3D-APP (use of the True Depth Face Data)
Data processing of personal data when downloading and using the app
a. Technically required data
When you use our app, the following data is collected, which is technically necessary for us to provide you with the functions of our app IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), access status/HTTP status code, amount of data transferred in each case, operating system and its interface, language and version of the browser software. The aforementioned data is stored by us for a maximum period of 7 days. We have a legitimate interest in ensuring the stability and security of our app and protecting it from attacks by third parties. (The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR – processing within the scope of the legitimate interests of the controller
b. Contact by the user
When you contact us, e.g. by e-mail, we will store your e-mail address and, if you provide it, your name and the content of your message in order to answer your questions or process your request. We have a legitimate interest in responding to contact from our app users and answering/processing their requests. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR (processing within the scope of the legitimate interests of the controller)
c. Biometric data (face data)
1. collection:
Customers who have custom-made glasses fitted via the “Wallenfels Eyewear” app or by a “Wallenfels Eyewear” optician are scanned during the process. In this process, the facial topology and information about the face are recorded in 3D format.
2. use
This data is only used for the app’s internal measurement of facial features and is never used for any other purpose or externally. For newer generation iPads/iPhones, we use the True Depth API technology provided by Apple. This allows us to use the built-in camera in the iPhone/iPad directly.
3. disclosure
During the scanning process, the data is not passed on to Apple or other third-party providers. The biometric data is only stored temporarily on the local iPhone/iPad. There is no possibility of direct external access to this data.
4. sharing
Screenshots can be shared using the sharing function in the app. No personal data or biometric data is processed further or passed on to third parties.
5 Retention of face data
In principle, the recorded facial features or biometric data are only required during the use of the app in order to adapt the eyewear models to the individual customer’s face. The data is not passed on to third parties, nor is it further processed, used or stored.
1 Information on the collection of personal data
(1) In the following, we inform you about the collection of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behaviour.
(2) The responsible party pursuant to Art. 4 (7) of the EU General Data Protection Regulation (DS-GVO) is [FRANK3D GmbH, Wilhelmine-Reichard-Str. 7, 80935 Munich, info@wallenfels-eyewear.com] (see our imprint). [You can reach our data protection officer at [info@wallenfels-eyewear.com] or our postal address with the addition of “the data protection officer”].
(3) When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, name and telephone number, if applicable) will be stored by us in order to answer your questions. We delete the data accruing in this context after the storage is no longer necessary or restrict the processing if there are statutory retention obligations.
(4) If we use commissioned service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. In doing so, we will also state the defined criteria for the storage period.
2 Your Rights
(1) You have the following rights with regard to personal data concerning you:
– Right of access,
– right to rectification or erasure,
– right to restriction of processing,
– right to object to processing,
– right to data portability.
(2) You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.
3 Collection of Personal Data When Visiting Our Website
(1) In the case of mere informational use of the website, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security (legal basis is Art. 6 para. 1 p. 1 lit. f DS-GVO):
– IP address
– Date and time of the request
– Time zone difference to Greenwich Mean Time (GMT)
– Content of the request (specific page)
– Access status/HTTP status code
– Amount of data transferred in each case
– Website from which the request came
– browser
– Operating system and its interface
– Language and version of the browser software.
(2) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive in relation to the browser you are using and which provide the party setting the cookie (in this case, us) with certain information. Cookies cannot execute programmes or transfer viruses to your computer. They serve to make the Internet offer as a whole more user-friendly and effective.
(3) Use of cookies:
(a) This website uses the following types of cookies, the scope and functionality of which are explained below:
– Transient cookies (for this purpose b)
– Persistent cookies (see c).
b) Transient cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This enables your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.
2. c) Persistent cookies are automatically deleted after a specified period of time, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
3. d) You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all the functions of this website.
4. e) [We use cookies to identify you for subsequent visits if you have an account with us. Otherwise you would have to log in again for each visit].
5. f) [The Flash cookies used are not collected by your browser, but by your Flash plug-in. Furthermore, we use HTML5 storage objects that are stored on your terminal device. These objects store the required data independently of the browser you are using and have no automatic expiry date. If you do not want Flash cookies to be processed, you must install an appropriate add-on, e.g. “Better Privacy” for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/betterprivacy/) or the Adobe Flash Killer Cookie for Google Chrome. You can prevent the use of HTML5 storage objects by setting your browser to private mode. We also recommend that you regularly delete your cookies and browser history manually].
You can revoke this analysis or prevent it by not using certain tools. Web tracking on this page is currently
4 Use of Google Analytics
(1) This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. In the event that IP anonymisation is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.
(2) The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
(3) You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
(4) This website uses Google Analytics with the extension “_anonymizeIp()”. This means that IP addresses are processed in abbreviated form, thus excluding the possibility of personal references. If the data collected about you is related to a person, this is immediately excluded and the personal data is deleted immediately.
(5) We use Google Analytics to analyse and regularly improve the use of our website. The statistics obtained enable us to improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 para. 1 p. 1 lit. f DS-GVO.
(6) Information of the third party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions: http://www.google.com/analytics/terms/de.html, Overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html, as well as the data protection declaration: http://www.google.de/intl/de/policies/privacy.
[(7) This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. You can deactivate the cross-device analysis of your usage in your customer account under “My data”, “Personal data”].
5 Use of Piwik
(1) This website uses the web analytics service Piwik to analyse and regularly improve the use of our website. The statistics obtained enable us to improve our offer and make it more interesting for you as a user. The legal basis for the use of Piwik is Art. 6 para. 1 p. 1 lit. f DS-GVO.
(2) Cookies (see § 3 for more details) are stored on your computer for this evaluation. The information collected in this way is stored by the responsible party exclusively on its server in [Germany]. You can set the evaluation by deleting existing cookies and preventing the storage of cookies. If you prevent the storage of cookies, please note that you may not be able to use this website to its full extent. Preventing the storage of cookies is possible through the setting in your browser. Preventing the use of Piwik is possible by unchecking the following box to activate the opt-out plug-in: [Piwik iFrame].
(3) This website uses Piwik with the extension “AnonymizeIP”. This means that IP addresses are processed in abbreviated form, which means that they cannot be directly linked to a specific person. The IP address transmitted by your browser via Piwik is not merged with other data collected by us.
(4) The Piwik programme is an open source project. Information from the third-party provider on data protection is available at http://piwik.org/privacy/policy.
6 Use of eTracker
(1) On this website, data is collected and stored for marketing and optimisation purposes using technologies from etracker GmbH (http://www.etracker.com). From this data, user profiles can be created under a pseudonym. Cookies can be used for this purpose. Cookies are small text files that are stored locally in the cache of the site visitor’s internet browser. The cookies enable the recognition of the internet browser. The data collected with the eTracker technologies will not be used to personally identify the visitor to this website without the separately granted consent of the person concerned and will not be merged with personal data about the bearer of the pseudonym. The collection and storage of data can be objected to at any time with effect for the future.
Please exclude me from the eTracker count. [Link]
(2) We use eTracker to analyse and regularly improve the use of our website. The statistics obtained enable us to improve our offer and make it more interesting for you as a user. The collected data is stored permanently and analysed pseudonymously. The legal basis for the use of eTracker is Art. 6 para. 1 p. 1 lit. f DS-GVO.
(3) Information from the third-party provider: etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg; https://www.etracker.com/de/datenschutz.html. The legal basis for the use of eTracker is Art. 6 para. 1 p. 1 lit. f DS-GVO.
7 Use of Jetpack / formerly WordPress.com Stats
(1) This website uses the web analytics service Jetpack (formerly: WordPress.com-Stats) to analyse and regularly improve the use of our website. The statistics obtained enable us to improve our offer and make it more interesting for you as a user. Furthermore, we use the system for measures to protect the security of the website, e.g. the detection of attacks or viruses. For the exceptional cases in which personal data is transferred to the USA, Automattic Inc. has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov. The legal basis for the use of Jetpack is Art. 6 para. 1 p. 1 lit. f DS-GVO.
(2) For this evaluation, cookies (see § 3 for more details) are stored on your computer. The information collected in this way is stored on a server in the USA. If you prevent the storage of cookies, please note that you may not be able to use this website to its full extent. You can prevent the storage of cookies by changing the settings in your browser or by clicking the “Click here to Opt-out” button at http://www.quantcast.com/opt-out.
(3) This website uses Jetpack with an extension that shortens IP addresses immediately after they have been collected in order to exclude the possibility of personal references.
(4) Information from the third-party provider: Automattic Inc., 60 29 th Street #343, San Francisco, CA 94110-4929, USA, https://automattic.com/privacy, and from the third-party provider of the tracking technology: Quantcast Inc., 201 3 rd St, Floor 2, San Francisco, CA 94103-3153, USA, https://www.quantcast.com/privacy.
8 Adobe Analytics (Omniture)
(1) This website uses the web analytics service Adobe Analytics (Omniture) to analyse and regularly improve the use of our website. The statistics obtained enable us to improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Adobe has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Adobe Analytics is Art. 6 para. 1 p. 1 lit. f DS-GVO.
(2) For this evaluation, cookies (see § 3 for more details) are stored on your computer. The information collected in this way is stored on servers, including in the USA. If you prevent the storage of cookies, please note that you may then not be able to use this website to its full extent. You can prevent cookies from being stored by changing the settings in your browser or by clicking on the “Logout” button at http://www.adobe.com/de/privacy/opt-out.html.
(3) This website uses Adobe Analytics (Omniture) with the settings “Before Geo-Lookup: Replace visitor’s last IP octet with 0” and “Obfuscate IP-Removed”, which shortens your IP address by the last octet and replaces it with a generic IP address, i.e. one that can no longer be assigned. A personal reference can thus be ruled out.
(4) Information from the third-party provider: Adobe Systems Software Ireland Limited, Ireland, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland; privacy@adobe.com; privacy policy: http://www.adobe.com/de/privacy/policy.html.
9 Use of the Scalable Central Measuring Method (SZM)
(1) Our website uses the measurement procedure (“SZMnG”) of INFOnline GmbH (https://www.infonline.de) to determine statistical parameters about the use of our offers. The aim of the range measurement is to statistically determine the intensity of use, the number of users of a website and the surfing behaviour – on the basis of a uniform standard procedure – and thus to obtain values that are comparable across the market.
For web offerings that are members of the Informationsgemeinschaft zur Feststellung der Verbreitung von Werbeträgern e. V. (IVW – http://www.ivw.eu) or participate in the studies of the Arbeitsgemeinschaft Online-Forschung e. V. (AGOF). (AGOF – http://www.agof.de), the usage statistics are regularly collected by AGOF and the Arbeitsgemeinschaft Media-Analyse e. V. (agma – http://www.agof.de). (agma – http://www.agma-mmc.de), as well as IVW, and can be viewed on the respective websites.
Data Processing
INFOnline GmbH collects and processes data in accordance with German data protection law. Technical and organisational measures ensure that individual users cannot be identified at any time. Data that may have a reference to a specific, identifiable person is anonymised as soon as possible.
1.1 Anonymisation of the IP address
On the internet, every device needs a unique address, the so-called IP address, to transmit data. The storage of the IP address, at least for a short period of time, is technically necessary due to the way the internet works. The IP addresses are shortened before any processing and are only processed anonymously. Untruncated IP addresses are not stored or processed.
1.2 Geolocation up to the level of federal states/regions
A so-called geolocalisation, i.e. the allocation of a website call to the location of the call, is carried out exclusively on the basis of the anonymised IP address and only up to the geographical level of the federal states/regions. Under no circumstances can conclusions be drawn about the specific place of residence of a user from the geographical information obtained in this way.
1.3 Identification number of the device
The range measurement alternatively uses either a cookie with the identification “ioam.de”, a “Local Storage Object” or an anonymous signature, which is created from various automatically transmitted information of your browser, for the recognition of computer systems. The validity of the cookie is limited to a maximum of 1 year.
1.4 Login ID
In order to measure distributed use (use of a service from different devices), the user ID at login, if available, can be transmitted to INFOnline as an anonymised checksum.
Deletion
The stored usage data will be deleted after 7 months at the latest.
Objection
If you do not wish to participate in the measurement, you can object under the following link: http://optout.ioam.de.
Further information on data protection in the measurement procedure can be found on the website of INFOnline GmbH (https://www.infonline.de), which operates the measurement procedure, the data protection website of AGOF (http://www.agof.de/datenschutz) and the data protection website of IVW (http://www.ivw.eu).
(2) We use the SZM procedure to be able to analyse and regularly improve the use of our website. The statistics obtained enable us to improve our offer and make it more interesting for you as a user. The legal basis for the use of the SZM procedure is Art. 6 para. 1 p. 1 lit. f DS-GVO.
10 Use of Social Media Plug-ins
(1) We currently use the following social media plug-ins: [Facebook, Google+, Twitter, Xing, T3N, LinkedIn, Flattr]. We use the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to the providers of the plug-ins. You can recognise the provider of the plug-in by marking the box with its initial letter or logo. We give you the opportunity to communicate directly with the provider of the plug-in via the button. Only if you click on the marked box and thereby activate it, the plug-in provider receives the information that you have called up the corresponding website of our online offer. In addition, the data mentioned under § 3 of this declaration is transmitted. In the case of Facebook and Xing, according to the respective providers in Germany, the IP address is anonymised immediately after collection. By activating the plug-in, your personal data is transmitted to the respective plug-in provider and stored there (in the case of US providers, in the USA). Since the plug-in provider collects the data in particular via cookies, we recommend that you delete all cookies via your browser’s security settings before clicking on the greyed-out box.
(2) We have no influence on the data collected and data processing operations, nor are we aware of the full extent of the data collection, the purposes of the processing, the storage periods. We also have no information on the deletion of the collected data by the plug-in provider.
(3) The plug-in provider stores the data collected about you as usage profiles and uses these for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) for the display of needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. Via the plug-ins, we offer you the opportunity to interact with the social networks and other users so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 para. 1 p. 1 lit. f DS-GVO.
(4) The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider, your data collected from us will be directly assigned to your account with the plug-in provider. If you click the activated button and, for example, link to the page, the plug-in provider also saves this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this will help you to avoid an assignment to your profile with the plug-in provider.
(5) Further information on the purpose and scope of the data collection and its processing by the plug-in provider can be found in the data protection declarations of these providers provided below. There you will also receive further information on your rights in this regard and setting options for protecting your privacy.
(6) Addresses of the respective plug-in providers and URL with their data protection notices:
- a) [Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; weitere Informationen zur Datenerhebung: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications sowie http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook hat sich dem EU-US-Privacy-Shield unterworfen, https://www.privacyshield.gov/EU-US-Framework.
- b) Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de. Google hat sich dem EU-US-Privacy-Shield unterworfen, https://www.privacyshield.gov/EU-US-Framework.
- c) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter hat sich dem EU-US-Privacy-Shield unterworfen, https://www.privacyshield.gov/EU-US-Framework.
- d) Xing AG, Gänsemarkt 43, 20354 Hamburg, DE; http://www.xing.com/privacy.
- e) T3N, yeebase media GmbH, Kriegerstr. 40, 30161 Hannover, Deutschland; https://t3n.de/store/page/datenschutz.
- f) LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy. LinkedIn hat sich dem EU-US-Privacy-Shield unterworfen, https://www.privacyshield.gov/EU-US-Framework.
- g) Flattr Network Ltd. mit Sitz in 2 nd Floor, White bear yard 114A, Clerkenwell Road, London, Middlesex, England, EC1R 5DF, Großbritannien; https://flattr. com/privacy.]
11 AddThis-Bookmarking
(1) Our websites also contain AddThis plug-ins. These plug-ins allow you to set bookmarks or share interesting content with other users. Via the plug-ins, we offer you the opportunity to interact with the social networks and other users so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 para. 1 p. 1 lit. f DS-GVO.
(2) Via these plug-ins, your internet browser establishes a direct connection with the servers of AddThis and, if applicable, the selected social network or bookmarking service. The recipients receive the information that you have accessed the corresponding website of our online offer and the data mentioned under § 3 of this declaration. This information is processed on AddThis servers in the USA. [We have concluded standard data protection clauses with AddThis]. If you send content on our website to social networks or bookmarking services, a connection may be established between your visit to our website and your user profile on the relevant network. We have no influence on the data collected and data processing operations, nor are we aware of the full extent of the data collection, the purposes of the processing, the storage periods. We also have no information on the deletion of the collected data by the plug-in provider.
(3) The plug-in provider stores these data as usage profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right.
(4) If you do not wish to participate in this procedure, you can object to the collection and storage of data at any time by setting an opt-out cookie with effect for the future: http://www.addthis.com/privacy/opt-out. Alternatively, you can set your browser to prevent the setting of a cookie.
(5) Further information on the purpose and scope of the data collection and its processing by the plug-in provider as well as further information on your rights in this regard and setting options to protect your privacy can be obtained from: AddThis LLC, 1595 Spring Hill Road, Sweet 300, Vienna, VA 22182, USA, www.addthis.com/privacy.
12 Integration of YouTube Videos
(1) We have integrated YouTube videos into our online offer, which are stored on http://www.YouTube.com and can be played directly from our website. [These are all integrated in “extended data protection mode”, i.e. no data about you as a user is transmitted to YouTube if you do not play the videos. Only when you play the videos will the data mentioned in paragraph 2 be transmitted. We have no influence on this data transmission].
(2) By visiting the website, YouTube receives the information that you have accessed the corresponding sub-page of our website. In addition, the data mentioned under § 3 of this declaration are transmitted. This occurs regardless of whether YouTube provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want your data to be associated with your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or designing its website in line with requirements. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact YouTube to exercise this right.
(3) For further information on the purpose and scope of data collection and its processing by YouTube, please refer to the privacy policy. There you will also find further information on your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
13 Integration of Google Maps
(1) On this website, we use the Google Maps service. This allows us to show you interactive maps directly on the website and enables you to use the map function conveniently.
(2) By visiting the website, Google receives the information that you have called up the corresponding sub-page of our website. In addition, the data mentioned under § 3 of this declaration will be transmitted. This occurs regardless of whether Google provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want your data to be associated with your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.
(3) For further information on the purpose and scope of data collection and its processing by the plug-in provider, please refer to the provider’s privacy policy. There you will also find further information on your rights in this regard and setting options for protecting your privacy: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.