Table of Contents
Declaration on the handling of personal data
1 - Name and address of the data controller
2 - Name and address of the data protection officer
3 - General information on data processing
4 - Deployment of the website and creation of log files
5 - Use of cookies
6 - Newsletter
7 - Registration
8 - Contact form and email contact
9 - Rights of the data subject
10 - Google
11 - Hotjar
12 - External tracking
13 - Order form
14 - Disclosure of data to payment service providers
15 - Credit report
16 - Disclosure of data to our collection partner
17 - Sample texts for vendors & affiliates
18 - Blog
19 - Beamer
The responsible person within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations shall be:
Digistore24 GmbH
St.-Godehard-Straße 32, 31139 Hildesheim, Deutschland
Telephone: +49 511/547470
Email: datenschutz@digistore24.com
Website: https://www.digistore24.com/
Attorney Marion Albrecht
activeLAW Klein.Offenhausen PartmbB
Hans-Böckler-Allee 26
30173 Hannover
Telephone: +49 511/547470
Email: datenschutz@digistore24.com
1. Scope of the processing of personal data
As a matter of principle, we shall only collect and use personal data insofar as this is necessary to fulfil our contractual obligation towards you, due to the initiation of a contractual relationship, due to legal obligations, or if you have granted us consent. We shall treat your personal data with the utmost confidentiality and in accordance with the statutory data protection regulations as well as this privacy policy.
2. Legal basis for the processing of personal data
As far as we obtain your consent for processing personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) shall serve as the legal basis for the processing of personal data.
When processing personal data that is required to fulfill a contract with you, Article 6 (1) (b) of the GDPR shall serve as the legal basis. This shall also apply to processing operations that are necessary for the performance of pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Article 6 (1) (c) of the GDPR shall serve as the legal basis.
If processing is necessary to protect the legitimate interests of our company or a third party, and your interests, fundamental rights, and freedoms do not override the aforementioned interest, Article 6 (1) (f) of the GDPR shall serve as the legal basis for the processing.
3. Data erasure and storage duration
Your personal data shall be erased or blocked as soon as the purpose of storage ceases to be applicable. In addition, storage may take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the responsible party is subject. Data shall also be blocked or erased if a storage period prescribed by the aforementioned standards expires, except when there is a need for further storage of the data to conclude or fulfill a contract.
1. Description and scope of data processing
With each visit to our website, our system shall automatically collect data and information from the computer system of the accessing device.
The following data shall be collected:
This data shall not be stored together with the user's other personal data.
2. Legal basis for data processing
The legal basis for the temporary storage of the data and the log files shall be Article 6 (1) (f) of the GDPR.
3. The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. This means that the user's IP address must remain stored for the duration of the session.
The storage in log files is carried out to ensure the functionality of the website. Furthermore, we shall use the data to optimize the website and ensure the security of our information technology systems. An evaluation of the data for marketing purposes shall not take place in this context.
These purposes shall also constitute our legitimate interest in data processing according to Article 6 (1) (f) of the GDPR.
4. Duration of storage
The data shall be erased as soon as it is no longer required to fulfill the purpose for which it was collected.
Storage of data in the log files:
Storage of the data in our database:
5. Possibility of objection and elimination
The collection of data for the provision of the website and the storage of data in log files are mandatory for the operation of the website. As a result, there shall be no option to object on your part.
1. Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a unique character string that enables the browser to be identified uniquely when the website is accessed again. We use cookies with two different durations:
Without cookies, we cannot guarantee that our website will be fully functional and usable.
2. Legal basis for data processing
The legal basis for the processing of personal data using technically necessary cookies shall be Article 6 (1) (f) of the GDPR.
3. Purpose of data processing
The purpose of using technically necessary cookies is to simplify the use of websites for you. Some functions of our website cannot be offered without the use of cookies. For these functions, it is necessary for the browser to be recognized even after changing pages.
These purposes shall also constitute our legitimate interest in data processing according to Article 6 (1) (f) of the GDPR.
4.Possibility of objection and elimination
Cookies are stored on the user's computer and transmitted from there to our site. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may no longer be possible to fully use all website functions.
1. Description and scope of data processing
If you purchase goods or services from us and provide us with your email address, this email address may subsequently be used by us for sending newsletters. In such a case, the newsletter shall only contain direct advertising for our own similar goods or services. No data shall be passed on to third parties in connection with the processing of data for sending newsletters. The data shall be exclusively used for the purpose of sending the newsletter.
2. Legal basis for data processing
The legal basis for the processing of the data after subscription to the newsletter by the user shall be Article 6 (1) (b) of the GDPR and Section 7 (3) of the Act against Unfair Competition (UWG).
3. Purpose of data processing
The collection of the user's email address serves to deliver the newsletter.
4. Duration of storage
The data shall be erased as soon as it is no longer required to fulfill the purpose for which it was collected.
The user's email address will therefore be stored for as long as the newsletter subscription is active.
5. Possibility of objection and elimination
You may cancel your subscription to the newsletter at any time. For this purpose, you will find a corresponding link in each newsletter.
1. Description and scope of data processing
On our website, we offer you the opportunity to register by providing personal data. The data is entered into an input mask and transmitted to us and stored. The data shall not be passed on to third parties.
The following data shall be collected as part of the registration process:
2. Legal basis for data processing
If the registration serves to fulfill a contract to which the user is a party or to carry out pre-contractual measures, the additional legal basis for processing the data shall be Article 6(1)(b) of the GDPR.
3. Purpose of data processing
User registration shall be required for the provision of the following content and services on our website: To provide the Digistore24 software and to fulfill the B2B contract with our business customers.
4. Duration of storage
The data shall be erased as soon as it is no longer required to fulfill the purpose for which it was collected.
This applies to the data collected during the registration process when the registration on our website is canceled or modified, or for the data collected during the registration process to fulfill a contract or carry out pre-contractual measures when the data is no longer required for the implementation of the contract. Even after the contract is concluded, there may be a need to store personal data of the contractual partner to comply with contractual or legal obligations.
5. Possibility of objection and elimination
As a user, you shall have the option to cancel the registration at any time. You may have the data stored about you changed at any time. To make a corresponding request, you can contact our data protection team using the email address provided in Section 2.
If the data is required to fulfill a contract or to implement pre-contractual measures, early erasure of the data shall only be possible insofar as contractual or legal obligations do not prevent said erasure.
1. Description and scope of data processing
There is a contact option on our website which refers you to our general email address. In this case, the personal data transmitted with the email shall be stored.
In this context, the data shall not be passed on to third parties. The data shall be used exclusively for processing the conversation.
2. Legal basis for data processing
The legal basis for the processing of data transmitted in the course of sending an email shall be Article 6 (1) (f) of the GDPR. If the email contact is aimed at concluding a contract, the additional legal basis for the processing shall be Article 6 (1) (b) of the GDPR.
3. Purpose of data processing
In case of contact via email, there is also a necessary legitimate interest in the processing of the data.
The other personal data processed during the submission process are used to prevent misuse of the contact form and to ensure the security of our information technology systems.
4. Duration of storage
The data shall be erased as soon as it is no longer required to fulfill the purpose for which it was collected.
For personal data transmitted via email, this is the case when the respective conversation with you has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been finally resolved.
The additional personal data collected during the sending process shall be erased after a period of seven days at the latest.
5. Possibility of objection and elimination
You have the option to revoke your consent to the processing of personal data at any time. If you contact us via email, you may object to the storage of your personal data at any time. In such a situation, the conversation cannot be continued. All personal data stored during the contact shall be erased in this case.
If your personal data is processed, you are considered a data subject within the meaning of the GDPR and shall be entitled to the following rights with respect to the data controller:
1. Right to be informed
You may request confirmation from us as to whether your personal data is being processed by us.
If such processing exists, you may request information from us about the following:
You shall have the right to request information as to whether your personal data is transferred to a third country or to an international organization. In this regard, you may request to be informed about the appropriate safeguards in accordance with Article 46 of the GDPR relating to the transfer.
2. Right to rectification
You shall have a right to rectification and/or completion towards us, insofar as your personal data processed by us is incorrect or incomplete. We shall carry out the rectification without undue delay.
3. Right to restriction of processing
You may request the restriction of the processing of your personal data under the following conditions:
If the processing of your personal data has been restricted, except for storage, this data may only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the restriction of processing has been imposed according to the above conditions, you shall be informed by us before the restriction is lifted.
4. Right to erasure
- Obligation to erase
You may request that we erase your personal data without undue delay. We shall be obliged to erase such data without undue delay if one of the following reasons applies:
- Information to third parties
If we have made your personal data public and we are obliged to erase it pursuant to Article 17 (1) of the GDPR, we shall take reasonable steps, including technical measures, taking into account available technology and implementation costs, to inform data controllers processing the personal data that you, as the data subject, have requested the erasure of any links to, or copies or replications of, such personal data.
- Exceptions
The right to erasure shall not exist if the processing is necessary
5. Right to information
If you have asserted your right to rectification, erasure, or restriction of processing against us, we shall be obliged to communicate this rectification or erasure of personal data or restriction of processing to all recipients to whom your personal data has been disclosed, unless this proves impossible or involves disproportionate effort.
You shall have the right to be informed about these recipients.
6. Right to data portability
You shall have the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format. Furthermore, you shall have the right to transmit this data to another controller without hindrance from the controller to whom the personal data has been provided, insofar as
In exercising this right, you shall also have the right to have your personal data transmitted directly from one controller to another, insofar as this is technically feasible. This must not adversely affect the freedoms and rights of others.
7. Right of objection
You shall have the right to object at any time, on grounds arising from your particular situation, to the processing of your personal data which is carried out on the basis of Article 6 (1) (e) or (f) of the GDPR.
We shall no longer process your personal data unless we can demonstrate compelling legitimate reasons for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
If your personal data is processed for the purpose of direct marketing, you shall have the right to object at any time to the processing of your personal data for such marketing, including profiling, insofar as it is related to such direct marketing.
If you object to processing for direct marketing purposes, your personal data shall no longer be processed for such purposes.
You shall have the right to exercise your right to object in relation to the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.
8. Right to revoke the declaration of consent under data protection law
You shall have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent shall not affect the lawfulness of the processing carried out based on the consent until the time of revocation.
9. Right to complain to a supervisory authority
Without affecting any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work, or the place of the alleged infringement, if you consider that the processing of your personal data is in breach of the GDPR.
The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 of the GDPR.
On our website, we use Google Analytics, an analytics service provided by the US company Google Inc. ("Google"), located at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses "cookies," which are small text files stored on your computer. These cookies are used to analyze your use of our website. The corresponding data about your user behavior is forwarded to a server of the Google company in the USA, where it is evaluated and stored.
When IP anonymization is activated on this website within the member states of the European Union or other parties to the Agreement on the European Economic Area, Google shall shorten your IP address for anonymization purposes. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
Google will use this information on behalf of the website owner to evaluate how you use the website. Google will also compile reports on website activity using this information and provide other services related to website activity and internet usage for its operators. Google does not merge the IP address transmitted by your browser through the use of Google Analytics with other Google data.
You can prevent the storage of cookies yourself by making the appropriate setting in your browser. However, in this case, you may not be able to use all functions of the website to their full extent. You can prevent the collection of data generated by the cookie (including your IP address) about your use of the website and the processing of this data by Google. To do this, you only need to download and install an additional browser plugin. You can download this plugin at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
We use Google Maps (API) from the software company Google Inc. The data controller for the European area is Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland.
Google Maps is an interactive map service for the visualization of geographical data as well as for the determination and processing of location data. We use Google Maps to assist our customers in filling in the address fields.
We use Google Maps on the basis of your consent within the meaning of Article 6(1)(a) of the GDPR.
When you use Google Maps, personal data about you is processed and stored. This includes:
Due to the integration into our website, cookies are also set, which are used to collect data regarding your user behavior.
Whether, where and how long this data is stored by Google is not clearly communicated by Google. However, since Google operates a large part of its servers in the USA, it can be assumed that the above data is also processed and stored there. A list of Google data centers can be found here Discover the locations of our data centers. We have no influence over the storage location of the above data.
We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks to the legality and security of data processing.
Google uses standard contractual clauses approved by the EU Commission (Article 46(2) and (3) of the GDPR) as the basis for data processing for recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway) or for data transfer there. These clauses oblige Google to also comply with the EU level of data protection when processing relevant data outside the EU. These clauses are in turn based on an implementing decision of the EU Commission.
If you generally do not want cookies, you can set your browser so that it always informs you when a cookie is to be set. You can then decide for each individual cookie whether or not you allow it.
For more information, see Privacy and Data Collection | Google Fonts | Google Developers and Privacy Policy - Privacy Policy & Terms of Use - Google
To have data stored by Google deleted, please contact Google Support under Google Help.
We use the Google Marketing Platform (formerly "Google Doubleclick") from the software company Google Inc. The data controller for the European area is Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland.
This service sets cookies to serve relevant ads and to optimize reports and evaluations on campaign performance. Google records which ads have already been displayed in the user's browser and thus prevents multiple displays. Google can also use the cookies to determine whether a user accesses the advertiser's website and purchases a product there after an ad has been displayed. According to Google, however, the cookies used do not contain any personal data.
However, your browser also establishes a direct connection with one or more Google servers. This involves the processing of personal data from you. This includes:
The website accessed/the website area accessed Your IP address Usage/metadata
Whether, where and how long this data is stored by Google is not clearly communicated by Google. However, since Google operates a large part of its servers in the USA, it can be assumed that the above data is also processed and stored there. A list of Google data centers can be found here Discover the locations of our data centers. We have no influence over the storage location of the above data.
We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks to the legality and security of data processing.
Google uses standard contractual clauses approved by the EU Commission (Article 46(2) and (3) of the GDPR) as the basis for data processing for recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway) or for data transfer there. These clauses oblige Google to also comply with the EU level of data protection when processing relevant data outside the EU. These clauses are in turn based on an implementing decision of the EU Commission.
For more information, see Google Marketing Platform | Unified Advertising and Analytics and Privacy Policy | Privacy Policy & Terms of Use - Google
To have data stored by Google deleted, please contact Google Support under Google Help.
Processing is based on your consent within the meaning of Article 6(1)(a) of the GDPR.
We use Hotjar to better understand the needs of our users and optimize the experience on this website. Using Hotjar's technology, we get a better understanding of our users' experiences (e.g. how much time users spend on which pages, which links they click, what they like and don't like, etc.) and this helps us to tailor our offering based on user feedback. Hotjar works with cookies and other technologies to collect information about the behavior of our users and about their devices in particular, device IP address (collected and stored only in anonymous form), screen size, device type (unique device identifiers), information about the browser used, location (country only), language preferred to view our website). Hotjar stores this information in a pseudonymized user profile. The information is neither used by Hotjar nor by ourselves to identify individual users nor is it combined with other data about individual users. You can object to the storage of a user profile and information about your visit to our website by Hotjar as well as to the setting of Hotjar tracking cookies on other websites by clicking on this opt-out link.
For information regarding the handling of personal data at Hotjar itself, please refer to Hotjar's privacy policy at: https://www.hotjar.com/legal/policies/privacy
We allow our vendors, after prior review by Digistore24 to use their own tracking code on our order forms. In this process, personal data such as inventory data (e.g. name, address, etc.), usage data (e.g. order ID, time of order, etc.), and metadata (e.g. IP address, geodata, etc.) are processed.
This data is used exclusively on the basis of your consent within the meaning of Article 6(1)(a) of the GDPR and Section 25(1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG).
Please refer to our listing of approved external tracking providers and their privacy policy: https://www.digistore24.com/extern/cms/page/frontend/legal/privacy_3rd_party/
The data requested on the order form is transmitted to the product manufacturer on the basis of Article 6(1)(b) of the GDPR for the purpose of fulfilling the contract. In addition, it may be that the product manufacturer operates various tracking tools on the order form under its own responsibility. We have no insight into or influence over the data processed in this way. Digistore24 is purely a platform in this context, and provides this to the customer for the individual design. For more information about tracking, please contact the respective product manufacturer.
If the customer repeatedly purchases (possibly different) products from the same product provider (vendor), these orders are recorded by us under the same customer ID (customer number). This is necessary in order to identify related customer orders in the event of any customer queries and to improve customer support. This shall also be our legitimate interest in data processing (Article 6 (1) (f) GDPR).
In the context of contractual relationships, we offer data subjects efficient and secure payment options and, in addition to banks and credit institutions, use other service providers for this purpose (collectively, "payment service providers")(Art. 6(1)(1)(b) GDPR).
The data processed by the payment service providers includes inventory data, such as name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as the contract-, sum- and recipient-related information. The information is required in order to carry out the transactions. However, the data entered is only processed by the payment service providers and stored by them; i.e. we do not receive any account or credit card-related information, but only information with confirmation or negative information about the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. The purpose of this transmission is to check identity and creditworthiness. In this regard, we refer to the terms and conditions and the privacy notices of the respective payment service providers.
The terms and conditions and the privacy notices of the respective payment service providers, which can be accessed within the respective websites or transaction applications, shall apply to the payment transactions.
The types of data processed by payment service providers include: Inventory data (e.g. names, addresses); payment data (e.g. bank details, invoices, payment history); contractual data (e.g. subject matter of contract, term, customer category); usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).
According to Article 6(1)(f) of the GDPR, we check information about your address data (if applicable, first name, last name, address) and your creditworthiness in order to protect legitimate interests. For this purpose, we cooperate with Creditreform Boniversum GmbH (credit rating), Hellersbergstraße 11, 41460 Neuss, from whom we obtain or transmit data for these purposes. You can find the information pursuant to Article 14 of the GDPR on the data processing taking place at Creditreform Boniversum GmbH at: https://www.boniversum.de/eu-dsgvo/EU-DSGVO
Note
Within the scope of the consent given by the customer, the credit agency stores and transmits the data to the affiliated credit institutions, credit card companies, leasing companies, retail companies including mail order companies and other companies that commercially provide money or goods credits to consumers or offer telecommunication services in order to be able to provide them with information for assessing the creditworthiness of customers. Address data may be transmitted to companies that are contractually affiliated with the credit agency (e.g. SCHUFA/Boniversum) for the purpose of determining debtors. SCHUFA only transmits objective data without indicating the creditor; subjective value judgments, personal income and financial circumstances are not included in SCHUFA information. Credit agencies only make data available if a justified interest in the data transfer has been credibly demonstrated in the individual case. When providing information, the credit agency may also provide its contractual partners with a probability value calculated from its database to assess the credit risk (score procedure).
Pursuant to Article 6(1)(f) of the GDPR, in the event of a payment default, the data required for the collection of our claim will be passed on to our collection partner. For this purpose, we work with Creditreform Essen Stenmans & Waterkamp KG, Hohenzollernstr. 40, D-45128 Essen, Germany
In the following you will find explanations on how various Digistore24 tools work. You can include these texts in your own privacy policy as a vendor or affiliate or link to this policy.
The Wordpress plugin offers the possibility to embed various services from Digistore24 on your own website, e.g. the Social Proof Bubble, the Affiliate Ad Generator or other tools. Each time you embed, non-personal data is reloaded from the Digistore24
The privacy policy of Digistore24 can be found here: https://www.digistore24.com/dataschutz
Affiliate Ad Generator allows you to create ad media automatically. It provides an input field where you can enter your Digistore24 ID. This will provide you with advertising materials that you can use to promote products and services quickly and easily.
In addition to the aforementioned, depending on your input, it will be checked whether an affiliate partnership exists. For details, please refer to the privacy policy of Digistore24.
The privacy policy of Digistore24 can be found here: https://www.digistore24.com/dataschutz
On our website we use various links to offers from Digistore24. The purpose of the links is to draw your attention to products of interest to you.
Some of these links are links to the domain Digistore24 from the company Digistore24 GmbH.
When you click on one of the links, you are accessing a web page on the server of Digistore24. Our server does not transmit any data to Digistore24 in this process, but the data is transferred - as with every website visit - from your web browser to Digistore24. We have no influence over the extent to which your web browser transfers data to Digistore24.
Please find more information about the scope of Digistore24 using data from website visits in the privacy policy of Digistore24.
The privacy policy of Digistore24 can be found here: https://www.digistore24.com/dataschutz
Digistore24 offers the possibility to embed various services on your own website via HTML and JavaScript codes. For example, the Social Proof Bubble or the Digistore24 shopping cart.
Each time you embed, non-personal data is reloaded from the Digistore24 server (e.g. a JavaScript file).
During this reload, your web browser retrieves a web page from the Digistore24 server. Our server has no influence over the extent to which your web browser thereby transmits data to the Digistore24 server. Our server itself does not transmit any data to the Digistore24 server in this context.
Which data Digistore24 stores and processes during this website visit is determined by Digistore24 GmbH as the data controller in its own privacy policy.
The privacy policy of Digistore24 can be found here: https://www.digistore24.com/dataschutz
When using the comment function, the following data is transmitted to Digistore24:
In addition, other users of the blog can see the written comments as well as the respective name at the end of each post.
For the processing of the data, your consent is obtained during the submission process and reference is made to this privacy policy. In this context, the data will not be passed on to third parties. The data will be used exclusively for processing of the conversation.
The legal basis for the processing of the data is Article 6(1)(a) of the GDPR if you have given your consent.
You have the option to revoke your consent to the processing of personal data at any time. If you contact us by email, you can object to the storage of your personal data at any time. In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us will be deleted in this case.
We use Beamer to inform our customers about important changes, news, and updates, as well as to gather user feedback on our recent updates. Beamer uses cookies and other technologies to collect data about user behavior and the devices used (including anonymized IP addresses), device type (unique device type identification), browser information, geographical information (country), preferred language for displaying the website, among others. Beamer stores this information in a pseudonymized user profile. Neither Beamer nor ourselves will use this information to identify individual users or compare it to future data.
You can view Beamer's privacy policy using this link: https://www.getbeamer.com/privacy-policy.