your full IP-address is only transmitted to a Google server in exceptional cases and limited there. Google will use this information on behalf of the operator of this website in order to evaluate your usage, to compile reports on website activity and to provide further services to the operator of the website related to the usage of the website and the Internet.

(b) The IP-address of your browser transmitted in the context of Google analytics is not linked with other data by Google.

(c) You can prevent the storing of Cookies with a respective setting of your browser software; however, we would like to inform you that in this case you might not be able to use all functions of this website to their full extent. You can furthermore prevent the compilation of data (incl. your IP-address) generated by the Cookie and related to your usage of the website to Google as well as the processing of this data by Google by downloading and installing the browser-Plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

(d) This website uses Google Analytics with the addendum "_anonymizeIp()". Thereby, IP addresses are processed in a truncated form and any personal association can be excluded. If the data collected about you can be allocated to a person, the reference is excluded immediately and the personal data is thus deleted without delay.

(e) We use Google Analytics, to analyse the usage of our website and improve it regularly. The obtained statistics help us to improve our offer and make it more interesting for you as the user. In the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. Legal basis for the usage of Google Analytics is Article 6 (1) S. 1 lit. f GDPR.

(f) Information of the provider of Google Analytics: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions: http://www.google.com/analytics/terms/de.html, 
Overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html, 
as well as the Data Protection Policy: http://www.google.de/intl/de/policies/privacy.

4. Usage of our web shop

(a) You can order from our web shop as a guest, i.e. without registration. Optionally, you can also establish a customer account ("account"). This has the advantage that you can log directly into your account by entering your email address and a password in the event of a future order, without having to re-enter your contact data. You also have other advantages, e.g. you can retrieve your order history at any time. Below, we inform you about the data processing in connection with an order as a guest as well as the data processing in connection with an account.

(b) If you would like to order from our website as a "guest", it is necessary for the conclusion of an agreement that you provide us with your personal data required for the processing of your order. Obligatory information required for the processing of agreements is especially tagged; in detail, they involve • Title, first name, surname • Email address • Address Further information, such as your phone number, is voluntary. Voluntary information can help us to improve our customer service, e.g. by contacting you at short notice in case of queries.

(c) You may furthermore establish an account, which allows us to store your data for subsequent purchases at a later date. When you establish an account, we also request the data which we require for the order as a guest (see above under (b)). In order to identify you, you are furthermore required to establish a password of your choosing. The accounts are not public and cannot be indexed by search engines. If you have established an account, you can erase it again at any time.

(d) When you place an order, we shall also process the contractual data (e.g. ordered goods, payment etc.) next to the personal data requested from you. We only process the data provided by you as well as the contractual data upon receipt of your order and/or - in the event of an account - your registration, and for the purpose of the appropriate processing or your order and the bilateral fulfilment of obligations based on the purchase agreement. Legal basis for this process is Article 6 (1) s. 1 lit. b GDPR. (e) Based on commercial and tax law specifications, we are obligated to store your address, payment and order data for the duration of ten years based on Article 6 (1) lit. c GDPR. However, we restrict processing after two years, i.e. your data is only used to comply with statutory obligations. If you have terminated your account, the respective data in terms of the account are erased, subject to their retention based on commercial or tax law according to Article 6 (1) lit. c GDPR. (f) The transfer of your personal data by us to third parties occurs based on Article 6 (1) sentence 1 lit. b GDPR and exclusively to the service partners involved in the context of contract processing, such as the logistics company commissioned with the delivery and the credit institute or external payment service provider you and we use for payment transactions (e.g. respectively with link to Data Protection Policy, PayPal (https://www.paypal.com/de/webapps/mpp/ua/privacy-full), Klarna (https://www.klarna.com/de/datenschutz/), Visa (https://www.visa.de/datenschutz), MasterCard (https://www.mastercard.de/de-de/datenschutz.html). However, the extent of the transmitted data in the event of a transfer of your personal data is limited to the necessary minimum.

5. Incorporation of YouTube videos

(a) We have incorporated YouTube Videos in our online offer based on our justified interests (i.e. interest in the optimisation of our online offer in terms of Article 6 (1) lit f GDPR), which are stored at http://www.YouTube.com and can be played directly from our website. They are all incorporate in such a manner that no data regarding you as a user is transferred to YouTube if you do not play the videos. The data mentioned in (2) is only transferred when you play the videos. We have no influence over this data transfer.

(b) By visiting the website, YouTube receives your IP address and the information that you have accessed the respective subpage of our website. This occurs regardless of whether YouTube provides a user account through which you are logged on, or whether a user account does not exist. If you log in at Google, your data is allocated directly to your account. If you do not wish the allocation with your profile at YouTube, you have to log out prior to the activation of the button. YouTube stores your data as usage profile and uses it for purposes of advertising, market research and/or the need-based design of its website. Such analysis occurs particularly (even for users who are not logged on) to provide need-based advertising and to inform other users of the social network of your activities on our website. You have the right of objection to the establishment of this user profile, whereby you have to contact YouTube to exercise this right.

(c) The Data Protection Policies of the provider furnishes you with further information regarding purpose and extent of the data collection and its processing by YouTube. There, you also receive further information regarding your rights in this context and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy. Google processes your personal data also in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

6. Incorporation of Google Maps

(a) Based on our justified interests (i.e. interest in the optimisation of our online offer in terms of Article 6 (1) lit f GDPR), we use the offer of Google Maps on this website. This allows us to show you interactive maps directly in the website and provide you with the comfortable usage of the map function, e.g. when using our Storefinder.
(b) By visiting the website, Google receives your IP address and the information that you have accessed the respective subpage of our website. This occurs regardless of whether Google provides a user account through which you are logged on, or whether a user account does not exist. If you log in at Google, your data is allocated directly to your account. If you do not wish the allocation with your profile at Google, you have to log out prior to the activation of the button. Google stores your data as usage profile and uses it for purposes of advertising, market research and/or the need-based design of its website. Such analysis occurs particularly (even for users who are not logged on) to provide need-based advertising and to inform other users of the social network of your activities on our website. You have the right of objection to the establishment of this user profile, whereby you have to contact Google to exercise this right.

(c) The Data Protection Policies of the provider furnishes you with further information regarding purpose and extent of the data collection and its processing by the plug-in provider. There, you also receive further information regarding your respective rights in this context and setting options to protect your privacy: http://www.google.de/intl/de/policies/privacy. Google processes your personal data also in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

7. Information regarding the newsletter

(a) With the following information, we inform you about the contents of our newsletters as well as registration, dispatch and the statistical analysis process as well as your rights of objection. We send newsletters via emails with commercial information (hereinafter referred to as "newsletter") only with the consent of the recipients or statutory permission. If the content of the newsletter is specifically defined in the context of a registration, they are decisive for the user's consent. For the remainder, our newsletters contain information regarding our products, offers, campaigns and our company.

(b) We use the so-called double-opt-in process for the registration for our newsletter. This means, you receive an email following your registration, which requests the confirmation of your registration. This confirmation is necessary to prevent anyone registering with third-party email addresses.

(c) The registrations for the newsletter are recorded in order to be able to verify the registration process in accordance with the legal requirements. This includes the storage of the time of registration and confirmation as well as the IP address. Also the changes of your data stored at MailChimp are recorded.

(d) The newsletter is dispatched via "MailChimp", a newsletter dispatch platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The data protection regulations of the dispatch service provider are available under: https://mailchimp.com/legal/privacy/. Rocket Science Group LLC d/b/a MailChimp is certified according to the Privacy Shield Treaty and thus provides a guarantee to comply with the European data protection level (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active). According to their information, the dispatch service provider can use the pseudonymous data, i.e. without allocation to a user, to optimise or improve their own services, e.g. for the technical optimisation of the dispatch and the illustration of the newsletters or for statistical purposes in order to determine the countries origin of the recipients. However, the dispatch service provider does not use the data of our newsletter recipients to contact them himself or to pass them on to third parties.

(e) To register for the newsletter, it is sufficient for you to provide your email address.

(f) The newsletters contain a so-called "web beacon", i.e. a pixel-size file, which is accessed when the newsletter is opened by the server of MailChimp. In the context of the access, technical information, such as information regarding the browser and your system as well as your IP address and the time of access is initially collected. This information is used for the technical improvement of the service based on technical data or the target groups and their reader behaviour based on their access locations (determinable with the aid of your IP address) or the access times. The statistical collection also includes the determination whether the newsletters are opened, when they are opened and which links are activated. Although this information can be allocated to the individual newsletter recipient due to technical reasons, however, it is neither our endeavour nor that of MailChimp to observe individual users. Rather, the analysis serves us to recognise the reading habits of our users in general and to adapt our contents to you or send different data in accordance to the interest of our users.

(g) The consent for the dispatch of the newsletter is based on your consent according to Article 6 (1) lit. a) and Article 7 GDPR as well as § 7 (2) No. 3 /. (3) UWG (Unfair Competition Act). The utilisation of the dispatch service provider MailChimp, execution of the statistic collections and analyses as well as the recording of the registration procedure occur based on our legitimate interest according to Article 6 (1) lit. f) GDPR. Our interest is based on the application of a user-friendly and secure newsletter system which serves our commercial interests as well as the expectations of the users.

(h) You can terminate the receipt of our newsletter at any time, e.g. withdraw your consent. The withdrawal of consent does not affect the legality of the newsletter dispach made on the basis of the consent until withdrawal. A link to terminate the newsletter is attached to the end of each newsletter. The personal data is deleted upon deregistration from the newsletter, unless their storage is required by law or is justified, whereby their processing is merely limited to these exceptional purposes in this case. We can store the deregistered email addresses for up to three years based on our legitimate interests according to Article 6 (1) lit. f) GDPR before we delete them for the purpose of the newsletter dispatch, in order to verify a once given consent. Processing of this data is limited to the purpose of an possible prevention of claims. An individual application for erasure is possible at any time if the former existence of a consent is confirmed at the same time.

8. Our presence in social media

(a) We also maintain online presence in social media, such as Facebook and Instagram for which we provide a link on our website. This occurs based on our legitimate interests to inform about our offer and to communicate with customers, prospective customers and users. Legal basis for this process is Article 6 (1) lit. f. GDPR. When accessing the respective networks and platforms, the general terms and conditions and data protection directives of the respective operators apply, which are beyond our sphere of influence. In the process, data can also be processed outside of the European Union.

(b) When you use such a social network, your data is generally processed for market research and advertising purposes. Thus, it is possible to established usage profiles from the usage pattern and the resulting interests of the users. In turn, the user profiles can be used to, for example, advertisements in an outside of the platform, which presumably equates to the interests of the users. For these purposes, cookies are generally stored on the computers of the users, in which the usage pattern and the interests of the users are stored. Furthermore, also data irrespective of the devises utilised by the users can be stored (particularly if the users are members of the respective platforms and are logged in to them).

(c) For a detailed illustration of the respective processing and the options to object (opt-out), we refer to the information links of the providers below.

We also point out that any information enquiries and the assertion of rights are most effective if directed to the providers. Only the providers have respective access to user data, can take appropriate measures and provide information directly. If you still require assistance, please do not hesitate to contact us.

(aa) Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) – Data Protection Policy: https://www.facebook.com/about/privacy/, Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

(bb) Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) – Data Protection Policy/ Opt-Out: http://instagram.com/about/legal/privacy/.

9. Your rights as data subject

(a) Right of access by the data subject Upon request, you are entitled to receive information from us at any time regarding your personal data processed by us in accordance with Article 15 GDPR. For this purpose, you can send an application by post or email to the address listed below.

(b) Right to the rectification of incorrect personal data You are entitled to demand the immediate correction of any errors pertaining to your personal data. For this purpose, please contact the address listed below.

(c) Right to erasure According to the prerequisites specified in Article 17 GDPR, you are entitled to demand the erasure of your personal data. These prerequisites for erasure particularly include if the personal data is no longer necessary for purposes for which it was collected or processed in any other manner, as well as in cases of illegal processing, the existence of an objection or the obligation for erasure according to the laws of the European Union or the laws of the member state governing us. In order to assert your rights, please contact the addresses listed below.

(d) Right to restriction of processing You are entitled to demand the restriction of processing according to the specifications of Article 18 GDPR. This right exists particularly if the correctness of the personal data is disputed between the user and us, for the duration required to verify the correctness as well as in the event that the user requests limited processing instead of deletion in the case of an existing right to deletion, furthermore in the event that the data is no longer required for the purposes pursued by us, yet the user requires them to assert, exercise or defend legal claims, if the successful execution of an objection between the customer and us is still contested. In order to assert your right of restriction of processing, please contact the addresses listed below.

(e) Right to data portability You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format according to the specifications of Article 20 GDPR. In order to assert your right of data portability, please contact the addresses listed below.

(f) Right of objection According to Article 21 GDPR, you have the right to lodge an objection to the processing of your personal data for reasons arising from your special situation, among other based on Article 6 (1) lit. e) or f) GDPR. We will stop the processing of your personal data, unless we are able to prove mandatory reasons for the processing worthy of protection which outweigh your interests, rights and freedoms or if the processing serves to assert, exercise or defend legal claims.

(g) Right to withdraw (in the event of a granted consent) According to Article 7 (3) GDPR, you are entitled to withdraw your granted consents effective for the future at any time. The withdrawal of consent shall not affect the legitimacy of the processing carried out on the basis of the consent until withdrawal.

(h) Right to lodge a complaint You are furthermore entitled to contact the supervisory authority in case of complaints. The supervisory authority responsible for us is:

The Hessian Data Protection Controller
Gustav-Stresemann-Ring 1, 65189 Wiesbaden
P O Box 31 63, 65021 Wiesbaden
Phone: 0611 14080
Fax: 0611 1408 - 900
Email: poststelle@datenschutz.hessen.de
Internet: http://www.datenschutz.hessen.de

10. Updating of the Data Protection Policy

The status of this Data Protection Policy is 15 June 2018 . Changes of our offer may make it necessary to also change this Data Protection Policy. For this reason, please inform yourself of the content of this Data Protection Policy on a regular basis. We will also inform you as soon as the changes require your cooperation (e.g. consent) or if any other individual notification is required.

11. Your contact to us, data processing when contacting us

(1) If you have questions regarding the handling of your personal data in connection with the use of this App, you are welcome to contact service@lov.eu

(2) If you contact us via email (e.g. to the address specified above), the personal data transmitted with your email is stored. The data is not transmitted to third parties. The data is used exclusively to process the conversation.

(3) Article 6 (1) lit f. GDPR is the legal basis for the processing of the data transmitted in the course of forwarding an email. This data serves solely for our processing of the contact; this also includes the necessary legitimate interest in the processing of the data in terms of Article 6 (1) lit. f GDPR. The data is deleted as soon as the purpose of its recording ceases to exist, which is the case if the respective conversation with the user is terminated. The conversation is terminated once the circumstances reveal that the respective situation is conclusively settled.