We are delighted that you have visited us at en.bett1.de and thank you for your interest. Protection of your privacy when you visit our website is important to us.
By means of this Data Protection Policy, we provide our users with full and transparent information about the type, extent and purpose of collection and use of personal data in connection with the use of our website.
The data controller for processing of personal data within the scope described here is bett1.de GmbH (bett1.de), represented by its managing director Adam Szpyt, Tauentzienstr. 11, 10789 Berlin, Germany.
You can contact our data protection officer at [email protected] or at our postal address, marked for the attention of the data protection officer.
Please take a moment to read the following information about how we handle and protect your data when you visit our website.
We comply with the provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), the German Telemedia Act (TMG), the German Social Code X (SGB X) and other regulations of data protection law. We carry out the following data processing procedures:
Collection, Processing and Use of Data by bett1.de
Logfiles – Users can visit our website without providing specific information about their identity. Every time our site is accessed, system-related usage data are logged by our servers. The following information is transmitted by the web browser and stored in so-called server logfiles: the date and time of access, name of the file accessed, data volume transmitted, notification of successful access, web browser, requesting domain and IP address of the requesting computer. We use these data to ensure fault-free technical operation of our website, in particular to detect faults in the system, and they are erased at the latest 60 days after collection. The legal basis for this storage is Art. 6 (1) (f) GDPR.
Registration – For users who create a user account on our website, we collect, process and use the following personal data: first name, surname, e-mail address and password. We use these data to create your user account, which we provide for your use and through which we contact you about matters relating to your user account. Your contact details (address, fax number, telephone number and your billing and delivery address(es)), your previous orders and information about your newsletter subscription are also stored in your user account when you place an order. The legal basis for this storage process is, on the one hand, Art. 6 (1) (b) GDPR; on the other hand, it is Art. 6 (1) (f) GDPR, as we have a legitimate interest in being able to provide more specific assistance or an easier process for subsequent orders by collecting the data. We erase the registration data if no purchase is made, at the latest after six months from deregistration. If you make a purchase, the following regulations apply in relation to that purchase.
Purchase – For users who order one of the products offered on our website in return for payment, a mattress for example, we collect, process and use the following personal data: e-mail address, first name, surname, street and house number, any additional address details, town or city, post code, country and telephone number. Depending on the payment method you choose, we also process payment details, such as account number and sort code. We use these data to process the purchase you make, in particular to send you the product you have ordered. We pass on your personal order data to third parties (in particular, suppliers and financial service providers) for the purposes of processing the contract as far as is necessary. The legal basis for this data processing is Art. 6 (1) (b) GDPR and, as we also have retention obligations under tax law, Art. 6 (1) (c) GDPR. The data are erased when we no longer require them for contractual reasons or under tax law, at the earliest therefore 10 years after delivery of the mattresses.
Newsletter – Users have the option to register voluntarily to receive a newsletter (available in German language only) by e-mail. In this case, we process the following personal data so that we can inform you by e-mail newsletter of forthcoming offers and special deals in our web shop: surname, first name and associated e-mail address. The legal basis for this data processing is Art. 6 (1) (a) GDPR. The data is erased four years after cancellation of the newsletter.
Users can cancel their subscription to the newsletter at any time with effect from that point forward by sending a cancellation e-mail to [email protected], simply clicking on the link at the end of the newsletter or cancelling the newsletter in the customer area. The legal basis for use is Art. 6 (1) (a) GDPR. Following cancellation, we will no longer use the data to send the newsletter but only for evidential purposes and for legal defence against action relating to distribution of newsletters (Art. 6 (2) (f) GDPR).
We use the technical service provider MailChimp to distribute our customer newsletter. MailChimp is a service provided by The Rocket Science Group, LLC, 512 Means St. Suite 404, Atlanta, GA 30318, USA (MailChimp). If you subscribe to our newsletter, the data that you provide are transmitted to MailChimp and stored there. MailChimp offers extensive analytical options in relation to use of the newsletters. These analyses are group-based and are not used by us for individual analysis. MailChimp also uses the analytical tool Google Analytics and integrates it in part into the newsletters. MailChimp takes part in the EU-US Privacy Shield framework programme of the US Trade Department and the European Commission in relation to collection, use and storage of personal data from the Member States of the European Economic Area. You can obtain information about which data MailChimp collects, processes and uses and for what purposes within the framework of the EU-US Privacy Shield framework programme here: www.privacyshield.gov/participant. Further information about MailChimp and data protection at MailChimp is available here: mailchimp.com/legal/privacy/.
Reviews – The satisfaction of our customers with our products and service is extremely important to us. In order to survey your satisfaction, we may contact you with your unique order number from your order, your name and your e-mail address which you provided in the order process. The legal basis for this is Art. 6 (1) (f) GDPR.
For distribution of e-mails, we use the services of the technical service providers Trustpilot A/S, Pilestraede 58, 5th floor, DK-1112 Copenhagen, Denmark, Trusted Shops GmbH, Colonius Carré, Subbelrather Straße 15c, 50823 Cologne, Germany and MailChimp, The Rocket Science Group, LLC, 512 Means St. Suite 404, Atlanta, GA 30318, USA.
E-mail Communication – For the dispatch of order confirmations, invoices, instructions for use and dispatch confirmations we use the e-mail system MailChimp, The Rocket Science Group, LLC, 512 Means St. Suite 404, Atlanta, GA 30318, USA. MailChimp participates in the EU-US Privacy Shield framework programme of the US Trade Department and the European Commission regarding the collection, use, and retention of personal data from the Member States of the European Economic Area. Here you will find information about what data MailChimp collects, processes and uses under the EU-US Privacy Shield framework programme and for what purposes it does so: www.privacyshield.gov/participant. Further information about MailChimp and data protection at MailChimp can be found here: mailchimp.com/legal/privacy/. The process of sending these documents is processed on the basis of Art. 6 (1) (b) GDPR. Furthermore, we process for the dispatch of the instructions for use according to Art. 6 (1) (f) GDPR, in order to provide our customers with a simple, environmentally friendly and universal access to the instructions for use for your product.
To best serve our customers' concerns, our customer service department uses the Zendesk ticketing system from Zendesk, Inc. 989 Market Street #300, San Francisco, CA 94102, USA. Zendesk, Inc. is certified under the EU-US Privacy Shield framework programme, which ensures compliance with the level of data protection applicable in the EU (see: www.privacyshield.gov/list). We process your personal data exclusively for the purpose of the issue you have specified. Your data, as well as the message history, will be stored for later inquiries. For further information on data processing by Zendesk, please visit www.zendesk.com/company/privacy.
Contact Form – In order to make it easier for our customers to contact us, we offer a contact form on our website. Your request, name, e-mail address and telephone number can be transferred to the ticketing system for processing. Your express consent is required for this (Art. 6 (1) (a) GDPR).
Requests by E-mail – Customers can contact our customer service department ([email protected]) with any questions they may have. In this case, we process the personal data that you have voluntarily provided us with only for the purpose of answering your request in the best possible way and to be able to contact you (Art. 6 (1) (b) GDPR, Art. 6 (1) (f) GDPR).
Cloudflare – bett1.de uses the services of CloudFlare of the enterprise CloudFlare, Inc., 665 3rd pc. #200, San Francisco, CA 94107, USA, to guarantee a high accessibility of the website. CloudFlare, Inc. is certified via the US-European data protection convention “Privacy Shield”, which guarantees compliance with the data protection level applicable in the EU (see: www.privacyshield.gov/list). Through CloudFlare, we are able to distribute the server load and detect and fend off attacks on our services. The network communication between you and en.bett1.de is also technically routed and analyzed over the network of CloudFlare. To optimize the load distribution CloudFlare may save cookies on your device. This process serves to ensure the smoothest possible operation of our website and the personal data required for this, such as IP address or cookie ID, are processed exclusively for this purpose (Art. 6 (1) (f) GDPR). Cloudflare also collects statistical data about the visit of this website. The access data includes: Name of the accessed website, file, date and time of access, transferred data volume, notification of successful access, browser and operating system used, URL of the previously visited website, IP address and associated service provider. Cloudflare uses the log data for statistical analysis for the purpose of operation, security and optimization of the offer. More information about security and privacy at CloudFlare can be found at www.cloudflare.com/security-policy.
Payment Service Provider for Purchase on Account and Hire Purchase
We offer various types of payment to our customers. For the “payment on account” and “hire purchase” payment types, we use the payment service provider Klarna AB (hereinafter referred to as Klarna), Sveavägen 46, 111 34 Stockholm, Sweden.
We ask customers who choose one of these payment types to give their consent in the course of the ordering process for us to transmit to Klarna the personal data required to process the payment and to check your identity and creditworthiness, such as your first name and surname, address, date of birth, gender, e-mail address, IP address and telephone number, and the data required to process the purchase on account that are associated with the order, such as the number of items, the item number, the invoice amount and the percentage of tax. Klarna may pass on personal data to credit agencies to carry out the check of identity and creditworthiness. An overview of the credit agencies involved can be found in Klarna’s data protection policy: cdn.klarna.com/data_protection.pdf.
You may withdraw your consent to Klarna to use these personal data at any time. You will find Klarna’s contact details in its legal notice at: www.klarna.com/de/impressum.
We work continuously to make the most of all of the technical and organisational options available to protect the personal data of our customers from access by unauthorised third parties. Communication by e-mail, however, brings with it risks that cannot be excluded entirely. We recommend that you communicate confidential information to us by post.
Information About Cookies
Most of the cookies we use are so-called “session cookies”, which are erased as soon as you end your browser session. There are also cookies that are stored for longer periods for the shopping basket and login status, with the aid of which we recognise you as a visitor to en.bett1.de. These cookies expire after one hour. In addition, Google Analytics uses persistent cookies, which are valid for up to two years.
We use the “Website Custom Audiences” service of the social network Facebook on en.bett1.de. This service is operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, and makes it possible for us to display advertising to a defined target audience on Facebook. According to its own information, Facebook generates a non-reversible and non-personal checksum (hash value) from your usage data through this service, which Facebook can use for the purposes of analysis and marketing. For the “Website Custom Audiences” product, a cookie, web beacon, pixel or similar technology is accessed by Facebook on the website and may be stored on your end device. As the service and the data processing carried out through this service are solely the responsibility of Facebook, we do not have any influence over possible processing of personal data. Further information about the purpose and extent of data collection, further processing and use of the data by Facebook and your setting options to protect your privacy is available in Facebook’s data protection policy, which can be found at www.facebook.com/ads/website_custom_audiences/ and www.facebook.com/privacy/explanation, among other places. If you wish to object to the use of Facebook Website Custom Audiences, you can exercise your right to object (opt-out) at: www.facebook.com/ads/website_custom_audiences/.
Principles – The website en.bett1.de uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on your computer and which facilitate analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and is saved there. If IP anonymisation is activated on this website, your IP address is first truncated by Google in Member States of the Europe Union and in other countries that are signatories to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted by Google to a server in the USA and truncated there. Google uses this information on behalf of the operator to analyse your use of the website, compile reports about website activities and provide other services associated with use of the website and the internet to the website operator. The IP address transmitted by your browser in the context of Google Analytics is not combined with any other Google data. You can prevent storage of cookies by means of a corresponding setting in your browser software; please note, however, that in this case you may not be able to use all functions of this website to their full extent. In addition, you can prevent recording of the data generated by the cookie relating to your use of the website (including your IP address) by Google and processing of that data by Google (including your IP address) by downloading and installing the browser plugin available at tools.google.com/dlpage/gaoptout?hl=en.
Opt-out Function – Users have the option to prevent recording of data by Google Analytics by clicking on Deactivate Google Analytics. An opt-out cookie is set that prevents future recording of your data when visiting this website.
We wish to point out that Google Analytics has been extended on the website of en.bett1.de to include the code “anonymizeIp”, which ensures anonymised recording of IP addresses (so-called IP masking).
We also use Google Analytics to evaluate data from AdWords and the double-click cookie for statistical purposes. If you do not want this to happen, you can deactivate it via the ad preferences manager (www.google.com/settings/ads/onweb/?hl=en).
Principles – On this website, we use Bing Ads, a technology of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Microsoft sets a cookie on your device if you have accessed our website via a Microsoft bing ad. This allows us to determine that a website visitor has been redirected via an ad. This information is used to create pseudonymous user profiles that are used to analyze visitor behavior and to display advertisements. However, personal information on the identity of the user is not processed. If you do not want Microsoft to be able to process information about your behavior, you can refuse the required cookies by changing your browser settings.
Principles – We use the technical service of Criteo GmbH on the website of bett1.de. Anonymised information about the surfing behaviour of website visitors is collected and stored for marketing purposes. These data are stored in cookies on the visitor’s computer. Criteo GmbH uses an algorithm to analyse the anonymised surfing behaviour recorded and can then display specific product recommendations as personalised advertising banners on other websites (so-called publishers). These data are not used to identify you in person as a visitor to our websites. The data collected are used only to improve our service. No other use is made of this information and it is not passed on to any third party.
You will find further information about the technology used in the data protection policy of Criteo GmbH at: https://www.criteo.com/privacy/corporate-privacy-policy/.
Opt-out Function – You can object to anonymous analysis of your surfing behaviour on our website by ticking the box to opt out of the technical service of Criteo GmbH at: www.criteo.com/privacy/.
Hotjar states that it does not store personal data or movements on profile pages that contain personal data. According to Hotjar, IP addresses are stored in anonymised form only. Further information about data protection and Hotjar can be found in Hotjar’s data protection policy: www.hotjar.com/privacy. Hotjar also provides the option of objecting to data processing by the cookie with effect from that point forward by activating the “Do Not Track” function of browsers. You can find out how to activate this here: www.hotjar.com/opt-out.
If you do not want information about your behaviour to be used by Hotjar as described above, you can deactivate automatic acceptance of cookies in general in your browser settings.
We also use the option provided by Hotjar of receiving anonymous user feedback in the form of so-called “Feedback Polls”. Website visitors can give us feedback about our website by means of this function without providing personal data. Sometimes you may have the option to send us a feedback message on a voluntary basis as a user. If personal data are included in this message (e.g. your name), we then process these data solely for the purpose of evaluating the feedback and, if appropriate, contacting you about your feedback.
Processing Outside the European Economic Area
bett1.de does not process any personal data outside the scope of the European Data Protection Regulation other than in the cases specified in this Data Protection Policy.
Your Rights As a Data Subject and Withdrawal of Your Consent
The General Data Protection Regulation guarantees you certain rights that you can assert in respect of us. You have the right:
– to demand confirmation from us about whether we are processing personal data about you and if so, the precise details of that data processing (Art. 15 GDPR: Right of access by the data subject),
– to demand that we immediately rectify incorrect personal data about you. In accordance with the purpose of the processing, you also have the right to demand completion of incomplete personal data – including by means of an additional declaration (Art. 16 GDPR: Right to rectification),
– to demand that we immediately erase personal data about you (Art. 17 GDPR: Right to erasure),
– to demand that we restrict processing (Art. 18 GDPR: Right to restriction of data processing),
– in the case of processing on the basis of consent or to fulfil a contract, to receive the personal data about you that you have provided to us in a structured, commonly used, machine-readable format and to transmit those data to another controller without hindrance from us or to transfer the data directly to the other controller insofar as this is technically feasible (Art. 20 GDPR: Right to data portability),
– to object, on grounds relating to your particular situation and at any time to processing of personal data concerning you that is necessary for the performance of a task carried out for reasons of public interest or to exercise public authority (Art. 21 GDPR: Right to object),
– to lodge a complaint with a supervisory authority at any time, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes applicable law (Art. 77 GDPR in conjunction with § 19 BDSG: Right to lodge a complaint with a supervisory authority).
Finally, if you have given us your consent, you have the right to withdraw that consent at any time. All data processing that we have carried out up to the time of your withdrawal remains lawful in this case. You can simply click on the link included in all e-mails for this purpose and deregister from the e-mail service, or send a message to [email protected] If you notify us in this message that you do not wish to receive e-mails in future, we will not send any more e-mails to the e-mail address provided by you. E-mails that we send to you to fulfil any contract concluded with you are not affected by this.
As of: 13 March 2020