We are delighted that you have visited us at en.bett1.de and thank you for your interest. Protection of your privacy when you visit our website is important to us.
By means of this Data Protection Policy, we provide our users with full and transparent information about the type, extent and purpose of collection and use of personal data in connection with the use of our website.
The data controller for processing of personal data within the scope described here is bett1.de GmbH (bett1.de), represented by its managing director Adam Szpyt, Tauentzienstr. 11, 10789 Berlin, Germany.
You can contact our data protection officer at [email protected] or at our postal address, marked for the attention of the data protection officer.
Please take a moment to read the following information about how we handle and protect your data when you visit our website.
We comply with the provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), the German Telemedia Act (TMG), the German Social Code X (SGB X) and other regulations of data protection law. We carry out the following data processing procedures:
Collection, Processing and Use of Data by bett1.de
Logfiles – Users can visit our website without providing specific information about their identity. Every time our site is accessed, system-related usage data are logged by our servers. The following information is transmitted by the web browser and stored in so-called server logfiles: the date and time of access, name of the file accessed, data volume transmitted, notification of successful access, web browser, requesting domain and IP address of the requesting computer. We use these data to ensure fault-free technical operation of our website, in particular to detect faults in the system, and they are erased at the latest 60 days after collection. The legal basis for this storage is Art. 6 (1) (f) GDPR.
Registration – For users who create a user account on our website, we collect, process and use the following personal data: first name, surname, e-mail address and password. We use these data to create your user account, which we provide for your use and through which we contact you about matters relating to your user account. Your contact details (address, fax number, telephone number and your billing and delivery address(es)), your previous orders and information about your newsletter subscription are also stored in your user account when you place an order. The legal basis for this storage process is, on the one hand, Art. 6 (1) (b) GDPR; on the other hand, it is Art. 6 (1) (f) GDPR, as we have a legitimate interest in being able to provide more specific assistance or an easier process for subsequent orders by collecting the data. We erase the registration data if no purchase is made, at the latest after six months from deregistration. If you make a purchase, the following regulations apply in relation to that purchase.
Purchase – For users who order one of the products offered on our website in return for payment, a mattress for example, we collect, process and use the following personal data: e-mail address, first name, surname, street and house number, any additional address details, town or city, post code, country and telephone number. Depending on the payment method you choose, we also process payment details, such as account number and sort code. We use these data to process the purchase you make, in particular to send you the product you have ordered. We pass on your personal order data to third parties (in particular, suppliers and financial service providers) for the purposes of processing the contract as far as is necessary. The legal basis for this data processing is Art. 6 (1) (b) GDPR and, as we also have retention obligations under tax law, Art. 6 (1) (c) GDPR. The data are erased when we no longer require them for contractual reasons or under tax law, at the earliest therefore 10 years after delivery of the mattresses.
Newsletter – Users have the option to register voluntarily to receive a newsletter (available in German language only) by e-mail. In this case, we process the following personal data so that we can inform you by e-mail newsletter of forthcoming offers and special deals in our web shop: surname, first name and associated e-mail address. The legal basis for this data processing is Art. 6 (1) (a) GDPR. The data is erased four years after cancellation of the newsletter.
Users can cancel their subscription to the newsletter at any time with effect from that point forward by sending a cancellation e-mail to [email protected], simply clicking on the link at the end of the newsletter or cancelling the newsletter in the customer area. The legal basis for use is Art. 6 (1) (a) GDPR. Following cancellation, we will no longer use the data to send the newsletter but only for evidential purposes and for legal defence against action relating to distribution of newsletters (Art. 6 (2) (f) GDPR).
We use the technical service provider MailChimp to distribute our customer newsletter. MailChimp is a service provided by The Rocket Science Group, LLC, 512 Means St. Suite 404, Atlanta, GA 30318, USA (MailChimp). If you subscribe to our newsletter, the data that you provide are transmitted to MailChimp and stored there. MailChimp offers extensive analytical options in relation to use of the newsletters. These analyses are group-based and are not used by us for individual analysis. MailChimp also uses the analytical tool Google Analytics and integrates it in part into the newsletters. MailChimp guarantees the processing of personal data according to European law in the following contractual clause: mailchimp.com/help/about-mailchimp-and-the-gdpr/. Further information about MailChimp and data protection at MailChimp is available here: mailchimp.com/legal/privacy/.
Reviews – The satisfaction of our customers with our products and service is extremely important to us. In order to survey your satisfaction, we may contact you with your unique order number from your order, your name and your e-mail address which you provided in the order process. The legal basis for this is Art. 6 (1) (f) GDPR.
For distribution of e-mails, we use the services of the technical service providers Trustpilot A/S, Pilestraede 58, 5th floor, DK-1112 Copenhagen, Denmark, Trusted Shops GmbH, Colonius Carré, Subbelrather Straße 15c, 50823 Cologne, Germany and MailChimp, The Rocket Science Group, LLC, 512 Means St. Suite 404, Atlanta, GA 30318, USA.
E-mail Communication – For the dispatch of order confirmations, invoices, instructions for use and dispatch confirmations we use the e-mail system MailChimp via Mandrill, The Rocket Science Group, LLC, 512 Means St. Suite 404, Atlanta, GA 30318, USA. MailChimp guarantees the processing of personal data according to European law in the following contractual clause: mailchimp.com/help/about-mailchimp-and-the-gdpr/. Further information about MailChimp and data protection at MailChimp can be found here: mailchimp.com/legal/privacy/. The process of sending these documents is processed on the basis of Art. 6 (1) (b) GDPR. Furthermore, we process for the dispatch of the instructions for use according to Art. 6 (1) (f) GDPR, in order to provide our customers with a simple, environmentally friendly and universal access to the instructions for use for your product.
To best serve our customers' concerns, our customer service department uses the Zendesk ticketing system from Zendesk, Inc. 989 Market Street #300, San Francisco, CA 94102, USA. We have agreed with Zendesk, Inc. to comply with the EU Standard Privacy Clauses (SCC). Zendesk guarantees the processing of personal data in accordance with European law (BCR Processor Policy) in the following contractual clause: d1eipm3vz40hy0.cloudfront.net/pdf/ZENDESK%20-%20BCR%20Processor%20Policy.pdf. We process your personal data exclusively for the purpose of the issue you have specified. Your data, as well as the message history, will be stored for later inquiries. For further information on data processing by Zendesk, please visit www.zendesk.com/company/privacy.
Contact Form – In order to make it easier for our customers to contact us, we offer a contact form on our website. Your request, name, e-mail address and telephone number can be transferred to the ticketing system for processing. Your express consent is required for this (Art. 6 (1) (a) GDPR).
Requests by E-mail – Customers can contact our customer service department ([email protected]) with any questions they may have. In this case, we process the personal data that you have voluntarily provided us with only for the purpose of answering your request in the best possible way and to be able to contact you (Art. 6 (1) (b) GDPR, Art. 6 (1) (f) GDPR).
Cloudflare – bett1.de uses the services of CloudFlare of the enterprise CloudFlare, Inc., 665 3rd pc. #200, San Francisco, CA 94107, USA, to guarantee a high accessibility of the website. Cloudflare, Inc. guarantees the processing of personal data according to European law in the following contractual clause: www.cloudflare.com/enterpriseterms/. Through CloudFlare, we are able to distribute the server load and detect and fend off attacks on our services. The network communication between you and en.bett1.de is also technically routed and analyzed over the network of CloudFlare. To optimize the load distribution CloudFlare may save cookies on your device. This process serves to ensure the smoothest possible operation of our website and the personal data required for this, such as IP address or cookie ID, are processed exclusively for this purpose (Art. 6 (1) (f) GDPR). Cloudflare also collects statistical data about the visit of this website. The access data includes: Name of the accessed website, file, date and time of access, transferred data volume, notification of successful access, browser and operating system used, URL of the previously visited website, IP address and associated service provider. Cloudflare uses the log data for statistical analysis for the purpose of operation, security and optimization of the offer. More information about security and privacy at CloudFlare can be found at www.cloudflare.com/security-policy.
Payment Service Provider for Purchase on Account and Hire Purchase
We offer various types of payment to our customers. For the “payment on account” and “hire purchase” payment types, we use the payment service provider Klarna AB (hereinafter referred to as Klarna), Sveavägen 46, 111 34 Stockholm, Sweden.
We ask customers who choose one of these payment types to give their consent in the course of the ordering process for us to transmit to Klarna the personal data required to process the payment and to check your identity and creditworthiness, such as your first name and surname, address, date of birth, gender, e-mail address, IP address and telephone number, and the data required to process the purchase on account that are associated with the order, such as the number of items, the item number, the invoice amount and the percentage of tax. Klarna may pass on personal data to credit agencies to carry out the check of identity and creditworthiness. An overview of the credit agencies involved can be found in Klarna’s data protection policy: cdn.klarna.com/data_protection.pdf.
You may withdraw your consent to Klarna to use these personal data at any time. You will find Klarna’s contact details in its legal notice at: www.klarna.com/de/impressum.
We work continuously to make the most of all of the technical and organisational options available to protect the personal data of our customers from access by unauthorised third parties. Communication by e-mail, however, brings with it risks that cannot be excluded entirely. We recommend that you communicate confidential information to us by post.
In order to make visiting our website as attractive as possible and to enable the use of certain functions, we use so-called cookies on our website and various sub-pages. Cookies are small text files that are stored locally on the computer of the site visitor and thus enable recognition when visiting our website again. Cookies are used to make the website more user-friendly and effective overall.
On behalf of the operator of this website, this information is used to evaluate your use of the website, to compile reports on the website activities and to provide further services to the website operator in connection with the use of the website and the Internet. The pseudonymized user profiles are not merged with personal data about the bearer of the pseudonym without the express consent of the person concerned, which must be given separately.
This website uses the following cookie providers, the scope and functionality of which are explained below. Detailed information about all cookies can be found in the table below.
The process via Magento serves the smoothest possible operation of our website. Data such as IP address and cookie ID are stored and processed exclusively for this purpose. The data is stored for up to 30 days.
The process via Cloudflare serves the smoothest possible operation of our web offer. The cookie used is used to identify individual users behind a shared IP address and to apply security settings for each individual user. This cookie does not store any personal data, but only evaluates and processes it for this purpose. All data is stored for up to 30 days.
Principles – The en.bett1.de website uses Google Analytics, a web analysis service provided by Google Inc. ("Google"). Google Analytics creates usage profiles that serve to analyze visitor behavior. These are evaluated and used for all pages in order to improve and tailor our offer to suit your needs. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, in the event that IP anonymization is activated on this website, your IP address will be shortened by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before this happens. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. The data is stored for up to three months. However, this requires your prior consent in accordance with Art 6, Paragraph 1 lit. a DS-GVO.
You can prevent storage of cookies by means of a corresponding setting in your browser software; please note, however, that in this case you may not be able to use all functions of this website to their full extent. In addition, you can prevent recording of the data generated by the cookie relating to your use of the website (including your IP address) by Google and processing of that data by Google (including your IP address) by downloading and installing the browser plugin available at tools.google.com/dlpage/gaoptout?hl=en.
Opt-out Function – Users have the option to prevent recording of data by Google Analytics by clicking on Deactivate Google Analytics. An opt-out cookie is set that prevents future recording of your data when visiting this website.
We wish to point out that Google Analytics has been extended on the website of en.bett1.de to include the code “anonymizeIp”, which ensures anonymised recording of IP addresses (so-called IP masking).
We also use Google Analytics to evaluate data from AdWords and the double-click cookie for statistical purposes. If you do not want this to happen, you can deactivate it via the ad preferences manager (www.google.com/settings/ads/onweb/?hl=en).
At en.bett1.de we use the "Website Custom Audiences" service of the social network Facebook. This service is operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, and enables us to serve ads to a defined target audience on Facebook. Via Facebook we are able to display advertisements to a defined target group. The data collected in this way is anonymous, which is why we cannot view the personal data of individual users. However, this data is stored and processed by Facebook, which we will inform you about according to our state of knowledge. Facebook can link this data with your Facebook account and also use it for its own advertising purposes, in accordance with the Facebook Data Usage Guidelines https://www.facebook.com/about/privacy/. The data obtained in this process is stored for up to three months. However, this first requires your prior consent in accordance with Art 6, Paragraph 1 lit. a DS-GVO.
Further information about the purpose and extent of data collection, further processing and use of the data by Facebook and your setting options to protect your privacy is available in Facebook’s data protection policy, which can be found at www.facebook.com/ads/website_custom_audiences/ and www.facebook.com/privacy/explanation, among other places. If you wish to object to the use of Facebook Website Custom Audiences, you can exercise your right to object (opt-out) at: www.facebook.com/ads/website_custom_audiences/.
Principles – On the website we use Bing Ads, a technology of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Microsoft will place a cookie on your device if you have come to our site through a Microsoft Bing ad. Bing Ads can be used to determine whether a website visitor has been redirected to bett1.de via an ad. This allows us to analyze visitor behavior. No personal data is transmitted. It is only reported how many people have clicked on a particular advertisement to come to our website. Bing stores the collected data for up to one year. You can opt-out of this by disabling cookies in your browser.
Principles – On our en.bett1.de website we use the technological service of Criteo GmbH. This service analyzes the surfing behavior of website visitors and can then display targeted product recommendations as personalized advertising banners on other websites. For this purpose, anonymized information about the surfing behavior of website visitors is collected and stored. This data is stored as cookies on the website visitor's computer. Under no circumstances can this data be used to personally identify you as a visitor to our websites. The collected data is only used to improve our services and no other use or transfer of this information to third parties takes place. However, this initially requires your prior consent in accordance with Art 6, Paragraph 1 lit. a DS-GVO.
You will find further information about the technology used in the data protection policy of Criteo GmbH at: https://www.criteo.com/privacy/corporate-privacy-policy/.
Opt-out Function – You can object to anonymous analysis of your surfing behaviour on our website by ticking the box to opt out of the technical service of Criteo GmbH at: www.criteo.com/privacy/.
This website uses Hotjar, a web analytics service provided by Hotjar Ltd, Level 2, St Julians Business Centre, 3 Elia Zammit Street, St Julians STJ 1000, Malta ("Hotjar"). We use Hotjar to evaluate the use of the Site and to compile reports on Site activity. In particular, the IP address is stored in anonymized form, web pages viewed and movement patterns on these pages, or the number and position of clicks on links. Cookies are used to collect information about the behaviour of website visitors and their end devices, in particular the IP address of the device. This information is only collected and stored in anonymous form. In addition, information on screen size, device type, information on the browser used and the location of the website visitor is also collected. All data is stored for up to one year. However, this initially requires your prior consent in accordance with Art 6, Paragraph 1 lit. a DS-GVO.
Further information about data protection and Hotjar can be found in Hotjar’s data protection policy: www.hotjar.com/privacy. Hotjar also provides the option of objecting to data processing by the cookie with effect from that point forward by activating the “Do Not Track” function of browsers. You can find out how to activate this here: www.hotjar.com/opt-out.
If you do not want information about your behaviour to be used by Hotjar as described above, you can deactivate automatic acceptance of cookies in general in your browser settings.
We also use the option provided by Hotjar of receiving anonymous user feedback in the form of so-called “Feedback Polls”. Website visitors can give us feedback about our website by means of this function without providing personal data. Sometimes you may have the option to send us a feedback message on a voluntary basis as a user. If personal data are included in this message (e.g. your name), we then process these data solely for the purpose of evaluating the feedback and, if appropriate, contacting you about your feedback.
Matomo (formerly Piwik) is used to analyze visitor behavior. For the improvement and need-based design of our offer, the data is evaluated accordingly. Your IP address will be anonymized immediately so that you as a user remain anonymous. The information generated by the cookie about your use of this website is not passed on to third parties. The collected data is stored for up to one year. However, this initially requires your prior consent in accordance with Art 6, Paragraph 1 lit. a DS-GVO.
Our ultimate goal is to make our website as secure and secure as possible for you and for us. To ensure this, we use Google reCAPTCHA from Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. With reCAPTCHA we can determine whether you are really a flesh and blood human being and not a robot or other spam software. By spam we mean any unsolicited information sent to us by electronic means. With the classic CAPTCHAS, you usually had to solve text or image puzzles in order to check. With reCAPTCHA from Google we usually do not have to bother you with such puzzles. In most cases it is sufficient to simply check the box and confirm that you are not a bot. With the new Invisible reCAPTCHA version, you don't even have to check the box. How this works exactly and above all which data is used for this purpose, you will learn in the course of this data protection declaration.
What is reCAPTCHA?
Why do we use reCAPTCHA on our website?
We only want to welcome people of flesh and blood on our site. Bots or spam software of various kinds can safely stay at home. That is why we do everything possible to protect ourselves and offer the best possible user-friendliness for you. For this reason we use Google reCAPTCHA from the company Google. So we can be pretty sure that we remain a "bot-free" website. Through the use of reCAPTCHA, data is transmitted to Google to determine whether you are really a human being. reCAPTCHA thus serves the security of our website and consequently your security. For example, without reCAPTCHA it could happen that a bot registers as many e-mail addresses as possible during registration in order to "spam" forums or blogs with unwanted advertising content. With reCAPTCHA we can avoid such bot attacks.
Which data is stored by reCAPTCHA?
reCAPTCHA collects personal data from users to determine whether the actions on our website are really from people. This means that the IP address and other data that Google requires for the reCAPTCHA service can be sent to Google. IP addresses are almost always shortened within the member states of the EU or other states that are party to the Agreement on the European Economic Area before the data lands on a server in the USA. The IP address is not combined with any other data held by Google unless you are logged into your Google Account while using reCAPTCHA. First, the reCAPTCHA algorithm checks whether Google cookies from other Google services (YouTube, Gmail, etc.) are already placed on your browser. Then reCAPTCHA sets an additional cookie in your browser and takes a snapshot of your browser window.
The following list of collected browser and user data does not claim to be complete. Rather, they are examples of data which, to our knowledge, are processed by Google.
– Referrer URL (the address of the page the visitor comes from)
– IP address (for example, 218.104.22.168)
– Information about the operating system (the software that enables your computer to operate. Known operating systems are Windows, Mac OS X or Linux)
– Cookies (small text files that store data in your browser)
– Mouse and keyboard behaviour (every action you perform with the mouse or keyboard is saved)
– Date and language settings (which language or date you have preset on your PC is saved)
– Screen resolution (shows how many pixels the image consists of)
It is indisputable that Google uses and analyses this data even before you click on the checkbox "I am not a robot". With the Invisible reCAPTCHA version, even the ticking is omitted and the whole recognition process runs in the background. How much and what kind of data Google exactly stores, you will not find out from Google in detail.
The following cookies are used by reCAPTCHA: Here we refer to the reCAPTCHA demo version of Google at www.google.com/recaptcha/api2/demo. All these cookies require a unique identifier for tracking purposes. Here is a list of cookies that Google reCAPTCHA has set on the demo version
Purpose: This cookie is set by DoubleClick (also owns Google) to register and report the actions of a user on the website in dealing with advertisements. This enables the effectiveness of the advertising to be measured and appropriate optimisation measures to be taken. IDE is stored in browsers under the domain doubleclick.net.
Expiry date: after one year
Purpose: This cookie collects statistics on website usage and measures conversions. A conversion occurs, for example, when a user becomes a buyer. The cookie is also used to show users relevant advertisements. Furthermore, the cookie can be used to prevent a user from seeing the same advertisement more than once.
Expiry date: after one month
Expiry date: after 9 months
Purpose: The cookie stores the status of a user's consent to use various Google services. CONSENT is also used for security purposes to verify users, prevent fraudulent use of login information and protect user data from unauthorised attacks.
Expiry date: after 19 years
Purpose: NID is used by Google to match ads to your Google search. Google uses the cookie to "remember" your most commonly entered search queries or your previous interaction with ads. So you always get tailor-made ads. The cookie contains a unique ID in order to collect the user's personal preferences for advertising purposes.
Expiry date: after 6 months
Purpose: As soon as you have ticked the "I am not a robot" box, this cookie is set. The cookie is used by Google Analytics for personalised advertising. DV collects information in anonymous form and is also used to make user distinctions.
Expiry date: after 10 minutes
Note: This list cannot claim to be exhaustive, as experience has shown that Google always changes its choice of cookies.
How long and where is the data stored?
By inserting reCAPTCHA, data is transferred from you to the Google server. Where exactly this data is stored is not clearly shown by Google, even after repeated requests. Without having received confirmation from Google, it can be assumed that data such as mouse interaction, time spent on the website or language settings are stored on the European or American Google servers. The IP address that your browser transmits to Google is generally not merged with other Google data from other Google services. However, if you are logged into your Google account while using the reCAPTCHA plug-in, the data will be merged. The different data protection regulations of Google apply to this.
How can I delete my data or prevent data storage?
If you do not want any data about you or your behaviour to be transmitted to Google, you must log out completely from Google and delete all Google cookies before you visit our website or use the reCAPTCHA software. In principle, the data is automatically transmitted to Google as soon as you visit our website. In order to delete this data again, you must contact Google support at support.google.com/?hl=en&tid=331599549805.
Therefore, when you use our website, you agree that Google LLC and its representatives automatically collect, process and use data.
Source: Created with the data protection generator of AdSimple in cooperation with bauenwir.de
Details on cookies used on en.bett1.de
Processing Outside the European Economic Area
bett1.de does not process any personal data outside the scope of the European Data Protection Regulation other than in the cases specified in this Data Protection Policy.
Your Rights As a Data Subject and Withdrawal of Your Consent
The General Data Protection Regulation guarantees you certain rights that you can assert in respect of us. You have the right:
– to demand confirmation from us about whether we are processing personal data about you and if so, the precise details of that data processing (Art. 15 GDPR: Right of access by the data subject),
– to demand that we immediately rectify incorrect personal data about you. In accordance with the purpose of the processing, you also have the right to demand completion of incomplete personal data – including by means of an additional declaration (Art. 16 GDPR: Right to rectification),
– to demand that we immediately erase personal data about you (Art. 17 GDPR: Right to erasure),
– to demand that we restrict processing (Art. 18 GDPR: Right to restriction of data processing),
– in the case of processing on the basis of consent or to fulfil a contract, to receive the personal data about you that you have provided to us in a structured, commonly used, machine-readable format and to transmit those data to another controller without hindrance from us or to transfer the data directly to the other controller insofar as this is technically feasible (Art. 20 GDPR: Right to data portability),
– to object, on grounds relating to your particular situation and at any time to processing of personal data concerning you that is necessary for the performance of a task carried out for reasons of public interest or to exercise public authority (Art. 21 GDPR: Right to object),
– to lodge a complaint with a supervisory authority at any time, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes applicable law (Art. 77 GDPR in conjunction with § 19 BDSG: Right to lodge a complaint with a supervisory authority).
Finally, if you have given us your consent, you have the right to withdraw that consent at any time. All data processing that we have carried out up to the time of your withdrawal remains lawful in this case. You can simply click on the link included in all e-mails for this purpose and deregister from the e-mail service, or send a message to [email protected] If you notify us in this message that you do not wish to receive e-mails in future, we will not send any more e-mails to the e-mail address provided by you. E-mails that we send to you to fulfil any contract concluded with you are not affected by this.
As of: 25 November 2020