Privacy policy

1. Information on data protection when using the website

In the following, we inform you about the collection of personal data when using our website. We process your personal data in compliance with the provisions of the European General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and all other laws on the processing of personal data that are relevant to us.

2. Controller of the processing under data protection law

YOU MAWO GmbH, Macairestraße 3, 78467 Konstanz, Germany, represented by its managing directors Sebastian Zenetti and Daniel Miko, is responsible for the provision of the website and the processing described in this data protection information (“YOU MAWO”). You can contact YOU MAWO by telephone on +49 7531 945 45 35 and electronically via the e-mail address hello@youmawo.com.

3. Contact details of the data protection officer

The data protection officer of YOU MAWO is Matthias Herkert, Steuerberater und Rechtsanwaltskanzlei reichert & reichert, Max-Porzig-Str. 1, 78224 Singen, Germany. You can reach the YOU MAWO data protection officer by telephone and post via the contact details of the controller, electronically via the email address datenschutz@reichert-reichert.de.

4. Purposes and legal bases of data processing when using the website

4.1 Informational use of the website

You can visit the website without having to provide any personal data. If you use the website purely for information purposes, YOU MAWO processes log data (Section 5.1) and identification data (Section 5.4). The legal basis for this is the legitimate interest of YOU MAWO pursuant to Art. 6 para. 1 subpara. 1 lit. f GDPR to make the use of the website available to you. The provision of this data is not required by law or contract, but if it is not provided, it will not be possible to use the website. The personal data will not be used for automated decision- making, including profiling.

For the hosting of our website and the technical support for its operation, data is transferred to Google Ireland Limited as a processor of YOU MAWO within the meaning of Art. 4 No. 8 GDPR. A contract has been concluded with the processor for the processing of personal data on behalf of Art. 28 GDPR.

4.2 Making contact via the website

When you contact YOU MAWO by email, YOU MAWO only processes communication data (Section 5.2). The legal basis for this is Art. 6 para. 1 subpara. 1 lit. b GDPR if the contact or correspondence is aimed at the conclusion of a contract or the execution or fulfilment of a contract to which you are a party. In all other cases, YOU MAWO’s legitimate interest in conducting the conversation initiated by your contact within the meaning of Art. 6 para. 1 subpara. 1 lit. f GDPR is the legal basis for processing. The provision of this data is not required by law or contract. The personal data is not used for automated decision-making, including profiling.

For the exchange of electronic correspondence, data is transferred to Google Ireland Limited as a processor of YOU MAWO within the meaning of Art. 4 No. 8 GDPR. A contract has been concluded with the processor for the processing of personal data on behalf of Art. 28 GDPR.

The personal data collected in connection with the establishment of contact and any subsequent correspondence will be deleted by YOU MAWO six years after the end of the year in which the correspondence was terminated. Correspondence with you is generally deemed to have ended when it can be inferred from the circumstances of the correspondence that the person concerned is no longer interested.

4.3 Improvement and further development of the website

YOU MAWO may process log data (Section 5.1) and usage data (Section 5.3) to improve and further develop the website and its functions. The legal basis for the processing is your previously given consent in accordance with Art. 6 para. 1 subpara. 1 lit. a GDPR. The provision of this data is not required by law or contract; you will not suffer any disadvantages if you do not give your consent to the processing. The personal data will not be used for automated decision-making, including profiling.

For technical optimisation and further development as well as for error analysis and troubleshooting, data may be transferred to Vibrant Media Inc. as a processor of YOU MAWO within the meaning of Art. 4 No. 8 GDPR. A contract has been concluded with the processor for the processing of personal data in accordance with Art. 28 GDPR.

The stored data will be deleted or anonymised as soon as processing is no longer necessary. This is usually the case after seven days at the latest.

4.4 Ensuring the security of the website and the IT infrastructure used

YOU MAWO may process log data (Section 5.1) and identification data (Section 5.4) to ensure the IT security of the website and the IT infrastructure used. The legal basis for this is the legitimate interest of YOU MAWO pursuant to Art. 6 para. 1 subpara. 1 lit. f GDPR to ensure security, confidentiality, integrity, availability and resilience of the website and the IT infrastructure appropriate to the risk of processing, in particular for preventive IT security as well as for the detection, elimination and evidence-proof documentation of faults and incidents. The provision of this data is not required by law or contract, but if it is not provided, it will not be possible to use the website. The personal data is not used for automated decision-making, including profiling.

The personal data processed in connection with ensuring the security of the website and the IT infrastructure used is regularly deleted after the respective security-relevant event has been fully checked and clarified, unless there is a legal basis for further processing by YOU MAWO in individual cases.

4.5 Registration and receipt of newsletters

You can register to receive newsletters from YOU MAWO via the website. In this case, YOU MAWO processes the correspondence data provided by you for receipt (Section 5.5) as well as the log data (Section 5.1) and identification data (Section 5.4) required for proof of consent. The legal basis for the processing for sending the newsletter is your consent in accordance with Art. 6 para. 1 subpara. 1 lit. a GDPR, the legal basis for the processing of the required identification and log data is the legal obligation of YOU MAWO to prove the legality of the newsletter dispatch in accordance with Art. 6 para. 1 subpara. 1 lit. c GDPR. The provision of this data is not required by law or contract, but if it is not provided, it will not be possible to send newsletters. The personal data will not be used for automated decision- making, including profiling.

To send the newsletter, data is transferred to The Rocket Science Group, LLC as a processor of YOU MAWO within the meaning of Art. 4 No. 8 GDPR. A contract has been concluded with the processor for the processing of personal data in accordance with Art. 28 GDPR. The permissibility of the data transfer is based on the existence of adequacy decisions in accordance with Art. 45 GDPR and on the data protection regulations issued by the European Commission.

4.6 Use of the store locator function (Store Locator)

Using the store locator function integrated into the YOU MAWO website, you have the option of displaying YOU MAWO stores and sales partners in an area of your choice. To display the search hits found in the selected area, we use the online map service Google Maps from the US company Google LLC. Google Maps is a web service for displaying interactive maps in order to visualize geographical information. When you actively use the store search, i.e. when you start the search for YOU MAWO stores and sales partners by entering a target location, Google Ireland Limited processes log data (Section 5.1), usage data (Section 5.3) and identification data (Section 5.4). The legal basis for this is your prior consent in accordance with Art. 6 para. 1 subpara. 1 lit. a GDPR. The provision of the data required for the use of the function is not required by law or contract, but if it is not provided, it will not be possible to use the store locator function.

When using the store search function, data is transmitted to Google LLC. This may also result in data being transferred to and processed on servers in the USA. From a data protection perspective, the USA is a country without an adequate level of data protection. You can view Google’s terms of use at https://www.google.de/intl/en/policies/privacy/, the additional terms of use for Google Maps can be found at https://www.google.com/intl/en_US/help/terms_maps/, detailed information on data protection in connection with the use of Google Maps can also be found on Google’s website (“Google Privacy Policy”): https://www.google.de/intl/en/policies/privacy/.

4.7 Cooperation with authorities, government agencies and courts

In order to cooperate with authorities, government agencies or courts to the extent required by law, YOU MAWO may process all the categories of personal data listed above. The legal basis for this is the legal obligation of YOU MAWO to fulfil the respective national law or the law of the European Union or its member states in accordance with Art. 6 para. 1 subpara. 1 lit. c GDPR or the legitimate interest of YOU MAWO in the fulfilment of your legal obligations in countries outside the European Union in accordance with Art. 6 para. 1 subpara. 1 lit. f GDPR. The personal data will not be used for automated decision-making, including profiling.

The personal data processed in connection with cooperation with authorities, government agencies or courts will be deleted as soon as they are no longer required to achieve the purpose of processing and provided that there are no legal provisions to the contrary. In these cases, your data will be deleted when the legal obligation no longer applies and after any resulting claim periods have expired.

4.8 Assertion, exercise or defence of legal claims

For the assertion, exercise or defence of legal claims against you or against third parties, YOU MAWO may process all the categories of personal data listed above. The legal basis for this is YOU MAWO’s legitimate interest in the defence against unjustified claims and in the assertion and enforcement of claims and rights in accordance with Art. 6 para. 1 subpara. 1 lit. f GDPR. The personal data will not be used for automated decision-making, including profiling. For the aforementioned purposes, data may be transferred to courts, lawyers, law firms and authorities within and outside the EU and the EEA.

The personal data processed in connection with the assertion, exercise or defence of legal claims will be deleted as soon as they are no longer required to achieve the purpose of processing and provided that there are no legal provisions to the contrary. In these cases, your data will be deleted when the legal obligation no longer applies and after any resulting claim periods have expired.

4.9 Scan

With our app, scans can be made. For this, we use the TrueDepth API of Apple. As soon as a new scan is made, the old one gets deleted. Only, when a session is created or an order is placed does the scan get uploaded to our own servers in order to create the custom production files of the frames based on the scan. The scans are stored encrypted on the servers – there is no possibility of direct access to this data from the outside. We don’t share the scan with any other company and only a few people at our own company have access to it in order to create the production files. If the user wants the scan to be deleted he/she can contact us via hello@youmawo.com.

5. Categories of personal data processed

5.1 Log data

The category of “log data” includes the date and time of connection establishment, version and type of operating system and browser of the terminal device used, access token used, amount of data transferred, HTTP referrer and domain and sub-websites accessed via an accessing system.

5.2 Communication data

The category of “communication data” includes the email address you use for communication as well as the content of the communication and correspondence you have with YOU MAWO.

5.3 Usage data

The category of “usage data” includes information on visits to individual sites and sub-sites, date and time of the last visit, information on the time spent on individual sites and sub-sites, information on the extent and duration of the use of functions, information on website crashes during use.

5.4 Identification data

The category of “identification data” includes the Internet Protocol address (IP address) of the end device used, device ID, user ID, app instance ID and other identification features set by cookies that make it possible to identify data subjects or the end devices used by the data subjects.

5.5 Correspondence data

The category of “correspondence data” includes the potentially personal e-mail address.

6. Social media links on the website

On the YOU MAWO website you will find social media buttons for Instagram, Facebook and Pinterest. Behind these buttons are only hyperlinks. During your visit to the YOU MAWO website, no data is transferred to the respective social media providers. Only when you click on one of the buttons will the respective page open in a separate window and you will be redirected.

7. Rights of data subjects affected by data processing

As a data subject, you have the following rights under data protection law in relation to the processing of personal data concerning you described in Section 4 vis-à-vis YOU MAWO in the cases and to the extent provided for by law, and you can contact YOU MAWO using the contact information provided in Section 1 to exercise these rights:

Right of access: Art. 15 GDPR standardizes the right to request confirmation from the controller as to whether the controller is processing the applicant’s personal data and what personal data is involved, as well as to receive a copy of the personal data concerned.

Right to rectification: Art. 16 GDPR enables the data subject to obtain from the controller without undue delay the rectification of inaccurate personal data and the completion of missing personal data.

Right to erasure: Art. 17 GDPR contains the data subject’s right to erasure in the cases and to the extent provided for by law.

Right to restriction of processing: Art. 18 GDPR stipulates that the data subject may request the controller to restrict the processing of their data under the legal conditions, so that further processing is only permitted in the legally standardized cases.

Right to restriction of processing: Art. 18 GDPR stipulates that the data subject may request the controller to restrict the processing of their data under the statutory conditions, so that further processing is only permitted in the cases standardized by law.

Right to data portability: Art. 20 GDPR regulates the right of the data subject to receive personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from the controller or to have the personal data transmitted directly from one controller to another.

Right to lodge a complaint with a supervisory authority: Art. 77 GDPR standardizes the right of every data subject to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to them infringes the provisions of the GDPR.

Right to object: Art. 21 GDPR gives the data subject the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Art. 6(1)(1) GDPR. The controller will then no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims. Data subjects also have the right to object at any time to the processing of personal data concerning them for the purpose of direct marketing. If the data subject objects to processing for direct marketing purposes, the personal data will no longer be processed for these purposes.

Right to withdraw consent: Art. 7 para. 3 GDPR regulates the right of data subjects to withdraw their consent at any time. The personal data covered by the consent will then no longer be processed by the controller. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

The full scope of the respective statutory rights of data subjects can be found in the above-mentioned articles, which can be accessed via the hyperlink http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679.