Privacy Policy

1. Contact details of the data controller and the data protection officer
FRAEND GmbH (hereinafter also referred to “FRAEND”, “we” or “us”) offers you the opportunity to use various services free of charge via our website “fraend.com” and our applications (“apps”) “FRAEND” (hereinafter collectively referred to as “services” or “FRAEND websites“).

We are the data controller in accordance with the General Data Protection Regulation (GDPR). Our contact details are as follows:

FRAEND GmbH
Gaudystrasse 10
10437 Berlin
Germany
E-Mail: hello@fraend.com

Our data protection officer can be contacted at:

FRAEND GmbH
Julius Jacobi
Gaudystrasse 10
10437 Berlin
Germany
E-Mail: hello@fraend.com

In the following we provide you with comprehensive information about the purposes for which and scope within which we process your personal data during the use of the FRAEND websites.

2. Collection and processing of personal data
You can generally use the FRAEND websites – for which no payment or registration is required – without providing personal data. In certain cases, we will collect the personal data listed in Section 3. This fundamentally only occurs when necessary for the provision of a functional website or app, or for our content and services. Furthermore, we process personal data in connection with the use of FRAEND where you provide this data voluntarily, e.g. in the context of registration, a competition, an enquiry sent to us, or because there is another legal basis for this (see Section 4).

3. Categories of data processed
As soon as you visit fraend.com or use one of the apps, our system automatically collects certain technical information. This can include:

Furthermore, we process the following personal data where a contractual relationship exists between you and us, or where you have communicated the data to us in another manner:

4. Occasions, reasons for and content of processing: The FRAEND websites and services in general
We always process your data on the basis of one or more legal permissions or with your consent.

a. Submission of reviews and comments
Personal data is collected by FRAEND when you as a customer submit your review of a product, service, service provider or retailer (hereinafter also referred to as “online shop”), or participate in a survey. In this context, FRAEND collects the data specified in the respective form and the IP address assigned to the device used by you at the relevant point in time.

Information about you will only be published on the relevant FRAEND websites when this is indicated in the field of the form. In the case of opinions about online shops, the customer or order number specified by you is also shared with the specific online shop; this is an integral part of our review and comment function, because only then can the online shop be notified of your comments and opinions. We collect and process the data you provide in order to be able to publish your review or comment as desired (Art. 6 para. 1 lpoint b GDPR). In particular, we also require your email address, so we can contact you in the event of complaints and give you the opportunity to respond (Art. 6 para. 1 point c GDPR).

b. Shopping function
Based on Art. 6 para. 1 point b) of the GDPR, we additionally collect personal data when you as a customer directly submit a contractual offer for specific products listed on the FRAEND websites without leaving FRAEND and being redirected to the websites of the online shops offering these products (the “shopping function”). FRAEND collects this data in order to initiate the contract, as well as for the invoicing of the respective online shop for our brokerage service.

FRAEND transmits this personal data to the respective online shop, where this is required for the conclusion and processing of your contract. If FRAEND and/or the online shop utilises the services of third parties as service providers for the completion and processing of the contract, e.g. for the processing of the payment or the shipping of goods (hereinafter referred to as “service providers”), the required data will only be shared with these third parties of the fulfillment and processing of your order. During the process of handling your order or purchase, you will also receive emails to the email address you provided from the respective online shop (e.g. order or purchase confirmation) and, if applicable, from service providers (e.g. payment confirmation or information about the shipping process).

c. Forms, comparison calculator and payment services for the shopping function:
Unless otherwise indicated, FRAEND itself will collect the data you enter in the respective contact forms.

When you enter data in contact forms, we will only use the data for the purpose of conducting the communication with you and/or to provide the service you request; this constitutes our legitimate interest. The processing takes place in accordance with Art. 6 para. 1 point B of the GDPR.

FRAEND sometimes integrates original content from partners for its comparison services and for payment services for the shopping function. In this case, the data that you enter is collected not by us but by the respective partner. The partners are named on the respective FRAEND websites. The partners have confirmed to us that they will handle your data in compliance with data protection requirements. Nevertheless, FRAEND has no influence over the collection, processing and use of your data by the partners. For information on whether and to what extent the partners collect your personal data, and what they use it for, please read the privacy policy of the respective partner, which can be accessed from the corresponding FRAEND website or the content of the partner. In particular, your credit card data will be processed not by FRAEND, but by a company contracted by us and specialising in card security and forwarded to the payment service provider of the partner.

d. Emails and Newsletter
We may use the email address you provided when registering or initiating a buying contract to contact you in relation to goods and services, your purchases or general information about FRAEND. The processing of email addresses takes place on the basis of our legitimate interest in advertising our goods and services in accordance with Art. 6 para. 1 point f GDPR.

We will use your email address to send you our newsletter, provided that you have subscribed to it and consented to receiving it, including potential advertisements. In this such cases we will process your email address for the purposes of sending the newsletter as requested (Art. 6 para. 1 point b GDPR). You can object to the use of your email address for such purposes at any time in writing or via email (hello@fraend.com) effective for the future, without incurring any costs other than the transmission costs according to basic rates.

The content of our newsletters is partly selected based on your prior use of the FRAEND websites and your expressed interest in products and content. This enables us to tailor the respective newsletter specifically to you and your interests. For example, if you have previously searched for apparel goods on the FRAEND websites, we would rather present you with apparel goods in our newsletter than other product groups. For this purpose, we also process data that we have collected via our cookies (for more information about these cookies, see paragraph 9 c. below), and link them to your email address. The legal basis for this data processing and the display of content relevant to you is Art. 6 para. 1 point f GDPR. However you can object to this data processing at any time (see section 16 a).

e. IP addresses
On the internet, every device needs a clear address in order to transmit data. This is known as its IP address. It is a technical requirement for the IP address to be saved, at least temporarily, in order to facilitate the delivery of the internet page and app content to the user's device.

a) Log files
For security purposes, our servers save the IP address in so-called log files for 14 days. Reasons for this include being able to determine what happens if an attack (DoS) is made on FRAEND websites, or if illegal analysis of our databases occurs. This is based on Art. 6 para. 1 point f GDPR.

b) Geolocalisation etc.
Before any further or other processing, we shorten the IP addresses, then process them in an anonymised state. Unabbreviated IP addresses are not processed further.

The processing of the (abbreviated) IP addresses allows us to display content with regional relevance on all FRAEND websites that are accessed from within a certain region. This so-called geolocalisation, or basing the appearance of a website on the location from which it is accessed takes place exclusively on the basis of anonymised IP addresses, and only to a regional level. Under no circumstances can the geographical information obtained, in this manner be used to determine the specific location of a user.

f. Location information of devices
If you use the FRAEND pages on a mobile device or our app, we may collect information about your location if you have instructed your device to send such information to the application via the privacy settings on that device. For example, we may use the transmitted location information to perform analyzes on the use of our app. You can change the privacy settings of your device at any time to disable the sharing of location information. Please note that disabling location information may affect certain features of our app or mobile website. If you have questions about the privacy settings of your device, we suggest you contact the manufacturer of your device or your mobile service provider for help.

5. Occasions, reasons for and content of processing: My Favourites and Price Alert
FRAEND offers you the possibility of creating your own customer account free of charge. To use the "FRAEND User Account" customer account, you must register with a valid email address and a password. We then use this data to provide you with the customer account, to manage it and to enable its use. This processing is based on Art. 6 para. 1 point b GDPR.

When registering for the “FRAEND User Account” customer account, you consent to FRAEND using cookies to collect information about your use of FRAEND and connecting this information to your customer account for the purpose of personalised emails. Usage data is collected and saved whenever you search for or view products, add products to Wallet or purchase products using the shopping function. On the basis of your usage behaviour, FRAEND creates a list of potential interests, which it uses to select content specifically tailored to you and display this content on FRAEND pages, thus offering you the full range of functions available with the "FRAEND User Account" customer account. This processing of data and, in particular the linking of data with your account, is based on Art. 6 para. 1 point a GDPR. Furthermore, this data processing and display of content relevant to you constitutes a legitimate interest in connection with Art. 6 para. 1 point f GDPR.

Based on this data, we also send you product-related and FRAEND-related messages that we assume will be of interest to you to the email address associated with your customer account. The aim of these messages is to help you find the products and services that are right for you. Product recommendations and price information is typically included in the product-related emails. In this way, we will send you mails regarding price decreases for products you have searched for or viewed, as well as mails regarding suitable product alternatives or accessories. We will also inform you about price drops for products in Wallet (see "Wallet" below). FRAEND-related messages are also sent via email and typically refer to promotions, marketing campaigns and news (e.g. new discounts, voucher codes and competitions). In addition, FRAEND-related messages serve to provide you with information regarding new features and usage possibilities both for general use of FRAEND and for use of your FRAEND customer account.

Alongside the services described above, the "FRAEND User Account" customer account also offers you the following functions described below:

a. Wallet
You can “save” FRAEND products by adding them to “Wallet”. You are identified as the owner of your “Wallet” list by the cookies that are used. The “Wallet” list allows you to compare products with one another in terms of their specifications. The “Wallet” list will be added to by FRAEND with any products for which you have accessed the checkout screen but not completed the purchase using FRAEND's “shopping function”. Based on your “Wallet” list, you will receive product recommendations via email, for example if the prices of the products you have saved change. The legal basis here is Art. 6 para. 1 point b GDPR.

b. Order history
If you use the shopping function, we provide an order history on the basis of Art. 6 para. 1 point b GDPR, provided that you were logged in to your “FRAEND User Account” account at the time of purchase. Your order is linked to the pseudonymous user ID stored by us. In the order history you receive an overview of your completed purchases, as well as the processing and shipping status of current orders. You also have access to a contact form which you can use to make enquiries about your orders to FRAEND customer service. When submitting the form, an email with the email address given at the time of purchase will be sent to hello@fraend.com.

c. Account settings
You can change your password or delete your account in the customer account settings.

6. Location of processing
We ourselves do not transfer your personal data to countries outside of the European Economic Area ("EEA"), except in cases where it is permitted under the GDPR. Whether third parties, with whom you have your own contractual relationship (such as with Facebook, if you have a Facebook account) transfer data to countries outside of the EEA, is beyond our knowledge and influence.

Some of our contractual partners also process data in countries outside of the EEA. In order to also ensure the protection of your personal rights in the context of these data transfers, we use the standard contractual clauses of the EU Commission pursuant to Art. 46 para. 2 point c GDPR when drafting contractual relationships with recipients in third countries.

For the US, the European Commission decided on 12th July 2016, that under the regulations of the EU-US Privacy Shields an adequate level of data protection exists (adequacy decision, Art. 45 GDPR). Further information - including the certification of the service providers we use - is available at https://www.privacyshield.gov. We only use US service providers who are certified under the EU-US Privacy Shield.

7. Origin of data
In certain cases, we also receive data because you have consented to it being transmitted to us.

As you know, apps are regularly made available to download via third-party providers (e.g. iTunes, Google etc.). If under the applicable terms and conditions of use of such a provider, FRAEND GmbH becomes your contractual partner for the acquisition of the app, we process the data made available to us by the third-party provider to whatever extent is necessary for the fulfilment of contract, so that you can download the app to your mobile device.

8. Disclosure of your data to third parties
We will only disclose your personal data to third parties where such a transmission is necessary in order to fulfil our legal obligations to you, and where this is visibly done by or together with another provider (e.g. in the case of cooperation agreements), where we are otherwise legally entitled or obliged to disclose the data, or where you have provided us with the relevant consent.

In certain cases, we also use external service providers or affiliated companies, which we have contracted to process data for us in accordance with our instructions. Such service providers are contractually bound by us as data processors in compliance with the strict provisions of the GDPR, and are not permitted to use your data for any further purposes. Data processors used by us perform in particular the following services: data centre, newsletter distribution and web/app analysis.

This disclosure of data to data processors takes place on the basis of Art. 28 para. 1 GDPR, or alternatively on the basis of our legitimate interest in the economic and technical benefits associated with the use of specialised data processors, Art. 6 para. 1 point f GDPR.

Where we are legally obliged to do so, or where this is permitted under data protection law, we will disclose personal data to public authorities, e.g. to police or the state prosecutor’s office (Art. 6 para. 1 point c GDPR). The disclosure of this data takes place on the basis of our legitimate interest in combating abuse, the prosecution of crimes, and in safeguarding, asserting and enforcing claims, which are not considered to be outweighed by your rights and interests in the protection of your personal data, Art. 6 para. 1 point f GDPR.

9. Cookies and other technologies
a. General
In order to ensure the full functionality of the FRAEND websites, FRAEND and the third parties named below will save files to your device that amongst other things collect information regarding the use of a website or app, as well as additional data such as the IP address of the computer and information about the software being used (see above).

This typically involves the use of so-called cookies. Cookies are small files that your browser saves on your device in a folder created especially for this purpose. These allow it to be determined, for example, whether you have ever visited a website before. If you decide to stay logged into your user account despite leaving the FRAEND websites, cookies can also be used to save your login data e.g. for the user account, so that you do not need to enter this data every time you access the site.

Many cookies contain unique identifier known as a cookie ID. This code consists of a sequence of characters that allow websites and servers to be mapped to the specific internet browser in which the cookie has been saved. This enables the websites visited to differentiate the individual browser of a specific user from other internet browsers that contain different cookies. This data is not collated with any other data sources.

The use of cookies can also occur in conjunction with so-called web beacons (also called Clear GIFs or tracking pixels). These are small graphics (e.g. in emails and on websites) that are used to achieve a better understanding of how a user interacts with the website.

We use different types of cookies: on the one hand, we use technical cookies, without which the functionality of the FRAEND websites would be restricted, and on the other hand we use optional (see below) analysis and marketing cookies in order to make our services more user friendly. The analysis cookies are used for the purposes of improving the quality of both our content and yours. They provide us with important information about how FRAEND is used, allowing us to continuously improve our services. Further information on the individual analysis cookies and services can be found in Section 10 of this privacy policy.

You can prevent us from using cookies at any time by adjusting the corresponding setting in your internet browser, and thus permanently opt out. Furthermore, you can delete existing cookies at any time using your internet browser or other software programs. This is possible in all conventional internet browsers. If you deactivate cookies in the internet browser you use, you may not be able to make full use of all the functions of our website. In addition, you have the opportunity to object to analysis cookies and services (i.e. you can opt out; see Sections 10 and 11).

When using apps, a functionally comparable technology is used instead of cookies.

Cookies cannot identify you personally. In all cases, the use of cookies is justified on the basis of our legitimate interest in terms of a layout meeting user needs, as well as for statistical analysis by FRAEND and the display of interest-based content (Art. 6 para. 1 point f GDPR).

b. Web storage (session storage and local storage)
FRAEND utilises web storage technology, a method for saving application data in your browser on your device, provided that your browser supports this technology and you have activated JavaScript. This web storage serves to optimise our internet presence and our services. We use this technology for saving application data during the use of the FRAEND websites, e.g. in order to make navigation when searching for products or services more convenient, and to provide the “Recently Viewed” function.

Web storage provides two data objects, the session storage and the local storage. The entries in session storage are removed automatically after the browser or app is closed. You can erase the entries in local storage (“Recently Viewed”) at any time by deleting the history in your browser.

The session storage saves information in order to recognise your browser or device from previous visits, and thus provide you with easier access to our services. You can prevent the use of web storage by changing the corresponding setting in your browser, which may restrict the functionality of the FRAEND websites.

The processing of data in web storage takes place on the basis of Art. 6 para. 1 point f) GDPR. Our legitimate interest lies in the purposes of processing as described above.

c. FRAEND cookies
Cookies created by FRAEND allow the collection of information regarding browser type/version, resolution, previous/new display variant, URL clickstream (order of the pages of our website that you have visited previously), time of visit(s) to the websites, the reference in the FRAEND database for the products/services added to “Wallet”, and the cookie number, but not personal details such as name, address or email address. We use these cookies for purposes of advertising, market research and when required, for the design of our services in conjunction with user needs. The cookies of FRAEND are valid for a maximum of two years, unless you delete them sooner. The processing of data is justified in this case by Art. 6 para. 1 point f) GDPR, however you can object to this processing with effect for the future by clicking here. The subsequently set opt-out cookie and your objection remain valid as long as you do not delete your browser cookies.

10. Web/app analysis services, marketing
In order to continuously improve our content and adapt it to the interests of our users, and to display usage-based online advertising, we use a number of services that collect data from our website and the app, and analyse this data for us. Where these service providers are not themselves the data controller with specific regard to data protection legislation, they are always bound by instructions when processing the pseudonymised user data on the basis of a data processing agreement. The legal basis for this processing is always Art. 6 para. 1 point f GDPR.

You can deactivate the use of cookies by third-party providers, e.g. by accessing the deactivation page http://www.networkadvertising.org/choices/ or http://youronlinechoices.com/ or http://optout.aboutads.info/?c=2〈=EN and following the instructions provided on opting out.

Not all access to the FRAEND pages is carried out via a web browser. In cases where users access FRAEND from a mobile device, disabling cookies or changing web browser settings may not be possible.

In the following, you can find details of the analysis services and marketing partners we use:

a. Facebook Website Custom Audiences and Facebook Conversion Pixel
Within our website, we use the “Website Custom Audiences” pixel operated by the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA. This involves so-called tracking pixels being integrated into our websites. When you visit our websites, the tracking pixel allows a direct connection to be created between your browser and the Facebook server. Facebook receives from your browser, amongst other things, the information that our website was accessed from your device. If you are a Facebook user, Facebook can thus collate the visit to our websites with your user account. Please note that as the provider of the websites, we have no knowledge of the content of the data transmitted, or of how this data is used by Facebook. We are only able to select targeted groups of Facebook users (specific ages, interests etc) to whom our advertising should be shown. In the process, we use one of two functions of Custom Audiences, whereby no data sets, and in particular no email addresses of our users - neither encrypted nor unencrypted - are transmitted to Facebook. Further information about this can be found in the privacy policy of Facebook at https://en-gb.facebook.com/about/privacy/.

Please click here if you do not wish data to be collected via Custom Audiences.

We use the “Conversion Pixel” or Visitor Activity Pixel of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). By accessing this pixel from your browser, Facebook can subsequently recognise whether a Facebook advertisement was successful, e.g. whether it resulted in the conclusion of an online purchase. In relation to this we receive exclusively statistical data from Facebook without reference to any specific person. This allows us to record the effectiveness of Facebook advertisements for statistical and market research purposes. In particular if you are signed into Facebook, we refer you to their privacy policy https://en-gb.facebook.com/about/privacy/.

You can object to this processing of data via the Facebook Conversion Pixel with effect for the future by clicking here.

b. Google Products
a) Google AdSense
We have integrated Google AdSense on this website. Google AdSense is an online service that allows the mediation of advertising on third-party websites. Google AdSense is based on an algorithm that selects advertisements for third-party websites based on the content of the respective third-party website. Google AdSense permits interest-oriented targeting of internet users, which is implemented by generating individual user profiles.

The operating company of the Google AdSense component is Alphabet Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA.

The purpose of the Google AdSense component is the integration of advertisements into our website. Google AdSense saves a cookie to your browser. The definition of cookies is available above. Saving the cookie allows Alphabet Inc. to analyse the use of our website. Each time one of the individual pages of this website, which we operate and on which a Google AdSense component has been integrated, is visited, the internet browser on your device is automatically prompted by the respective Google AdSense component to send data to Alphabet Inc. for the purposes of online advertising and the invoicing of commissions. Within the framework of this technical process, Alphabet Inc. receives knowledge of personal data, such as the IP address of the data subject, which is used by Alphabet Inc., amongst other things, to determine the origin of the visitor and the clicks, and subsequently to facilitate commission invoicing.

You can prevent cookies from being used by our website at any time, as already described above, by adjusting the corresponding setting in the internet browser used, and thus permanently opt out.

Activating this setting in the internet browser would also prevent Alphabet Inc. from saving a cookie on the information technology system of the data subject. Furthermore, you can delete any cookie saved by Alphabet Inc. at any time using your internet browser or other software programs.

Google AdSense additionally uses so-called tracking pixels. A tracking pixel is a miniature graphic that is embedded into websites in order to allow log file recording and log file analysis, which allows a statistical analysis to be performed. This embedded tracking pixel means Alphabet Inc. can recognise when a website was opened by a data subject, and the links that the data subject clicked. Tracking pixels are used, amongst other things, to analyse the visitor traffic of a website.

Google AdSense sends personal data and information, including the IP address, which is necessary for the creation and invoicing of the displayed adverts, to Alphabet Inc. in the USA, where it is saved and processed. Under certain circumstances, Alphabet Inc. may disclose the personal data collected using this technical process to third parties.

Google AdSense is explained in greater detail at this link https://www.google.co.uk/intl/en/adsense/start/#/?modal_active=none and https://policies.google.com/technologies/partner-sites?hl=de. More information and options for the deactivation of this advertising placement can be found at https://adssettings.google.com/u/0/authenticated?hl=en.

b) Google AdWords
We have integrated Google AdWords on this website. Google AdWords is an online advertising service that allows advertisers to place advertisements both in the search results of Google and in Google’s advertising network. Google AdWords allows an advertiser to predefine certain keywords, by means of which an advertisement is displayed in the search results of Google exclusively when the user of the search engine accesses search results related to the keyword. In the Google advertising network, the advertisements are distributed to thematically relevant websites using an automated algorithm with reference to the predefined keywords. The operating company of the services of Google AdWords is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA. The purpose of Google AdWords is to promote our website by displaying interest-based advertising on the websites of third-party companies and in the search results of the Google search engine, as well as displaying third-party advertising on our website. If you come to our website via a Google advertisement, Google saves a so-called conversion cookie to the information technology system of the data subject. The definition of cookies is available above. A conversion cookie becomes invalid after thirty days and is not used to identify the data subject. Until the conversion cookie expires, it is used to determine whether certain sub-pages, for example the shopping basket of an online shop system, are accessed on our website. The conversion cookie allows both us and Google to track whether a data subject that comes to our website via an AdWords advertisement generates sales, i.e. whether a purchase has been completed or aborted.

The data and information collected by the conversion cookie is used by Google to create visitor statistics for our website. In turn, these are used by us to determine the total number of users that have accessed FRAEND via AdWords advertisements, and thus to determine the success or failure of the respective AdWords advertisements, and to optimise these for the future. Neither our company nor any other advertising customers from Google AdWords receive information from Google that could allow the data subject to be identified.

The conversion cookie saves personal information, for example the websites visited by the data subject. For each visit to our websites, personal data is sent to Google in the USA, including the IP address of the internet connection used by the data subject. This personal data is saved by Google in the USA. Under certain circumstances, Google may disclose the personal data collected using this technical process to third parties.

The data subject can prevent cookies from being used by our website at any time, as already described above, by adjusting the corresponding setting in the internet browser used, and thus permanently opt out. Activating this setting in the internet browser in use would also prevent Google from saving a conversion cookie on the information technology system of the data subject. Furthermore, you can delete any cookie saved by Google AdWords at any time using your internet browser or other software programs.

The data subject also has the option of withdrawing consent for the display of interest-based advertising from Google. To do this, the data subject should access the link https://adssettings.google.com/u/0/authenticated?hl=en and change the desired settings in each internet browser that they use.

Further information and the applicable privacy policy of Google can be accessed at https://policies.google.com/privacy?hl=en-GB.

You can also deactivate or opt out of Google advertisements https://privacy.google.com/?hl=gb#google-experience wholly or in part.

You can also object to this processing of data by AdWords with effect for the future by clicking here.

c) Google Analytics
We have integrated Google Analytics (with anonymisation function). Google Analytics is a web analysis service. Web analysis is the recording, collection and evaluation of data regarding the behaviour of visitors to websites. A web analysis service collects data, amongst other things, about the websites from which a data subject arrived at another website (known as the referrer), which sub-pages of the website were accessed, or how often and for how long a sub-page was viewed. A web analysis is predominantly used for optimisation of a website and for the cost-benefit analysis of online advertising.

The operating company of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA.

For the web analysis via Google Analytics we use the suffix "_gat._anonymizeIp". This suffix means that the IP address of the internet connection used by the data subject is abbreviated and anonymised by Google if the access to our websites originates in a Member State of the European Union or from another signatory state to the Treaty on the European Economic Area.

The purpose of the Google Analytics component is the analysis of visitor traffic on our website. Google uses the data and information obtained, amongst other things, to analyse the use of our website, in order to compile online reports for us which identify the activities on our websites, and in order to provide additional services relating to the use of our website.

Google Analytics saves a cookie to the information technology system of the data subject. The definition of cookies can be found above. Saving the cookie allows Google to analyse the use of our website. Each time one of the individual pages of this website, which we operate and on which a Google Analytics component has been integrated, is visited, the internet browser on the information technology system of the data subject is automatically prompted by the respective Google Analytics component to send data to Google for the purposes of online analysis. Within the framework of this technical process, Google receives knowledge of personal data, such as the IP address of the data subject, which is used by Google, amongst other things, to determine the origin of the visitor and the clicks, and subsequently to facilitate commission invoicing.

Further information and the applicable privacy policy of Google can be accessed at https://policies.google.com/privacy?hl=en-GB&gl=de and https://www.google.com/analytics/terms/gb.html. Google Analytics is explained in greater detail at this link https://www.google.com/intl/en_uk/analytics/#?modal_active=none.

We use the Google Analytics feature “Demographic and Interests Reporting”. In order to compile these statistical reports, Google makes use of data that Google has collected in connection with interest-based advertising and visitor data (e.g. age, gender and interests) from third-party providers. FRAEND cannot associate this data with a specific person or a specific user ID, but Google may be able to do so. You can opt out of data collection by Google by turning Google “ad personalisation” off at the following link: https://www.google.de/settings/ads.

We also use the Google Analytics feature “Google Signals”. This feature provides aggregated reports on cross-device user counts as well as different groups of users based on the different device combinations they use. This information is not associated for us with a specific person or a specific user ID. However, in order to compile these reports, Google uses the data of its users who have the “ad personalisation” option turned on in their Google account settings. For this reason, we assume that Google can associate the data with specific users who have Google accounts. You can opt out of the collection of data via Google Signals by turning Google “ad personalisation” off in your Google account: https://support.google.com/ads/answer/2662922?hl=en.

You can also object to this processing of data via Google Analytics with effect for the future by clicking here.

d) Google Dynamic Remarketing
On the website, we use the remarketing or “similar audiences” function of Google Inc. (“Google”), operated by Google Remarketing is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA. This function allows the provider to target visitors to the website individually, by displaying interest-based advertisements that are personalised for the visitors to the provider’s website if they have visited other websites in the Google Display network. Google uses so-called cookies to perform the analysis of the website use, which forms the basis for creating personalised, interest-based advertisements. To this end, Google saves a small file with a series of numbers in the browsers of visitors to the website. This number is used to record visits to the website and anonymised data about the use of the website. The personal data of visitors to the website is not saved. If you subsequently visit another website in the Google Display network, you will be shown advertisements that have a greater probability of including products and product groups that you have already viewed.

You can permanently deactivate the use of cookies specifically by Google by using the following link and then downloading and installing the plug-in: https://www.google.com/settings/ads/plugin.

You also have the option at any time of opting out of Google's interest-based advertising. To do this, you should access the link https://adssettings.google.com/u/0/authenticated?hl=en and change the desired settings in each internet browser that you use.

Alternatively, you can deactivate the use of cookies by third-party providers by accessing the deactivation page of the Network Advertising Initiative at http://www.networkadvertising.org/choices/ and following the information provided there on opting out.

Further information on Google Remarketing and the privacy policy of Google can be viewed at: https://policies.google.com/technologies/ads?hl=en-GB.

e) Google Tag Manager
FRAEND uses the Tag Manager from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Tags are the IDs of data elements. Tracking pixels from the third-party providers named here are loaded on the websites. The Tag Manager tool itself (which implements the tags) is a cookie-free domain and does not record personal data. The tool ensures that other tags are triggered, which in turn may record data. However, Google Tag Manager does not access this data. Further information is available here: https://www.google.com/intl/en-uk/tagmanager/use-policy.html and https://policies.google.com/privacy?hl=en-GB&gl=de.

f. Twitter Remarketing (contact with FRAEND users)
This website uses Twitter’s remarketing feature (Twitter Inc., 1355 Market Street Suite 900, San Francisco, CA 94103, USA) to enable FRAEND to address users with advertising on Twitter that is based on their interests. For this purpose, Twitter uses so-called “tags”. These tags are used to record data on website visits and website usage. When a user visits a website containing such a tag, Twitter saves a cookie in the user’s browser. This cookie’s unique ID is recorded, and it is included in the target audience for remarketing on Twitter. Twitter users can deactivate this function by following the instructions provided here: https://support.twitter.com/articles/20171528.

You can also object to this processing of data via Twitter with effect for the future by clicking here.

11. Social networks
You can also find us on the social networks of foreign companies, e.g. Facebook or Twitter, and we have partially integrated functions of these networks into our online services. In both cases, you must be registered and logged into the respective social network to use it. A social network is a place for social meetings on the internet, an online community which generally allows users to communicate with each other and interact in a virtual space. A social network may serve as a platform for exchanging opinions and experiences, or enable the internet community to provide personal or business-related information. Please note that when using the respective social network, this company’s terms of use and data protection conditions, over which we have no control, apply. We would like to explain to you how such networks process your personal data in this context:

Each time one of the individual pages of this website, on which a social network component (Facebook plug-in, Google+ plug-in, LinkedIn plug-in, Twitter plug-in) has been integrated, your internet browser is automatically prompted by the respective component of the social network to download a display of the corresponding component. Further information about the technical integration of each respective network can be accessed at the following links: Facebook: https://developers.facebook.com/docs/plugins/?locale=en_US, Google+: https://developers.google.com/+/, LinkedIn: https://developer.linkedin.com/plugins, Twitter: https://about.twitter.com/de/resources/buttons. Within the scope of this technical process, the respective network receives concrete information about which subpages of our website you have visited.

Every time you access our website and are simultaneously logged into a social network, the social network in question detects which specific subpage of our webpage you have visited for the entire duration of each respective stay on our website. This information is collected by the respective component of the social network and associated with your account on the network. If you click on one of the social network buttons integrated on our website, post a comment or make a recommendation, the social network then assigns this data and information to the personal user account of the social network and stores the personal data. Google, for example, connects this personal data with other Google services, citing an optimisation of their services as the reason for doing so.

The network is sent information via the respective network component that you have visited our website, provided that you are logged into the network at the time our website is accessed; this occurs regardless of whether you click the component or not. If you do not wish for this information to be transmitted to the respective social network, then you can prevent this transmission by logging out of your respective social network account before accessing our website. However, the social network also records your page views regardless of whether you are logged into the social network when you visit FRAEND pages.

a. Facebook
We have integrated components of Facebook on this website. Facebook is a social network.

A social network is a place for social meetings on the internet, an online community which usually allows users to communicate with each other and interact in a virtual space. A social network may serve as a platform for exchanging opinions and experiences, or enable the internet community to provide personal or business-related information. Facebook allows social network users to create private profiles, upload photos and socialise by making friend requests, amongst other options.

Facebook is operated by Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States. If a data subject lives outside of the United States or Canada, the controller responsible for processing personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Facebook’s published privacy policy, available at https://en-gb.facebook.com/about/privacy/, provides information about the way Facebook collects, processes and uses personal data. It also provides information on what settings Facebook offers to protect the data subject’s privacy. In addition, various applications are available that prevent the transmission of data to Facebook. These applications can be used by the data subject to stop data from being transmitted to Facebook.

b. Google+
We have integrated components of the Google+ button on this website. Google+ is a so-called social network. Google+ allows social network users to create private profiles, upload photos and socialise by making friend requests, amongst other options. Google+ is operated by Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA. Further information and the applicable privacy policy of Google can be accessed at: https://www.google.de/intl/de/policies/privacy/. Further information provided by Google on the Google+ 1 button can be found at: https://developers.google.com/+/web/buttons-policy.

c. Instagram
We use components of Instagram. Instagram is a service that may be classified as an audio-visual platform and allows users to share photos and videos, as well as disseminate such data in other social networks. Instagram is operated by Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA. Further information and Instagram’s applicable privacy policy can be found here: https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.

d. LinkedIn
We have integrated components of the LinkedIn Corporation on this website. LinkedIn is an internet-based social network that allows users to connect to existing business contacts and make new business contacts. LinkedIn is operated by LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. For issues regarding data protection outside of the United States, LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland is responsible. LinkedIn offers the ability to opt out of email messages, text messages and targeted ads, as well as to manage ad settings, at: https://www.linkedin.com/psettings/guest-controls. LinkedIn also uses partners capable of saving cookies, such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua and Lotame. It is possible to opt out of such cookies at: https://www.linkedin.com/legal/cookie-policy. The applicable privacy policy of LinkedIn is available at: https://www.linkedin.com/legal/privacy-policy. LinkedIn’s policy on cookies can be accessed at: https://www.linkedin.com/legal/cookie-policy.

e. Twitter
We have integrated components of Twitter on this website. Twitter is a multilingual, publicly accessible microblogging service on which users may publish and spread so-called “tweets” (i.e. short messages) which are limited to 280 characters. These short messages are accessible to everyone, including those who are not logged into Twitter. The tweets are also displayed to the so-called followers of the respective user. Followers are other Twitter users who follow a user's tweets. Furthermore, Twitter allows users to address a wider audience via hashtags, links or retweets.

Twitter is operated by Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

Twitter’s applicable privacy policy is available at: https://twitter.com/privacy?lang=en.

12. Payment providers
Should you use a paid service or purchase something via our website/app, we offer a variety of different payment methods. If you decide to use one of these payment service providers, you will leave our site. This payment service provider then collects and processes all data. No personal data, in particular no bank or credit card data, is disclosed to us. We are only informed about successful payment transactions. The following payment service providers are available:

a. PayPal
We have integrated the PayPal payment method on this website. PayPal is an online payment service provider of PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg. Payments are processed via so-called PayPal accounts, which represent virtual private or business accounts. PayPal is also able to process virtual payments through credit cards when a user does not have a PayPal account. A PayPal account is managed using an email address, so there are no classic account numbers. PayPal makes it possible to prompt online payments to third parties or to receive payments. PayPal also acts as trustee and offers buyer protection services. If the data subject selects “PayPal” as the payment option during the ordering process in the online shop, the data subject's data is automatically transmitted to PayPal. By selecting this payment option, the data subject agrees to the transmission of personal data required for payment processing. The personal data transmitted to PayPal typically includes the first name, last name, address, email address, IP address, telephone number, mobile phone number or any other data necessary for payment processing. Concluding the purchase contract also requires personal data related to the respective order. The purpose of transmitting data is to process the payment and prevent fraud. In particular, we shall transmit personal data to PayPal if a legitimate interest in the transmission exists. The personal data exchanged between PayPal and us shall be transmitted by PayPal to credit reporting agencies. This transmission is intended for identity and creditworthiness checks. PayPal will, if necessary, pass on personal data to affiliated companies and service providers or subcontractors to the extent that this is necessary to fulfil contractual obligations or if the data is to be processed on behalf of PayPal. The data subject can revoke at any time his/her consent from PayPal to handle personal data. A revocation shall not have any effect on personal data which must be processed, used or transmitted for the (contractual) processing of payments.

PayPal’s applicable privacy policy is available at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

b. Sofortüberweisung
We have integrated components of Sofortüberweisung on this website. Sofortüberweisung is a payment service that enables cashless payment of products and services on the internet. Sofortüberweisung is a technical procedure by which the online merchant immediately receives a payment confirmation. This enables a merchant to deliver goods, services or downloads to the customer immediately after ordering. Sofortüberweisung is operated by SOFORT GmbH, Fußbergstrasse 1, 82131 Gauting, Germany. If the data subject selects “Sofortüberweisung” as the payment option in our online shop during the ordering process, the data subject’s data shall automatically be transmitted to Sofortüberweisung. By selecting this payment option, the data subject agrees to the transmission of personal data required for payment processing. If Sofortüberweisung is used to process a purchase, the buyer sends the PIN and TAN to Sofort GmbH. Sofortüberweisung then carries out a transfer to the online merchant after technical verification of the account balance and retrieval of additional data to check for sufficient funds. The online merchant is then automatically informed that the financial transaction has been carried out. The personal data exchanged with Sofortüberweisung typically includes the first name, last name, address, email address, IP address, telephone number, mobile phone number or any other data required for payment processing. The purpose of transmitting data is to process the payment and prevent fraud. We shall also transmit other personal data to Sofortüberweisung if a legitimate interest in the transmission exists. Under certain circumstances, Sofortüberweisung may transmit the personal data exchanged between Sofortüberweisung and us to credit reporting agencies. This transmission is intended for identity and creditworthiness checks. Sofortüberweisung will, if necessary, pass on personal data to affiliated companies and service providers or subcontractors to the extent that this is necessary to fulfil contractual obligations or if the data is to be processed on behalf of Sofortüberweisung. The data subject can revoke his/her consent from Sofortüberweisung to handle personal data at any point in time. A revocation shall not have any effect on personal data which must be processed, used or transmitted for the (contractual) processing of payments. Further information about Sofortüberweisung’s applicable privacy policy is available at: https://www.klarna.com/sofort/datenschutz/.

13. Other services
Other services used by us include:

a. Facebook Connect
You can also log into a Facebook account to post comments on certain FRAEND websites.

Facebook Connect is a service provided by Facebook Ireland Limited, 5-7 Hanover Quay, Dublin 2, Ireland. The use of Facebook Connect is subject to the privacy policy and terms of use of Facebook. If you decide to register with a Facebook account, you will be redirected to Facebook as a first step. Facebook then asks you to provide your access data and log into Facebook or register. If you are already logged into Facebook, this request to log in will be skipped. Important: No access data is disclosed to us. When you log in via Facebook Connect, Facebook profile data and data defined as “public information” by Facebook (https://www.facebook.com/about/privacy/your-info/) – i.e. information that you have publicly made available or which you release for the respective application – shall be transferred to us from your Facebook profile. In connection with Facebook, “public” means that anyone, including those outside of Facebook, can see this data. This data includes your name, your profile and cover picture, your gender, networks, username (Facebook URL) and user ID number (Facebook ID). Vice versa, data from us can also be transferred to your Facebook profile. When you register via Facebook Connect, we store and process your data that is transmitted to us for the purpose of registration.

b. Google Maps
We use Google Maps, a service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) to display maps. This integration requires Google to be able to access users' IP addresses. The IP address is necessary to send content to the user’s browser. Please note that Google has its own data protection guidelines, which are independent of ours. Before using our website, please read about Google’s privacy policy at www.google.de/intl/de/policies/privacy/. Google Maps is based on JavaScript code. This means that you can prevent it from running altogether by deactivating JavaScript in your browser’s settings or installing a JavaScript blocker. Please note that doing so may prevent our website from being correctly displayed.

c. Google reCaptcha
For security purposes, this site uses reCaptcha, a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google). This service determines whether the information in an online form has been provided by a human being or fraudulently by automated machine processing. Your previously abbreviated IP address and any other data required for the service will be transmitted to Google. Only in exceptional cases will the full IP address be transferred to a Google server in the US and abbreviated there. The data transmitted by your browser while using reCaptcha will not be merged with other data from Google. Further information about Google's data protection guidelines is available at: https://policies.google.com/privacy?hl=en.

14. Retention period
We only store personal data as long as we are legally entitled to do so and as long as the purpose for processing data is still valid. Data will then be erased after a short period of time.

In addition to information regarding the retention period of certain data elsewhere in this Privacy Policy, we inform you of the following:

It is, however, not always possible for us to specify the exact retention period for all data or categories of data. In regards to the retention period, we strictly adhere to the law. If, for example, it is still possible to make claims in regards to a contract, we retain the corresponding data and, when Art. 6 para. 1 point f GDPR is applied, your interests and/or basic rights and fundamental freedoms limit the retention period to be implemented and play a significant role in determining it once the requirements of the law are taken into consideration.

15. Repetition of notices of consent
Below you will find the notices of consent FRAEND uses on its websites and which you have issued to FRAEND if required. FRAEND records these statements of consent where appropriate. You may revoke your statement(s) of consent at any point in time, with effect for the future.

Registration for the “FRAEND User Account” customer account:

Consent to receive email advertising

16. Contact data and your rights as the data subject
If you have any questions or suggestions regarding data protection or how to exercise your rights as the data subject, please contact our data protection officer (immediately) at any time:

FRAEND GmbH
Julius Jacobi
Gaudystrasse 10
10437 Berlin
Germany
E-Mail: hello@fraend.com

a. Revocation of consent/Objection to the processing of data
You may revoke your previously given consent at any point in time, with effect for the future, by contacting the address provided above. You may object to your email address being used for the purpose of sending out the newsletter at any time with effect for the future by contacting us either electronically or by post at hello@fraend.com or Gaudystrasse 10 in 10437 Berlin, without incurring any costs other than the postage costs in accordance with the basic tariff.

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you, which is carried out on the basis of a legitimate or public interest. This also applies to profiling based on these provisions. In the event of an objection, we will no longer process personal data unless we can prove compelling and legitimate reasons for processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

If we process personal data for direct marketing purposes, you have the right to object at any time to the processing of the personal data for the purpose of such advertising by contacting us at the aforementioned contact address. This also applies to profiling, insofar as it is associated with such direct marketing. In addition, you have the right, on grounds relating to your particular situation, to object to the processing of personal data concerning you for scientific or historical research purposes, or for statistical purposes, unless such processing is necessary for the performance of a task carried out for reasons of public interest.

b. Art. 15 GDPR – right of access for the data subject
You have the right to request confirmation from us as to whether personal data relating to you is processed and, if so, what data this entails as well as the specific circumstances surrounding the processing of data.

c. Art. 16 GDPR – right to rectification:
You have the right to request that we immediately rectify any incorrect personal data concerning you. Taking into account the purposes of the processing, you also have the right to request that incomplete personal data concerning you be completed, also by means of a supplementary declaration.

d. Art. 17 GDPR – right to erasure:
You have the right to request that we immediately erase personal data concerning you if and to the extent the legal requirements to this regard are met.

e. Art. 18 GDPR – right to the restriction of processing:
You have the right to restrict the processing if and to the extent the legal requirements are met.

f. Art. 20 GDPR – right to data portability:
If data is processed by virtue of consent or in order to fulfil a contract, you have the right to receive the personal data that you have provided to us in a structured, common and machine-readable format, and in so far that it is technically feasible, to transmit this data to another controller without us impeding this process or to have this data directly transferred to another controller.

g. Existence of automated decision-making
We refrain from automatic decision-making including profiling according to Art. 22 GDPR.

March 27 2019