Data Protection

1)  Information about the collection of personal data and contact details by the Data Controller

In the following you will find a detailed explanation of how we handle your personal data when you use our website. Personal data here refers to all the data that can be used to identify you personally, besides your contact data, such as your device and access data.

  1. Responsible for data processing on this website in terms of the General Data Protection Regulation (GDPR) and other relevant data protection provisions is Madeleine von Hohenthal, BRACENET, Colonnaden 49, 20354 Hamburg, Germany, phone: +49 (0)40 55571232, email: hello@bracenet.net. The Data Controller responsible for processing personal data is the natural person or legal entity that, alone or in concert with others, decides on the purpose and means of processing personal data.
    1. This website uses SSL or TLS encryption for security reasons and to protect the transfer of personal data or sensitive content, such as orders or enquiries to the Data Controller. You can recognise an encrypted connection by the “https://” and padlock icon in your browser bar.

2)  The collection of data when you visit our website

In you merely use our website for informative reasons, i.e. if you do not register or otherwise provide us with information, we only collect the data that your browser transmits to our server (what are referred to as “server log files”). When you visit our website, we collect the following information as a technical requirement for us to be able to display the website:

  • Our website visited
  • The date and time of access
  • The volume of data sent in bytes
  • Source/Link which sent you to the page
  • The browser used
  • Operating system used
  • The IP address used (possibly in anonymous form)

Processing takes place in accordance with Sec. 6 (1) (f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data is not disclosed or used in any other way. However, we do reserve the right to examine the server log files subsequently should concrete evidence point to any unlawful use.

3)  Cookies

We use cookies on different pages in order to make our website more attractive to visitors and to facilitate the use of certain functions. Cookies are small text files which are stored on your device.

Some of the cookies we use are deleted at the end of your browser session, i.e. when you close your browser (these are known as session cookies). Other cookies remain stored on your device and allow us or our associates (cookies from third-party providers) to recognise your browser when you next visit us (permanent cookies). If cookies are set, they collect and process certain user information individually, such as browser and location data as well as IP address values. Permanent cookies are deleted automatically after a specified period of time, which may differ depending on the cookie.

The cookies are partially used to simplify the order process

by storing the settings (e.g. noting the contents of your virtual shopping basket for when you visit the website later). If individual cookies we set also process personal data, this takes place in accordance with Sec. 6 (1) (b) GDPR, either by executing the contract, or in accordance with Sec. 6 (1) (f) GDPR, for the purpose of safeguarding our legitimate interests in providing the best possible functionality on the website and the visitor-friendly and effective design of the page visit.

We may work with advertising associates who help us to design our Internet service so that it is more interesting for you. In this case, cookies from associated companies are stored on your hard disk (third-party cookies) for this purpose when you visit our website. If we do cooperate with the advertising associates referred to above, then we separately and individually inform you about the use of such cookies and the scope of the information collected in the paragraphs following.

Please note that you can set your browser to inform you when cookies are being set. You can also decide whether you wish to accept them individually and whether you wish to prevent the use of cookies in certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the Help menu in each browser, which explains how to change your cookie settings. These can be found for under the following links for each browser:

Internet Explorer: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage- cookies

Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

Chrome: https://support.google.com/chrome/answer/95647?hl=en-GB&hlrm=en Safari: https://support.apple.com/kb/ph21411?locale=en_GB

Opera: help.opera.com/Windows/10.20/en/cookies.html

Please note that if you choose to not accept cookies, it may limit your ability to use our website in full.

4)  Establishing Contact

Personal data is collected when you establish contact with us (e.g. over a contact form or by email). The data collected over a contact form can be seen in each contact form. These data is stored and used solely for the purpose of answering your enquiry, or for establishing contact and the associated technical administration.

The legal basis for processing the data is our legitimate interest in answering your enquiry as well as guaranteeing a good customer service in accordance with Sec. 6 (1) (f) GDPR. If your reason for contacting us is to conclude a contract, then the additional legal basis for processing your data is based on Sec. 6 (1) (b) GDPR. Your data will be deleted once we have finally processed your enquiry. This will be the case if it can be inferred from the circumstances that the matter in question has been finally clarified, provided that no statutory retention requirements stand in conflict.

5) Data processing when opening a customer account and for executing the contract

In accordance with Sec. 6. 1 (b) GDPR, personal data will continue to be collected and processed if you provide it to us for the purpose of concluding a contract or opening a customer account. The data collected is evident from each specific input form. You can delete your customer account at any time by sending a message to the aforementioned address for the Data Controller. We store and use the data you have provided for the purpose of executing the contract. After the contract has been fully completed or your customer account has been deleted, your data is blocked with

respect to tax and commercial retention periods and deleted after these periods have expired unless you have expressly consented to the further use of your data, or we have reserved the right to the legally permitted further use of your data about which we inform you accordingly below.

6)  Use of your data for direct mail

Subscribing to our email newsletter

If you subscribe to our email newsletter, we regularly send you information about our offers. The only requirement for sending the newsletter is indicating your email address. The provision of any additional data is voluntary and is used to address you personally. We use what is referred to as the double opt-in procedure for sending the newsletter. This means that we only send you an email newsletter if you have explicitly confirmed that you agree to us sending it to you. We then send you a confirmation email asking you to click on a link to confirm that you wish to receive the newsletter in future.

By activating the confirmation link you grant us your consent to use your personal data in accordance with Sec. 6. 1 (a) GDPR. When you subscribe to the newsletter, we store your IP address indicated by the Internet Service Provider (ISP) and the date and time of your subscription in order to be able to trace any possible misuse of your email address at a later date. The data we collect when you subscribe to the newsletter is used exclusively for promotional purposes through the newsletter. You can unsubscribe from the newsletter at any time by using the link provided for this purpose in the newsletter or by sending a corresponding message to the Data Controller named therein. Once you unsubscribe, your email address is immediately deleted from our newsletter mailing list, insofar as you have not expressly consented to any further use of your data or, if permitted by law and about which we inform you in this statement, we reserve the right to use it further.

7)  Data processing for order processing purposes

  • Bracenet GmbH is active as a manufacturer of products made from fishing nets. In this context, we process the data that is required for concluding, executing or terminating a contract. This data includes:
  • First name, last name
  • Billing and delivery address
  • Email address
  • Invoice and payment data
  • If required, phone number

The legal basis for this is formed by the contractual relationship between you and us in accordance with Sec.6 (1) (b) GDPR. In order to process your email address, we are also obliged to send you an electronic order confirmation (Sec. 6 (1) (c) GDPR) in accordance with a requirement of the German Civil Code (BGB). Insofar as we do not use your contact data for commercial purposes, we store the data collected for executing the contract until the statutory or potential contractual warranty and guarantee rights have expired. After this period has expired, we retain the information on the contractual relationship required by commercial and tax law for the periods specified by law. During this period (regularly ten years from conclusion of the contract), the data is only ever reprocessed in the sole event of an audit by the tax authorities.

In order to process your order, we work with the following service providers who provide us with whole or partial support in executing the contracts concluded. Specific personal data is transferred to these service providers in accordance with the following information.

The personal data we collect is disclosed to the transport company assigned to make deliveries within the framework of processing the contract, insofar as this is required for delivering the goods. We disclose your payment details to the bank assigned within the framework of processing payments insofar as it is required for processing payments. We explicitly inform you below if payment service providers are used. The legal basis for disclosing your data is the existing contractual relationship pursuant to Sec. 6 (1) (b) GDPR.

  • Use of payment service providers
  • PayPal

When paying via PayPal, credit card via PayPal, direct debit via PayPal or – if offered

  • “purchase on account” or “payment by instalments” via PayPal – we disclose your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to “PayPal”) within the framework of the payment processing. Disclosure takes place in accordance with Sec. 6. (1) (b) and only insofar as it is required for the payment process.

PayPal reserves the right to make a credit check for the payment methods, credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” or “payment by instalments” via PayPal. Your payment data may be passed on to credit agencies in accordance with Sec. 6 (1) (f) GDPR on the basis of PayPal’s legitimate interest in determining your solvency for this purpose. PayPal uses the result of the credit check concerning the statistical probability of defaulting to decide whether to provide the respective payment method. The credit report may contain probability values (what are known as score values). Insofar as score values are included in the results of the credit report, they are based on a scientifically recognised mathematical-statistical procedures. The calculation of score values includes, but is not limited to, address data. Please refer to the privacy policy from PayPal for further information on data protection, including that on the credit reference agencies used: https://www.paypal.com/en/webapps/mpp/ua/privacy-full

You can object at any time to the processing of your data here by sending PayPal a message. However, PayPal may still be entitled to process your personal data if required for the contractual payment process.

-Stripe

If you choose one of the payment methods provided by the payment service provider Stripe, the payment will be processed by the payment service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we disclose the information you provide during the order process together with information about your order (name, address, account number, sort code, credit card number, invoice amount, currency and transaction number if applicable) in accordance with Sec. 6 (1) (b) GDPR. Your data is disclosed exclusively for the purpose of payment processing via the payment service provider Stripe Payments Europe Ltd. and only insofar as it is required for this purpose. Please visit https://stripe.com/en-de/privacy for more information on the privacy practices of Stripe.

8)  Use of social media

81. Use of YouTube videos

This website uses the YouTube embedding feature to view and play videos from “YouTube”, a provider owned by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

The extended data protection mode is used here, which, according to the provider, only triggers the storage of user information when the video(s) is/are played. If embedded YouTube video playback is started, “YouTube” uses cookies to collect information about user behaviour. According to information from “YouTube”, these cookies serve amongst other things to collect video statistics, improve user friendliness and prevent abusive practices. When you are logged into Google, your data is assigned directly to your account if you click on a video. You should therefore log out before activating the button if you do not wish to be associated with your YouTube profile. Google stores your data (even for users who are not logged in) as usage profiles and analyses them. In accordance with Sec. 6 (1) (f) GDPR, this analysis is based on the legitimate interests of Google in displaying personalised advertising, market research and/or the bespoke design of its website. You have a right object to the creation of these user profiles, and should contact YouTube to exercise your right if you wish to do so.

Regardless of whether you playback an embedded video, every time you visit our website it connects to the Google “DoubleClick” network, which may trigger further data processing without us having any influence over it.

US-based Google LLC is certified under the US Privacy Shield, which ensures compliance with the level of data protection that applies in the EU.

You can find further information on privacy at “YouTube” in the provider’s Privacy Policy under: https://policies.google.com/privacy?hl=en&gl=en

  • Instagram

Functions of the Instagram service are embedded into our online service. This takes place for the legitimate interest of expanding our brand presence in accordance with the Sec. 6 (1) (f) GDPR. These features are provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link the contents of our pages to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate your visit to our website with your user account. As the provider of this website, we would like to point out that we have no knowledge or information about how Instagram uses this data. Privacy Policy: http://instagram.com/about/legal/privacy/.

  • Pinterest

We use social plugins from the social network Pinterest, which is operated by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA (“Pinterest”). This takes place for the legitimate interest of expanding our brand presence in accordance with Sec. 6 (1) (f) GDPR. If you visit a page that contains a plugin of this type, your browser establishes a direct connection to the servers from Pinterest. The plugin transfers log data to the Pinterest server in the USA. This log data may contain your IP

address, the address of websites you visit, which also contain Pinterest features, your browser type and its settings, the date and time of the query and how you use Pinterest, as well as cookies. Privacy Policy: https://about.pinterest.com/en/privacy-policy.

  • Twitter

Functions of the Twitter service may be integrated into our online service. This takes place for the legitimate interest of expanding our brand presence in accordance with the Sec. 6 (1) (f) GDPR. These functions are offered by Twitter Inc., 1355 Market Street., Suite 900, San Francisco, CA 94103, USA. Using Twitter and the ‘Re-Tweet’ function links the websites you visit to your Twitter account and make them known to other users. This data is also transferred to Twitter. As the provider of this website, we would like to point out that we have no knowledge or information about how Twitter uses this data.

Twitter privacy policy at http://twitter.com/privacy. You can change your privacy settings on Twitter in your account settings at http://twitter.com/account/settings.

9)  Web analytics services

9.1 Google Analytics, Google-Re/Marketing Services

To improve the quality of our website and its content, we use Google Analytics, a web analytics service provided by Google Inc. (“Google”), and the marketing and remarketing services (“Google Marketing Services”) from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”). Google uses cookies. The information the cookie generates about the use of our online services by users is usually transferred to a Google server in the USA and stored there.

Google is certified under the Privacy Shield Agreement (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google uses the information collected on our behalf to compile and evaluate the use of our online service and the activities of users within this online service and to provide associated services on our behalf. In doing so, pseudonymous user profiles for users may be created from the data processed.

We use Google Analytics to optimise our services for users and to only display ads placed by Google and its partners to those users who have shown an interest in our online services or who are interested in certain topics or products that we transfer to Google (“Remarketing” or “Google Analytics Audiences”). The remarketing audiences also help us to make sure that our Facebook ads match the potential interests of users and do not annoy them.

For example, if a user sees advertisements for products he has shown interest in on other websites, it is referred to as “remarketing”. When your visit our website and other websites on which the Google advertising network is active, Google directly executes a code from Google, along with what are known as (re-)marketing tags (invisible graphics or code, also known as ‘web beacons’), which are integrated into

the website for these purposes. With their help, the user can store an individual cookie, i.e. a small file (instead of cookies, comparable technologies can also be used). The cookies can be set by different domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file notes which web pages the user has visited and which contents he has shown an interest in. Which services he has clicked on, along with technical information about the browser and operating system, referring web pages, the time of the visit and other information on his use of the online services are also saved.

The data from users is processed pseudonymously in the context of Google marketing services. This means that, for example, Google does not store and process user names or email addresses, but processes the relevant data in relation to cookies in pseudonymous user profiles. That means that from the perspective of Google, the ads are not managed and displayed for a specifically identified person, but for the cookie owner, regardless of who the cookie owner may be. This does not apply if a user has explicitly allowed Google to process the data without the related pseudonymisation. The information that Google Marketing Services collects on users is transmitted to Google and stored on servers from Google in the USA.

The Google Marketing Services we use include the online advertising programme “Google AdWords“. In the case of Google AdWords, each AdWords customer receives a different “conversion cookie“. This means that these cookies cannot be tracked through the AdWords’ customers’ websites. The information collected through the cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers are told the total number of users who have clicked on their ad and were redirected to a conversion tracking tag page. However, they do not receive any information that personally identifies users.

Data processing for the aforementioned purposes takes place on the legal basis of Sec. 6 (1) (f) GDPR since it is necessary to protect our legitimate interest in improving our online shop and for market research purposes.

We only use Google Analytics with activated IP anonymisation. This means that the user’s IP address is truncated and transferred in this form by Google if it is located within the member states of the European Union or other parties to the agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and truncated there.

The IP address transmitted by your browser is not merged with other data from Google.

Google may also link the aforementioned information with information of this type from other sources. If the user then visits other websites, bespoke ads may be displayed according to his interests.

Users can reject the use of cookies by selecting the appropriate settings in their browser; by downloading and installing the browser plugin available from the link below, the user can also prevent the data the cookie generates on how they use our online services (incl. your IP address) from being transferred to Google and Google processing this data: http://tools.google.com/dlpage/gaoptout?hl=en.

Visit the following Google websites for more information about how Google uses data and for settings and opt-out options: https://policies.google.com/technologies/partner-sites?hl=en (How Google uses information from sites or apps that use our services), http://www.google.com/policies/technologies/ads (How Google uses data in advertising), http://www.google.de/settings/ads (“Manage information that Google uses to show you advertising“).

We may embed DoubleClick ads on the basis of the Google Marketing Service. DoubleClick uses cookies that enable Google and its affiliate websites to serve ads based on visits by users to this website or other websites on the Internet.

We may embed AdSense ads on the basis of the Google Marketing Service. AdSense uses cookies that enable Google and its affiliate websites to serve ads based on visits by users to this website or other websites on the Internet.

We may also use the “Google Optimizer” service. Google Optimizer allows us to track the effects of various changes to a website (e.g. changes to input fields, design, etc.) within the framework of what are referred to as “A/B tests”. Cookies are stored on users’ devices for the purpose of these tests. Only pseudonymous user data is processed as a part of this.

We may also use “Google Tag Manager” to embed and manage Google Analytics and Marketing Services on our website.

For more information on how Google uses data for marketing purposes, please refer to the overview page at: https://www.google.com/policies/technologies/ads. The Google privacy policy is available under https://www.google.com/policies/privacy.

If you wish to opt-out of interest-based advertising by Google Marketing Services, you can use the Google setting and opt-out options: http://www.google.com/ads/preferences.

10)  Tools and miscellaneous

10.2 Google Maps

On our website, we use Google Maps (API) from Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Maps is a web service for displaying interactive (land) maps to visually display geographic information. The use of this service show you our location and facilitates your arrival at our company.

As soon as you visit sub-pages where a Google Map is included, information about your use of our website (such as your IP address) is transmitted to Google’s servers in the USA and stored there. This takes place regardless of whether you have a user account at Google which you are logged into, or you have no user account. When you are logged in to Google, your data is assigned directly to your account. You should therefore log out before activating the button if you do not wish to be associated with your Google profile. Google stores your data (even for users who are not logged in) as usage profiles and analyses them. In accordance with Sec. 6 (1) (f) GDPR, this analysis is based on the legitimate interests of Google in displaying personalised advertising, market research and/or the bespoke design of its website. You have a right object to the creation of these user profiles, and should contact Google to exercise your right if you wish to do so.

US-based Google LLC is certified under the US Privacy Shield, which ensures compliance with the level of data protection that applies in the EU.

If you disagree with the future transmission of your data to Google when you use Google Maps, you can also completely disable the Google Maps web service by turning off JavaScript in your browser. By doing so, you will not be able to use Google Maps and hence not be able to display maps on this website.

You can view the Google Terms of Use under http://www.google.US/intl/en/policies/terms/regional.html, for additional terms of use for Google Maps, please see https://www.google.com/intl/en_en/help/terms_maps.html.

For details on privacy relating to the use of Google Maps, please visit the Google Privacy Policy on the Google website: www.google.de/intl/en/policies/privacy/

10.2 Social media plug-ins

We use social plug-ins on the basis of Sec. 6 (1) (f) GDPR from the social network Facebook on our website to better promote our company. The underlying promotional purpose is to be viewed as a legitimate interest in terms of the GDPR. The respective providers of these plug-ins are responsible for ensuring that their operation takes place in compliance with the data protection regulations. We embed these plug-ins using what is referred to as the double-click procedure to protect visitors to our website in the best possible way.

10.3.1 Facebook

On our website, we use plug-ins from the social network Facebook, which is offered by Facebook Inc. These Facebook plug-ins can be identified by the Facebook logo or the “Like” or “Share” add-on. You can find an overview of Facebook plugins and what they look like here.

When you activate a plug-in of this type (initial click), your browser establishes a direct connection to the servers from Facebook. Facebook transfers the content of the plugin directly to your browser and is embedded into the website. By embedding these plugins, Facebook receives the information that your browser has accessed the corresponding page on our website, even if you do not have a Facebook profile or are currently not logged in to Facebook. This information (including your IP address) is transmitted directly to a Facebook server in the US by your browser and stored

there. If you are logged into Facebook, Facebook can directly assign your visit to our website to your Facebook profile. If you interact with the plug-ins, for instance, by clicking on the “Like” button or making a comment, this information is transmitted directly to a Facebook server and stored there. The information is also posted on your Facebook profile and displayed to your Facebook friends.

Please refer to the privacy policy of Facebook for information on the purpose and scope of data collection and the further processing and use of data by Facebook, as well as your rights in this regard and settings options for protecting your privacy.

If you would not like Facebook to collect information about your visit to our website and assign it to your Facebook profile, you should log out of Facebook before visiting. You can also completely prevent Facebook plugins from loading by using add-ons for your browser than can be downloaded from the Internet, such as “Facebook Blocker”.

11)  Facebook, custom audiences and Facebook marketing services

Owing to our legitimate interests in the analysis, optimisation and commercial operation of our online services and for these purposes, our online services use what is referred to as the “Facebook Pixel” from the social network Facebook, from Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland if you are located in the EU.

Facebook is certified under the Privacy Shield Agreement.

The Facebook Pixel primarily helps Facebook to determine visitors to our online services as a target group for the display of advertisements (what are referred to as “Facebook Ads”). Correspondingly, we use the Facebook Pixel to only display Facebook ads that we have been sent to those Facebook users who have shown an interest in our online services or certain features (e.g. interest in certain topics or products that are determined by their visits to websites), which we transmit to Facebook (what are referred to as “Custom Audiences”). The Facebook Pixel also helps us to make sure that our Facebook ads match the potential interests of users and do not annoy them. The Facebook Pixel also helps us to understand the effectiveness of the Facebook ads for statistical and market research purposes, which allow us to see if users were redirected to our website after clicking on a Facebook ad (what is referred to as a “conversion”). Facebook embeds the Facebook pixel directly when you visit our website and can store a cookie on your device. If you log into Facebook afterwards or visit Facebook while you are logged in, the visit to our online service is noted in your profile. The data collected on you is anonymous for us, and therefore does not provide us with any conclusions about the identity of users.

However, Facebook stores and processes the data, thus making a connection to the respective user profile possible. Facebook can also use this for its own market research and advertising purposes. If we send data to Facebook for comparison purposes, it is encrypted locally in the browser and then sent to Facebook over a secure https connection. This is done solely for the purpose of making a comparison with data that Facebook has also encrypted.

We also use the additional “extended comparison” function when using the Facebook Pixel. Here, data for forming target groups (“custom audiences” or

“look alike audiences”) is transferred to Facebook in encrypted form. Additional information. We also use the “Custom Audiences from File” procedure from the social network Facebook, Inc. In this case, the email addresses from the newsletter recipients are uploaded to Facebook. The upload process is encrypted. The upload only serves to identify recipients of our Facebook ads. We want to make sure that the ads are only displayed to users who are interested in our information and services.

Facebook processes data in compliance with the Facebook Data Usage Policy. Specific information and details about the Facebook pixel and how it functions can be found in the Help section from Facebook.

Although we have legitimate interests in using the Facebook Pixel and storing “conversion cookies”, we also offer you options for opting out. You can opt out of the Facebook Pixel capturing your data and using it to display Facebook ads. To set which types of ads you see on Facebook, you can go to the page that Facebook has set-up and follow the instructions on making usage-based advertising settings. The settings are platform-independent, which means that they are adopted on all devices, whether desktop computers or mobile devices. You can also opt-out of cookies being used that serve to measure reach and for promotional purposes by going to the opt-out page from the Network Advertising Initiative and the additional US-American website aboutads.info or the European website youronlinechoices.com.

You can find another opt-out option in our cookie statement which is displayed when you visit our website.

12)  Rights of the data subject

  1. Applicable data protection law grants you comprehensive data protection rights (information and intervention rights) vis-à-vis the Data Controller concerning processing your personal data, which we inform you about below:
  2. Right to information pursuant to Sec. 15 GDPR: in particular, you are entitled to obtain information on the personal data we have processed on your person, the purposes of this processing, the categories of personal data processed, the recipients or categories of recipients to whom your data was or is being disclosed, the planned retention period or criteria for determining the retention period, the existence of a right to correction, deletion, limitation of processing, objection to processing, complaint to a supervisory authority, the origin of your data, if we did not collect it, the existence of automated decision-making including profiling and, if applicable, sound information concerning the logic involved and the scope and effect of such processing, as well as your right to be informed of the guarantees that exist in accordance with Sec. 46 GDPR when forwarding your data to third countries;
  3. Right to correction pursuant to Sec. 16 GDPR: you have a right to the immediate correction of incorrect data concerning your person and/or the amendment of incomplete data we store on your person;
  4. Right to deletion pursuant to Sec. 17 GDPR: you have the right to demand the deletion of your personal data if the requirements of Sec. 17. (1) GDPR are

met. However, this right does not apply specifically where processing is required for the purpose of exercising the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or for the pursuit, exercise or defence of rights;

  • Right to restrict processing pursuant to Sec. 18 GDPR: you have the right to request that your personal data be restricted as long as the accuracy of the information is disputed, if you refuse to have your data deleted for reasons of improper data processing and, instead, request that it be restricted in cases where it is processed, if you require it to assert, exercise or defend legal claims after we no longer require such data to achieve our purposes, or if you have filed an objection based on your particular situation, in circumstances where it is not certain that our legitimate reasons prevail;
  • Right to information pursuant to Sec. 19 GDPR: if you have asserted your right to the rectification, deletion or restriction in processing of your personal data to the Data Controller, he/she is obliged to notify all recipients to whom your personal data has been disclosed of the corrections that have been made to your data or its deletion, or the restriction in processing, unless this proves impossible or involves disproportionate effort. You have the right to be informed about the identity of these recipients.
  • Right to data portability pursuant to Sec. 20 GDPR: you are entitled to receive the data on your person which you have provided to us in a standard, structured and machine-readable format, or to request that it be transferred to another Data Controller, as far as technically feasible;
  • Right to revoke consent granted pursuant to Sec. 7 (3) GDPR: you have the right to revoke the consent to process your data you have granted at any one time with effect for the future. In the event that you revoke your consent, we will immediately delete the data concerned, so far as there is no legal basis for further processing it without your consent. Revocation of your consent does not affect the lawfulness of any processing performed based on the consent you granted until revocation took place;
  • Right to complain pursuant to Sec. 77 GDPR: If you believe that your personal data is being processed contrary to the GDPR, you are entitled to complain to a supervisory authority, and, in particular, in the member state of your place of residence or employment, or the place where the alleged infringement took place, without prejudice to any other administrative or judicial remedy. To obtain information, simply send a message to hello@bracenet.net.

12.2  RIGHT TO OBJECT

IF, IN THE CONTEXT OF BALANCING INTERESTS, WE PROCESS YOUR PERSONAL DATA BASED MAINLY ON A LEGITIMATE INTEREST WE HAVE, YOU ARE ENTITLED TO SUBMIT AN OBJECTION TO US PROCESSING YOUR DATA AT ANY TIME, WITH EFFECT FOR THE FUTURE, FOR REASONS RESULTING FROM YOUR PERSONAL CIRCUMSTANCES.

IF YOU EXCERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. CONTINUED PROCESSING REMAINS SUBJECT TO US PROVIDING IMPERATIVE AND REASONABLE REASONS FOR PROCESSING, WHICH EXCEED YOUR INTERESTS AND FUNDAMENTAL RIGHTS

AND FREEDOMS, OR IF PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND AGAINST LEGAL CLAIMS.

IF WE PROCESS YOUR PERSONAL DATA FOR DIRECT ADVERTISING PURPOSES, YOU ARE ENTITLED SUBMIT AN OBJECTION AT ANY TIME AGAINST PROCESSING YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH ADVERTISING. YOU CAN EXERCISE YOUR RIGHT TO OBJECT IN THE MANNER DESCRIBED ABOVE.

IF YOU EXCERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT ADVERTISING PURPOSES.

13)  Duration of personal data storage

The duration of personal data storage is based on the respective statutory retention period (e.g. commercial and tax retention periods). The corresponding data is routinely deleted once the period has expired if it is no longer required to fulfil or initiate a contract and/or no legitimate interest in its continued storage persists on our part.

14)  JOB APPLICATIONS FOR ECOFLUENCER

All interested parties are free to apply to the BRACENET GmbH for the each of the positions advertised and also submit speculative applications.

14.1)  LEGITIMACY AND PURPOSE OF PROCESSING PERSONAL DATA

We process your personal data for the purpose of your employment application as far as it is required for making a decision concerning establishing an employment relationship with us. The legal basis for this is formed by Sec., 26 (1) in conjunction with Sec. 8 German Federal Data Protection Act (BDSG).

Furthermore, we may process personal data on your person, insofar as this is required to defend against legal claims asserted against us arising from the application process. The legal basis for this is formed by Sec. 6 (1) (f) GDPR; the legitimate interest is, for example, a burden of proof in proceedings under the General Act on Equal Treatment(AGG).

14.2)  TYPE OF PERSONAL DATA

We process data that stands in relation to your application. This may include general personal information (such as your name, address and contact details), details of your professional qualifications and education, or concerning your further professional training or other information that you provide us with in connection with your application. We may otherwise process publicly available professional information on your person, such as profiles on professional social media networks.

14.3)  DISCLOSURE OF PERSONAL DATA

BRACENET GmbH does not disclose your data to third parties or recipients in third countries.

14.4)  STORAGE OF PERSONAL DATA IN THE CONTEXT OF THE ECOFLUENCER PROJECT

We store your personal data as long as it is necessary to do so to make a decision on your application.

If an employment relationship between you and our company fails to materialise, we may also continue to store you data insofar as it is required to defend against possible legal claims if you have granted us consent to process it further. Your application documents will be deleted six months after receipt of your application unless a longer storage period is required owing to ongoing litigation or has been approved based on consent.

14.5)  USE OF THE APPLICATION VIDEOS SUBMITTED

By applying to Ecofluencer, you consent to your application video perhaps being published on our Bracenet Facebook and bracenet_savetheseas Instagram social media channels as a story or post as an Ecofluencer announcement or as part of a public vote.

15)  APPLICATION PROCEDURE FOR ALL OTHER POSITIONS

All interested parties are free to apply to the BRACENET GmbH for the each of the positions advertised and also submit speculative applications.

15.1)  LEGITIMACY AND PURPOSE OF PROCESSING PERSONAL DATA

We process your personal data for the purpose of your employment application as far as it is required for making a decision concerning establishing an employment relationship with us. The legal basis for this is formed by Sec. 26 (1) in conjunction with Sec. 8 German Federal Data Protection Act (BDSG).

Furthermore, we may process personal data on your person, insofar as this is required to defend against legal claims asserted against us arising from the application process. The legal basis for this is formed by Sec. 6 (1) (f) GDPR; the legitimate interest is, for example, a burden of proof in proceedings under the General Act on Equal Treatment(AGG).

15.2)  TYPE OF PERSONAL DATA

We process data that stands in relation to your application. This may include general personal information (such as your name, address and contact details), details of your professional qualifications and education, or concerning your further professional training or other information that you provide us with in connection with your application. We may otherwise process publicly available professional information on your person, such as profiles on professional social media networks.

15.3)  DISCLOSURE OF PERSONAL DATA

BRACENET GmbH does not disclose your data to third parties or recipients in third countries.

15.4)  STORAGE OF PERSONAL DATA

We store your personal data as long as it is necessary to do so to make a decision on your application. If an employment relationship between you and our company fails to materialise, we may also continue to store you data insofar as it is required to defend against possible legal claims if you have granted us consent to process it further. Your

application documents will be deleted six months after receipt of your application unless a longer storage period is required owing to ongoing litigation or has been approved based on consent.