Privacy policy
Data protection declaration
Data collection
a) Data collection when the website is accessed
You may visit our webshop without providing any personal details. Each time you access the webshop, the webserver will only automatically document a server log file, which contains the name of the requested file, your pseudonymised IP address, date and time of your access, volume of transferred data and the requesting provider (access data) and documents the access. This access data is used solely for the purpose of ensuring a fault-free operation of the site and to improve our offer. When balancing interests, this serves to preserve our overriding justified interests in a correct portrayal of our offer in accordance with Art. 6(1) 1f GDPR. All access data will be deleted at the latest seven days after the end of your visit to the shop.
b) Contract data
We collect, process and store the data that you provide to us when you register and/or decide to purchase our products. Personal data is collected from the completed online screens/order forms with details of name, address including email address, together with details about each order including the payment details. The customer is free to choose whether to enter this data and transfer it. Only such personal data that is absolutely necessary in order to fulfil the contract will be collected. The data collected will only be stored for as long as necessary and permitted within the scope of the contractual agreement and to comply with the applicable legislation.
c) Cookies
We use cookies in various areas on our webshop. Cookies are small identifiers that a server stores on the device that you use to access our website or our services. They contain information that can be retrieved when accessing our services, allowing for more efficient and better use of our services. The cookies serve to improve our services and the use of certain features. In addition, cookies are also used, among other things, to collect statistical information about our webshop, for example about the number of visitors. You can prevent the creation of cookies at any time by means of an appropriate setting of your Internet browser used and thus permanently object the creation of cookies. Furthermore, cookies that have already been created can be deleted at any time via an Internet browser or other software programs. This is possible in all common Internet browsers. If you deactivate the creation of cookies in the Internet browser you are using, not all functions of our website may be fully usable.
Legal basis for data processing
Significantly, we only process and use your personal data within the limits of contract fulfilment pursuant to Art. 6 GDPR. In addition, we ensure that we only request the minimum personal data required for the business transaction. If personal data is processed in preparation for or based on a contractual relationship, there must be a justified interest to do this. Such a justified interest can be assumed, if the party concerned is a (possible) customer of the party responsible.
Security
An established provider supplies for us the services for hosting the online shop and the data collected within this framework as part of processing on our behalf pursuant to Article 28 GDPR. This serves to preserve our overriding justified interests, as part of balancing interests, in a correct portrayal of our offer in accordance with Art. 6(1) 1f GDPR. All data, which is collected during the course of using this webshop or in the forms provided in the online shop, as described in the following, shall be processed on the provider’s servers, who places the greatest of importance on data protection, and these servers only operate computer centres that document the highest security standards through ISO certification.
Your rights
We are happy to inform you in writing if and what data we have stored about you. If you intend to assert your statutory rights to be informed of, rectify, erase or lock your data, please contact our data protection officer.
Data protection officer:
Kepmar.eu
Dobbelsteyn 7
6439BM Doenrade, Netherlands
reCAPTCHA
Our primary goal is to provide you an experience on our website that is as secure and protected as possible. To do this, we use Google reCAPTCHA from Google Inc. (1600 Amphitheater Parkway Mountain View, CA 94043, USA). With reCAPTCHA we can determine whether you are a real person from flesh and bones, and not a robot or a spam software. By spam we mean any electronically undesirable information we receive involuntarily. Classic CAPTCHAS usually needed you to solve text or picture puzzles to check. But thanks to Google’s reCAPTCHA you usually do have to do such puzzles. Most of the times it is enough to simply tick a box and confirm you are not a bot. With the new Invisible reCAPTCHA version you don’t even have to tick a box. In this privacy policy you will find out how exactly this works, and what data is used for it.
What is reCAPTCHA?
reCAPTCHA is a free captcha service from Google that protects websites from spam software and misuse by non-human visitors. This service is used the most when you fill out forms on the Internet. A captcha service is a type of automatic Turing-test that is designed to ensure specific actions on the Internet are done by human beings and not bots. During the classic Turing-test (named after computer scientist Alan Turing), a person differentiates between bot and human. With Captchas, a computer or software program does the same. Classic captchas function with small tasks that are easy to solve for humans but provide considerable difficulties to machines. With reCAPTCHA, you no longer must actively solve puzzles. The tool uses modern risk techniques to distinguish people from bots. The only thing you must do there, is to tick the text field “I am not a robot”. However, with Invisible reCAPTCHA even that is no longer necessary. reCAPTCHA, integrates a JavaScript element into the source text, after which the tool then runs in the background and analyses your user behaviour. The software calculates a so-called captcha score from your user actions. Google uses this score to calculate the likelihood of you being a human, before entering the captcha. reCAPTCHA and Captchas in general are used every time bots could manipulate or misuse certain actions (such as registrations, surveys, etc.).
Why do we use reCAPTCHA?
We only want to welcome people from flesh and bones on our side and want bots or spam software of all kinds to stay away. Therefore, we are doing everything we can to stay protected and to offer you the highest possible user friendliness. For this reason, we use Google reCAPTCHA from Google. Thus, we can be pretty sure that we will remain a “bot-free” website. Using reCAPTCHA, data is transmitted to Google to determine whether you genuinely are human. reCAPTCHA thus ensures our website’s and subsequently your security. Without reCAPTCHA it could e.g. happen that a bot would register as many email addresses as possible when registering, in order to subsequently “spam” forums or blogs with unwanted advertising content. With reCAPTCHA we can avoid such bot attacks.
What data is stored by reCAPTCHA?
reCAPTCHA collects personal user data to determine whether the actions on our website are made by people. Thus, IP addresses and other data Google needs for its reCAPTCHA service, may be sent to Google. Within member states of the European Economic Area, IP addresses are almost always compressed before the data makes its way to a server in the USA.
Moreover, your IP address will not be combined with any other of Google’s data, unless you are logged into your Google account while using reCAPTCHA. Firstly, the reCAPTCHA algorithm checks whether Google cookies from other Google services (YouTube, Gmail, etc.) have already been placed in your browser. Then reCAPTCHA sets an additional cookie in your browser and takes a snapshot of your browser window.
The following list of collected browser and user data is not exhaustive. Rather, it provides examples of data, which to our knowledge, is processed by Google.
Referrer URL (the address of the page the visitor has come from)
IP-address (z.B. 256.123.123.1)
Information on the operating system (the software that enables the operation of your computers. Popular operating systems are Windows, Mac OS X or Linux)
Cookies (small text files that save data in your browser)
Mouse and keyboard behaviour (every action you take with your mouse or keyboard is stored)
Date and language settings (the language and date you have set on your PC is saved)
All Javascript objects (JavaScript is a programming language that allows websites to adapt to the user. JavaScript objects can collect all kinds of data under one name)
Screen resolution (shows how many pixels the image display consists of)
Google may use and analyse this data even before you click on the “I am not a robot” checkmark. In the Invisible reCAPTCHA version, there is no need to even tick at all, as the entire recognition process runs in the background. Moreover, Google have not given details on what information and how much data they retain.
The following cookies are used by reCAPTCHA: With the following list we are referring to Google’s reCAPTCHA demo version at https://www.google.com/recaptcha/api2/demo.
For tracking purposes, all these cookies require a unique identifier. Here is a list of cookies that Google reCAPTCHA has set in the demo version:
Name: IDE
Value: WqTUmlnmv_qXyi_DGNPLESKnRNrpgXoy1K-pAZtAkMbHI-111401120-8
Purpose:This cookie is set by DoubleClick (which is owned by Google) to register and report a user’s interactions with advertisements. With it, ad effectiveness can be measured, and appropriate optimisation measures can be taken. IDE is stored in browsers under the domain doubleclick.net.
Expiry date: after one year
Name: 1P_JAR
Value: 2019-5-14-12
Purpose: This cookie collects website usage statistics and measures conversions. A conversion e.g. takes place, when a user becomes a buyer. The cookie is also used to display relevant adverts to users. Furthermore, the cookie can prevent a user from seeing the same ad more than once.
Expiry date: after one month
Name: ANID
Value: U7j1v3dZa1114011200xgZFmiqWppRWKOr
Purpose:We could not find out much about this cookie. In Google’s privacy statement, the cookie is mentioned in connection with “advertising cookies” such as “DSID”, “FLC”, “AID” and “TAID”. ANID is stored under the domain google.com.
Expiry date: after 9 months
Name: CONSENT
Value: YES+AT.de+20150628-20-0
Purpose: This cookie stores the status of a user’s consent to the use of various Google services. CONSENT also serves to prevent fraudulent logins and to protect user data from unauthorised attacks.
Expiry date: after 19 years
Name: NID
Value: 0WmuWqy111401120zILzqV_nmt3sDXwPeM5Q
Purpose: Google uses NID to customise advertisements to your Google searches. With the help of cookies, Google “remembers” your most frequently entered search queries or your previous ad interactions. Thus, you always receive advertisements tailored to you. The cookie contains a unique ID to collect users’ personal settings for advertising purposes.
Expiry date: after 6 months
Name: DV
Value: gEAABBCjJMXcI0dSAAAANbqc111401120-4
Purpose: This cookie is set when you tick the “I am not a robot” checkmark. Google Analytics uses the cookie personalised advertising. DV collects anonymous information and is also used to distinct between users.
Expiry date: after 10 minutes
Note: We do not claim for this list to be extensive, as Google often change the choice of their cookies.
How long and where are the data stored?
Due to the integration of reCAPTCHA, your data will be transferred to the Google server. Google have not disclosed where exactly this data is stored, despite repeated inquiries. But even without confirmation from Google, it can be assumed that data such as mouse interaction, length of stay on a website or language settings are stored on the European or American Google servers. The IP address that your browser transmits to Google does generally not get merged with other Google data from the company’s other services.
However, the data will be merged if you are logged in to your Google account while using the reCAPTCHA plug-in. Google’s diverging privacy policy applies for this.
How can I delete my data or prevent data storage?
If you want to prevent any data about you and your behaviour to be transmitted to Google, you must fully log out of Google and delete all Google cookies before visiting our website or use the reCAPTCHA software. Generally, the data is automatically sent to Google as soon as you visit our website. To delete this data, you must contact Google Support at https://support.google.com/?hl=en-GB&tid=111401120.
If you use our website, you agree that Google LLC and its representatives automatically collect, edit and use data.
You can find out more about reCAPTCHA on Google’s Developers page at https://developers.google.com/recaptcha/. While Google do give more detail on the technical development of reCAPTCHA there, they have not disclosed precise information about data retention and data protection. A good, basic overview of the use of data however, can be found in the company’s internal privacy policy at https://policies.google.com/privacy?hl=en-GB.