Personal data is defined as any information relating to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.
Personal data is information such as name, email address or telephone number, but also information about hobbies, memberships or which other websites were visited by the data subject.
We only collect, use and share personal data in accordance with what is legally permissible, and with the user’s consent.
Consent is any voluntarily given, unambiguous statement of agreement in a specific case, given in an informed manner in the form of a statement, or other clearly affirming consenting action, with which the data subject indicates that they agree to the processing of their personal data.
We (or the webspace provider) collect data on each of your visits to the Vercasa Srl website (this data is referred to as “server log files”) (“access data”). This access data includes: name of the website accessed, file, date and time of access, volume of data transmitted, protocol on successful access, browser type and version, the user's operating system, referrer URL (i.e. page previously visited), IP address and the requesting provider. If the user is using a mobile device, the access data additionally comprises: country code, language, name of device, name of operating system and version, GPS location data.
We use this access data only for statistical evaluations for the purpose of operation, security and optimization of our offer on the Vercasa Srl website. However, reserve the right to review these data at a later date, if concrete indications of unlawful use become known to us. This data is then stored as it is understood to be the only way to prevent misuse of our offer; if necessary this data will be reviewed to investigate past offenses. In this regard, since we are the party responsible for data processing, storing this data is necessary to ensure our security. This data will not be shared with third parties unless required by law or for the purpose of criminal prosecution.
We collect and store the following data (“registration data”) when you register on the Vercasa Srl website and create a customer account: first and last name, email address, password and other information, such as billing and shipping address. You can manage this data at any time by going to “User account” – “Overview” in the menu. Further we collect your data for the purpose of processing your bookings on Vercasa Srl, and in order to process the sales contracts for services purchased from our website (“purchase data”). This data includes: first and last name, billing address.
The registration data, purchase data and any other data you provide in the course of registration will be used on the Vercasa Srl website only insofar as this data is required for us to fulfill the sales contract or for pre-contractual measures (i.e. use of the Vercasa Srl website and booking of services in the webshop, including, without limitation, sending direct marketing about items you have expressed an interest in). (Legal basis Art. 6 Para. 1 lit. b DSGVO).
Payment data is not processed by us, but exclusively by our external provider Stripe.
When you contact us (for example by email), also outside of a contractual relationship with us, your details will be stored for the purpose of processing the request as well as in the event that follow-up questions arise.
With the newsletter we inform the user about us and our offers. Only the user’s email address is needed to register for the newsletter. When a user registers for the newsletter, their email address is transmitted to both us and the email provider Klaviyo and is stored there. An email is sent to the user after they register for the newsletter, asking them to confirm the registration (“double opt-in”). The following information is stored with us and with our mail provider Klaviyo when a user subscribes to the newsletter: their IP address, the name of their device, their mail provider, the user’s first and last name, the date that they subscribed. This information is only stored in order to serve as evidence in case a third party subscribes to the newsletter by misusing another person’s email address without their consent.
To send our newsletter we use the service “Klaviyo” 125 Summer St, Floor 6 Boston, MA 02111 United States. For this purpose and on our behalf the following data is processed on Klaviyo’s servers in the USA: the user’s IP address, device name, mail provider, their first and last name, date.
We would like to point out that automated decision making (“profiling”) may take place when integrating Klaviyo. We use the Klaviyo service to analyze user behavior, for example whether users open the email or click on links in the email body. When opening the email the data contained therein (“web-beacon”) connects with Klaviyo’s servers in the USA to analyze user behavior. It also collects technical information such as IP address, browser type and operating system. Klaviyo participates in the EU-US Privacy Shield framework and Swiss-U.S. Privacy Shield framework. Klaviyo complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and/or Switzerland to the United States.
Klaviyo's privacy policy can be found here: https://www.klaviyo.com/privacy.
The user can revoke their consent to their data and email address being stored and used to send the newsletter at any time. To revoke their consent, the user can use the link contained in the newsletter emails themselves or by notifying us via the contact options listed above, or, if applicable, contacting the mail provider directly; all of this is at no extra cost save for the cost of data transfer.
In general, the legal basis for data processing of data when using our website and services is Art. 6 (1) b. GDPR, i.e. the data is processed insofar as it is required to fulfill the sales contract between you and us or to fulfill pre-contractual measures that you requested. Art. 6 (1) a. GDPR is also the legal basis for the processing of data for specific purposes, provided and to the extent that you and/or the data subject have given their prior consent. You give your consent for example when you register as a customer and create a user account. Art. 6 (1) c. GDPR is also the legal basis for any processing of your data by us when this is required to fulfill a legal obligation to which we and/or other responsible persons are subject. This can be the case for example when our data is collected when you visit our web page, if we choose this method to ensure security of our website and services. Data processing may also be carried out on the basis of Art. 6 (1) e. GDPR, if this is necessary to perform a legal obligation in the public interest or in the exercise of official authority that we or the responsible party have been vested in. Moreover, Art. 6 (1) f. GDPR also forms the legal basis for example when data is collected when visiting the Vercasa Srl website or when data is transmitted to our shareholders and external service providers. The processing takes place if it is necessary to safeguard our legitimate interests and does not outweigh your interests, fundamental rights and fundamental freedoms that might require the protection of personal data. A legitimate interest is to be assumed in the case of a legitimate relationship between you (or the person in question) and us (or the responsible party), i.e. if you are a customer and/or user of our website and services. For further details we refer to the explanations of processing operations in this privacy statement.
We do not use profiling or automated decision-making when you visit our website and use our services. However, in individual cases it is possible that such profiling is carried out by the third-party providers we use. We point this out as much as possible in this privacy statement. “Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements; Examples of such profiling include the analysis of data (e.g. on the basis of statistical methods) with the aim of displaying personalized advertising to the user or giving shopping tips. The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them. This does not apply if the decision (i) is necessary for the conclusion or performance of a contract between the data subject and the data controller, (ii) is required by EU law or law of its member states to which the data controller is subject and such law contains appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject or (iii) with explicit consent of the data subject. In these exceptions, the responsible party takes appropriate measures to safeguard the data subject’s rights, freedoms and legitimate interests, including at least the right to obtain the intervention of a person by the data controller, to state their own position and to challenge the decision.
We only transfer personal data to third parties insofar as it is necessary in the framework of fulfilling the terms of the agreement and only within the scope stated in this privacy statement. Furthermore, data is only transmitted if we are legally obliged to do so or if the person concerned has given their consent and has not revoked it, or if this is necessary to enforce our rights. In some cases, processing may take place in other EU countries, but we make sure that the level of data protection is always in compliance with EU requirements.
We work together with external service providers that support us in carrying out the online or offline steps necessary to execution of our service. We only transfer personal data to third parties insofar as it is permissible by law (i.e. in order to execute our service on the website, in accordance with Art. 6 (1) b. GDPR) or with your given consent (in accordance with Art. 6 (1) a. GDPR) or if you instruct us to do so. Please contact info@ledimore.com for more information. This relates for example to the transmission of data to our service provider(s). Moreover, as part of our affiliate program, we may share information with our affiliate partners who use the information on our behalf for marketing purposes and to improve our services. These affiliate partners process the data exclusively within the EU and in compliance with the relevant legal bases. Among other things, the affiliate partners receive the customer's ID.
Data may be transferred outside the EU when visiting or using the website – this is the case for the services of Google, Facebook or Twitter, as described in the section “Social Plugins”. The US companies offering Google, Facebook and Twitter services are each certified under the EU-US Privacy Shield agreement and thus guarantee compliance with EU data protection regulations. Furthermore, your data will be processed by Mailchimp, located outside the EU, when you sign up for the newsletter. Data may be transferred outside the EU when visiting or using the website. This is the case for example with the services of the payment service provider Stripe, Inc. 185 Berry Street, Suite 550, San Francisco, CA 94107, USA. Stripe processes payment data in order to process payments on the website. Stripe, Inc. is certified according to the EU-US Privacy Shield agreement and thus guarantees compliance with data protection regulations in the EU. For more information about Stripe please refer to https://stripe.com/de/privacy.
It is possible that third-party content is integrated within our website, such as videos hosted by YouTube, maps by Google Maps, RSS feeds or graphics from other websites. This always presupposes that the providers of this content (hereinafter referred to as “third-party providers”) are aware of the user’s IP address, since the IP address is required to send content to the user’s browser. The IP address is therefore required to display this content. Where possible, we will only use content whose respective third-party providers use the IP address solely for the delivery of the content and point this out accordingly. However, we have no influence on the actions of third-party providers if they store the IP address, e.g. for statistical purposes. The users will be informed if such behavior by third party service providers is known to us.
Cookies are small files that are automatically stored on your access device that allow us to store information related to your device. On the one hand, cookies enhance the user-friendliness of websites and thus serve the users (e.g. by storing login data). On the other hand, they are used to collect statistical data on the use of the website and to analyze it in view of improving the Vercasa Srl website. When the user visits the Vercasa Srl website, temporary “session cookies” are generated and stored on the user’s device, but they are deleted as soon as the user closes their browser window. The session cookies are stored at benötigt in order to assign successive page views to the respective users who access the platform at the same time. The users can influence the use of cookies. Most browsers will allow you to erase cookies from your computer hard drive, or entirely block the acceptance of cookies. It should however be noted that this will affect user comfort. Users can manage many companies’ advertisement cookies by using the U.S. site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/uk/your-ad-choices.
We use Google Analytics, a web analysis service of Google Inc, Mountain View, CA 94043, USA (“Google”). Google Analytics uses “cookies”, which are text files placed on the users’ device to help the website analyze how they use the site. The cookie generates information such as browser type/version; operating system used; referrer URL (page previously visited); host name of the accessing computer (IP address); time of the server request when using the website. This information is usually transmitted to a Google server in the USA and stored there, but given that IP anonymization is activated on the Vercasa Srl website, our users’ IP addresses will be previously abbreviated within EU member states or other parties to the Agreement on the European Economic Area. This means that the full IP address will not be transmitted to a Google server in the USA and shortened there. IP anonymization is activated on the Vercasa Srl website. On behalf of the operator of this website Google will use this information to evaluate your usage of the website, to create reports on website activities and to provide other services related to website and internet usage to the website operator. The IP address transmitted by your browser within the context of Google Analytics will not be combined with any other data held by Google. By using appropriate settings you can prevent the storage of cookies in your browser. In this case however we would like to point out that you might not be able to fully use all functions of the Vercasa Srl website(s). It is also possible to prevent the collection of data generated by the cookie and related to the usage of the website to Google as well as the processing of these data by Google by downloading and installing the browser plugin available here: http://tools.google.com/dlpage/gaoptout?hl=de For more information please refer to Google's privacy policy: http://www.google.de/policies/privacy/.
Our website also contains social plugins which are used to connect the website to the following social networks: Facebook, Twitter and Pinterest. By default these social plugins are deactivated and therefore no data gets transferred. If for example a user wants to share content that is on the Vercasa Srl website to one of these social networks, they must click on the corresponding button on the Vercasa Srl website. If the user is logged in to their user profile in that social network, it is only after a second click on that button, e.g. the “share” function, that their visit of the Vercasa Srl website will be put in relation to their user account on the given social network. The user may deactivate this function at any time and manage it within the Vercasa Srl website by going to “Settings”. If the user does not want any data about their visit to the Vercasa Srl website to be collected by the social networks, they should log out of these social networks before visiting the Vercasa Srl website. However, if they activate the relevant social media buttons by clicking, cookies will still be generated that identify each visit to the Vercasa Srl website. This function may therefore collect data and create a profile which may then be traced back to a specific natural person (please refer to the point “profiling” above). If you do not wish this to happen, just visit the Vercasa Srl website and click on the correct option to disable the function. Or you can set your browser to never accept any cookies; however, we would like to point out that in this case the functionality of the PVercasa Srl website can be limited.
Our website(s) and services use the social plugin for the social network Facebook, at facebook.com, by Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). Facebook's privacy policy can be found at https://de- en.facebook.com/about/privacy/.
Our website(s) and services use the social plugin for the social network Twitter, at twitter.com, by Twitter Inc. 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (“Twitter”). Twitter's privacy policy can be found at https://twitter.com/privacy
Our website(s) and services use the social plugin for the services of Pinterest Inc, 808 Brannan Street, San Francisco, CA 94103, USA, and Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland (“Pinterest”). Pinterest's privacy policy can be found at https://policy.pinterest.com/de/privacy-policy
We use the services of "Salesforce.com, Inc." Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105 (usually abbreviated as SF or SFDC) an American cloud-based software company headquartered in San Francisco, California to store and process user data. For certain Services, for which they act as a data processor, Salesforce has certified under the EU-U.S. and Swiss-U.S. Privacy Shield frameworks. https://compliance.salesforce.com/en/privacy-shield More information about Salesforce’s privacy practices can be read at https://www.salesforce.com/eu/company/privacy/full_privacy/
We use "Segment" Segment.io, Inc. 100 California Street, Suite 700 San Francisco, CA 94111 USA, in order to better understand our users’ needs and to optimize this service and experience. Segment is a technology service that helps us better understand our users' experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Segment uses cookies and other technologies to collect data on our users’ behavior and their devices (in particular device's IP address (captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website). Segment stores this information in a pseudonymized user profile. Neither Segment nor we will ever use this information to identify individual users or to match it with further data on an individual user. Segment.io, Inc. (“Segment” or “we”, “us” or “our”) complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred to it in the United States from the European Economic Area (“EEA”) or Switzerland, respectively. For further details, please see Segment’s privacy policy at https://segment.com/legal/privacy/ You can opt-out to the creation of a user profile, Segment’s storing of data about your usage of our site and Segment's use of tracking cookies on other websites by following this opt-out link.
We use "Form Assembly" FormAssembly Inc. 885 S College Mall Rd, #399, Bloomington, IN 47401, USA, to process form data submitted securely through the Website. For more information about Form Assembly's privacy practices, please see Form Assembly Privacy Policy at https://www.formassembly.com/privacy-policy/ FormAssembly Inc. complies with the EU-U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, United Kingdom, and Switzerland to the United States, respectively.
We use the “Custom Audience pixel” of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”) on our website. With its help, we can keep track of what users do after they see or click on a Facebook advertisement. This enables us to monitor the effectiveness of Facebook ads for purposes of statistics and market research. Data collected in this way is anonymous to us, which means we cannot see the personal data of individual users. However, this data is saved and processed by Facebook. Facebook can connect this data with your Facebook account and use it for its own advertising purposes, in accordance with Facebook’s Data Policy which can be found at https://www.facebook.com/about/privacy/. You can allow Facebook and its partners to place ads on and outside of Facebook. A cookie can also be saved on your device for these purposes. Please click here if you would like to withdraw your consent https://www.facebook.com/settings/?tab=ads#_=_
We use "Amazon Web Services" Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109-5210, USA, to host our Website. We collect standard Internet log files to enable us to troubleshoot the Website's infrastructure. For more information about the privacy practices of Amazon Web Services, see Amazon Web Services Privacy Policy at https://aws.amazon.com/privacy/
We use Groove, at https://www.groove.co/, GROOVE LABS INC. (“GROOVE”), 660 4th Street #684 San Francisco, CA94107 United States, to inform users about us and our offers. Groove has certified that it complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. If there is any conflict between the policies in this privacy policy and the Privacy Shield Framework, the Privacy Shield Framework shall govern. Groove is subject to the investigatory and enforcement powers of the FederalTrade Commission (FTC). You can find more about their privacy policy here (https://www.groove.co/privacy-policy/)
We use "Replyify" (https://replyify.com/). Replyify may collect two types of data about users: (1) information that we or others voluntarily submit to them and technical data automatically collected from all visitors to the Replyify Service. They may transfer Personal Information to companies that help them provide their Services. Transfers to subsequent third parties are covered by the Data Processing Agreements with our customers. Repliyify does not sell Personal Information to any third party. Replyify does not share your personally identifiable information with other organizations for their marketing or promotional uses without prior consent. You can find more about their privacy policy here (https://replyify.com/privacy.html).
Every user has a right to access the personal data stored about their person at any time and free of charge. This right of access to stored personal data includes the right to know whether personal data concerning the data subject is being processed and, if so, the following related information: purpose(s) of data processing; categories of personal data being processed; recipient(s) or categories of recipient(s) who the personal data has been disclosed to or is currently being disclosed to, especially in the case of recipients established in third countries or international organizations; if possible the planned duration that personal data is to be stored for, or, if this is not possible to tell, the criteria that determine this duration; the existence of a right of correction or deletion of the user’s personal data or restrictions of processing by the party responsible or of a right of opposition to such processing; the existence of a right to lodge complaints with a regulatory authority; if the personal data is not collected from the data subject themselves, all available information about the data’s origin; the existence of automated decision-making including profiling (according to GDPR) and – at least in these cases – relevant information about the applied logic as well as the scope and the intended effects of such processing for the data subject. The right of access to stored personal data does not exist if the data is only stored because it may not be deleted by reason of statutory, constitutional and contractual regulations on retention and for data backup and data protection control, and if therefore the provision of information would require disproportionate effort, and if appropriate technical and organizational measures preclude processing of personal data for further purposes.
The user has the right to revoke their consent regarding the use, processing or transmission of their data at any time. To this end the user can contact us at info@ledimore.com. In the case of the withdrawal of your consent for the storing, processing and use of your personal data, we will immediately delete all of your saved data. This does not apply if compelling legitimate grounds are given for processing that outweigh your interests, fundamental rights and fundamental freedoms or if data processing is required to establish, exercise or defend legal claims. We will therefore continue to use this data, for example, if it is still necessary for the implementation of the contractual relationship, for example.
You have the right to have any inaccurate personal data immediately corrected. You have the right to request the rectification of your personal data (for example by submitting an explanation about the inaccuracy of the data) in view of the given processing purposes. For this purpose please contact info@ledimore.com.
You have the right to demand that we delete your personal data immediately. For this, please contact info@ledimore.com
Your personal data will be deleted immediately in the following cases:
if we no longer need your personal data for the purposes for which they were initially collected or otherwise processed;
if you revoke your consent that formed the basis for the processing, and there is no other legal basis for processing;
if you object to the processing and there are no proper overriding legitimate reasons for processing;
if the personal data has been unlawfully collected.
if the deletion of the personal data is required to fulfill a legal obligation under EU law or the law of the Member States to which we are subject;
if the personal data relating to information society services offered directly was collected from a child under 16 years of age without parental consent.
When a customer account is deleted, their data that had been stored in the internal database is also deleted, except if data processing is required to establish, exercise or defend legal claims, such as fulfillment of contractual obligations with Vercasa Srl (cf. paragraph 5) or if legal retention periods prevent deletion.
Data will not be deleted if processing of the data is necessary (i) to perform a legal obligation in the public interest or in the exercise of official authority that we have been vested in; (ii) to exercise the right to free speech and information; (iii) on grounds of public interest in the field of public health; or (iv) for archival purposes in the public interest, for scientific or historical research purposes or for statistical purposes, if the right to deletion presents a serious obstacle to reaching the objectives of this processing or makes it.
In the case of non-automated data processing, data need not be deleted if it would require disproportionate effort or if it is impossible, and if your interest in deleting is seen as small. In this case, data processing will be restricted instead of the data erased.
Moreover, we will restrict data processing rather than delete the data as long as we have reason to believe that erasure would adversely affect legitimate interests of the data subject. We will inform the data subject of the restriction of processing if doing so is not impossible or would not involve a disproportionate effort.
Please also refer to the following sections 4.5 and 5 below.
You have the right to request us to restrict the processing of your personal data if one of the following conditions is met: (i) The accuracy of the personal data is disputed by you for a period that enables us to verify the accuracy of the personal data; (ii) The processing is unlawful, you refuse to delete the personal data and instead demand a restriction on the use of the personal data; (iii) We no longer need the personal data for the purposes of processing, you need the data to assert, exercise or defend legal claims; or (iv) You have filed an objection against the processing and it is not yet clear whether the legitimate reasons of our company outweigh your legitimate reasons for the objection. If the above conditions are met and you wish to have your personal data stored by us restricted, you can contact us at contact@pamono.com at any time. We will then arrange for processing to be restricted. If you have been confirmed that the processing of your personal data is restricted, we will inform you in advance if we lift this restriction again. Instead of personal data being deleted, its processing may be restricted. Please refer to the previous section for more details.
You have the right to receive your personal data (that you have provided to us) in a structured, commonly used and machine-readable format. For this, please contact us at info@ledimore.com. You also have the right to transmit those data to another controller without hindrance from us (who was provided with the personal data), provided that the processing is based on consent or on a contract to which the data subject is a party and provided that the processing is carried out by automated means. In exercising your right to data portability, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible. This right shall apply if it adversely affects the rights and freedoms of others, or if processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
You always have the right to appeal the processing of your personal data to a supervisory authority of your choice. In Germany the authorities responsible for data protection are those that enforce the respective federal state laws.
As a general rule we only keep the personal information for as long as it is necessary to fulfill the contractual obligations or in regard to a given purpose, and we limit the storage period to an absolutely necessary minimum.
The duration of storage may vary in the case of longer-term contractual relationships, such as e.g. when using our website(s) and services, but as a rule are limited to the duration of the given contractual relationship or, with regard to inventory data, the maximum is set to the statutory retention periods (e.g. in accordance with Handelsgesetzbuch (HGB) [German Commercial Code] and Abgabenordnung (AO) [German Fiscal Code].
The duration of storage depends on, among other things, whether the data is still current, whether the contractual relationship with us still exists or whether an inquiry has already been processed, whether a process has been completed or not and whether legal retention periods for the personal data concerned are pertinent or not.
In order to ensure the best possible standard of protection for your personal data, the Vercasa Srl website offers a secure SSL connection between the user's server and the browser, i.e. the data is transmitted securely using encryption. When using our website and services, user data is stored on servers within the EU. We use the server provider Maxcluster GmbH, Technologiepark 8, 33100 Paderborn, Germany, which processes the data on our behalf. It should be specifically noted that with current technology the security of data transmission via open networks such as the internet cannot be fully guaranteed. You are aware of the fact that, from a technical point of view, the provider can at any time view the pages stored on the web server and other stored data that concerns you. You are fully responsible for ensuring that the data that you transmit through the Internet and store on web servers are protected and secure. We are not liable for disclosure of personal information due to errors in transmission and/or unauthorized access by third parties.
You can view, download and print out this privacy statement at any time on our website at https://www.ledimore.com/privacy/ We have the right to modify this privacy statement in compliance with the relevant regulations.