PEZ MyHEAD App Data Protection

Data Protection

Data protection

The controller under the terms of data-protection legislation is:

PEZ International GmbH (hereinafter: PEZ)

Eduard-Haas-Strasse 25, 4050 Traun, AUSTRIA

Tel.: 0043/732/38 999-0
Fax: 0043/732/38 999-88
e-mail: office@pez.at

Web: www.pez.com

Business Identification No.: ATU63753968
Companies Register: 297904w, Linz State Court

Purpose of business: manufacture of and trade in confectionary

We take the protection of your personal data very seriously. We treat your personal data as confidential, in accordance with the statutory data-protection rules and with this Data Protection Notice. Use of our PEZ MyHEAD app (hereinafter called “app”) is as a rule only possible if personal data are supplied. Insofar as personal data (such as photograph, name, address or e-mail addresses) are collected, this will be done, as far as possible, on a voluntary basis at all times. These data will not be passed on to third parties without your express permission.

The services provided on the PEZ MyHEAD app are supplied in exclusive collaboration with INFABITY Innovation GmbH (hereinafter called “INFABITY”), Peter-Behrens-Platz 6, Haus SMART, 3rd Floor, 4020 Linz, phone: +43/732/287070, e-mail: office(at)infabity.at, web: www.infabity.at, Companies Register 515383 t (Linz Regional Court), Business ID: ATU74680525, whereby INFABITY, on the basis of the app, produces personalised PEZ heads via 3-D printing, and handles the associated order process via the app, the product composition and packaging, the billing and dispatch of the product.

Capture of general information

When you make use of our app, information of a general nature is captured, which your browser transmits to our server (so-called “server log files”). These server log files comprise such items as the domain name of your internet service provider, and similar information. The information in question is of a kind which allows of no conclusions to be drawn as to you personally. This information is technically necessary in order to supply the contents which you have requested on the app correctly and are compulsory when using the internet. Anonymous information of this kind is evaluated by us statistically, in order to optimise our internet presentation and the technicalities behind it.

The data involved are the following, technically requisite data, in order to display the app to you:

Date and time at the moment of access
IP address used (if necessary: in anonymised form)

Processing will be carried out pursuant to Article 6 (1) (f) of the GDPR, based on our legitimate interest in the improvement to the stability and functionality of our app. No further transmission or other use of these data will be made. We reserve the right, however, to scrutinise the log files retrospectively, should concrete indications suggest any illegal use.

Personal data

Personal data are statements of the material or personal relations of a particular or determinable natural person. Statistical data, which for example we collect on visiting our app, and which cannot be linked with you as a person, are not covered by this term.

Personal data, such as your photograph, your name, your address, your e-mail address and other supply data of which you inform us by way of your order, the app user account and your enquiry via e-mail, will be collected and processed insofar as this is necessary for handling your order or answering your query.

Your contact data will be used in a strictly targeted way for notifications of updates which we are obliged to make and for this purpose will be processed by us only insofar as this is required for the information in question. We will collect, save and process your data for the whole time involved in the handling of your purchase, of your user account or enquiry, including any later guarantees, for the provision of our services and in accordance with the statutory (particularly fiscal) storage periods.

Insofar as we have an obligation under a contract to that effect to provide updates for goods with digital elements or for digital products, we shall process the contact details transmitted upon your order (name, address, mailing address), in order to inform you personally, as part of our statutory duties of information under Article 6 (1) (c) of the GDPR, via a suitable communication channel (e.g. post or e-mail) of impending updates within the period prescribed by law.

No further transmission of your data to third parties will be made, unless INFABITY or PEZ is entitled or obliged to pass them on for legal reasons. Insofar as is necessary in contract handling for delivery and payment purposes, the personal data collected will be passed on to commissioned service provides in accordance with Article 6 (1) (b) of the GDPR; therefore, this will not include the necessary further transmission of data pursuant to the organisational or technical handling of the order. These may be:

External service providers for the purchase handling by way of the app, that is in particular INFABITY;
Logistics-services providers, in order to send you goods, documents or other items;
Insurers, in the event of any claims being brought against us;
Payment-services providers and banks, for handling payments;
IT-service providers for administering and hosting your app;
Legal advisers when bringing or defending claims.

The data so passed on must be used by our service providers solely for fulfilment of their task. Any other use of this information will not be permitted, nor will it be made by any of the service providers commissioned by ourselves.

Insofar in the exceptional case as companies belonging to the PEZ Group or data processers so commissioned are located outside the European Economic Area, care will be taken in such case to ensure the guarantee of an adequate level of data protection and compliance with the relevant data-protection regulations. No transmission of data over and above this to any third country is intended.

Purposes of data processing

We shall process your personal data on visiting our app for the following purposes:

To provide you with this app and to improve and develop it further
To produce usage statistics
To recognise attacks upon our app, to prevent and investigate them
To respond to your enquiries.

Legal basis of processing

Data processing will be carried out in accordance with the statutory provisions of Section 96, Paragraph 3 of the German Telecommunications Act (TKG) and Article 6 (1) (a) (consent) and/or (f) (legitimate interest) of the GDPR. Our intention under the terms of the GDPR (legitimate interest) is the improvement of our product and of our online presence. Since our users‘ private sphere is important to us, the user data are pseudonymised.

The purposes of processing in detail:

Summary:

A so-called Installation ID is created by the software library, which will govern communication with the server and user accounts: this is an identification number which unambiguously identifies an app installation on a device (even if otherwise no information of any kind is known about the user). Should the user delete the app and re-install it, he will then be allocated a new Installation ID. It is therefore not possible (because no push notifications are sent) to prevent the production of this Installation ID.

When launching the app, an anonymised user is created, who needs no login or password of any kind. Purpose: all data created while using the app can be matched with the anonymised user.

If an app user account is created by yourself, then the anonymised user will be converted to a user with an e-mail address. We shall then save the e-mail address and the encrypted password belonging to it.

The speech setting on the telephone (German or English as alternative). Purpose: the app language and the e-mails for e.g. password reset or checkout etc., are to be displayed in the right language.

By using the app, photographs are produced and 3-D models based on these, which are then passed on to the back-end system (photographs and models). Still further variations of the 3-D model are produced there , so that these can be printed with the 3-D printer.

App user account

The app itself can also be used with an anonymised app user account. As soon as you, as a user, wish to alter data, however, you must use a non-anonymised app user account with password protection. By means of the app user account you can inspect your orders, either concluded or pending or recently sent, and in these account screens manage your personal data, or these will be automatically incorporated when an order is executed. Except for the e-mail address, the address data and the first and surname will be saved under encryption in the database. Account screens therefore contain that area in the app where you can alter your user data, e.g., view orders, change e-mail address or addresses; apply for “erase account”; access to General Terms & Conditions of Business, Data Protection Notice, licence texts, help and contact.

You agree to treat the personal access data in confidence and not to supply them to any unauthorised third party. We cannot undertake any liability for misused passwords, unless we were responsible for such misuse. Please note that you remain automatically logged in unless you log out.

Purchase handling

By virtue of concluding your online order you expressly allow us to process the personal data which you have given for handling your purchase and dispatching your order. We need your e-mail address in order that we may confirm receipt of order to you. You will further receive your order and dispatch confirmation via your e-mail address. We also need your e-mail address to be able to communicate with you in case of queries relating to your order or should there be delivery problems.

Cookies

To design the visit to our app in an attractive way and to enable the use of certain functions, we use so-called cookies on various displays within the app (app screens). We use cookies to be able to supply particular functionalities on the app screens.

What is a cookie?

Cookies are text files, usually consisting of letters and numbers, which are stored when visiting certain websites or apps on the user’s computer. Some of the cookies we use are erased again following the end of the browser session, i.e., after you close your browser (so-called session cookies). Other cookies remain in your device and enable us or our partner companies (third-party suppliers‘ cookies) to recognise your browser again when you next visit (persistent cookies). If cookies are placed, they collect and process this information determined to an individual extent, such as browser and location data and IP address values. Persistent cookies are automatically erased after a prescribed period, which may differ depending on the cookie. Cookies cannot be used to launch programs or to transmit viruses to a computer. Using the information contained in cookies, we can make the navigation easier for you and enable the concrete display of app screens. Some cookies are important for the functionalities of the app views and we activate them automatically when the users visit them. Some cookies enable us to offer the services and functions which reflect most nearly the users‘ requirements, and to adapt our service for you in such a way that you are assured of a simple and rapid service.

On the Shopify checkout (page 6) only technically necessary cookies are used, but no tracking cookies – so to that extent any change to the cookie settings is not possible, in order to guarantee the function.

Insofar as personal data are processed through individual cookies which we have implemented, such processing will be carried out in accordance with Article 6 (1) (b) of the GDP, either to execute the contract in accordance with Article 6 (1) (f) of the GDP, or to exercise our legitimate interest in the best possible functionality of the website and a customer-friendly and effective arrangement of the page visit.

In certain circumstances we work together with advertising partners, who help us to make our online presentation more interesting to you. For this purpose, when you visit our website, in this case cookies from partner companies will also be saved on your hard disc (cookies from third-party suppliers). Whenever we work with foregoing advertising partners, you will find the notification to this effect in the Data Protection Notice.

Please note that you can so adjust your browser as to ensure that you are informed when cookies are placed and to decide individually on their acceptance, or to be able to exclude the acceptance of cookies in particular cases or in general. Every browser varies in the way by which it manages cookie settings. This is set out in the help menu of every browser, which will tell you how you can alter your cookies settings. You will find these for the browser in question under the following links:

Please note, if you do not accept cookies, the functionality of the app is impaired.

Tracking and Analysis

We use tracking and analysis tools to secure the continuous optimisation of our app, to assure the orientation of its design to the requirements of its use, to record statistics on visitors’ use of the app and to utilise the information thus gained to further the development of our product line for you. These interests constitute the legal grounds for the use of the tracking and analysis tools described below in compliance with point (f) of Art. 6(1) GDPR. If you have given your consent to the use of cookies, the lawfulness of the use of tracking and analysis tools within the scope of your consent is also governed by point (a) of Art. 6(1) GDPR. The tracking and analysis tools use cookies. A description of the specific cookies and their categorisation can be found in the sections ‘Cookies’ and ‘What is a cookie?’

We use the tracking and analysis tools described below.

Meta Marketing Services

Description and scope of data processing

The use of pixels from Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland; ‘Meta’) on our website allows the tracking of the behaviour of any user who has been redirected to our website by clicking on a meta ad. Data collected in this manner are anonymous to us, i.e. we cannot view the personal data of individual users. These data are stored and processed by Meta, however, which is why we call your attention to these circumstances. Meta can attribute this information to your Meta account and use it for its own advertising purposes in accordance with its privacy policy. For additional information on this use, please refer to Meta’s privacy policy.

You can permit Meta and its partners to place advertisements, including advertisements from Meta, on Meta sites, and this may result in the storage of a cookie on your computer.

We use the Meta App Events Service. Meta provides us in this respect solely with an aggregated analysis of user behaviour in our app. We have no further control over the information App Events processes via Meta.

Purpose and legal grounds for the data processing

Using pixels, we can measure the effectiveness of Meta advertisements while the use of App Events allows us to track the reach of our advertising campaigns. The placement of advertisements serves to provide you with targeted information.

The legal grounds for the processing within the framework of Meta Marketing Services is point (a) of Art. 6(1) GDPR (consent). Meta has guaranteed its compliance by signing the EU standard contractual clauses described in Art. 44 et seqq. GDPR.

You can object to the collection of data using Meta pixels or the use of your data for the display of Meta advertisements by changing the appropriate settings in your Facebook account. There is a link to the account settings below. If you wish to object to the use of App Events, you may send us an informal email to this effect at any time.

Objection to the use of your data: https://www.facebook.com/settings?tab=ads

Google Ads

We use the online advertising program ‘Google Ads’ and the conversion tracking that is a part of Google Ads. Google Conversion Tracking is an analysis service of Google, Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) or Google Ireland Ltd., Ireland (‘Google’). Consequently, data transfers to third countries are possible. Standard contractual clauses pursuant to Art. 46 GDPR have been concluded as adequate guarantees. Any adequacy decisions that have been issued to third countries/companies apply as well.

Whenever you click on an advertisement placed by Google, a cookie for conversion tracking is stored on your computer. These cookies become invalid after 30 days and do not contain any personal data; they can consequently not be used for identification of specific individuals.

If certain websites redirect you to our app and the cookie has not yet expired, both Google and our company recognise that you have clicked on the advertisement and have been redirected to our app. A unique cookie is issued to every Google Ads customer, rendering the tracking of any cookies using the app impossible. The information obtained by the use of the conversion cookies serves the preparation of conversion statistics for Ads customers who have decided to use conversion tracking. These statistics allow customers to determine the total number of users who have clicked on their advertisement and have been redirected to a site marked with a conversion tracking tag. They do not, however, receive any information that can be used to identify users personally.

The marketing tools in use here cause your browser to establish automatically a direct connection to the Google server. We have no control over the scope and further use of any data Google collects by the use of this tool and can state solely that, to the best of our knowledge, the integration of Ads Conversion results in Google receiving the information that you have visited a particular part of our website or clicked on one of our advertisements.

If you do not wish to allow the tracking, you can object to its use by setting your browser software to prevent the installation of cookies (disable option). Your data will then not be included in the conversion tracking statistics. Additional information and Google’s privacy policy can be viewed at http://www.google.com/policies/technologies/ads/ and http://www.google.de/policies/privacy/.

If and when you are registered with a Google service, Google can attribute the visit to your account. Even if you have not registered with Google or have not logged in, it is nevertheless possible that Google will learn and store your IP address.

etracker

The provider of this app uses services of etracker GmbH in Hamburg, Germany (www.etracker.com) for the analysis of usage data. By default, we do not use any cookies for web analytics. If and when we wish to use cookies for analysis and optimisation, we will obtain your explicit consent in advance in a separate statement. If and when we request, and you grant, your consent, cookies will be used to obtain a statistical reach analysis of this website, to measure the success of our online marketing actions and to test procedures, e.g. to test and optimise various versions of our online product lines or their components. Cookies are small text files that are stored on the user’s end device by the internet browser. etracker cookies do not contain any information that would permit the identification of a specific user.

The data generated using etracker are processed and stored by etracker on behalf of the provider of this website solely and exclusively in Germany and are therefore subject to the strict German and European data protection laws and standards. etracker has been independently audited, certified and awarded the data protection seal of approval ePrivacyseal.

Data are processed in compliance with the legal provisions of point (f) of Art. 6(1) (legitimate interest) of the EU General Data Protection Regulation (GDPR). Our interest within the sense of the GDPR (legitimate interest) is the optimisation of our online services and our website. As the privacy of our visitors is important to us, data that may permit a reference to an individual person, such as the IP address and login or device identifiers, are anonymised or pseudonymised as soon as possible. Data are not used for any other purpose, merged with other data or transferred to third parties.

You may object to the data processing described above at any time. Your objection has no unfavourable consequences for you.

Additional information about etracker’s privacy policy is available here.

Apple Search Ads

Description and scope of data processing

We use Apple Search Ads (a product of Apple, Inc., One Apple Park Way, Cupertino, CA 95014, USA) to display targeted advertisements in the Apple App Store for certain customer segments. A customer segment is defined as a group of people with similar characteristics, whereby each segment must comprise a minimum of 5,000 people to ensure that the targeting is not aimed specifically at any individual customer. Apple Search Ads does not follow/track individuals, which means that user or device data from Apple apps are not linked to user or device data collected by third-party providers for the purposes of targeting or measuring advertising activities. In addition, Apple Search Ads does not transfer any user or device data to data brokers. Apple Pay transactions and data from a user’s Health App and Home Kit App are not used by Apple Search Ads to display advertisements.

Apple Search Ads may use the following data to ensure the delivery of relevant advertisements:

Information that customers have entered in their Apple ID account (account data)
Information that we as Forget Finance use to describe and categorise our app ourselves, analysis results of anonymously evaluated search histories, App Store downloads, search activities in the Apple App Store and in-app purchases (collectively: App Store data)
Transactions in the Apple App Store such as downloaded apps and any in-app purchases (data from app transactions)
Device type, iOS version used, time of day, location, search query and information about the page a customer is viewing or the app they are downloading again (collectively: context information).

Purpose and legal grounds for the data processing

The use of Apple Search Ads enables us to deliver targeted advertisements in the Apple App Store that match your interests. All advertisements are identified as ‘Advertisement’ so that you as a customer can recognise them as placements of paid advertising. You can click on the identifying marker to display the information that was used to place the advertisement.

The legal grounds for the processing of your data by Apple Search Ads are set forth in point (f) of Art. 6(1) GDPR (legitimate interest).

You the user can view and restrict the information Apple uses to deliver relevant ads to you by choosing whether to activate the ‘Personalised advertising’ setting. You can also choose whether location-based information may be used to determine what advertisements you see. You will find more information about the settings for advertisements at https://support.apple.com/en-gb/HT202074

Software used as part of the app

The software used is based on Unity3D: https://unity.com/legal/privacy-policy; FAQs for app users:

https://unity.com/legal/game-player-and-app-user-privacy-faq. We currently use neither Unity Analytics nor the Unity Ad Service, i.e., Unity collects the listed data in response to the FAQ query:

“I play a game that was built with or uses certain Unity software, what should I know?” but no further ones which apply to Unity Analytics or the Unity Ad Service.

Installation ID

Die Installation ID is created by the software library which governs communication with the server and user accounts. The purpose is for push notifications. It is not possible, however (because we do not send any push notifications) to prevent the creation of this Installation ID.

Deep-Image

Deep-Image is an applicapersotion for editing photographs and videos; it is a product of Deep-Image.AI Sp. z o.o., which is located at Cyfrowa Str. 6/317, 71-441, Szczecin, Poland. Various aspects such as resolution and colours in photographs and videos can be improved when using Deep-Image. A further feature is the possibility to generate new images using AI. No facial recognition activities are performed when using Deep-Image to edit or enhance photographs and videos or when utilising the generative technologies. You retain control over the images that you upload, enhance and generate with Deep-Image. Deep-Image.AI Sp. z o.o. neither trades nor asserts any claims of ownership to any of the images — regardless of whether Deep-Image is used to edit existing images or to generate new ones. Images are also not used to train the AI technologies unless you expressly decide to permit this use. Your images are protected by the implementation of appropriate security measures in conformity with data protection laws and legal requirements, including encryption and cloud storage for greater security. Click on the following link for questions about privacy policy (data protection regulations pursuant to Regulation (EU) 2016/679 — General Data Protection Regulation (‘GDPR’)) and Polish law: https://deep-image.ai/privacy-policy.html.

Use of Shopify as payment service

Shopify Checkout uses both cookies and a storage area in the browser for the checkout. The privacy policy can be retrieved under the following link:

https://www.shopify.com/legal/privacy

Passing on personal data to shipping providers

You will find the current shipping provider plus processing of personal data under the “Shipping” tab.

Embedded YouTube videos

Should YouTube videos be embedded on the app, these are supplied by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If a YouTube video is displayed within the app, a connection with YouTube’s servers is created. In this process YouTube is informed of which page you are visiting. When you are logged into your YouTube account, YouTube can match your surfing behaviour to you personally. You can prevent this by previously logging out of your YouTube account. Once a YouTube video is launched, the provider employs cookies which collect indications of your user behaviour. If you have deactivated the storage of cookies for the Google Ad program, you will not need to expect such cookies when viewing YouTube videos, either. YouTube, however, also saves non-personal usage information in other cookies. If you wish to prevent this, you must block the saving of cookies in your browser.

You will find further information on data protection at YouTube in the provider’s Data Protection Notice at: https://www.google.de/intl/de/policies/privacy/

Contact

Clicking on “Help and contact” in the app opens the e-mail program with the address: myhead-support@pez.at. If you get in touch with us by e-mail, the information you have given us will be saved for the purpose of processing the query and for possible subsequent questions. These data will not be passed on to third parties without consent. You can revoke this consent at any time. As a consequence of a revocation, we shall not be able to process your data from this time for the foregoing purposes. For a revocation, please contact us at myhead-support@pez.at

Erasure or blockage of data

We adhere to the principles of data avoidance and data economy. We shall save your personal data only as long as this is necessary to attain the purposes set out here or for the various statutory storage periods. Once the purpose in question no longer applies, or following expiry of these statutory periods, the data in question are routinely, and in accordance with statutory regulations, blocked or erased.

SSL encryption

To protect the security of your data when they are being transmitted, we use state-of-the-art encryption processes (e.g., SSL or TLS) via HTTPS.

Your rights to information, correction, blocking, erasure and objection

You have the right to receive information at any time about the personal data saved on our part. You likewise have the right to correction, blocking or, apart from the prescribed data saving for business processing, erasure of your personal data. For these purposes, please contact our Data Protection Officer. You will find the contact details at the foot of this page.

In order that a blockage on data can be taken into consideration at any time, these data must be held for monitoring purposes in a blockage file. You may also require erasure of the data, providing no statutory duty of archiving exists. Should such a duty exist, we shall block your data if desired. You may make changes or revoke a consent by sending us a notice to say so, with effect for the future.

We would like to point out that your personal 3-D data will automatically be erased two years after their processing has been completed.

Amendment to our data-protection provisions

We reserve the right to amend this Data Protection Notice occasionally, in order that it may fulfil current statutory requirements or to implement changes to our services in the Data Protection Notice, e.g., the introduction of new services. Your next visit will then be governed by the new Data Protection Notice.

Questions about the data-protection statement

If you have any questions about data protection, please write us an e-mail to datenschutz@pez.at. You will find further information about data protection and the text of the German Data Protection Act on the website of the Federal German Chancellor’s Office (www.bka.gv.at, www.ris.bka.gv.at).

Status: November 2024