Last Revised: 20/08/2020
PLEASE READ THIS UNIVERSAL DATA PROTECTION AGREEMENT CAREFULLY, AS IT CONTAINS IMPORTANT INFORMATION REGARDING YOUR LEGAL RIGHTS AND REMEDIES.
This Privacy Notice sets forth the terms and conditions related to the data processing activities carried out by The Global Beauty and Wellness Awards Management Team within Amcity B.V. (Molenstraat 20, 7551DC Hengelo, Netherlands, firstname.lastname@example.org) (hereinafter referred to as the “Provider”), related to the website operated by the Provider, specified below, and relating to the following specific areas:
a. registrations and nominations to the GBWA award
b. customer service related to registrations and nominations
b. newsletter subscription from the Website
c. business contact requests made
via the following Website: https://thegbwa.com/ The Provider, acting as a Data Controller, hereby agrees to be bound by the contents herein. The Provider hereby undertakes to ensure that all data processing activities carried out in relation to its business activities pursued are fully compliant with the requirements stipulated herein, and by the governing laws. The purpose of this Privacy Notice is to ensure for all Users (hereinafter referred to as the “Users”), for the purposes of making various professional publications available for download via the Websites, and to make business contacts and to register companies and influencers in order to match them with each other, to be able to exercise their rights and essential freedoms, with particular regard to their right to privacy, during the course of an automated processing of their personal data (hereinafter referred to as “data protection”). The Provider fully respects the Users’ personal rights. The Provider is obliged to process the Users’ personal data recorded in a fully confidential nature, in full alignment with the applicable data protection laws and international guidelines, and the provisions herein. When subscribing to the newsletter, and/or making a business contact, Users automatically accept the following terms and conditions, and provide their consent to the data processing activities specified below being carried out by the Provider.
- Data Subject (User):
any natural person identified or identifiable – either directly or indirectly – based on any Personal Data.
- Personal Data:
any information relating to the Data Subject – in particular family name, given name, company name, position, phone number, email, application information – and any conclusion that can be drawn in relation to the Data Subject based on the same.
- Special Personal Data:
- Personal Data revealing racial or ethnic origin, political opinions or affiliations, religious or philosophical beliefs, trade union membership, or sexual orientation
- Personal Data concerning health, pathological addictions, or criminal records.
- The Data Subject’s Consent:
any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes, by which he/she, by a clear affirmative action, signifies agreement to the – full scale or limited to certain specific data processing operations – processing of Personal Data relating to him/her.
- The Data Subject’s Objection
a declaration made by the Data Subject, objecting to the processing of his/her personal data, and requesting the termination of data processing, or a deletion of the data processed.
- Data Controller:
the natural or legal person, or any other organisation without legal personality, which, alone or jointly with others, determines the purposes of the data processing activities, makes the decisions related to the data processing operations (including the tools used) and implements the same, or procures a Data Processor to implement the same.
- Data Processing:
any operation, or set of operations, which is performed on the data, regardless of the exact method used, such as the collection, recording, organisation, structuring, storage, alteration, use, retrieval, transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction, and the prevention of any further use of the data, the making of photos, sound recordings or pictures, or the recording of any physical characteristics suitable to identify a given person (e.g. fingerprints, palm prints, DNA sample, iris scan).
- Data Process:
performing technical tasks in connection with data processing operations, irrespective of the method and means used for executing the operations, or the place of execution, provided that the technical task is performed on the data.
- Data Processor:
any natural or legal person, or organisation without legal personality, processing the data on the grounds of a contract with the Data Controller, including contracts concluded pursuant to legislative provisions.
- Data Transfer:
ensuring access to the data for a specific third party.
ensuring open access to the data.
- Data Deletion:
making personal data unrecognisable in a way that it can never again be restored.
- Blocking of Data:
marking the data with a special ID tag, to indefinitely or definitely restrict its further processing.
- Data Destruction:
complete physical destruction of the data carrier recording the data.
- Third Person:
any natural or legal person, or organisation without legal personality other than the Data Subject, the Data Controller, or the Data Processor.
- Business Advertising:
any communication, information or method of representation, the aim of which is to promote the sale or use in any other way of movable property that is tradeable – including money, securities, financial instruments, and natural resources that can be utilized in the same way as things – (hereinafter collectively referred to as the “Product”) or of services, immovable property and acquired rights (hereinafter collectively referred to as the “Goods”), or the aim of which is, in connection with the objective mentioned above, to popularize the name, designation or activity of an undertaking, or to make any goods or designations of goods more widely known (hereinafter referred to as “Advertising”).
2. THE DATA CONTROLLER’S DATA
Name: Amcity B.V. (Molenstraat 20, 7551DC Hengelo, Netherlands), VAT No.: NL860335884B01, e-mail address: email@example.com. The above specified e-mail address is only provided for the purposes of receiving queries and complaints related to the Provider’s data processing activities carried out, and this Privacy Notice.
3. THE PURPOSE OF THE DATA PROCESSING ACTIVITIES
All data supplied by the Users shall be processed by the Provider strictly tied to a specific purpose, and solely for the purposes of processing a user’s registration and nomination, making a business approach, or sending a limited number of marketing messages and newsletters and executing awards nominations and customer service duties.
4. DATA PROCESSING ACTIVITIES PURSUED FOR OTHER PURPOSES
The Users are hereby informed on the fact that the courts, the public attorney’s office, the law enforcement agencies, or the agencies investigating other non-compliance, may contact the Provider and request that the Provider discloses or transfers information, or the Users’ personal data, or any related documents to them. The Provider will comply with all such lawful requests made (provided that the official authority has specified the exact purpose and the scope of data to be supplied), but will solely disclose personal data to the extent absolutely necessary in order to implement the original objectives of the given official authority request made.
5. THE LEGAL BASIS OF THE DATA PROCESSING ACTIVITIES
The Provider’s data processing activities are carried out based on the Users’ voluntary consent given, pursuant to GDPR’s rules and regulations. The User’s consent to the various types of data processing activities is provided when the User voluntarily discloses any information for the purpose of the GBWA.
6. DURATION OF THE DATA PROCESSING ACTIVITIES
The processing of the personal data will start when the User registers through the Websites, or for a business contact to be made, via the online platform provided for such purposes, and shall end when the User unsubscribes from the same. Users shall be entitled to request a deletion or modification of their data any time, via any form of electronic communication, by using the unsubscribe menu item provided in the footnotes. Once such a request is received, the Provider shall erase the User’s personal data with a permanent effect from its system, in a form ensuring that it can no longer be restored. The deadline for the erasure of data shall be 3 business days upon the request for data erasure was received by the Provider.
THE SCOPE OF PERSONAL DATA PROCESSED: subscription to a newsletter: family name, given name, company name, position, phone number, email, application information.
7. THE SCOPE OF PERSONS AUTHORISED TO GET ACCESS TO THE DATA
The persons authorised to get access to the data shall be strictly limited to the Global Beauty & Wellness Awards Management Team within the Provider (Amcity B.V. Molenstraat 20, 7551DC Hengelo, Netherlands, firstname.lastname@example.org) Any related personnel shall not publish the data, or disclose the data to any third parties, and who shall be authorised to solely use the data for the specific purposes defined herein. The Provider shall be entitled to involve a third-party Data Processor (such as a system administrator) for the purposes of operating the underlying IT system. Data processing activities The Data Controller transfers the Users’ personal data to the following third parties: Data Processor’s name: GoDaddy Inc. (14455 N. Hayden Rd., Ste. 226. Scottsdale, AZ 85260 USA). The Provider selects its business partners after due consideration made, and the selected Data Processors shall be obliged to treat all confidential data obtained during the course of performing their duties, and rendering their services, in full compliance with the applicable laws, and the Provider’s data protection standards.
8. DATA SECURITY
The Provider shall take all necessary steps to ensure the safety of the personal data supplied by the Users when subscribing to the Newsletters, during the course of storing and safeguarding the data. The Provider provides strictly restricted access to the personal data, in order to avoid any unauthorised access, or any unauthorised modification or use of the personal data. The Provider’s IT system and network is adequately protected from any fraud, spying, sabotage, or vandalism potentially occurring during the use of the IT systems, or from any fire or flood, or any computer viruses, or computer system hacker activity. The Provider shall be obliged to provide adequate protection during the data processing activities carried out, in the following areas:
- secrecy: the Provider shall protect the personal data, by enabling access to the same only for duly authorised persons
- data integrity: the Provider shall protect the integrity of the data, as well as the precise nature of the data processing methodology used.
9. THE USERS’ RIGHTS AND LEGAL REMEDY AVAILABLE
You have the following rights with respect to your personal data:
– Right to information,
– Right to rectification or deletion,
– Right to restriction of processing,
– Right to object to the processing,
– Right to data transfer,
– Right on confirmation.
Right to receive information
Users shall have the right to request information from the Provider, with regards to their personal data being processed by the Provider. Upon the Users’ request, the Provider shall supply information to the Users regarding the specific data processed about them, the exact purposes, the legal basis, and duration of the data processing activities carried out, as well as the list of persons having received or receiving the data in the future, and for what exact purposes. The Provider shall send a written reply to the User, within 30 days upon the receipt of such information request. If the Users have any query or comments, with regards to the data processing activities carried out by the Provider, the Users may contact the Provider’s delegated staff member, at any of the contact details provided below. Users shall be entitled to request the Provider to rectify or erase any of their data incorrectly recorded. The Provider shall be obliged to erase the data within 3 business days upon the receipt of such request, ensuring that the data cannot be restored. Further, Users shall also be entitled to request the Provider to block their data. When requested so by the User, the Provider shall be obliged to block the personal data, or when it can be assumed based on the information available that an erasure of the data would violate the User’s lawful interests. The personal data blocked this way can only be processed by the Provider for the duration of the specific data processing activities, which previously prevented the data being erased, remaining valid. The Provider shall be obliged to notify the User, and all other persons, to whom the data was previously transferred, for the purposes of data processing activities to be carried out, about the rectification, blocking or erasure of the data. No such notification shall be sent, if this does not violate the Users’ lawful interests, given the specific purpose of the data processing activities carried out. If the Provider fails to comply with its obligation to fulfil the User’s request submitted for the rectification, blocking or erasure of the data, the Provider shall notify the User within 30 days upon receipt of such request about the underlying factual and legal reasons for refusing to comply with the rectification, blocking or erasure request made. Users shall be entitled to object the processing of their personal data in the following cases:
- when the processing (transfer) of their personal data is solely requested to enforce the Data Controller’s or the data recipient’s rights or lawful interests, except when the data processing activities are mandatory by the law
- when the personal data is used or transferred for the purposes of direct marketing, market research, or scientific research activities
- when such right of objection can be exercised for any other reason, by the law. The Provider shall be obliged to investigate any such request submitted including an objection within the shortest possible time frame, or within 15 days, and shall make a decision on whether the request was justified, and shall be obliged to inform the User submitting the request accordingly, in writing.
In case of a request for information, you must provide sufficient information about your identity and provide proof that it is your personal data. The information relates to data that has been stored regarding your person, the origin of the data, the recipient or the categories of recipients to which data has been transmitted and the purpose of the storage. To exercise these rights, please contact us at email@example.com.
If you have given your consent to the processing of your data, you can revoke at any time. Such revocation will affect the admissibility of processing your personal data by us.
You may object to the processing of your personal data for advertising and data analysis purposes at any time.
How you perceive these rights
To exercise any of these rights, please contact our representative at Amcity B.V.’S GBWA team: Amcity B.V., Molenstraat 20, 7551DC Hengelo, Netherlands), firstname.lastname@example.org
Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority in the Member State of its residence, place of work or place of alleged infringement, if you believe that the processing of your personal data infringes on the GDPR.
The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy according to Article 78 GDPR.
The Data Subjects shall be entitled to exercise any of their rights via the following contact details: Amcity B.V. (Molenstraat 20, 7551DC Hengelo, Netherlands), registration number: 75598523, e-mail: email@example.com
Legal remedy available
If the User disagrees with any of the Provider’s decision made on any request submitted, or if the User wishes to file a complaint with regards to the processing of his/her data, the Users shall have the right to file for litigation, to enforce their rights.
GBWA offers PayPal as a possible payment service for PayPal’s registered users as a virtual means of payment.
Responsible Person is: PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.
If the user uses PayPal as a means of payment, personal data of the user will be transmitted to PayPal, to which he ultimately agrees. The personal data includes name, surname, address, email address, IP address, telephone number, if necessary mobile number and other data, which are necessary for the final payment transaction.
The transmission of the data is necessary to prevent any possible misuse. PayPal may transfer your personal information to credit bureaus. This is because PayPal reserves its right to verify the identity and creditworthiness of the user.
In addition to the transfer of data to credit bureaus, it is also possible that PayPal may transfer the personal data to affiliated companies, including subcontractors, as far as this is necessary to fulfill the contractual obligations. The same applies to order processing (see above for more detail)
The data subject may object to processing personal data by PayPal at any time.
The legal basis is Art. 6 para. 1 lit. b) GDPR.
GBWA offers Bunq Bank as a possible payment service provider for the GBWA’s registered users.
Responsible Person is: Bunq Bank, Naritaweg 131-133, 1043 BW, Amsterdam, Netherlands, which acquired its license from the Dutch Central Bank.
Social media on our website and communications
The GBWA uses Mailchimp for sending newsletters. Mailchimp is an online marketing platform operated by The Rocket Science Group LLC, a company headquartered in the State of Georgia in the United States (see https://mailchimp.com/legal/privacy. For newsletter signup, only your email address is transferred to Mailchimp.
We integrated social media platforms on our website via “plug-ins”, which may result in social media providers receiving data from you if necessary. We itemised for you in the following.
The GBWA has integrated Facebook on the website. The Facebook button can be found on the website at the footer.
Responsible for Facebook is:
Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA.
If an affected person lives outside the US or Canada and Facebook processes data, the person responsible is: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland.
If the user clicks on the Facebook button, the website is accessed by Facebook. By accessing Facebook through the website of the GBWA, Facebook will receive the respective reference data of the GBWA. Through this Facebook receives the information that the user has visited the website of the GBWA. The plug-ins used by Facebook can be accessed at: https://developers.facebook.com/docs/plugins/?locale=en_US
If, at the time of visiting GBWA’s website, the user is logged in on Facebook (it does not matter if it is their own Facebook account), Facebook receives further information, such as which pages the user has visited on GBWA`s website. Facebook collects this information, so theoretically it is possible to assign this information to the Facebook account. The same applies to the “Like” button or when using the comment field; Facebook can also assign this information to the respective logged-in Facebook account.
To prevent this, the user has to visit www.thegbwa.com after logging off from Facebook. For this the user has to log out via the website Facebook.com.
For more information on the topic of data protection on Facebook, we refer to the following data policy of Facebook: https://www.facebook.com/about/privacy/
The legal basis is Art. 6 Para. 1 S.1 lit. f) GDPR. We use social media to make the GBWA project better known.
GBWA has integrated the services of Instagram on this website Instagram can be reached via the button in the footer of the website.
Responsible Person is: Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.
If the user clicks on the Instagram button, the website is entered by Instagram. By accessing the Instagram website via the GBWA website (“through clicking the button”), the relevant reference data of GBWA will be transmitted to Instagram. Instagram receives the information that the user has visited the website of the GBWA
If, at the time of visiting GBWA’s website, the user is simultaneously logged in via an Instagram account (it does not matter which Instagram account is logged in), Instagram will receive further information, such as which pages of the user visited. Instagram collects this information, so theoretically there is the possibility to assign this information to the Instagram account.
In order to prevent this, the user has the option of logging out of Instagram before accessing the www.thegbwa.com website. To do this, the user must log off from the Instagram website.
For more information on privacy, we refer to the following data policy from Instagram:
The legal basis is Art. 6 Para. 1 S.1 lit. f) GDPR. We use social media to make the GBWA project better known.
The GBWA has integrated LinkedIn components into its website. LinkedIn can be reached via the button in the blog at the footer of the GBWA website.
Responsible Person is: LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, United States.
If the user clicks on the LinkedIn button, LinkedIn will visit the website. By accessing the LinkedIn website through the GBWA website, LinkedIn is provided with the relevant GBWA reference information. LinkedIn receives the information that the user has visited the GBWA website. The plug-ins used by LinkedIn can be found at: https://developer.linkedin.com/plugins .
If, at the time of visiting the GBWA website, the user is logged in through a LinkedIn account at the same time (no matter if it’s their own LinkedIn account), LinkedIn will receive further information such as which pages the user visits on the GBWA website. LinkedIn collects this information, so there is a theoretical possibility to associate that information to the LinkedIn account.
In order to prevent this, the user has the option of logging out of LinkedIn before accessing the www.thegbwa.com website. To do this, the user must log out via the LinkedIn website.
For more information about privacy at LinkedIn, we refer to the following LinkedIn data policy: https://www.linkedin.com/legal/privacy-policy
The legal basis is Art. 6 Para. 1 S.1 lit. f) GDPR. We use social media to make the GBWA project better known.
Tracking and analytics
For the continuous improvement of our website www.thegbwa.com we use the following tracking and analysis tools. Which personal data is processed in each case and how you can reach the respective service providers, you will find below:
Facebook Custom Audience / Facebook-Pixel
Our website uses Facebook’s “visitor action pixel” for conversion measurement. The legal basis for the use of the application is Art. 6 Para. 1 S. 1 lit. f) DS-GVO. Our legitimate interest lies in the optimisation of our advertising presence and the monitoring of the use of our website.
Responsible person is: Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA.
You can also deactivate the remarketing function “Custom Audiences” in the section Advertisement Settings under https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen . You must be logged in to Facebook.
If you do not have a Facebook account, you can disable Facebook’s usage-based advertising on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/ .
Alternatively, you can prevent Facebook Pixel from collecting your information on our site by clicking on the following link. An opt-out cookie will be set in your browser to prevent your information from being collected on future visits to this site with your current browser: Disable Facebook Pixel
The website www.thegbwa.com uses Google Analytics for the purpose of needs-based and continuous optimization of our website on the basis of Art. 6 Para. 1 S.1 lit. f) GDPR. This is a service for analyzing access to websites of Google Inc. (“Google”) and allows us to improve our website.
Responsible Person is: Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.
Cookies enable us to analyze your use of our website. The information collected by a cookie (IP address, access time, access duration) is transmitted to a Google server in the USA and stored there. The evaluation of your activities on our website is transmitted to us in the form of reports. Google may pass on the collected information to third parties, if required by law or if third parties process this data on behalf of Google.
Google Tag Manager
Google Tag Manager is a solution that allows us to manage web site tags through one interface (including Google Analytics and other Google marketing services in our website). The tag manager itself (which implements the tags) does not process users’ personal data. Regarding the processing of users’ personal data, reference is made to the details of the Google services. Google Tag Manager usage policies can be viewed here: https://www.google.com/intl/de/tagmanager/use-policy.html .
Tools for advertising and marketing
Tools are included on our website to ensure relevant search results or advertisements.
Google Ad Manager (former Double Click)
GBWA uses Google Ad Manager. Legal basis is Art. 6 para 1 s. 1 lit. f) GDPR. Our interest is to cooperate with other companies to reach a broader audience.
Responsible Person is: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
GBWA uses Google Ad Manager to generate advertisements for our website visitors. Based on this, we will use information from your visits to this and other websites to generate advertisements of products and services that might interest you. For further information on the methods used or what you can do to prevent Google Ad Manager from using this information, please refer to the link below:
GBWA uses Google Remarketing. By using Google Remarketing, we may display advertisements to users (including visiting other websites) that have previously logged into our website. Google Remarketing ultimately enables user-directed personalized advertising. The legal basis is Art. 6 (1) sentence 1 lit. f) GDPR, since here too there is a mutual interest in becoming better known through advertising.
Responsible Person is: The Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.
Google Remarketing works by setting a cookie on the user. This use of the cookie gives Google the opportunity to recognize the user if they visit a website that also uses Google Remarketing. As a result, Google will be notified of the user’s IP address or browsing behavior.
The prevention (as well as the deletion) of the cookie setting can be achieved under the appropriate settings in the Internet browser. The user can object to user-related advertising by Google at any time. For this we refer to: www.google.de/settings/ads
GBWA has integrated the services of Google-Ads (before Google-AdWords) on its website. Google-Ads is an internet advertising service. The legal basis is Art. 6 para. 1 s.1 lit. f) GDPR. We use Google Ads to promote our company through targeted advertising in Google’s search engine results.
Responsible Person is: Google LLC., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.
If the user accesses the GBWA website through a Google ad, Google will set a so-called conversion cookie on the user’s system. For the explanation of the cookies, please refer to the passage to the cookies. The conversion cookie is used to create and analyze web-use statistics. 30 days after setting the conversion cookie the cookie loses its validity. This means that the user can no longer be identified. Within these 30 days both GBWA and Google can track which subpages have been accessed. The conversion cookie stores the IP-address when visiting the website. This data is stored in the USA. It is possible that Google will share this information with third parties.
The setting of cookies can be prevented by appropriate settings in the user’s Internet browser at any time. The already set cookies can also be deleted in the settings of the Internet browser. We express our concern that preventing cookies from being set may mean that not all features are fully available.
The user may separately object to interest-based personalized advertising by Google. Please refer to the following link: https:// www.google.de/settings/ads
For further privacy notices of Google refer to: https://www.google.de/intl/de/policies/privacy/
MISCELLANEOUS PROVISIONS The Provider enables the Users to subscribe to the professional publications provided, or to download professional materials from the Websites, or to make a business contact, via the contact form provided for such purposes. Any electronic communication sent by FMM Agency Services Limited may include direct marketing elements or advertising. When using the Provider’s professional publications and materials, the Provider processes the Users’ data supplied. Users shall be entitled to unsubscribe from receiving the professional publications any time, free-of-charge, without stating cause, and without any limitations applied. Such unsubscription can be made via normal mail, e-mail, or by clicking the “Unsubscribe” link at the bottom of the e-mails received. In such case, the Provider shall delete all of the User’s personal data from its registration system (which was previously required for sending the Newsletters), and shall not contact the User in the future with any further letters or offers. The Provider retains the right to unilaterally amend this Privacy Notice any time, by notifying the Users beforehand. Once the changes made become effective, the Users shall be deemed to have automatically and implicitly accepted the contents of the amended Privacy Notice, by using the Provider’s services.