We are delighted that you have visited us at en.bett1.de and thank you for your interest. Protection of your privacy when you visit our website is important to us.
By means of this Data Protection Policy, we provide our users with full and transparent information about the type, extent and purpose of collection and use of personal data in connection with the use of our website.
The data controller for processing of personal data within the scope described here is bett1.de GmbH (bett1.de), represented by its managing director Adam Szpyt, Tauentzienstr. 11, 10789 Berlin, Germany.
You can contact our data protection officer at [email protected] or at our postal address, marked for the attention of the data protection officer.
Please take a moment to read the following information about how we handle and protect your data when you visit our website.
We comply with the provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), the German Telemedia Act (TMG), the German Social Code X (SGB X) and other regulations of data protection law. We carry out the following data processing procedures:
Collection, Processing and Use of Data by bett1.de
Logfiles – Users can visit our website without providing specific information about their identity. Every time our site is accessed, system-related usage data are logged by our servers. The following information is transmitted by the web browser and stored in so-called server logfiles: the date and time of access, name of the file accessed, data volume transmitted, notification of successful access, web browser, requesting domain and IP address of the requesting computer. We use these data to ensure fault-free technical operation of our website, in particular to detect faults in the system, and they are erased at the latest 60 days after collection. The legal basis for this storage is Art. 6 (1) (f) GDPR.
Registration – For users who create a user account on our website, we collect, process and use the following personal data: first name, surname, e-mail address and password. We use these data to create your user account, which we provide for your use and through which we contact you about matters relating to your user account. Your contact details (address, fax number, telephone number and your billing and delivery address(es)), your previous orders and information about your newsletter subscription are also stored in your user account when you place an order. The legal basis for this storage process is, on the one hand, Art. 6 (1) (b) GDPR; on the other hand, it is Art. 6 (1) (f) GDPR, as we have a legitimate interest in being able to provide more specific assistance or an easier process for subsequent orders by collecting the data. We erase the registration data if no purchase is made, at the latest after six months from deregistration. If you make a purchase, the following regulations apply in relation to that purchase.
Purchase – For users who order one of the products offered on our website in return for payment, a mattress for example, we collect, process and use the following personal data: e-mail address, first name, surname, street and house number, any additional address details, town or city, post code, country and telephone number. Depending on the payment method you choose, we also process payment details, such as account number and sort code. We use these data to process the purchase you make, in particular to send you the product you have ordered. We pass on your personal order data to third parties (in particular, suppliers and financial service providers) for the purposes of processing the contract as far as is necessary. The legal basis for this data processing is Art. 6 (1) (b) GDPR and, as we also have retention obligations under tax law, Art. 6 (1) (c) GDPR. The data are erased when we no longer require them for contractual reasons or under tax law, at the earliest therefore 10 years after delivery of the mattresses.
Newsletter – Users have the option to register voluntarily to receive a newsletter (available in German language only) by e-mail. In this case, we process the following personal data so that we can inform you by e-mail newsletter of forthcoming offers and special deals in our web shop: surname, first name and associated e-mail address. The legal basis for this data processing is Art. 6 (1) (a) GDPR. The data is erased four years after cancellation of the newsletter.
Users can cancel their subscription to the newsletter at any time with effect from that point forward by sending a cancellation e-mail to [email protected], simply clicking on the link at the end of the newsletter or cancelling the newsletter in the customer area. The legal basis for use is Art. 6 (1) (a) GDPR. Following cancellation, we will no longer use the data to send the newsletter but only for evidential purposes and for legal defence against action relating to distribution of newsletters (Art. 6 (2) (f) GDPR).
We use the technical service provider MailChimp to distribute our customer newsletter. MailChimp is a service provided by The Rocket Science Group, LLC, 512 Means St. Suite 404, Atlanta, GA 30318, USA (MailChimp). If you subscribe to our newsletter, the data that you provide are transmitted to MailChimp and stored there. MailChimp offers extensive analytical options in relation to use of the newsletters. These analyses are group-based and are not used by us for individual analysis. MailChimp also uses the analytical tool Google Analytics and integrates it in part into the newsletters. MailChimp guarantees the processing of personal data according to European law in the following contractual clause: mailchimp.com/help/about-mailchimp-and-the-gdpr/. Further information about MailChimp and data protection at MailChimp is available here: mailchimp.com/legal/privacy/.
Reviews – The satisfaction of our customers with our products and service is extremely important to us. In order to survey your satisfaction, we may contact you with your unique order number from your order, your name and your e-mail address which you provided in the order process. The legal basis for this is Art. 6 (1) (f) GDPR.
For distribution of e-mails, we use the services of the technical service providers Trustpilot A/S, Pilestraede 58, 5th floor, DK-1112 Copenhagen, Denmark, Trusted Shops GmbH, Colonius Carré, Subbelrather Straße 15c, 50823 Cologne, Germany and MailChimp, The Rocket Science Group, LLC, 512 Means St. Suite 404, Atlanta, GA 30318, USA.
E-mail Communication – For the dispatch of order confirmations, invoices, instructions for use and dispatch confirmations we use the e-mail system MailChimp via Mandrill, The Rocket Science Group, LLC, 512 Means St. Suite 404, Atlanta, GA 30318, USA. MailChimp guarantees the processing of personal data according to European law in the following contractual clause: mailchimp.com/help/about-mailchimp-and-the-gdpr/. Further information about MailChimp and data protection at MailChimp can be found here: mailchimp.com/legal/privacy/. The process of sending these documents is processed on the basis of Art. 6 (1) (b) GDPR. Furthermore, we process for the dispatch of the instructions for use according to Art. 6 (1) (f) GDPR, in order to provide our customers with a simple, environmentally friendly and universal access to the instructions for use for your product.
To best serve our customers' concerns, our customer service department uses the Zendesk ticketing system from Zendesk, Inc. 989 Market Street #300, San Francisco, CA 94102, USA. We have agreed with Zendesk, Inc. to comply with the EU Standard Privacy Clauses (SCC). Zendesk guarantees the processing of personal data in accordance with European law (BCR Processor Policy) in the following contractual clause: d1eipm3vz40hy0.cloudfront.net/pdf/ZENDESK%20-%20BCR%20Processor%20Policy.pdf. We process your personal data exclusively for the purpose of the issue you have specified. Your data, as well as the message history, will be stored for later inquiries. For further information on data processing by Zendesk, please visit www.zendesk.com/company/privacy.
Contact Form – In order to make it easier for our customers to contact us, we offer a contact form on our website. Your request, name, e-mail address and telephone number can be transferred to the ticketing system for processing. Your express consent is required for this (Art. 6 (1) (a) GDPR).
Requests by E-mail – Customers can contact our customer service department ([email protected]) with any questions they may have. In this case, we process the personal data that you have voluntarily provided us with only for the purpose of answering your request in the best possible way and to be able to contact you (Art. 6 (1) (b) GDPR, Art. 6 (1) (f) GDPR).
Cloudflare – bett1.de uses the services of CloudFlare of the enterprise CloudFlare, Inc., 665 3rd pc. #200, San Francisco, CA 94107, USA, to guarantee a high accessibility of the website. Cloudflare, Inc. guarantees the processing of personal data according to European law in the following contractual clause: www.cloudflare.com/enterpriseterms/. Through CloudFlare, we are able to distribute the server load and detect and fend off attacks on our services. The network communication between you and en.bett1.de is also technically routed and analyzed over the network of CloudFlare. To optimize the load distribution CloudFlare may save cookies on your device. This process serves to ensure the smoothest possible operation of our website and the personal data required for this, such as IP address or cookie ID, are processed exclusively for this purpose (Art. 6 (1) (f) GDPR). Cloudflare also collects statistical data about the visit of this website. The access data includes: Name of the accessed website, file, date and time of access, transferred data volume, notification of successful access, browser and operating system used, URL of the previously visited website, IP address and associated service provider. Cloudflare uses the log data for statistical analysis for the purpose of operation, security and optimization of the offer. More information about security and privacy at CloudFlare can be found at www.cloudflare.com/security-policy.
Payment Service Provider for Purchase on Account and Hire Purchase
We offer various types of payment to our customers. For the “payment on account” and “hire purchase” payment types, we use the payment service provider Klarna AB (hereinafter referred to as Klarna), Sveavägen 46, 111 34 Stockholm, Sweden.
We ask customers who choose one of these payment types to give their consent in the course of the ordering process for us to transmit to Klarna the personal data required to process the payment and to check your identity and creditworthiness, such as your first name and surname, address, date of birth, gender, e-mail address, IP address and telephone number, and the data required to process the purchase on account that are associated with the order, such as the number of items, the item number, the invoice amount and the percentage of tax. Klarna may pass on personal data to credit agencies to carry out the check of identity and creditworthiness. An overview of the credit agencies involved can be found in Klarna’s data protection policy: cdn.klarna.com/data_protection.pdf.
You may withdraw your consent to Klarna to use these personal data at any time. You will find Klarna’s contact details in its legal notice at: www.klarna.com/de/impressum.
We work continuously to make the most of all of the technical and organisational options available to protect the personal data of our customers from access by unauthorised third parties. Communication by e-mail, however, brings with it risks that cannot be excluded entirely. We recommend that you communicate confidential information to us by post.
Information About Cookies
Most of the cookies we use are so-called “session cookies”, which are erased as soon as you end your browser session. There are also cookies that are stored for longer periods for the shopping basket and login status, with the aid of which we recognise you as a visitor to en.bett1.de. These cookies expire after one hour. In addition, Google Analytics uses persistent cookies, which are valid for up to two years.
We use the “Website Custom Audiences” service of the social network Facebook on en.bett1.de. This service is operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, and makes it possible for us to display advertising to a defined target audience on Facebook. According to its own information, Facebook generates a non-reversible and non-personal checksum (hash value) from your usage data through this service, which Facebook can use for the purposes of analysis and marketing. For the “Website Custom Audiences” product, a cookie, web beacon, pixel or similar technology is accessed by Facebook on the website and may be stored on your end device. As the service and the data processing carried out through this service are solely the responsibility of Facebook, we do not have any influence over possible processing of personal data. Further information about the purpose and extent of data collection, further processing and use of the data by Facebook and your setting options to protect your privacy is available in Facebook’s data protection policy, which can be found at www.facebook.com/ads/website_custom_audiences/ and www.facebook.com/privacy/explanation, among other places. If you wish to object to the use of Facebook Website Custom Audiences, you can exercise your right to object (opt-out) at: www.facebook.com/ads/website_custom_audiences/.
Principles – The website en.bett1.de uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on your computer and which facilitate analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and is saved there. If IP anonymisation is activated on this website, your IP address is first truncated by Google in Member States of the Europe Union and in other countries that are signatories to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted by Google to a server in the USA and truncated there. Google uses this information on behalf of the operator to analyse your use of the website, compile reports about website activities and provide other services associated with use of the website and the internet to the website operator. The IP address transmitted by your browser in the context of Google Analytics is not combined with any other Google data. You can prevent storage of cookies by means of a corresponding setting in your browser software; please note, however, that in this case you may not be able to use all functions of this website to their full extent. In addition, you can prevent recording of the data generated by the cookie relating to your use of the website (including your IP address) by Google and processing of that data by Google (including your IP address) by downloading and installing the browser plugin available at tools.google.com/dlpage/gaoptout?hl=en.
Opt-out Function – Users have the option to prevent recording of data by Google Analytics by clicking on Deactivate Google Analytics. An opt-out cookie is set that prevents future recording of your data when visiting this website.
We wish to point out that Google Analytics has been extended on the website of en.bett1.de to include the code “anonymizeIp”, which ensures anonymised recording of IP addresses (so-called IP masking).
We also use Google Analytics to evaluate data from AdWords and the double-click cookie for statistical purposes. If you do not want this to happen, you can deactivate it via the ad preferences manager (www.google.com/settings/ads/onweb/?hl=en).
Our ultimate goal is to make our website as secure and secure as possible for you and for us. To ensure this, we use Google reCAPTCHA from Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. With reCAPTCHA we can determine whether you are really a flesh and blood human being and not a robot or other spam software. By spam we mean any unsolicited information sent to us by electronic means. With the classic CAPTCHAS, you usually had to solve text or image puzzles in order to check. With reCAPTCHA from Google we usually do not have to bother you with such puzzles. In most cases it is sufficient to simply check the box and confirm that you are not a bot. With the new Invisible reCAPTCHA version, you don't even have to check the box. How this works exactly and above all which data is used for this purpose, you will learn in the course of this data protection declaration.
What is reCAPTCHA?
Why do we use reCAPTCHA on our website?
We only want to welcome people of flesh and blood on our site. Bots or spam software of various kinds can safely stay at home. That is why we do everything possible to protect ourselves and offer the best possible user-friendliness for you. For this reason we use Google reCAPTCHA from the company Google. So we can be pretty sure that we remain a "bot-free" website. Through the use of reCAPTCHA, data is transmitted to Google to determine whether you are really a human being. reCAPTCHA thus serves the security of our website and consequently your security. For example, without reCAPTCHA it could happen that a bot registers as many e-mail addresses as possible during registration in order to "spam" forums or blogs with unwanted advertising content. With reCAPTCHA we can avoid such bot attacks.
Which data is stored by reCAPTCHA?
reCAPTCHA collects personal data from users to determine whether the actions on our website are really from people. This means that the IP address and other data that Google requires for the reCAPTCHA service can be sent to Google. IP addresses are almost always shortened within the member states of the EU or other states that are party to the Agreement on the European Economic Area before the data lands on a server in the USA. The IP address is not combined with any other data held by Google unless you are logged into your Google Account while using reCAPTCHA. First, the reCAPTCHA algorithm checks whether Google cookies from other Google services (YouTube, Gmail, etc.) are already placed on your browser. Then reCAPTCHA sets an additional cookie in your browser and takes a snapshot of your browser window.
The following list of collected browser and user data does not claim to be complete. Rather, they are examples of data which, to our knowledge, are processed by Google.
– Referrer URL (the address of the page the visitor comes from)
– IP address (for example, 2126.96.36.199)
– Information about the operating system (the software that enables your computer to operate. Known operating systems are Windows, Mac OS X or Linux)
– Cookies (small text files that store data in your browser)
– Mouse and keyboard behaviour (every action you perform with the mouse or keyboard is saved)
– Date and language settings (which language or date you have preset on your PC is saved)
– Screen resolution (shows how many pixels the image consists of)
It is indisputable that Google uses and analyses this data even before you click on the checkbox "I am not a robot". With the Invisible reCAPTCHA version, even the ticking is omitted and the whole recognition process runs in the background. How much and what kind of data Google exactly stores, you will not find out from Google in detail.
The following cookies are used by reCAPTCHA: Here we refer to the reCAPTCHA demo version of Google at www.google.com/recaptcha/api2/demo. All these cookies require a unique identifier for tracking purposes. Here is a list of cookies that Google reCAPTCHA has set on the demo version
Purpose: This cookie is set by DoubleClick (also owns Google) to register and report the actions of a user on the website in dealing with advertisements. This enables the effectiveness of the advertising to be measured and appropriate optimisation measures to be taken. IDE is stored in browsers under the domain doubleclick.net.
Expiry date: after one year
Purpose: This cookie collects statistics on website usage and measures conversions. A conversion occurs, for example, when a user becomes a buyer. The cookie is also used to show users relevant advertisements. Furthermore, the cookie can be used to prevent a user from seeing the same advertisement more than once.
Expiry date: after one month
Expiry date: after 9 months
Purpose: The cookie stores the status of a user's consent to use various Google services. CONSENT is also used for security purposes to verify users, prevent fraudulent use of login information and protect user data from unauthorised attacks.
Expiry date: after 19 years
Purpose: NID is used by Google to match ads to your Google search. Google uses the cookie to "remember" your most commonly entered search queries or your previous interaction with ads. So you always get tailor-made ads. The cookie contains a unique ID in order to collect the user's personal preferences for advertising purposes.
Expiry date: after 6 months
Purpose: As soon as you have ticked the "I am not a robot" box, this cookie is set. The cookie is used by Google Analytics for personalised advertising. DV collects information in anonymous form and is also used to make user distinctions.
Expiry date: after 10 minutes
Note: This list cannot claim to be exhaustive, as experience has shown that Google always changes its choice of cookies.
How long and where is the data stored?
By inserting reCAPTCHA, data is transferred from you to the Google server. Where exactly this data is stored is not clearly shown by Google, even after repeated requests. Without having received confirmation from Google, it can be assumed that data such as mouse interaction, time spent on the website or language settings are stored on the European or American Google servers. The IP address that your browser transmits to Google is generally not merged with other Google data from other Google services. However, if you are logged into your Google account while using the reCAPTCHA plug-in, the data will be merged. The different data protection regulations of Google apply to this.
How can I delete my data or prevent data storage?
If you do not want any data about you or your behaviour to be transmitted to Google, you must log out completely from Google and delete all Google cookies before you visit our website or use the reCAPTCHA software. In principle, the data is automatically transmitted to Google as soon as you visit our website. In order to delete this data again, you must contact Google support at support.google.com/?hl=en&tid=331599549805.
Therefore, when you use our website, you agree that Google LLC and its representatives automatically collect, process and use data.
Source: Created with the data protection generator of AdSimple in cooperation with bauenwir.de
Principles – On this website, we use Bing Ads, a technology of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Microsoft sets a cookie on your device if you have accessed our website via a Microsoft bing ad. This allows us to determine that a website visitor has been redirected via an ad. This information is used to create pseudonymous user profiles that are used to analyze visitor behavior and to display advertisements. However, personal information on the identity of the user is not processed. If you do not want Microsoft to be able to process information about your behavior, you can refuse the required cookies by changing your browser settings.
Principles – We use the technical service of Criteo GmbH on the website of bett1.de. Anonymised information about the surfing behaviour of website visitors is collected and stored for marketing purposes. These data are stored in cookies on the visitor’s computer. Criteo GmbH uses an algorithm to analyse the anonymised surfing behaviour recorded and can then display specific product recommendations as personalised advertising banners on other websites (so-called publishers). These data are not used to identify you in person as a visitor to our websites. The data collected are used only to improve our service. No other use is made of this information and it is not passed on to any third party.
You will find further information about the technology used in the data protection policy of Criteo GmbH at: https://www.criteo.com/privacy/corporate-privacy-policy/.
Opt-out Function – You can object to anonymous analysis of your surfing behaviour on our website by ticking the box to opt out of the technical service of Criteo GmbH at: www.criteo.com/privacy/.
Hotjar states that it does not store personal data or movements on profile pages that contain personal data. According to Hotjar, IP addresses are stored in anonymised form only. Further information about data protection and Hotjar can be found in Hotjar’s data protection policy: www.hotjar.com/privacy. Hotjar also provides the option of objecting to data processing by the cookie with effect from that point forward by activating the “Do Not Track” function of browsers. You can find out how to activate this here: www.hotjar.com/opt-out.
If you do not want information about your behaviour to be used by Hotjar as described above, you can deactivate automatic acceptance of cookies in general in your browser settings.
We also use the option provided by Hotjar of receiving anonymous user feedback in the form of so-called “Feedback Polls”. Website visitors can give us feedback about our website by means of this function without providing personal data. Sometimes you may have the option to send us a feedback message on a voluntary basis as a user. If personal data are included in this message (e.g. your name), we then process these data solely for the purpose of evaluating the feedback and, if appropriate, contacting you about your feedback.
Processing Outside the European Economic Area
bett1.de does not process any personal data outside the scope of the European Data Protection Regulation other than in the cases specified in this Data Protection Policy.
Your Rights As a Data Subject and Withdrawal of Your Consent
The General Data Protection Regulation guarantees you certain rights that you can assert in respect of us. You have the right:
– to demand confirmation from us about whether we are processing personal data about you and if so, the precise details of that data processing (Art. 15 GDPR: Right of access by the data subject),
– to demand that we immediately rectify incorrect personal data about you. In accordance with the purpose of the processing, you also have the right to demand completion of incomplete personal data – including by means of an additional declaration (Art. 16 GDPR: Right to rectification),
– to demand that we immediately erase personal data about you (Art. 17 GDPR: Right to erasure),
– to demand that we restrict processing (Art. 18 GDPR: Right to restriction of data processing),
– in the case of processing on the basis of consent or to fulfil a contract, to receive the personal data about you that you have provided to us in a structured, commonly used, machine-readable format and to transmit those data to another controller without hindrance from us or to transfer the data directly to the other controller insofar as this is technically feasible (Art. 20 GDPR: Right to data portability),
– to object, on grounds relating to your particular situation and at any time to processing of personal data concerning you that is necessary for the performance of a task carried out for reasons of public interest or to exercise public authority (Art. 21 GDPR: Right to object),
– to lodge a complaint with a supervisory authority at any time, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes applicable law (Art. 77 GDPR in conjunction with § 19 BDSG: Right to lodge a complaint with a supervisory authority).
Finally, if you have given us your consent, you have the right to withdraw that consent at any time. All data processing that we have carried out up to the time of your withdrawal remains lawful in this case. You can simply click on the link included in all e-mails for this purpose and deregister from the e-mail service, or send a message to [email protected] If you notify us in this message that you do not wish to receive e-mails in future, we will not send any more e-mails to the e-mail address provided by you. E-mails that we send to you to fulfil any contract concluded with you are not affected by this.
As of: 11 September 2020