Data Protection
Data protection
The controller under the terms of data-protection legislation is:
PEZ International GmbH (hereinafter: PEZ)
Eduard-Haas-Strasse 25, 4050 Traun, AUSTRIA
Tel.: 0043/732/38 999-0
Fax: 0043/732/38 999-88
e-mail: office@pez.at
Web: www.pez.com
Business Identification No.: ATU63753968
Companies Register: 297904w, Linz State Court
Purpose of business: manufacture of and trade in confectionary
We take the protection of your personal data very seriously. We treat your personal data as confidential, in accordance with the statutory data-protection rules and with this Data Protection Notice. Use of our PEZ MyHEAD app (hereinafter called “app”) is as a rule only possible if personal data are supplied. Insofar as personal data (such as photograph, name, address or e-mail addresses) are collected, this will be done, as far as possible, on a voluntary basis at all times. These data will not be passed on to third parties without your express permission.
The services provided on the PEZ MyHEAD app are supplied in exclusive collaboration with INFABITY Innovation GmbH (hereinafter called “INFABITY”), Peter-Behrens-Platz 6, Haus SMART, 3rd Floor, 4020 Linz, phone: +43/732/287070, e-mail: office(at)infabity.at, web: www.infabity.at, Companies Register 515383 t (Linz Regional Court), Business ID: ATU74680525, whereby INFABITY, on the basis of the app, produces personalised PEZ heads via 3-D printing, and handles the associated order process via the app, the product composition and packaging, the billing and dispatch of the product.
Capture of general information
When you make use of our app, information of a general nature is captured, which your browser transmits to our server (so-called “server log files”). These server log files comprise such items as the domain name of your internet service provider, and similar information. The information in question is of a kind which allows of no conclusions to be drawn as to you personally. This information is technically necessary in order to supply the contents which you have requested on the app correctly and are compulsory when using the internet. Anonymous information of this kind is evaluated by us statistically, in order to optimise our internet presentation and the technicalities behind it.
The data involved are the following, technically requisite data, in order to display the app to you:
- Date and time at the moment of access
- IP address used (if necessary: in anonymised form)
Processing will be carried out pursuant to Article 6 (1) (f) of the GDPR, based on our legitimate interest in the improvement to the stability and functionality of our app. No further transmission or other use of these data will be made. We reserve the right, however, to scrutinise the log files retrospectively, should concrete indications suggest any illegal use.
Personal data
Personal data are statements of the material or personal relations of a particular or determinable natural person. Statistical data, which for example we collect on visiting our app, and which cannot be linked with you as a person, are not covered by this term.
Personal data, such as your photograph, your name, your address, your e-mail address and other supply data of which you inform us by way of your order, the app user account and your enquiry via e-mail, will be collected and processed insofar as this is necessary for handling your order or answering your query.
Your contact data will be used in a strictly targeted way for notifications of updates which we are obliged to make and for this purpose will be processed by us only insofar as this is required for the information in question. We will collect, save and process your data for the whole time involved in the handling of your purchase, of your user account or enquiry, including any later guarantees, for the provision of our services and in accordance with the statutory (particularly fiscal) storage periods.
Insofar as we have an obligation under a contract to that effect to provide updates for goods with digital elements or for digital products, we shall process the contact details transmitted upon your order (name, address, mailing address), in order to inform you personally, as part of our statutory duties of information under Article 6 (1) (c) of the GDPR, via a suitable communication channel (e.g. post or e-mail) of impending updates within the period prescribed by law.
No further transmission of your data to third parties will be made, unless INFABITY or PEZ is entitled or obliged to pass them on for legal reasons. Insofar as is necessary in contract handling for delivery and payment purposes, the personal data collected will be passed on to commissioned service provides in accordance with Article 6 (1) (b) of the GDPR; therefore, this will not include the necessary further transmission of data pursuant to the organisational or technical handling of the order. These may be:
- External service providers for the purchase handling by way of the app, that is in particular INFABITY;
- Logistics-services providers, in order to send you goods, documents or other items;
- Insurers, in the event of any claims being brought against us;
- Payment-services providers and banks, for handling payments;
- IT-service providers for administering and hosting your app;
- Legal advisers when bringing or defending claims.
The data so passed on must be used by our service providers solely for fulfilment of their task. Any other use of this information will not be permitted, nor will it be made by any of the service providers commissioned by ourselves.
Insofar in the exceptional case as companies belonging to the PEZ Group or data processers so commissioned are located outside the European Economic Area, care will be taken in such case to ensure the guarantee of an adequate level of data protection and compliance with the relevant data-protection regulations. No transmission of data over and above this to any third country is intended.
Purposes of data processing
We shall process your personal data on visiting our app for the following purposes:
- To provide you with this app and to improve and develop it further
- To produce usage statistics
- To recognise attacks upon our app, to prevent and investigate them
- To respond to your enquiries.
Legal basis of processing
Data processing will be carried out in accordance with the statutory provisions of Section 96, Paragraph 3 of the German Telecommunications Act (TKG) and Article 6 (1) (a) (consent) and/or (f) (legitimate interest) of the GDPR. Our intention under the terms of the GDPR (legitimate interest) is the improvement of our product and of our online presence. Since our users‘ private sphere is important to us, the user data are pseudonymised.
The purposes of processing in detail:
Summary:
A so-called Installation ID is created by the software library, which will govern communication with the server and user accounts: this is an identification number which unambiguously identifies an app installation on a device (even if otherwise no information of any kind is known about the user). Should the user delete the app and re-install it, he will then be allocated a new Installation ID. It is therefore not possible (because no push notifications are sent) to prevent the production of this Installation ID.
When launching the app, an anonymised user is created, who needs no login or password of any kind. Purpose: all data created while using the app can be matched with the anonymised user.
If an app user account is created by yourself, then the anonymised user will be converted to a user with an e-mail address. We shall then save the e-mail address and the encrypted password belonging to it.
The speech setting on the telephone (German or English as alternative). Purpose: the app language and the e-mails for e.g. password reset or checkout etc., are to be displayed in the right language.
By using the app, photographs are produced and 3-D models based on these, which are then passed on to the back-end system (photographs and models). Still further variations of the 3-D model are produced there , so that these can be printed with the 3-D printer.
App user account
The app itself can also be used with an anonymised app user account. As soon as you, as a user, wish to alter data, however, you must use a non-anonymised app user account with password protection. By means of the app user account you can inspect your orders, either concluded or pending or recently sent, and in these account screens manage your personal data, or these will be automatically incorporated when an order is executed. Except for the e-mail address, the address data and the first and surname will be saved under encryption in the database. Account screens therefore contain that area in the app where you can alter your user data, e.g., view orders, change e-mail address or addresses; apply for “erase account”; access to General Terms & Conditions of Business, Data Protection Notice, licence texts, help and contact.
You agree to treat the personal access data in confidence and not to supply them to any unauthorised third party. We cannot undertake any liability for misused passwords, unless we were responsible for such misuse. Please note that you remain automatically logged in unless you log out.
Purchase handling
By virtue of concluding your online order you expressly allow us to process the personal data which you have given for handling your purchase and dispatching your order. We need your e-mail address in order that we may confirm receipt of order to you. You will further receive your order and dispatch confirmation via your e-mail address. We also need your e-mail address to be able to communicate with you in case of queries relating to your order or should there be delivery problems.
Cookies
To design the visit to our app in an attractive way and to enable the use of certain functions, we use so-called cookies on various displays within the app (app screens). We use cookies to be able to supply particular functionalities on the app screens.
What is a cookie?
Cookies are text files, usually consisting of letters and numbers, which are stored when visiting certain websites or apps on the user’s computer. Some of the cookies we use are erased again following the end of the browser session, i.e., after you close your browser (so-called session cookies). Other cookies remain in your device and enable us or our partner companies (third-party suppliers‘ cookies) to recognise your browser again when you next visit (persistent cookies). If cookies are placed, they collect and process this information determined to an individual extent, such as browser and location data and IP address values. Persistent cookies are automatically erased after a prescribed period, which may differ depending on the cookie. Cookies cannot be used to launch programs or to transmit viruses to a computer. Using the information contained in cookies, we can make the navigation easier for you and enable the concrete display of app screens. Some cookies are important for the functionalities of the app views and we activate them automatically when the users visit them. Some cookies enable us to offer the services and functions which reflect most nearly the users‘ requirements, and to adapt our service for you in such a way that you are assured of a simple and rapid service.
On the Shopify checkout (page 6) only technically necessary cookies are used, but no tracking cookies – so to that extent any change to the cookie settings is not possible, in order to guarantee the function.
Insofar as personal data are processed through individual cookies which we have implemented, such processing will be carried out in accordance with Article 6 (1) (b) of the GDP, either to execute the contract in accordance with Article 6 (1) (f) of the GDP, or to exercise our legitimate interest in the best possible functionality of the website and a customer-friendly and effective arrangement of the page visit.
In certain circumstances we work together with advertising partners, who help us to make our online presentation more interesting to you. For this purpose, when you visit our website, in this case cookies from partner companies will also be saved on your hard disc (cookies from third-party suppliers). Whenever we work with foregoing advertising partners, you will find the notification to this effect in the Data Protection Notice.
Please note that you can so adjust your browser as to ensure that you are informed when cookies are placed and to decide individually on their acceptance, or to be able to exclude the acceptance of cookies in particular cases or in general. Every browser varies in the way by which it manages cookie settings. This is set out in the help menu of every browser, which will tell you how you can alter your cookies settings. You will find these for the browser in question under the following links:
- Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
- Firefox: https://www.mozilla.org/en-US/privacy/websites/#cookies
- Chrome: https://support.google.com/accounts/answer/61416?co=GENIE.Platform%3DDesktop&hl=en
- Safari: https://support.apple.com/en-gb/guide/safari/manage-cookies-and-website-data-sfri11471/mac
- Opera: http://help.opera.com/Windows/10.20/en/cookies.html
Please note, if you do not accept cookies, the functionality of the app is impaired.
Software used as part of the app
The software used is based on Unity3D: https://unity.com/legal/privacy-policy; FAQs for app users:
https://unity.com/legal/game-player-and-app-user-privacy-faq. We currently use neither Unity Analytics nor the Unity Ad Service, i.e., Unity collects the listed data in response to the FAQ query:
“I play a game that was built with or uses certain Unity software, what should I know?” but no further ones which apply to Unity Analytics or the Unity Ad Service.
Installation ID
Die Installation ID is created by the software library which governs communication with the server and user accounts. The purpose is for push notifications. It is not possible, however (because we do not send any push notifications) to prevent the creation of this Installation ID.
Remini
Remini is a photograph and video editing app of Bending Spoons S.p.A., Corso Como 15, I-20154, Milan, Italy. Remini improves such aspects of photographs and videos as image resolution and colours. There is also a facility for generating new images using AI. This photograph and video editing by Rimini does not involve any face-recognition processes. These technologies do not attempt, nor do they allow, any identification or authentication of individuals in the images. You retain control over the images which you upload, improve and generate with Remini. Bending Spoons S.p.A. does not trade in any images, nor does it assert any claim to images of any kind – irrespective of whether Remini is used to edit existing images or to generate new ones. Nor are the images used to provide training in AI technologies, unless you decide expressly to allow this. Your images are protected by suitable security measures which follow data-protection legislation and legal rules. These include encryption and cloud storage for greater security. See the following link for questions of data protection in accordance with Regulation (EU) 2016/679 – General Data Protection Regulation (GDPR), Italian Legislative Decree 196/2003 (in its amended version) and other local legislation in force:
https://support.bendingspoons.com/privacy.html?app=1470373330
Use of Shopify as payment service
Shopify Checkout uses both cookies and a storage area in the browser for the checkout. The privacy policy can be retrieved under the following link:
https://www.shopify.com/legal/privacy
Passing on personal data to shipping providers
You will find the current shipping provider plus processing of personal data under the “Shipping” tab.
Embedded YouTube videos
Should YouTube videos be embedded on the app, these are supplied by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If a YouTube video is displayed within the app, a connection with YouTube’s servers is created. In this process YouTube is informed of which page you are visiting. When you are logged into your YouTube account, YouTube can match your surfing behaviour to you personally. You can prevent this by previously logging out of your YouTube account. Once a YouTube video is launched, the provider employs cookies which collect indications of your user behaviour. If you have deactivated the storage of cookies for the Google Ad program, you will not need to expect such cookies when viewing YouTube videos, either. YouTube, however, also saves non-personal usage information in other cookies. If you wish to prevent this, you must block the saving of cookies in your browser.
You will find further information on data protection at YouTube in the provider’s Data Protection Notice at: https://www.google.de/intl/de/policies/privacy/
Contact
Clicking on “Help and contact” in the app opens the e-mail program with the address: myhead-support@pez.at. If you get in touch with us by e-mail, the information you have given us will be saved for the purpose of processing the query and for possible subsequent questions. These data will not be passed on to third parties without consent. You can revoke this consent at any time. As a consequence of a revocation, we shall not be able to process your data from this time for the foregoing purposes. For a revocation, please contact us at myhead-support@pez.at
Erasure or blockage of data
We adhere to the principles of data avoidance and data economy. We shall save your personal data only as long as this is necessary to attain the purposes set out here or for the various statutory storage periods. Once the purpose in question no longer applies, or following expiry of these statutory periods, the data in question are routinely, and in accordance with statutory regulations, blocked or erased.
SSL encryption
To protect the security of your data when they are being transmitted, we use state-of-the-art encryption processes (e.g., SSL or TLS) via HTTPS.
Your rights to information, correction, blocking, erasure and objection
You have the right to receive information at any time about the personal data saved on our part. You likewise have the right to correction, blocking or, apart from the prescribed data saving for business processing, erasure of your personal data. For these purposes, please contact our Data Protection Officer. You will find the contact details at the foot of this page.
In order that a blockage on data can be taken into consideration at any time, these data must be held for monitoring purposes in a blockage file. You may also require erasure of the data, providing no statutory duty of archiving exists. Should such a duty exist, we shall block your data if desired. You may make changes or revoke a consent by sending us a notice to say so, with effect for the future.
Amendment to our data-protection provisions
We reserve the right to amend this Data Protection Notice occasionally, in order that it may fulfil current statutory requirements or to implement changes to our services in the Data Protection Notice, e.g., the introduction of new services. Your next visit will then be governed by the new Data Protection Notice.
Questions about the data-protection statement
If you have any questions about data protection, please write us an e-mail to datenschutz@pez.at. You will find further information about data protection and the text of the German Data Protection Act on the website of the Federal German Chancellor’s Office (www.bka.gv.at, www.ris.bka.gv.at).
Status: April 2024