Customer Portal Privacy Policy - Customer Portal
Data Protection Notice, status as of: 18 June 2020
This service (“Service”) is provided by Big Dutchman International GmbH, Auf der Lage 2, 49377 Vechta, Germany (We” or “Us”) as controller within the meaning of the applicable data protection laws.
When using the Service, We collect and process personal data about the user (“You” or the “User”). Since protection of your personal data when using the Service is important to Us, We want to provide you with the following information on the personal data We will collect when You use the Service and on how We will handle such data in accordance with applicable data protection laws including the EU General Data Protection Regulation (“GDPR”). This Data Protection Notice applies to the use of the Service in whichever form; i.e. be it through a website as well as an app or other online service.
You can access this Data Protection Notice at any time by selecting the “Data Protection” section within the Service.
1 Purposes and Legal Bases for Processing
We collect certain information when you are using the Service. The categories of personal data, the purposes for which it is collected as well as the legal bases for the processing are specified below.
1.1 Automatically Collected Information
When You use the Service, We automatically collect and store specific data. This includes: the tech-nical and connection-related data assigned to your terminal, e.g. IP address and MAC address, which We require to transmit the contents retrieved by you or to be presented by Us to you (including, e.g. texts, images and product information, as well as files provided for downloading, etc.), request con-tents, access status / http status code, transferred data volume, website from which the request is made, browser, operating system and its interface, language and version of the browser software, as well as request date and time.
We use this information to:
(1) provide you with the service and the related functions;
(2) improve the functions and performance features of the Service; and
(3) prevent and eliminate abuse and malfunctions (incl. troubleshooting).
The data is processed and used based on the statutory provisions according to which, these data processing activities are justified in that:
(1) processing is required to fulfil the agreement on the use of the Service (e.g. At. 6 para. 1 b) GDPR); or
(2) We have an overriding legitimate interest in ensuring the functionality and fault-free opera-tion of the Service and in being able to offer the Service tailored to the user (Art. 6 para. 1 f) GDPR).
1.2 Creation of a User Account (Registration) and Login
As far as the use of the Service requires registration, this is for the purpose of technically gaining access to the server and to prevent any access by unauthorised third parties. When you register with the Service, We collect certain data which you provide (e.g. name, address, country, e-mail address).
We use your registration data to grant you and manage your access to the Service. We use the ac-cess data in particular to authenticate you upon login and to follow up on enquiries for resetting your password.
The registration data is processed and used by Us to:
(1) verify your right and administration of the user account;
(2) enforce any applicable Terms of Use of the Service and each and every related rights and obligations; and
(3) contact you by providing you with technical information, updates, security alerts or other messages regarding the administration of the user account.
The data is processed and used based on the statutory provisions according to which these data processing activities are justified in that:
(1) processing is required to fulfil the agreement on the use of the Service (e.g. Art. 6 para. 1 b) GDPR); or
(2) We have an overriding legitimate interest in ensuring the functionality and fault-free opera-tion of the Service (e.g. Art. 6 para. 1 f) GDPR).
1.3 Use of the Service
Within the scope of the Service, the user can enter, manage and process various information (includ-ing images and documents), tasks and activities regarding its organisation. The respective data is collected in a user-related manner and marked with a time stamp in each case. The data collected in this way is transferred to a server and stored there for the duration of the usage relationship. Fur-thermore, a unique ID is assigned to the organisation. This is the information collected by the respec-tive user using the Service, in particular (if available in the Service) data on the organisation (e.g. address, region, country, etc.); production data (e.g. temperature, number or weight of animals, feed or water supply) (“Production Data”); activities (e.g. registration of guests, orders made within the Service, delivery/collection of animals or feed, vaccinations and veterinary treatments and pest con-trol), all in accordance with the functions implemented within the Service (including as the case may be any additional plug-ins you are using). If the user provides any information likely to relate to natu-ral persons in this context, e.g. names and contact details (in particular postal addresses, phone numbers and e-mail addresses) of farmers, guests, suppliers, animal traders, breeders, slaughterers or other organisation employees using the Service, We also process such data to provide the Ser-vice.
The data is processed and used based on statutory provisions according to which these data pro-cessing activities are justified in that:
(1) processing is required to fulfil the agreement on the use of the Service (e.g. Art. 6 para. 1 b) GDPR); or
(2) We have an overriding legitimate interest in ensuring the functionality and fault-free opera-tion of the Service (e.g. Art. 6 para. 1 f) GDPR).
1.4 Storage of Specific Data in the Customer Database
We store personal data in a customer database to manage the relationship with You as a customer.
The data is processed and used based on statutory provisions according to which these data pro-cessing activities are justified in that We have an overriding legitimate interest in maintaining and managing the customer relationship (e.g. Art. 6 para. 1 f) GDPR).
2 Use of Anonymous Data
We reserve the right to use and evaluate the data collected using the Service, e.g. Production Data, for additional purposes, e.g. to improve products, enhance the service, develop new features and functions and optimise the user interfaces. If such information is personal data, it is anonymised in accordance with the applicable data protection laws before it is further used and evaluated.
3 Newsletter
This website uses CleverReach to mail newsletters. This service is provided by CleverReach GmbH & Co. KG, Mühlenstraße 43, 26180 Rastede, Germany. CleverReach is a service that organises and analyses the mailing of newsletters. The data provided when registering for the newsletter (e.g. the e-mail address) will be stored on the servers of CleverReach in Germany or Ireland.
The newsletters we mail with CleverReach allow us to analyse the behaviour of the newsletter recipients. For example, we can analyse how many recipients opened the newsletter and how often which link in the newsletter was clicked. Using so-called conversion tracking, we can also analyse whether the user performed a pre-defined action (e.g. purchasing a product on our website) after clicking on the link in the newsletter. For more information about data analysis through CleverReach newsletters, visit https://www.cleverreach.com/en/features/reporting-tracking/ .
We will process any data only with your consent in accordance with Art. 6 (1) (a) GDPR. You may revoke your consent at any time by unsubscribing from the newsletter. The data processed before we receive your request may still be legally processed. If you do not want your data to be analysed by CleverReach, you need to unsubscribe from the newsletter. We will provide a link for this purpose in every newsletter.
The data provided when registering for the newsletter will be used to distribute the newsletter and stored until you cancel your subscription, when said data will be deleted from both our and CleverReach servers. Data we have stored for other purposes (e.g. e-mail addresses for the members area) remain unaffected.
For more information, please see the CleverReach privacy policy at https://www.cleverreach.com/en/privacy-policy/
4 Analytics and Cookies
When you use our Service and, where legally required, if you have consented, We place so-called ‘cookies’ on your computer to offer you a larger range of functions and to organise the use of the Service in a convenient and needs-based manner. Cookies are small files which are assigned to the browser used by you and stored on your hard drive and provide the party placing the cookie, i.e. Us, with certain information.
We use the following types of cookies:
4.1 Mandatory cookies - the ones enabling the functions and performances requested by you from the Service
We in particular use a cookie to document your approval of the use of cookies. We store this cookie for one year.
4.2 Functional cookies - the ones remembering your settings to organise the Service in a more user-friendly manner
We in particular use a cookie remembering the graphical interface settings.
4.3 Performance / analytics cookies - the ones collecting pseudonymous information on the websites visited by you
Within our Service, we use Google Analytics, a web analytics service provided by the Google Inc. (“Google“). As a general rule, the information generated by the cookies about your use of this Service will be transferred to a server of Google in the United States and will be stored there. Within our Ser-vice, however, the so-called ‘IP anonymisation’ is enabled, so that your IP address will first be short-ened by Google within the Member States of the European Union or in other countries which are par-ties to the Agreement on the European Economic Area. The entire IP address will be transmitted to a server of Google in the United States and will be shortened there only in exceptional cases. Google will use this information on our behalf to analyse your use of the Service, to compile reports about the Website activities and to provide Us with additional services related to the use of the Website and the use of the Internet. The IP address transmitted by your browser within the framework of Google Analytics will not be amalgamated with any other data of Google.
More detailed information on how Google uses your data and on Google Analytics is available in the Terms and Conditions of Use [https://www.google.com/analytics/terms/gb.html], the Privacy Policy [http://www.google.de/intl/en-GB/policies/privacy/] or in these Google instructions [https://www.google.com/intl/en-GB/policies/privacy/partners/]
As far as this data is to be regarded as personal data, the processing of the data is carried out on the basis of legal provisions which authorise the data processing because we have an overriding legitimate interest in a demand-oriented design as well as the statistical evaluation of our Services (e.g. Art. 6 para. 1(f) GDPR, Sec. 15 para. 3 TMG); or on the basis of a provided consent (e.g. by clicking accept on our cookie banner).
Most Internet browsers allow you to block or prevent storing cookies. You may configure the browser settings accordingly and block the acceptance of cookies, e.g. by following the instructions for the browser used by you, retrievable at http://www.allaboutcookies.org/, or using any other technical tool to this end, if possible. However, we would like to draw your attention to the fact that you might probably no longer be able to use all functions of this Website in such case.
In addition, you can prevent the registration of the data created by the cookie and related to your use of our Service (incl. your IP address) to Google as well as the processing of such data by Google by downloading and installing the browser plug-in available at the following link [https://tools.google.com/dlpage/gaoptout?hl=en-GB].
5 Recipients of Data
Besides the cases explicitly specified in this Data Protection Notice, your personal data is disclosed to the following recipients:
- We are a company which operates on an international scale and is part of a larger group of companies. Certain personal data, e.g. data specified by the user upon registration, may be disclosed to our affiliated companies for internal administration purposes incl. joint customer care and customer relationship management.
- Occasionally, We rely on other affiliated group companies or on third-party companies and external service providers to render our service, e.g. for hosting parts of the Service or the re-lated data. In such cases, the data is disclosed to these companies to enable processing by them. These service providers are carefully selected and may exclusively process the data ac-cording to our instructions.
- Within the scope of enhancing our business, it may be the case that our company structure transforms in that its legal form is changed, subsidiaries, company parts or units are estab-lished, purchased or sold. In case of such transactions, the customer information is disclosed together with the transferred assets, if required. In case of each disclosure of personal data to third parties to the extent described above, we ensure that this is made in accordance with this Data Protection Notice and the applicable data protection laws.
- If required to clarify any unlawful and/or abuse use of the Service or for legal prosecution, personal data can be forwarded to the law enforcement authorities and to potentially aggrieved third parties. Such forwarding is only made, however, if indications for any unlawful and/or abusive behaviour exist. Data may also be disclosed if this serves to enforce terms and condi-tions of use or other agreements. We are additionally required by law to provide specific pub-lic bodies with information upon request. This may include law enforcement authorities, public authorities prosecuting administrative offences entailing a fine and tax authorities.
The aforementioned disclosures may result in such data being processed in countries outside of the European Economic Area (“EEA”) (i.e. in a third country). Each transmission of data to a third country is made under observance of the applicable data protection laws. If the European Commission has not established the existence of an adequate level of protection for a third country, We provide rea-sonable guarantees to ensure adequate protection of your data. This may be made, e.g., by conclud-ing data processing agreements containing EU standard data protection clauses which offer appro-priate guarantees according to the European Commission (accessible at: http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm).
In the case of certain service providers that are being engaged as data processors in the U.S. we transfer data based on the data recipients’ certifications under the EU-US-Privacy Shield (acknowledged by the European Commission in its resolution dated 12 July 2016).
6 Abuse Detection and Prosecution
We usually store any information for abuse detection and prosecution, in particular your IP address, as long as necessary, for this purpose including for investigating or prosecuting a specific incident. This data is stored and used based on statutory provisions according to which these data pro-cessing activities are justified in that: We have an overriding legitimate interest in ensuring the func-tionality and security of the Service and in preventing fraud (e.g. Art. 6 para. 1 f) GDPR).
7 Storage Period
We delete or anonymize your personal data as soon as it is no longer needed for the purposes for which we have collected or used the data as per the this Data Protection Notice. We normally store your personal data for the period of use and the term of the contract about the Services and retain them beyond that to the extent required for purposes of criminal investigation or to secure, assert or enforce legal claims.
If you cancel your user account, your profile is deleted.
To the extent data must be retained for legal reasons, these data are deleted only after the expiration of this period and are blocked until then. The data are then no longer available for any further use except for the purposes of the legal retention period.
After deletion from our operational systems, the data remains for a certain period in the back-up cop-ies in our revolving data-backup process and are then, however, automatically deleted in the course of this process at the end of the backup cycle.
8 Your Rights as a Data Subject
You have certain rights with respect to your personal data:
Right of access: You have the right to receive from Us information about the personal data relating to you which are processed by Us as set forth in Art. 15 GDPR.
Right to rectification: You have the right to demand that We correct personal data relating to you if those data are incorrect.
Right to erasure ("right to be forgotten"): You have the right to demand that We delete personal data relating to you under the prerequisites described in Art. 17 GDPR. These prerequisites establish especially a right to deletion if the personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
Right to demand restriction of processing: You have the right to demand that We restrict the pro-cessing in accordance with Art. 18 GDPR. This right exists especially if the accuracy of the personal data is in dispute as well as in the event that deletion cannot yet be made due to a need to comply with legal retention requirements.
Right to data portability: You have the right to receive from Us personal data, which you have pro-vided to us, in a structured, commonly used and machine-readable format in accordance with Art. 20 GDPR. This includes the right to have the data transmitted to another controller. This right exists where the data is processed by automated means and on the basis of either your consent or a con-tract.
Right to object: You have the right to submit an objection against the processing of personal data relating to you for reasons resulting from your specific situation. We will stop processing your per-sonal data unless We can prove important reasons for the processing which deserve protection which outweigh your interests, rights and freedoms or if the processing serves to assert, exercise or defend against legal claims.
Moreover, you have the right to file a complaint with a supervisory authority.
9 Contact
If you have any questions regarding our way of handling your personal data, or if you want to exer-cise the rights mentioned under clause 7 as a data subject, you can contact us at:
Datenschutzbeauftragter@bigdutchman.de
10 Modifications of this Data Protection Notice
We always keep this Data Protection Notice up to date. Therefore, we reserve the right to modify it from time to time and to update modifications of the collection, processing or use of your data. The current version of the Data Protection Notice can always be retrieved under the “Data Protection” section within the Service.
11 Datadog, Inc
Our website uses functions of the Datadog, Inc network Provider is Datadog, Inc, 620 8th Avenue, Floor 45, New York, NY 10018; Email: gdpr@datadoghq.com.
Each time one of our pages containing functions of Datadog, Inc. is called up, a connection to servers of Datadog, Inc. is established. As far as we are aware, no personal data is stored in this process. In particular, no IP addresses are stored or the usage behavior is evaluated.
Further information on data protection and the Datadog, Inc, Share button can be found in the data protection declaration of Datadog, Inc at: https://www.datadoghq.com/legal/privacy/.
Back to Portal