Ooola Secrets | Privacy Policy | Ooola Secrets
78
page-template-default,page,page-id-78,ajax_fade,page_not_loaded,qode-page-loading-effect-enabled,,qode-title-hidden,qode_grid_1200,transparent_content,qode-theme-ver-11.2,qode-theme-ooola,wpb-js-composer js-comp-ver-5.2.1,vc_responsive

Privacy Policy

The Emmi Group is made up of different legal entities, details of which can be found here https://report.emmi.com/2017/en/03-10-30-uebersicht-ueber-konzerngesellschaften-assoziierte-gesellschaften-und-gemeinschaftsorganisationen-2/. This privacy policy is issued on behalf of the Emmi Group so when we mention "Emmi", "we", "us" or "our" in this privacy policy, we are referring to the relevant company in the Emmi Group responsible for processing your data. We would like to draw your attention to how Emmi (Emmi Schweiz AG and its group companies, including, for the avoidance of doubt Emmi UK Limited) processes your personal data. Please read our privacy policy below carefully. If you have any questions or comments about this privacy policy, you can always address them to dataprotection@emmi.com.

1. Name and contact details of the data controller and the company data protection officer

This privacy policy applies to the processing of personal data by:

Data Processor: Emmi Management AG („Emmi“)

Emmi Management AG, Landenbergstrasse 1, CH — 6005 Luzern, Switzerland
Email: info@emmi.com
Telephone: +41 58 227 27 27
Fax: +41 58 227 27 37

The company data protection officer of the Emmi Group can be contacted at Data Protection, Emmi Group, Landenbergstrasse 1, CH — 6005 Luzern, Switzerland, or at dataprotection@emmi.com.

2. Collection and storage of personal data as well as the nature and purpose of its use

The data we collect about you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows (and see below for more details):

  • Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
  • Contact Data includes billing address, delivery address, email address and telephone numbers.
  • Financial Data includes bank account and payment card details.
  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
  • Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
  • Usage Data includes information about how you use our website, products and services
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

a) When visiting the website

When you visit our website https://ooolasecrets.com/, the browser used on your device automatically sends information to our website server. This information is temporarily stored in a so-called log file. The following information will automatically be collected by us and deleted after 3 months:

  • IP address of the requesting terminal, 
  • date and time of access,
  • name and URL of any visited page,
  • Website from which any access takes place (so-called referrer URL),
  • device type and operating system of the device,
  • Name of your ISP
  • browser type and version used, and other information provided by the browser (such as geographical origin, language setting, add-ons used, screen resolution, etc.).
  • The above data will be processed by us for the following purposes: 
  • ensuring a smooth connection to the website,
  • ensuring the best possible user experience on our website,
  • Evaluation of system security and stability
  • for further administrative purposes.

The legal basis for this is Article 6(1)f of the EU General Data Protection Regulation (GDPR), which is that we have a legitimate interest in processing your personal data for the purposes listed above. We never use this data to identify you personally.

In addition, we use cookies and analysis services when you visit our website. Further details can be found in sections 4, 6 and 7 of this privacy policy.

For clarity, this website may include links to third-party websites, plug-ins and applications (for further details, please see below). Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

b) When registering for our newsletter

If you have expressly given us consent (pursuant to Article 6(1)a GDPR), we will use your e-mail address to regularly send you our newsletters, or have them sent to you on our behalf. To receive newsletters, we only require your E-Mail address.

You can unsubscribe at any time  via a link at the end of each newsletter. Alternatively you can also send an unsubscribe request to dataprotection@emmi.com by e-mail.

c) By using our contact form

If you have any questions, we provide a contact form on the website. It is necessary to provide a valid e-mail address, first and last name, postal code and telephone number so that we know who the request came from, and to efficiently answer that request. You may provide further personal information voluntarily.

Data processing for the purpose of contacting us (and our response) is in accordance with Article 6(1)a GDPR (your consent).

The personal data collected by us in the contact form will be deleted after completion, no later than 3 months after the request you have made.

d) Using our live chat

With our live chat, we offer you the opportunity to talk directly with us. For this, the submission of your email address is required, so that we can contact you afterwards.

The duration and time of the call are stored for statistical purposes. The chat history is stored anonymously for quality assurance. This data processing is again based on your consent, in accordance with Article 6(1)a GDPR.

e) Competitions

From time to time we may hold competitions or similar promotions. For the purpose of conducting these we require the following personal information:

  • salutation, last name, first name,
  • Address,
  • Date of birth,
  • Contact details (email address and/or mobile telephone number)

This information will be deleted after the prize draw or promotion. However if (in accordance with Article 6(1)a GDPR you have expressly and separately consented to the use of the aforementioned (and possibly further) personal data for marketing purposes (emails, newsletters, etc.) or other purposes, this data will be retained for such purposes in accordance with paragraph b) above. In the context of a competition or other promotion, we will only pass on your personal data to third parties for their own use if you have expressly consented to this (Article 6(1)a GDPR) or this is necessary for the performance of the competition pursuant to Article 6(1)b GDPR.

f) Further purposes

We reserve the right to process your personal data for further purposes. However, we will inform you accordingly and, if necessary, seek your consent.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

3. Disclosure of data

We share your personal data within the EmmiGroup. This will involve transferring your data outside the European Economic Area (EEA).

Many of our external third parties are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA.

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
  • Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
  • Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.

Specifically:

a) SAP Hybris

We use the cloud-based licensed software Hybris Marketing of SAP America Inc. (3999 West Chester Pike, Newtown Square, PA 19073 USA) on our site. The SAP Hybris Marketing Cloud System is located in St. Leon-Rot in Germany.

With Hybris Marketing, the personal data that you provide us with and the personal data collected by us in accordance with this privacy policy is transmitted to a central server of SAP America Inc. in Germany and combined into a uniform consumer profile. This enables us to carry out context-based marketing. This in turn enables us to provide consumers and anonymous website visitors with a consistent and relevant real-time digital user experience. Using Hybris Marketing, we aim to ensure that only products and advertisements you are (likely to be) interested in are displayed on your devices.

The use of the SAP Hybris Marketing Cloud System is based on our legitimate business interests in the above purposes pursuant to Article 6(1)f GDPR.

b) For other purposes

In addition, we will only pass on your personal data within the Emmi Group and / or to third parties if:

  • According to Article 6(1)a GDPR you have given your express consent to this;
  • According to Article 6(1)b GDPR it is necessary for the performance of a contractual relationship with you,
  • According to Article 6(1)c GDPR processing is necessary for compliance with a legal obligation,
  • According to Article 6(1)f GDPR processing is necessary for the purposes of the legitimate interests pursued by us or by a third party and there is no reason to assume that you have an overriding interest otherwise.

4. Cookies

We use cookies on our site. These are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our site.

The cookie is used to store information that is related to the specific device used. However, this does not mean that we are immediately aware of your identity.

The use of cookies serves to make use of our website more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages on our website. These are automatically deleted after leaving our pages.

In addition, to improve usability, we also use temporary cookies that are stored on your device for a specified period of time. If you visit our site again to take advantage of our services, it will automatically recognize that you have already been with us and what inputs and settings you have made, so you do not have to re-enter them.

We also use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our content (see paragraph 6) and to show you content that meets your personal interests (see paragraph 7).

Insofar as the aforementioned cookies are personal data, they are used on the basis of our legitimate interests pursuant to Article 6(1)f GDPR.

Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer, or so that a prompt appears before a new cookie is created. However, disabling cookies completely may mean that you can not use all features of our website.

5. Monitoring Tools

a) Brandwatch

We use the services of Brandwatch GmbH (Gutenbergstrasse 77A, 70197 Stuttgart). This is a social media monitoring tool that helps us to identify and monitor content on third-party sites (e.g., posts, tweets, blogs, news, forum posts, and social media platforms). This gives us a detailed insight into customer opinions and any topics on the Internet that mentions our company name(s) or talks about our brand(s). In doing so, so-called "crawlers" search available online sources to seek out the relevant hits. Brandwatch searches both publicly available data on the Internet and closed-loop third-party networks with which they have directly concluded contracts in order to access their data.

The data Brandwatch collects varies depending on the source of the data. The following personal data may be collected:

  • your name, username, nickname or other identifier;
  • the contents of data you have posted using that name, username, nickname, or other identifier, including comments, phrases, opinions, posts, etc.;
  • your profile picture;
  • your job title or industry;
  • your interests;
  • Your location;
  • your gender and
  • any other information that you post on any Internet site or on any third party platform that provides Brandwatch with data.

Our legitimate interests in the use of Brandwatch are for the purposes of market and opinion research and for marketing and PR purposes. Data processing is external and separate from our corporate web and social media sites, so we are not responsible for any data processing by Brandwatch.

If you object to the use of your information by Brandwatch, or require information about the data stored by them, or if you wish to exercise any other right that you are entitled to, please contact Brandwatch at privacy@brandwatch.com. For more information on privacy at Brandwatch, please click here.

b) Falcon.io

We use the services of Falcon.io ApS (H.C. Andersens boulevard 27, 1st floor, 1553 Copenhagen V, Denmark). This is a social media management tool that allows us to consistently manage our social media profiles and activities. Each user interaction with us is automatically and individually tracked so we can respond to customer requests quickly and efficiently. In addition, we can see whether our companies or our products are mentioned on the social media platforms we use, and then directly contact those users or provide them with content. This gives us a detailed insight into customer opinions. Furthermore, the tool also allows us to create our own campaign pages and to show personalized and interest-based advertising, as well as to measure the results of these.

Our use of Falcon.io is further to our legitimate interests in the purposes mentioned above. Data processing is external and separate from our corporate website and social media site, so we are not responsible for any data processing by Falcon.io.

If you object to the use of your data by Falcon.io, or require information about the data stored by them, or wish to assert any other right to which you are entitled, please contact Falcon.io at the privacy@falcon.io e-mail address. More information about privacy at Falcon.io can be found here.

6. Tracking Tools

The tracking measures listed below and used by us are based on Article 6(1)f GDPR (legitimate interests). With the tracking measures used, we seek to ensure a tailored design, and the continuous optimization of our website. We also use the tracking tools to statistically record the use of our website and evaluate it for the purpose of optimizing the content we show you.

a) Google Analytics

For the purpose of customizing and continually optimizing our pages, we use Google Analytics, a web analytics service provided by Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, hereinafter "Google"). In this context, pseudonymised usage profiles are created and cookies (see paragraph 4) are used. Information is generated by the cookie about your use of the website such as:

  • browser type / version,
  • used operating system,
  • Referrer URL (the previously visited page),
  • host name of the accessing terminal (IP address),
  • time of server request,

and are transmitted to a Google server in the US and stored there. The information is used to evaluate the use of the website, to compile reports on website activity, and to provide other services related to website activity and internet usage for the purposes of market research and tailor our website design. This information may also be transferred to third parties if required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with any other data provided by Google. The IP addresses are anonymized, so that such a merger is not possible (IP masking). Google complies with the US-EU Privacy and US-Swiss Safe Harbor Agreements and is registered with the US Department of Commerce's Safe Harbor Programs.

You can prevent the installation of cookies by setting your browser software accordingly; however, we must point out that in this case not all features of our website may be fully functional.

In addition, you may prevent the collection of data generated by the cookie related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on.

As an alternative to the browser add-on, especially for browsers on mobile devices, you can prevent the collection of data by Google Analytics by clicking on this link. An opt-out cookie will be set that will prevent the future collection of your data when you visit this website. The opt-out cookie is only valid on that browser and only for our website, and is stored on your device. If you delete cookies in that browser, you must set the opt-out cookie again.

For more information about privacy related to Google Analytics, see the Google Analytics Help Center.

b) Google Adwords Conversion Tracking

In order to statistically record the use of our website and to evaluate it for the purpose of optimizing our content, we also use Google Conversion Tracking. In doing so, Google Adwords will set a cookie (see section 4) on your device if you have reached our website via a Google ad.

These cookies lose their validity after 30 days and are not used for personal identification. If a user visits certain pages of the Adwords customer's website and the cookie has not yet expired, Google and the customer can recognize that the user previously clicked on the ad and was redirected to that page.

Every Adwords customer receives a different cookie. Cookies can not be tracked via the websites of Adwords customers. The information gathered using the cookie is used to generate conversion statistics for Adwords customers who have opted for conversion tracking. Adwords customers are notified of the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, they do not receive information that personally identifies users.

If you do not want to participate in the tracking process, you can also refuse the setting of that cookie — for example, via a browser setting that generally disables the automatic setting of cookies. You can also disable cookies for conversion tracking by setting your browser to block cookies from the domain "www.googleadservices.com". Google's privacy policy for conversion tracking can be found here.

7. Targeting Tools

The targeting measures listed below and used by us are based on Article 6(1)f GDPR (legitimate interests). Through the targeting measures we use, we want to make sure that only advertising that meets your actual or inferred interests is displayed on your devices.

a) Google Adwords Remarketing

We use Google Remarketing Tags. These are a service of Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA, hereafter "Google"). Google uses cookies (see section 4) that are stored on your computer and that enable us to analyze your use of our Website. The information generated by the cookie about your use of this website (including your IP address) will be transmitted to and stored by Google on servers in the United States. The IP address is then anonymised by Google at the last three digits, so that a full reading of the IP address is no longer possible. Google complies with the US-EU and US-Swiss Safe Harbor Privacy Policies and is registered with the US Department of Commerce's equivalent Safe Harbor programs. Google will use this information to evaluate your use of the website, to compile reports on website activity for us as website operators and to provide other services related to website activity and internet usage.

Google may also transfer this information to third parties if required by law or where third parties process this data on behalf of Google. Third parties, including Google, place ads on websites on the Internet. Third parties, including Google, use stored cookies to serve ads based on previous visits by a user to a site. Google will never associate your IP address with other Google data. Permision for this data collection and storage can be revoked at any time in respect of future processing. You can disable the use of cookies by Google by visiting the page to disable Google advertising.

We must point out, however, that you may not be able to use all the features of the Website if you do so. By using this Website, you consent to the processing of data about you by Google in the manner and for the purposes set out above. For more information about Google's terms, click here.

b) Double Click

On our website, information for the optimization of advertising impressions is collected and evaluated using cookies (see section 4). For this purpose, we use Google Inc. targeting technologies (Double Click, Double Click Exchange Buyer, Double Click Bid Manager). These technologies enable us to target you with individual interest-based advertising. The cookies used, for example, provide information about which of our products you are interested in. On the basis of the information, we can also show you third-party content that is specifically geared to your interests, as they result from your previous user behavior. The collection and evaluation of your user behavior is anonymous and does not enable us to personally identify you. In particular, this information will not be merged with personally identifiable information about you.

The cookie will be automatically deleted after 30 days.

You can also set preferences for showing interest-based advertising through the Google Ads Settings Manager.

For more information and privacy policy regarding advertising and Google, see the Google Privacy Policy and Terms of Use.

c) Facebook Retargeting / Remarketing

Our pages include remarketing tags from the Facebook social network, 1601 South California Ave., Palo Alto, CA 94304, USA ("Facebook"). When you visit our pages, the remarketing tags make a direct link between your browser and the Facebook server. Facebook receives the information that you have visited our site along with your IP address. As a result, Facebook can link your visit to our pages to your user account. We can then use this information for the display of Facebook Ads. Facebook complies with the US-EU and US-Swiss Safe Harbor Privacy Policy and is registered with the US Department of Commerce's Safe Harbor Programs.

We must point out that as the provider of the pages we are not aware of the content of the data transmitted to, and their use by, Facebook.

For more information, see the Facebook privacy statement.

d) Facebook Custom Audiences and Lookalike Audiences

In addition, we also use Facebook Custom Audiences and Facebook Lookalike Audiences. These are marketing services from Facebook. These allow us to display personalized and interest-based advertising on Facebook for certain groups of visitors to our website who also use Facebook.

Facebook Custom Audience and Facebook Lookalike Audiences pixels are integrated into our website. This is Java Script code that stores personally identifiable information about your use of the Website. These include your IP address, the browser you are using, and the source and destination pages. This information is transmitted to Facebook servers in the United States. There is an automatic check to see if you have saved a Facebook cookie. The Facebook cookie automatically determines whether you belong to the relevant target group for us. If you belong to the target group, we will show you relevant ads on Facebook. In this process, we are not personally identifying you by matching this data with data we hold. Facebook complies with the US-EU and US-Swiss Safe Harbor Privacy Policy and is registered with the US Department of Commerce's Safe Harbor Programs.

You may object to the use of the Custom Audiences and Lookalike Audiences services on the Facebook website. After logging in to your Facebook account, you can adjust your settings for Facebook ads.

For more information on privacy on Facebook, see the Facebook privacy policy.

8. Your rights

You have the right:

  • according to Article 7(3) GDPR, to revoke your consent to our processing of your personal data at any time. As a result, we will not be permitted to continue data processing based on your consent in the future;
  • in accordance with Article 15 GDPR, to request information about your personal data processed by us. In particular, you can request information on: the processing purposes, the categories of personal data processed, the categories of recipients to whom your data has been disclosed, and the planned retention period for the data; the existence and the source of personal data if not collected from us, and the existence of automated decision-making including profiling and, where appropriate, meaningful information about those details;
  • to immediately request the correction of incorrect or incomplete personal data stored by us;
  • to request the deletion of your personal data held by us, unless such processing is required to exercise any right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
  • to demand the restriction of the processing of your personal data, where the accuracy of the data is disputed by you, or where the processing is unlawful but you refuse its deletion or, where we no longer need the data, but you require it for the establishment, exercise or defense of legal claims, or you have objected to the processing;
  • in accordance with Article 20 GDPR to obtain the personal data that you have provided to us in a structured, standard and machine-readable format, or to request its transfer to another data controller and
  • to complain to a supervisory authority pursuant to Article77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or work, or alternatively in Switzerland. We would, however, appreciate the chance to deal with your concerns before you approach the relevant supervisory authority, so please contact us in the first instance.

9. Right to object

If your personal data is processed further to our legitimate interests in accordance with Article 6(1)f GDPR, you have the right to file an objection against this processing in accordance with Article 21 GDPR, either on grounds arising from your particular situation, or if you simply object to direct marketing. In the latter case, you have an absolute right to object.

If you would like to exercise your right to object, please send an e-mail to dataprotection@emmi.com.

10. Data security

We use the widely used Transport Layer Security (TLS) technology on our website in conjunction with the highest level of encryption supported by your browser. In general, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we will use 128-bit v3 technology instead. Where an individual page of our website is transmitting in encrypted form, this is indicated by the closed padlock symbol in the status bar of your browser.

We also take appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

11. Updating and changing this privacy policy

This policy is currently valid and was last amended in March 2018.

Due to the continuous development of our website and the contents thereof, or due to changed legal or regulatory requirements, it may be necessary to change this privacy policy from time to time. Our current privacy policy can always be found on the Website at

https://ooolasecrets.com/privacy-policy/

and can be saved and printed by you.