This Privacy Statement gives you an overview of the processing of your personal data in the context of the use of it by OPIN and the offers and online services in connection with the commissioned partners on OPIN365.com (the “Website”). This Privacy Statement also informs you about your rights under the EU Data Protection Regulation (“GDPR”) and the means to control your personal data and protect your privacy. Personal data is defined as all information that makes it possible to identify you as a person.
Responsible for data processing within the framework of the Website is OPIN SL, UTOPICUS, Carrer dels Pinzón, 12, 2, 08003 Barcelona 12, 2, 08003 Barcelona Phone: +34 610 80 63 78, [email protected] (hereinafter “OPIN” or “we”). If you have any questions regarding this data protection declaration or data processing within the framework of the Website or our app., you can also contact our company data protection officer at the address or e-mail address given above
You are not legally or contractually obliged to provide us with the personal data specified in this Privacy Statement. If you conclude a contract with us (e.g. because you instruct us to provide services), the transmission of the contractual information provided by you to us is, however, a basic prerequisite for not only the conclusion but also the performance of this contract. Furthermore, you may not use the Website or use it only to a limited extent if you do not provide us with certain data or if you object to the use of this data.
When we make our Website available to you, we process personal data from various sources. On the one hand, this is data that we automatically process for each visitor when the Website is accessed. However, this may also include data which you have voluntarily provided to us or which is only processed when you use our services.
Data that we automatically collect when you visit our Website:
As soon as you visit the Website, you send technical information to our web servers, which we store in server log files. This happens regardless of whether you subsequently contact us (e.g. via the contact form). In any case, we collect the following access and web access data (which we call “Usage Data”):
We process the Usage Data to enable you to use the Website and to ensure the functionality of the Website. In addition, we process Usage Data in order to analyse the performance of the Website, to continuously improve the Website and to correct errors or to personalize the content on the Website for you. We also process the Usage Data to ensure IT security and the operation of our systems and to prevent or detect misuse, in particular, fraud. These server log files are deleted after a maximum of 7 days. Our legal basis for the processing of this data is Art. 6 (1) lit. f) GDPR.
Data that you transmit to us yourself:
In addition to the data we receive from all visitors, we also process other data when you use our contact form. You can see the details in the contact form. We process this data in order to process your request and will process the correspondence in accordance with the applicable rules for business letters under the applicable law for a period of 6 years from the end of the calendar year during which your request has been submitted.
The legal basis in each case is Art. 6 (1) (a) GDPR (your consent).
Please note that the provider who has implemented the integration in their online shop or services is solely responsible for data processing using the OPIN integrations. This means that OPIN, according to a contractual agreement, is strictly subject to the customer’s instructions and will process all data as the customer’s technical service provider without its own decision-making authority with regard to the processing of personal data by the customer. In this respect, please access the data protection information of the customer for more information.
We have already informed you above for which purposes we process your data in individual cases. In addition, we may process your data for other purposes. This includes, for example, passing on your personal data to third parties if we are legally obliged to do so, but also the assertion of legal claims on our part or the defence against legal disputes. The legal basis in these cases is either a legal obligation (Art. 6 (1) lit. c) GDPR) or our legitimate interests.
Your personal data will only be passed on to third parties if this is necessary for the provision of OPIN integration. The data recipients also include the third-party providers mentioned in our overview of cookies and analytics tools. For information about the third parties we use, such as for processing customer inquiries or web analytics, please see the information about cookies, web analytics and other third-party technologies at the end of this Privacy Statement. All third-party providers have made contractual agreements with us to process data exclusively within the scope of our instructions (so-called data processing agreements).
We do not transmit your access and account data to any third parties without implementing appropriate safeguards.
We process and store your personal data to the extent necessary to fulfil our contractual or legal obligations. Therefore, we store the data as long for as our contractual relationship with you exists and after termination only to the extent and for as long as legally required. If data is no longer required to fulfil legal obligations (e.g. under tax or commercial law), it is deleted regularly unless further processing is necessary to preserve evidence or defend against legal claims against us. For the preservation of evidence necessary is e.g. your IP address and the exact time of the granting, if you have given us a consent.
We use your data to create a user profile. This means that we use your information to provide you with a personalized Website based on your personal preferences and interests and to provide you with customized offers based on your previous behaviour. However, we will never process and analyse your personal data within the framework of this user profile in such a way that this leads to an automated decision which is legally valid for you or which similarly significantly affects you.
You can assert the following rights against us within the framework of the GDPR with regard to your personal data:
Your right to information and access pursuant to Article 15 GDPR,
Your right to rectification pursuant to Article 16 GDPR,
Your right to erasure pursuant to Article 17 GDPR,
Your right to restriction of processing pursuant to Article 18 GDPR and
Your right to data portability pursuant to Article 20 GDPR.
You also have the right to lodge a complaint with the competent data protection supervisory authority (Article 77 GDPR).
In addition, you can also revoke your consent to the processing of your personal data at any time. However, this revocation only applies for the future. Any processing that took place before the revocation remains unaffected by this. If you would like to exercise your rights as a data subject, you can also do so
Information about your right of objection according to article 21 GDPR
In addition to the rights already mentioned, you have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which takes place on the basis of Article 6 (1) lit. f) GDPR (Data Processing on the basis of a balance of interests). If you object, we will no longer process your personal data unless we can prove compelling reasons for the processing worthy of protection which outweighs your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.
You also have the right at any time to object to the processing of your personal data for the purpose of direct marketing (including the subscription to our newsletter) without incurring any costs other than the transmission costs according to the basic tariffs; this also applies to the creation of a user profile (so-called “profiling”), insofar as this is associated with direct marketing. If you object, we will no longer process your personal data in the future.
Please note that if you do not provide us with certain data or if you object to the use of this data, you will not use the Website or only use it to a limited extent.
The objection can be filed informally and is to be addressed to: [email protected]
In order to keep this information up to date, this Privacy Statement will be modified when the underlying data processing is changed. We will publish any intended changes to this Privacy Statement in advance if its content changes and not only editorial changes (e.g. to correct typographical errors) are made.
The Website uses the following types of cookies, the scope and functionality of which are explained below: Transient cookies and persistent cookies.
Transient cookies are automatically deleted when you close your browser. This includes session cookies in particular. They store a so-called session ID, which can be used to assign various requests from your browser to the shared session. This allows your computer to be recognized when you return to our Website. Session cookies are deleted when you log out or close your browser.
Persistent cookies are also initially stored when you close your browser and then automatically deleted after a specified period, which may vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
You can reset your browser before or after your visit to our Website so that all cookies are rejected, or to indicate when a cookie is being sent. By default, the setting of cookies can be managed by the browser program of your browser, even so that no cookies may be set at all or that cookies are deleted again. Your browser may also have a feature for anonymous browsing. You can use these functions of your browser yourself at any time. If you deactivate the setting of cookies in your browser by default, it is possible, however, that our web pages do not function correctly.
The legal basis for the processing of personal data using cookies and other technologies is Art. 6 (1) lit. f) GDPR unless otherwise stated below.
You can receive comprehensive information on every cookie we use by referring to our cookie preference manager here.
The information generated by the cookie about your use of our Website (identifier, browser type/version, operating system used, referrer URL, shortened IP address, time of server request) is generally transmitted to a Google server in the U.S. and stored there. However, in the Member States of the European Union or in other signatory states to the Agreement on the European Economic Area, your IP address will initially be truncated by Google on our Website. For this purpose, we have implemented the code “gat._anonymizeIp() ;” in order to ensure anonymous collection of IP addresses (so-called IP masking).
Only in exceptional cases is the complete IP address transmitted to a Google server in the USA and abbreviated there. If, exceptionally, personal data is transferred to the USA, Google’s certification according to the so-called “Privacy Shield Agreement” between the EU and the USA ensures a level of data protection corresponding to the data protection level in the EU.
Google will use the information about your use of the Website on our behalf in the context of Google Analytics to evaluate your use of the Website, to compile reports on Website activity and to provide other services relating to Website activity and internet usage. The IP address transmitted by your browser in the context of Google Analytics and Google Tag Manager is not combined with other data from Google by us.
In addition to generally deactivating cookies, you can prevent Google from collecting and processing data about your use of our Website (including your abbreviated IP address) by downloading and installing the browser plug-in at the following link: http://tools.google.com/dlpage/gaoptout.