1. Who are we?
1.1. We are Fox & Sheep GmbH (“Fox & Sheep“). You can reach us under the following contact data:
Oberwallstr. 9
10117 Berlin
[email protected]
1.2. Fox & Sheep is a “data controller” as defined by the applicable data privacy regulations. This means that we are responsible for deciding how to store and use your personal data.
1.3. This policy notifies you how we process personal data that we collect from you or that you give us.
1.4. This policy pertains to data collected about you when you use our website and our mobile applications (called “website” and “mobile apps” hereinafter).
2. What data do we collect?
2.1. We collect the following data in connection with your use of our website and the mobile apps:
2.1.1. Details about contact with our support team and the data you provide in this context (e.g. contact data);
2.1.2. Details about your visits to our website and use of the mobile apps (e.g. location data, weblogs, other communication data and resources you use);
2.1.3. Information about your use of our information and communications systems;
2.1.4. Browser information and online identifiers (such as your browser types, your browser version, your host operating system, your browser language and your IP address);
2.1.5. Information about your visit to the websites and use of the mobile apps (such as URLs, clickstream to, on, and away from our website, page reaction times, download errors, duration of visits to particular pages, information about interaction between pages (such as scrolling, clicks, and mouse movements) and methods of leaving the page);
2.1.6. Aggregated information (such as aggregated data traffic information that is collected during your visit to the websites and use of the mobile apps).
2.2. If you have consented to receiving a newsletter:
2.2.1. The email address you provided.
2.3. We do not knowingly collect personal information of children (i.e. individuals under 18 years old) in connection with visits to our website and use of our mobile apps. If it is brought to our attention that we have received data from individuals under 18 years old, we will make appropriate efforts to remove it from our records.
3. For what purposes do we process your data?
3.1. We process the data listed in number 2.1 for the following purposes:
3.1.1. To ensure a smooth connection to the website and running of the mobile apps;
3.1.2. To ensure comfortable use of our website and the mobile apps;
3.1.3. To evaluate system security and stability;
3.1.4. To process your support requests;
3.1.5. For other administrative purposes.
3.2. We only process the data listed in number 2.2 for marketing purposes to provide you with information about our products and services in a newsletter, if you have given us your permission to do this. You have the right to revoke consent to the use of your data for marketing purposes at any time with effect for the future. Please contact [email protected] by email to do this.
4. On what legal basis do we process your data?
4.1. The legal basis for the processing described in numbers 3.1 arises from our legitimate business interest pursuant to Art. 6 (1), sentence 1, point (f) of the GDPR.
4.2. The legal basis for the processing described in numbers 3.2 arises from your consent pursuant to Art. 6 (1), sentence 1, point (a) of the GDPR.
5. Transmission of your data
5.1. Subject to explicit regulations otherwise in this policy, your data is only transmitted to third parties if
5.1.1. We have received your explicit consent to this pursuant to Art. 6 (1), sentence 1, point (a) of the GDPR;
5.1.2. The transmission is necessary pursuant to Art. 6 (1), sentence 1, point (f) of the GDPR to establish, exercise, or defend legal claims and there is no reason to assume that you have a prevailing protected interest in non-transmission of your data;
5.1.3. If a statutory obligation exists in regard to the transmission pursuant to Art. 6 (1), sentence 1, point (c) of the GDPR; and
5.1.4. This is legally permissible and is required to process contractual relationships with you pursuant to Art. 6 (1), sentence 1, point (b) of the GDPR GDPR.
5.2. If you have consented to receive newsletters, your email address will be transmitted to service providers of Fox & Sheep that support us technically in sending our newsletters. Such transmission takes place solely within the framework of a contract data processing agreement under which we have authority to issue instructions in regard to the affected data. If the service provider’s registered office is outside the EU or the EEA, we ensure a level of data privacy that complies with applicable data privacy regulations.
5.3. If you click on an affiliate link on our website or in our mobile apps, the relevant vendor of the shop only receives from us the information that the click came from our website or our mobile app.
6. Links to other websites
6.1. The website and our mobile apps may contain links to third-party websites. If you follow a link to such a website, please note that your use of such a website is subject to the data privacy conditions of said website and that we assume no responsibility or liability for your use of such a website. Please read the data privacy conditions of this third-party website before transmitting personal data to such a website.
7. Storage and deletion of your data
7.1. We only store your personal data as long as necessary to fulfill the purposes for which we collected it, including to fulfill legal, accounting, or reporting obligations.
7.2. In some cases, we may anonymize your personal data so that it can no longer be linked to you; in such a case, we may use this data without further notifying you.
8. Cookies
We use cookies on our website and our mobile apps. Cookies are small files automatically created by your browser and stored on your end device (laptop, tablet, smartphone, etc.) when you visit our website or use our mobile apps. Cookies do not harm your end device and do not contain viruses, Trojan horses or other malware. The cookie stores information created in connection with the specific end device used. However, this does not mean that we obtain direct knowledge of your identity. One purpose of cookies is help us make using our offer more enjoyable for you. For example, we may use so-called session cookies to detect that you have already visited individual pages on our website or used our mobile apps. These are automatically deleted after your leave our website or our mobile apps. We also use temporary cookies to optimize user friendliness. They are stored on your end device for a specific fixed amount of time. If you visit our website or use our mobile apps to access our services again, it is automatically recognized that you have already been there and what inputs and settings you provided so that you need not enter these again. We also use cookies to record statistics about the use of our website or mobile apps and analyze them in order to optimize our offer for you (see number 3). If you visit our website or our mobile apps again, these cookies allow us to automatically detect that you have already been there. These cookies are always automatically deleted after a defined time. The data processed by cookies is needed for the stated purposes to protect our legitimate interests as well as those of third parties pursuant to Art. 6 (1), sentence 1, point (f) of the GDPR. Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or so that a notice always appears before a new cookie is created. However, wholesale deactivation of cookies may lead to you not being able to use all the functions of our website or our mobile apps.
9. Analytical tools
9.1. Tracking tools
The tracking measures listed below and used by us are implemented based on Art. 6 (1), sentence 1, point (f) of the GDPR. The tracking measures used are intended to ensure needs-based design and continuous optimization of our website or our mobile apps. We also use tracking measures to record statistics about the use of our website or mobile apps and analyze them in order to optimize our offer for you. These interests are legitimate as defined by the regulation cited above. The particular data processing aims and data categories can be found in the corresponding tracking tools.
9.1.1. Google Analytics
For purposes of needs-based design and continuous optimization of our pages, we use Google Analytics, a web analysis service of Google Inc. (https://www.google.com/intl/de/analytics/ ) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter “Google“). Pseudonymized use profiles are generated and cookies (see number 4) are used in this context. The information about your use of our website or our mobile apps generated by the cookie, such as
You can prevent cookies from being installed by disabling the corresponding setting in your browser software; however, we advise that in this case the full functionally of our website may not be able to be used. You can also prevent the collection of the data generated by the cookie about your use of our website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de ). As an alternative to the browser add-on, especially for browsers on mobile end devices, you can also prevent collection by Google Analytics by clicking on this link. An opt-out cookie is placed that prevents the future collection of your data when visiting our website. The opt-out cookie is only active in this browser and only for our website and is stored on your device. If you delete cookies on this browser, you must replace the opt-out cookie. You can find further information about data privacy in relation to Google Analytics in Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=de ).
9.1.2. Google Adwords conversion
We also use Google conversion tracking to record statistics about the use of our website or our mobile apps and analyze them in order to optimize our website or our mobile apps for you. Google Adwords places a cookie (see number 8) on your computer if you arrived at our website through a Google ad on our website or our mobile apps. These cookies expire after 30 days and do not act as personal identification. If the user visits certain pages on the website or mobile apps of the Adwords customer and the cookie has not yet expired, Google and the customer can detect that the user clicked on the ad and was forwarded to this page. Data privacy authorities require a contract data processing agreement to be concluded for lawful use of Google Analytics. Google offers a template at http://www.google.com/analytics/terms/de.pdf. Every Adwords customer receives a different cookie. Cookies therefore cannot be traced through the websites or mobile apps of Adwords customers. The information obtained using conversion cookies helps create conversion statistics for Adwords customers that have chosen to use conversation tracking. Adwords customers learn the total number of users who have clicked on their ad and been forwarded to a website or mobile app that has a conversion tracking tag. However, they do not receive any information that could personally identify users. If you don’t want to participate in tracking, you can also refuse placement of a cookie required for this, for example using a browser setting that deactivates automatic placement of cookies in general. You can also deactivate cookies for conversion tracking by setting your browser so that cookies from the domain “www.googleadservices.com” are blocked. You can find Google’s data privacy notice about conversion tracking here (https://services.google.com/sitestats/de.html).
9.1.3. Matomo
We use the open source software Matomo for analysis and statistical evaluation of the use of the website or our mobile apps. This uses cookies (see number 4). The information about website use or the use of our mobile apps generated by the cookie is sent to our servers and summarized in pseudonymous use profiles. The information is used to analyze the use of our website or our mobile apps and to allow needs-based design of our website or our mobile apps. The information is not disclosed to third parties. Under no circumstances is the IP address linked to other data about the user. IP addresses are anonymized to make association impossible (IP masking). Your visit to our website or our mobile app is recorded live by Matomo web analysis. Click here (https://matomo.org/privacy-policy/ ) to prevent your visit from being logged.
9.1.4. Facebook Analytics for Apps (Facebook Inc.)
Facebook Analytics for Apps is an analytics service provided by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. The data collector in this regard is Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland). Facebook Analytics for Apps collects the usage data and various types of personal data as specified in the privacy policy of the service (https://www.facebook.com/about/privacy/).
We use Facebook Analytics for Apps for analysis and statistical evaluation of the use of our apps. We can use the statistics we obtain to improve our services and to make our apps for you as a user more interesting. For the cases, in which personal data is transferred to the USA, Facebook uses standard data protection clauses adopted by the European Commission. Furthermore, the transfer of data from the EEA to the United States and other countries can be based on adequacy decisions of the European Commission. For further information please click https://www.facebook.com/about/privacy/.
9.1.5. Fabric Answers (Google Inc.)
Fabric Answers is an analytics service provided by Crashlytics, a business division of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter “Google“) (“Crashlytics“). In order to understand Google’s use of data, please consult Google’s partner policy under (https://policies.google.com/privacy).
This service of Fabric Answers is designed for mobile apps analytics and can collect various information about your mobile phone, highlighted in the Fabric Answers privacy policy (https://policies.google.com/privacy). In particular, this application uses identifiers for mobile devices (including Android Advertising ID or Advertising Identifier for iOS, respectively) and technologies similar to cookies to run the Fabric Answers service. Fabric Answers may share data with other tools provided by Crashlytics, such as Crashlytics or Twitter. You can check the privacy policy of Google (https://policies.google.com/privacy) to find a detailed explanation about the other tools used. You can opt-out certain Fabric Answers features through applicable device settings, such as the device advertising settings for mobile phones or by following the instructions in other Fabric related sections of this privacy policy, if available.
Fabric Answers collects the following personal data: cookies, unique device identifiers for advertising (Google Advertiser ID or IDFA, for example) and usage data. This personal data is processed in the USA by Google. Please see the privacy policy of Google (https://policies.google.com/privacy) in this regard.
10. Social Media Plug-Ins
10.1. On the basis of Art. 6 (1), sentence 1, point (f) of the GDPR, we place social media plug-ins of the social networks Facebook, Twitter, and Instagram on our website or our mobile apps to raise our company’s profile through them. The advertising purpose behind this is considered a legitimate interest as defined by the GDPR. Responsibility for operation that complies with data privacy must be guaranteed by the respective providers. We incorporate these plug-ins using the so-called two-click method to protect users of our website or our mobile apps as well as we can.
10.1.1. Facebook
Our website or our mobile apps use Facebook social media plug-ins to personalize use. We use the “LIKE” or “SHARE” button to do this. This is an offer provided by Facebook. If you access a page of our website or our mobile apps that contains such a plug-in, your browser establishes a direct connection to Facebook’s servers. Facebook sends the content of the plug-in directly to your browser, which incorporates it into our website or our mobile apps. The incorporation of the plug-ins gives Facebook the information that your browser has accessed the relevant page of our website or our mobile apps even if you do not have a Facebook account or are not logged into Facebook. This information (including your IP address) is sent by your browser directly to a Facebook server in the USA and stored there. If you are logged into Facebook, Facebook can directly associate the visit to our website or our mobile apps with your Facebook account. If you interact with the plug-ins, for example by clicking the “LIKE” or “SHARE” button, the corresponding information is also sent directly to a Facebook server and stored there. The information is further published on Facebook and shown to your Facebook friends. Facebook may use this information for purposes of advertisement, market research, and needs-based design of Facebook pages. Facebook generates use, interest, and relationship profiles for this purpose, e.g. to analyze your use of our website or our mobile apps in relation to the advertisements displayed to you on Facebook, to inform other Facebook users about your activities on our website or our mobile apps, and to perform other services related to the use of Facebook. If you do not want Facebook to associate the data collected through our website or our mobile apps with your Facebook account, you must log out of Facebook before your visit to our website or our mobile apps. Please find the purpose and scope of the data collection and further processing and use of the data by Facebook as well as your rights in this regard and possible settings for protecting your privacy in Facebook’s data privacy policy (https://www.facebook.com/about/privacy/).
10.1.2. Twitter
Plug-ins of the news and social network Twitter Inc. (Twitter) are integrated into our website or our mobile apps. You can recognize the Twitter plug-ins (tweet button) by the Twitter logo on our website or our mobile apps. You can find an overview of tweet buttons here (https://about.twitter.com/resources/buttons). If you access a page of our website or our mobile apps that contains such a plug-in, a direct connection is created between your browser and the Twitter server. Twitter thereby receives the information that you have visited our website or our mobile apps with your IP address. If you click the Twitter “tweet button” while you are logged into your Twitter account, you can link to the content of our websites on your Twitter profile. This allows Twitter to associate the visit to our website or our mobile apps with your user account. We advise that, as the provider of our website or our mobile apps, we have no awareness of the content of the transmitted data or the use thereof by Twitter. If you do not want Twitter to be able to associate the visit to our website or our mobile apps, please log out of your Twitter user account. You can find further information about this in Twitter’s privacy policy (https://twitter.com/privacy).
10.1.3. Instagram
Our website or our mobile apps also use so-called social plug-ins (“plug-ins”) of Instagram that are operated by Instagram 3 LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram“). The plug-ins are identified by an Instagram logo, for example in the form of an “Instagram camera.” If you access a page of our website or our mobile apps that contains such a plug-in, your browser establishes a direct connection to Instagram’s servers. Instagram sends the content of the plug-in directly to your browser, which incorporates it into the page. This incorporation gives Instagram the information that your browser has accessed the relevant page of our website or our mobile apps even if you do not have an Instagram account or are not logged into Instagram. This information (including your IP address) is sent by your browser directly to an Instagram server in the USA and stored there. If you are logged into Instagram, Instagram can directly associate the visit to our website or our mobile apps with your Instagram account. If you interact with the plug-ins, for example by clicking the “Instagram” button, this information is also sent directly to an Instagram server and stored there. The information is also published on your Instagram account and displayed to your contacts there. If you do not want Instagram to associate the data collected through our website directly with your Instagram account, you must log out of Instagram before your visit to our website or our mobile apps. You can find further information about this in Instagram’s privacy policy (https://help.instagram.com/155833707900388).
11. YOUTUBE
11.1. In order to incorporate videos, our website uses the provider YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA, represented by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Normally, your IP address is sent to YouTube and cookies are installed on your computer as soon as you access a page with embedded videos. However, we have incorporated our YouTube videos using the enhanced data privacy mode (in this case, YouTube still contacts Google’s Double Click service, but according to Google’s privacy policy no personal data is analyzed). As a result, YouTube does not store more information about visitors unless you view the videos. If you click the video, your IP address is sent to YouTube and YouTube learns that you have viewed the video. If you are logged in to YouTube, this information is associated with your user account (you can prevent this by logging out of YouTube before accessing the video).
We have no knowledge of and no influence on potential further collection or use of your data by YouTube. You can find more detailed information in YouTube’s privacy policy under https://policies.google.com/privacy?hl=de&gl=de. We also refer to number 8 of this Privacy Policy in regard to general handling of and deactivation of cookies.
12. ADVERTISING
12.1. SuperAwesome
SuperAwesome is a COPPA compliant advertising network that provides contextual advertising and does not collect identifiers to track users. We use the SuperAwesome Development Kits in some of our apps, which are provided by SuperAwesome Trading Limited, a private limited company incorporated in England (Company Number: 09769338), having its registered office at 22 Long Acre, London, WC2E 9LY (“SuperAwesome“). If you view one of the ads within our apps a hashed ID is created from your IDFA in combination with a randomized ID and non-personal information collected via your device. This hashed ID is also used for the purpose of ad frequency capping. If you as user have limited ad tracking through your device, then a hashed ID will not be created from this technical information and you may see certain ads more repetitively since there would be no ad frequency capping enabled.
Information that is collected through our apps by SuperAwesome in this regard will only be available to SuperAwesome as well as Fox & Sheep and is not shared with any third party. You can find further information about this under https://www.superawesome.com/privacy-hub/awesomeads-privacy-policy/
12.2. Facebook Ads conversion tracking (Facebook, Inc.)
Facebook Ads conversion tracking is an analytics service provided by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. The data collector in this regard is Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland). Facebook Ads conversion tracking connects data from the Facebook advertising network with actions performed on this app. Facebook Ads conversion tracking collects the usage data and cookies as specified in the privacy policy of the service (https://www.facebook.com/about/privacy/).
We use Facebook Ads conversion tracking for analysis and statistical evaluation of the use of our apps. We can use the statistics we obtain to improve our services and to make our apps for you as a user more interesting. For the cases, in which personal data is transferred to the USA, Facebook uses standard data protection clauses adopted by the European Commission. Furthermore, the transfer of data from the EEA to the United States and other countries can be based on adequacy decisions of the European Commission. For further information please click https://www.facebook.com/about/privacy/.
13. Your rights
You have the right:
13.1. Under Art. 15 GDPR, to request information about your personal data that we process. In particular, you can request information about the purposes of the processing, the categories of personal data concerned, the categories of recipients to whom the personal data has been or will be disclosed, the envisaged period for which it will be stored, the existence of a right to rectification, erasure, restriction of processing, or objection, the existence of a right to lodge a complaint, the source of your information if it was not collected from us, and the existence of automated decision-making, including profiling, and, if applicable, meaningful information about the details;
13.2. Under Art. 16 of the GDPR, to request the rectification of inaccurate or completion of the personal data stored by us without undue delay;
13.3. Under Art. 17 of the GDPR, to request erasure of personal data stored by us unless the processing is necessary to exercise the right to free expression and information, to comply with a legal obligation, for reasons of public interest, or to establish, exercise, or defend legal claims;
13.4. Under Art. 18 of the GDPR, to request the restriction of processing of your personal data if you contest the accuracy of the data, if the processing is unlawful but you oppose erasure, and we no longer need the data, but you need it to establish, exercise, or defend legal claims or you have objected to processing under Art. 21 of the GDPR;
13.5. Under Art. 20 of the GDPR, to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or to request transmission to another controller;
13.6. Under Art. 7 (3) of the GDPR, to revoke at any time the consent you granted to us. The consequence of this is that we may in future no longer continue the data processing based on this consent and
13.7. Under Art. 77 GDPR, to lodge a complaint with a supervisory authority. In general, you can do this with the supervisory authority of your habitual residence or place of work or our corporate headquarters.
14. Right to object
Insofar as your personal data is processed based on legitimate interests pursuant to Art. 6 (1), sentence 1, point (f) of the GDPR, you have the right under Art. 21 of the GDPR to object to the processing of your personal data if there are grounds that arise from your particular situation or the objection is to direct marketing. In the latter case, you have a general right to object that we will implement without requiring any particular situation. If you wish to make use of your right to revoke consent or to object, an email to [email protected] suffices.
15. Data security
We make use of appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, full or partial loss or destruction, and unauthorized access by third parties. Our security measures are continuously being improved as technology develops.
16. Up-to-dateness and amendment of this data privacy policy
This data privacy policy is currently valid as of December 2018. Because of the continuing development of our website, our mobile apps, and offers beyond these or because of changing statutory or regulatory standards, it may become necessary to amend this data privacy policy. You can access and print out the current up-to-date data privacy policy at any time on the website under https://www.foxandsheep.com/privacy-policy-apps/ .